Technical Tip: Deleting a secret in FortiPAM when delete options is unavailable

In some scenarios, a secret cannot be deleted even by administrator profiles. This can occur when the secret is associated with a deployment user, and permission inheritance was not enabled, resulting in other administrators having only view permissions.

Additionally, secrets cannot be deleted if there are existing approval requests referencing them.

1. Verify if approval requests exist.

Run the following command in the FortiPAM CLI to check for any existing requests:

config secret request
show
end

If any entries reference the affected secret, delete those approval requests before attempting to delete the secret.

2. Confirm no approval requests are present.
   
   If the output does not show any entries, no approval requests are blocking the deletion.

    

3. Enable Glass Breaking Mode to delete the secret.
   
   If no approval requests exist and the delete option is still unavailable, enable Glass Breaking Mode. This mode allows overriding permission restrictions and performing administrative actions on restricted objects:
   
   

    

   After enabling this mode, attempt to delete the secret. Go to Secret -> Secret -> Delete.
   
   

4. To prevent this issue in future deployments, ensure that permission inheritance is enabled when assigning secrets to deployment users, so administrator profiles retain full control.