GoogleCloudPlatform · durgesh-ninave-crest · Jul 18, 2025 · Jul 18, 2025 · Jul 18, 2025 · Jul 18, 2025
@@ -74,5 +74,5 @@ def create_secret_with_annotations(
     )
     args = parser.parse_args()
 
-    annotations = {args.annotation_key, args.annotation_value}
+    annotations = {args.annotation_key: args.annotation_value}
     create_secret_with_annotations(args.project_id, args.secret_id, annotations)
@@ -70,5 +70,5 @@ def create_secret_with_labels(
     parser.add_argument("label_value", help="value of the label you want to add")
     args = parser.parse_args()
 
-    labels = {args.label_key, args.label_value}
+    labels = {args.label_key: args.label_value}
     create_secret_with_labels(args.project_id, args.secret_id, labels)
@@ -69,5 +69,5 @@ def create_update_secret_label(
     parser.add_argument("label_value", help="value of the label to be added/updated")
     args = parser.parse_args()
 
-    labels = {args.label_key, args.label_value}
+    labels = {args.label_key: args.label_value}
     create_update_secret_label(args.project_id, args.secret_id, labels)
@@ -0,0 +1,68 @@
+#!/usr/bin/env python
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# [START secretmanager_delete_secret_annotation]
+import argparse
+
+# Import the Secret Manager client library.
+from google.cloud import secretmanager
+
+
+def delete_secret_annotation(
+    project_id: str, secret_id: str, annotation_key: str
+) -> secretmanager.Secret:
+    """
+    Delete a annotation on an existing secret.
+    """
+
+    # Create the Secret Manager client.
+    client = secretmanager.SecretManagerServiceClient()
+
+    # Build the resource name of the secret.
+    name = client.secret_path(project_id, secret_id)
+
+    # Get the secret.
+    response = client.get_secret(request={"name": name})
+
+    annotations = response.annotations
+
+    # Delete the annotation
+    annotations.pop(annotation_key, None)
+
+    # Update the secret.
+    secret = {"name": name, "annotations": annotations}
+    update_mask = {"paths": ["annotations"]}
+    response = client.update_secret(
+        request={"secret": secret, "update_mask": update_mask}
+    )
+
+    # Print the new secret name.
+    print(f"Updated secret: {response.name}")
+
+    return response
+
+
+# [END secretmanager_delete_secret_annotation]
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument("project_id", help="id of the GCP project")
+    parser.add_argument("secret_id", help="id of the secret to act on")
+    parser.add_argument("annotation_key", help="key of the annotation to be deleted")
+    args = parser.parse_args()
+
+    delete_secret_annotation(args.project_id, args.secret_id, args.annotation_key)
@@ -73,5 +73,5 @@ def edit_secret_annotations(
     )
     args = parser.parse_args()
 
-    annotations = {args.annotation_key, args.annotation_value}
+    annotations = {args.annotation_key: args.annotation_value}
     edit_secret_annotations(args.project_id, args.secret_id, annotations)
@@ -80,7 +80,7 @@ def create_regional_secret_with_annotations(
     )
     args = parser.parse_args()
 
-    annotations = {args.annotation_key, args.annotation_value}
+    annotations = {args.annotation_key: args.annotation_value}
     create_regional_secret_with_annotations(
         args.project_id, args.location_id, args.secret_id, annotations
     )
@@ -79,7 +79,7 @@ def create_regional_secret_with_labels(
     parser.add_argument("label_value", help="value of the label you want to add")
     args = parser.parse_args()
 
