Method: cryptoKeyVersions.destroy

Full name: projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.destroy

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroyTime will be set to the time destroyScheduledDuration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroyTime is reached, cryptoKeyVersions.restore may be called to reverse the process.

HTTP request

The URLs use gRPC Transcoding syntax.

Path parameters



Required. The resource name of the CryptoKeyVersion to destroy.

Authorization requires the following IAM permission on the specified resource name:

  • cloudkms.cryptoKeyVersions.destroy

Request body

The request body must be empty.

Response body

If successful, the response body contains an instance of CryptoKeyVersion.

Authorization scopes

Requires one of the following OAuth scopes:


For more information, see the Authentication Overview.