From b12530e7edbb84869ffc16a763860059e05d5950 Mon Sep 17 00:00:00 2001
From: durgesh-ninave-crest <durgesh.ninave@crestdata.ai>
Date: Fri, 18 Jul 2025 17:00:42 +0530
Subject: [PATCH 1/3] feat(secretmanager): Added samples for delete secret
 annotation

---
 secret-manager/deleteSecretAnnotation.js      | 60 +++++++++++++++++
 .../deleteRegionalSecretAnnotation.js         | 67 +++++++++++++++++++
 secret-manager/test/secretmanager.test.js     | 14 ++++
 3 files changed, 141 insertions(+)
 create mode 100644 secret-manager/deleteSecretAnnotation.js
 create mode 100644 secret-manager/regional_samples/deleteRegionalSecretAnnotation.js

diff --git a/secret-manager/deleteSecretAnnotation.js b/secret-manager/deleteSecretAnnotation.js
new file mode 100644
index 0000000000..420b337787
--- /dev/null
+++ b/secret-manager/deleteSecretAnnotation.js
@@ -0,0 +1,60 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(name, annotationKey) {
+  // [START secretmanager_delete_secret_annotation]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const name = 'projects/my-project/secrets/my-secret';
+  // const annotationKey = 'secretmanager';
+
+  // Imports the Secret Manager library
+  const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
+
+  // Instantiates a client
+  const client = new SecretManagerServiceClient();
+
+  async function getSecret() {
+    const [secret] = await client.getSecret({
+      name: name,
+    });
+
+    return secret;
+  }
+
+  async function deleteSecretAnnotation() {
+    const oldSecret = await getSecret();
+    delete oldSecret.annotations[annotationKey];
+    const [secret] = await client.updateSecret({
+      secret: {
+        name: name,
+        annotations: oldSecret.annotations,
+      },
+      updateMask: {
+        paths: ['annotations'],
+      },
+    });
+
+    console.info(`Updated secret ${secret.name}`);
+  }
+
+  deleteSecretAnnotation();
+  // [END secretmanager_delete_secret_annotation]
+}
+
+const args = process.argv.slice(2);
+main(...args).catch(console.error);
diff --git a/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js b/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js
new file mode 100644
index 0000000000..58f3363602
--- /dev/null
+++ b/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js
@@ -0,0 +1,67 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(projectId, locationId, secretId, annotationKey) {
+  // [START secretmanager_delete_regional_secret_annotation]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const projectId = 'my-project'
+  // const locationId = 'locationId';
+  // const secretId = 'my-secret';
+  // const annotationKey = 'secretmanager';
+  const name = `projects/${projectId}/locations/${locationId}/secrets/${secretId}`;
+
+  // Imports the Secret Manager library
+  const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
+
+  // Adding the endpoint to call the regional secret manager sever
+  const options = {};
+  options.apiEndpoint = `secretmanager.${locationId}.rep.googleapis.com`;
+
+  // Instantiates a client
+  const client = new SecretManagerServiceClient(options);
+
+  async function getSecret() {
+    const [secret] = await client.getSecret({
+      name: name,
+    });
+
+    return secret;
+  }
+
+  async function deleteRegionalSecretAnnotation() {
+    const oldSecret = await getSecret();
+    delete oldSecret.annotations[annotationKey];
+    const [secret] = await client.updateSecret({
+      secret: {
+        name: name,
+        annotations: oldSecret.annotations,
+      },
+      updateMask: {
+        paths: ['annotations'],
+      },
+    });
+
+    console.info(`Updated secret ${secret.name}`);
+  }
+
+  deleteRegionalSecretAnnotation();
+  // [END secretmanager_delete_regional_secret_annotation]
+}
+
+const args = process.argv.slice(2);
+main(...args).catch(console.error);
diff --git a/secret-manager/test/secretmanager.test.js b/secret-manager/test/secretmanager.test.js
index 3d60ddc191..f7a3ad684b 100644
--- a/secret-manager/test/secretmanager.test.js
+++ b/secret-manager/test/secretmanager.test.js
@@ -547,6 +547,20 @@ describe('Secret Manager samples', () => {
     assert.match(output, new RegExp(`Updated secret ${regionalSecret.name}`));
   });
 