-    labels = {args.label_key, args.label_value}
+    labels = {args.label_key: args.label_value}
     create_regional_secret_with_labels(
         args.project_id, args.location_id, args.secret_id, labels
     )
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# [START secretmanager_delete_regional_secret_annotation]
+import argparse
+
+# Import the Secret Manager client library.
+from google.cloud import secretmanager_v1
+
+
+def delete_regional_secret_annotation(
+    project_id: str, location_id: str, secret_id: str, annotation_key: str
+) -> secretmanager_v1.Secret:
+    """
+    Delete a annotation on an existing secret.
+    """
+
+    # Endpoint to call the regional Secret Manager API.
+    api_endpoint = f"secretmanager.{location_id}.rep.googleapis.com"
+
+    # Create the Secret Manager client.
+    client = secretmanager_v1.SecretManagerServiceClient(
+        client_options={"api_endpoint": api_endpoint},
+    )
+
+    # Build the resource name of the parent secret.
+    name = f"projects/{project_id}/locations/{location_id}/secrets/{secret_id}"
+
+    # Get the secret.
+    response = client.get_secret(request={"name": name})
+
+    annotations = response.annotations
+
+    # Delete the annotation
+    annotations.pop(annotation_key, None)
+
+    # Update the secret.
+    secret = {"name": name, "annotations": annotations}
+    update_mask = {"paths": ["annotations"]}
+    response = client.update_secret(
+        request={"secret": secret, "update_mask": update_mask}
+    )
+
+    # Print the new secret name.
+    print(f"Updated secret: {response.name}")
+
+    return response
+
+
+# [END secretmanager_delete_regional_secret_annotation]
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument("project_id", help="id of the GCP project")
+    parser.add_argument(
+        "location_id", help="id of the location where secret is to be created"
+    )
+    parser.add_argument("secret_id", help="id of the secret to act on")
+    parser.add_argument("annotation_key", help="key of the annotation to be deleted")
+    args = parser.parse_args()
+
+    delete_regional_secret_annotation(
+        args.project_id, args.location_id, args.secret_id, args.annotation_key
+    )
@@ -81,7 +81,7 @@ def edit_regional_secret_annotations(
     )
     args = parser.parse_args()
 
-    annotations = {args.annotation_key, args.annotation_value}
+    annotations = {args.annotation_key: args.annotation_value}
     edit_regional_secret_annotations(
         args.project_id, args.location_id, args.secret_id, annotations
     )
@@ -77,7 +77,7 @@ def edit_regional_secret_label(
     parser.add_argument("label_value", help="value of the label to be added/updated")
     args = parser.parse_args()
 
-    labels = {args.label_key, args.label_value}
+    labels = {args.label_key: args.label_value}
     edit_regional_secret_label(
         args.project_id, args.location_id, args.secret_id, labels
     )
@@ -32,6 +32,7 @@
 from regional_samples import create_regional_secret_with_labels
 from regional_samples import create_regional_secret_with_tags
 from regional_samples import delete_regional_secret
+from regional_samples import delete_regional_secret_annotation
 from regional_samples import delete_regional_secret_label
 from regional_samples import delete_regional_secret_with_etag
 from regional_samples import destroy_regional_secret_version
@@ -469,6 +470,20 @@ def test_create_regional_secret_with_label(
     assert secret_id in secret.name
 
 
+def test_delete_regional_secret_annotation(
+    project_id: str,
+    location_id: str,
+    regional_secret: Tuple[str, str],
+    annotation_key: str,
+) -> None:
+    secret_id, _ = regional_secret
+    secret = delete_regional_secret_annotation.delete_regional_secret_annotation(
+        project_id, location_id, secret_id, annotation_key
+    )
+    assert secret_id in secret.name
+    assert annotation_key not in secret.annotations
+
+
 def test_delete_regional_secret_labels(
     regional_client: secretmanager_v1.SecretManagerServiceClient,
     project_id: str,

@@ -37,6 +37,7 @@
 from create_secret_with_user_managed_replication import create_ummr_secret
 from create_update_secret_label import create_update_secret_label
 from delete_secret import delete_secret
+from delete_secret_annotation import delete_secret_annotation
 from delete_secret_label import delete_secret_label
 from delete_secret_with_etag import delete_secret_with_etag
 from destroy_secret_version import destroy_secret_version
@@ -485,6 +486,16 @@ def test_delete_secret(
         retry_client_access_secret_version(client, request={"name": name})
 
 
+def test_delete_secret_annotation(
+    secret: Tuple[str, str, str],
+    annotation_key: str,
+) -> None:
+    project_id, secret_id, _ = secret
+    secret = delete_secret_annotation(project_id, secret_id, annotation_key)
+    assert secret_id in secret.name
+    assert annotation_key not in secret.annotations
+
+
 def test_delete_secret_labels(
     client: secretmanager.SecretManagerServiceClient,
     secret: Tuple[str, str, str],