openshift-docs/modules/manually-removing-cloud-creds.adoc

// Module included in the following assemblies:
//
// * post_installation_configuration/changing-cloud-credentials-configuration.adoc

:_mod-docs-content-type: PROCEDURE
[id="manually-removing-cloud-creds_{context}"]
= Removing cloud provider credentials

For clusters that use the Cloud Credential Operator (CCO) in mint mode, the administrator-level credential is stored in the `kube-system` namespace. 
The CCO uses the `admin` credential to process the `CredentialsRequest` objects in the cluster and create users for components with limited permissions.

After installing an {product-title} cluster with the CCO in mint mode, you can remove the administrator-level credential secret from the `kube-system` namespace in the cluster. 
The CCO only requires the administrator-level credential during changes that require reconciling new or modified `CredentialsRequest` custom resources, such as minor cluster version updates.

[NOTE]
====
Before performing a minor version cluster update (for example, updating from {product-title} {ocp-nminus1} to {product-version}), you must reinstate the credential secret with the administrator-level credential. 
If the credential is not present, the update might be blocked.
====

.Prerequisites

* Your cluster is installed on a platform that supports removing cloud credentials from the CCO. 
Supported platforms are AWS and {gcp-short}.

.Procedure

. In the *Administrator* perspective of the web console, navigate to *Workloads* -> *Secrets*.

. In the table on the *Secrets* page, find the root secret for your cloud provider.
+
[cols=2,options=header]
|===
|Platform
|Secret name

|AWS
|`aws-creds`

|{gcp-short}
|`gcp-credentials`

|===

. Click the Options menu {kebab} in the same row as the secret and select *Delete Secret*.