+  it('deletes a secret annotation', async () => {
+    const output = execSync(
+      `node deleteSecretAnnotation.js ${secret.name} ${annotationKey}`
+    );
+    assert.match(output, new RegExp(`Updated secret ${secret.name}`));
+  });
+
+  it('deletes a regional secret annotation', async () => {
+    const output = execSync(
+      `node regional_samples/deleteRegionalSecretAnnotation.js ${projectId} ${locationId} ${secretId} ${annotationKey}`
+    );
+    assert.match(output, new RegExp(`Updated secret ${regionalSecret.name}`));
+  });
+
   it('deletes a regional secret', async () => {
     const output = execSync(
       `node regional_samples/deleteRegionalSecret.js ${projectId} ${locationId} ${secretId}-3`

From 5fdb290493f25933bc644c858f662be919f04d8b Mon Sep 17 00:00:00 2001
From: durgesh-ninave-crest <durgesh.ninave@crestdata.ai>
Date: Fri, 18 Jul 2025 17:05:19 +0530
Subject: [PATCH 2/3] fix(secretmanager): update code samples

---
 secret-manager/deleteSecretAnnotation.js                        | 2 +-
 .../regional_samples/deleteRegionalSecretAnnotation.js          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/secret-manager/deleteSecretAnnotation.js b/secret-manager/deleteSecretAnnotation.js
index 420b337787..3046ea465a 100644
--- a/secret-manager/deleteSecretAnnotation.js
+++ b/secret-manager/deleteSecretAnnotation.js
@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2025 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
diff --git a/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js b/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js
index 58f3363602..de26ba0304 100644
--- a/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js
+++ b/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js
@@ -1,4 +1,4 @@
-// Copyright 2024 Google LLC
+// Copyright 2025 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

From 70de09eace3cbaa9c0e114cfed70a5912bd1a84d Mon Sep 17 00:00:00 2001
From: durgesh-ninave-crest <durgesh.ninave@crestdata.ai>
Date: Fri, 18 Jul 2025 17:18:16 +0530
Subject: [PATCH 3/3] fix(secretmanager): address gemini review comments

---
 secret-manager/deleteSecretAnnotation.js                    | 6 ++++++
 .../regional_samples/deleteRegionalSecretAnnotation.js      | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/secret-manager/deleteSecretAnnotation.js b/secret-manager/deleteSecretAnnotation.js
index 3046ea465a..7273cda862 100644
--- a/secret-manager/deleteSecretAnnotation.js
+++ b/secret-manager/deleteSecretAnnotation.js
@@ -38,6 +38,12 @@ async function main(name, annotationKey) {
 
   async function deleteSecretAnnotation() {
     const oldSecret = await getSecret();
+    if (!oldSecret.annotations) {
+      console.info(
+        `Secret ${oldSecret.name} has no annotations, skipping update.`
+      );
+      return;
+    }
     delete oldSecret.annotations[annotationKey];
     const [secret] = await client.updateSecret({
       secret: {
diff --git a/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js b/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js
index de26ba0304..ab7eca2a68 100644
--- a/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js
+++ b/secret-manager/regional_samples/deleteRegionalSecretAnnotation.js
@@ -45,6 +45,12 @@ async function main(projectId, locationId, secretId, annotationKey) {
 
   async function deleteRegionalSecretAnnotation() {
     const oldSecret = await getSecret();
+    if (!oldSecret.annotations) {
+      console.info(
+        `Secret ${oldSecret.name} has no annotations, skipping update.`
+      );
+      return;
+    }
     delete oldSecret.annotations[annotationKey];
     const [secret] = await client.updateSecret({
       secret: {