Removes a storage credential. Grants on the credential are also removed; external locations bound to the credential are NOT removed and lose their auth source.
DROP STORAGE CREDENTIAL [IF EXISTS] <name>## Overview DROP STORAGE CREDENTIAL removes a credential entry. The drop also removes any grants stored against the credential. External locations that reference the credential by name are NOT cascaded; they remain in place but their bound credential reference becomes dangling and authentication fails when those locations are next used. ## Behavior - Without IF EXISTS, dropping a non-existent credential raises an error. With IF EXISTS, the operation succeeds silently. - All grants stored against the credential (object type STORAGE_CREDENTIAL) are removed in the same operation. - External locations referencing the credential by name are NOT validated and NOT removed. Reads or writes through those locations will fail with an authentication error after the drop. - The drop does not delete any cloud-side resources (IAM roles, managed identities, service accounts). It removes only the catalog entry that wires those resources into DeltaForge. ## Access Control Requires the admin role. ## Compatibility DeltaForge extension.
| Name | Type | Description |
|---|---|---|
name | Specifies the credential to drop. | |
if_exists | Skip silently if the credential does not exist. |
-- Drop an unused credential
DROP STORAGE CREDENTIAL old_aws_role;-- Idempotent drop
DROP STORAGE CREDENTIAL IF EXISTS old_aws_role;