The Platform Administrator (PA) can delete Key Management System (KMS) keys in the org admin cluster.
The PA can delete the AEAD and Signing keys in the project namespace. See Supported keys for the full list of KMS keys.
Before you begin
Before continuing, ensure you have configured
kubectl to access the org admin
cluster. Follow the steps in Get a kubeconfig file
to use the
gdcloud command-line interface (CLI).
Delete all keys
To delete all keys in a project namespace, use the following command:
kubectl --kubeconfig ORG_ADMIN_KUBECONFIG \
delete KEY_PRIMITIVE --namespace=PROJECT --all
Replace the following variables:
- ORG_ADMIN_KUBECONFIG: the
kubeconfigfile of the org admin cluster.
- KEY_PRIMITIVE: the keys you want to delete. For
- PROJECT with the name of the project. For