[Yandex Cloud documentation](../../index.md) > [Yandex Lockbox](../index.md) > [Step-by-step guides](index.md) > Deleting a secret

# Deleting a secret

To delete a secret:

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the folder the secret belongs to.
  1. Navigate to **Lockbox**.
  1. In the left-hand menu, select **Secrets**.
  1. Next to the secret you need, click ![image](../../_assets/console-icons/ellipsis.svg).
  1. In the menu that opens, select **Delete**.
  1. In the window that opens, click **Delete**.

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../cli/quickstart.md#install).

  The folder used by default is the one specified when [creating](../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  1. View the description of the CLI command for deleting a secret:

     ```bash
     yc lockbox secret delete --help
     ```

  1. Request a list of secrets:

     ```bash
     yc lockbox secret list --cloud-id <cloud_ID> --folder-name <folder_name>
     ```

	 Result:

	 ```text
	 +----------------------+------------------+------------+---------------------+----------------------+--------+
     |          ID          |       NAME       | KMS KEY ID |     CREATED AT      |  CURRENT VERSION ID  | STATUS |
     +----------------------+------------------+------------+---------------------+----------------------+--------+
     | e6q942hj2r5n******** | <secret_1_name>  |            | 2021-11-09 13:07:12 | e2r9pdm39tn2******** | ACTIVE |
     | e4qkyo469mu2******** | <secret_2_name>  |            | 2021-12-09 06:50:37 | e6fpq386othp******** | ACTIVE |
     +----------------------+------------------+------------+---------------------+----------------------+--------+
	 ```

  1. To delete a secret, run the command:

     ```bash
     yc lockbox secret delete --id e4qkyo469mu2********
     ```

     Result:

     ```text
     id: e4qkyo469mu2********
     folder_id: b1ulgko2th57********
     created_at: "2021-11-08T17:13:48.393Z"
     ...
       status: ACTIVE
       payload_entry_keys:
       - <key>
     ```

  1. Make sure the secret is not in the list:

     ```bash
     yc lockbox secret list --cloud-id <cloud_ID> --folder-name <folder_name>
     ```

     Result:

     ```text
     +----------------------+-----------------+------------+---------------------+----------------------+--------+
     |          ID          |      NAME       | KMS KEY ID |     CREATED AT      |  CURRENT VERSION ID  | STATUS |
     +----------------------+-----------------+------------+---------------------+----------------------+--------+
     | e6q942hj2r5n******** | <secret_1_name> |            | 2021-11-09 13:07:12 | e2r9pdm39tn2******** | ACTIVE |
     +----------------------+-----------------+------------+---------------------+----------------------+--------+
     ```

- Terraform {#tf}

  If you do not have Terraform yet, [install it and configure the Yandex Cloud provider](../../tutorials/infrastructure-management/terraform-quickstart.md#install-terraform).
  
  
  To manage infrastructure using Terraform under a service account or user accounts (a Yandex account, a federated account, or a local user), [authenticate](../../terraform/authentication.md) using the appropriate method.

  1. Open the Terraform configuration file and delete the part with the secret description:

     {% cut "Sample secret description in the Terraform" %} configuration

     ```hcl
     ...
     resource "yandex_lockbox_secret" "my_secret" {
       name                = "My secret"
       description         = "test secret from tf"
       folder_id           = "b1gmitvfx321d3********"
       kms_key_id          = "abjp8q2fjfg0s********"
       deletion_protection = true
       labels              = {
         tf-label    = "tf-label-value",
         empty-label = ""
       }
     }
     ...
     ```

     {% endcut %}

  1. Apply the changes:

      1. In the terminal, navigate to the configuration file directory.
      1. Make sure the configuration is correct using this command:
      
         ```bash
         terraform validate
         ```
      
         If the configuration is valid, you will get this message:
      
         ```bash
         Success! The configuration is valid.
         ```
      
      1. Run this command:
      
         ```bash
         terraform plan
         ```
      
         You will see a list of resources and their properties. No changes will be made at this step. Terraform will show any errors in the configuration.
      1. Apply the configuration changes:
      
         ```bash
         terraform apply
         ```
      
      1. Type `yes` and press **Enter** to confirm the changes.

  You can check the secret deletion using the [management console](https://console.yandex.cloud) or this [CLI](../../cli/quickstart.md) command:

    ```bash
    yc lockbox secret list
    ```

- API {#api}

  To delete a secret, use the [delete](../api-ref/Secret/delete.md) REST API method for the [Secret](../api-ref/Secret/index.md) resource or the [SecretService/Delete](../api-ref/grpc/Secret/delete.md) gRPC API call.

{% endlist %}

## See also {#see-also}

* [Secrets in Yandex Lockbox](../concepts/secret.md)