Delete a secret from Vault

DELETE

/secrets/{name}

curl --request DELETE \
  --url https://your-org.evershell.ai/v1/secrets/example \
  --header 'Authorization: Bearer <token>'

• Hosted tenant

Permissions: secrets:write.

The secret name is the path segment, not a body field. Capabilities that reference the secret by secrets["name"] will fail on their next call — the proxy logs transforms_failed.<transform>: auth_unavailable on the resulting deny.

Authorizations

• bearerAuth

Parameters

Path Parameters

name

required

string

Responses

200

OK

Media type application/json

object

name

required

string

status

required

string

Example

{
  "status": "deleted"
}

400

Validation failure

Media type application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

503

Secrets subsystem isn’t configured on this CP (secrets_disabled).

Media type application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}