diff --git a/docs/admin/kubernetes-ops/external-secrets-configmaps.md b/docs/admin/kubernetes-ops/external-secrets-configmaps.md
index 7a0ba4c9d0f..388270ac1e5 100644
--- a/docs/admin/kubernetes-ops/external-secrets-configmaps.md
+++ b/docs/admin/kubernetes-ops/external-secrets-configmaps.md
@@ -125,13 +125,13 @@ From the console, Go to `Secret Manager`> Click on `Create Secret` > Add a `name
 #### Managing Versions
 
 While there's no limitation on how many versions a secret can have, the recommendation is to keep the number as low as possible, e.g. 5 active versions.
-If there are too many secret versions, it's best to disable older versions manually, for example:
+If there are too many secret versions, it's best to destroy older versions manually, for example:
 
 ```bash
-gcloud secrets versions list flex-secret --filter="state = enabled" --filter="createTime < '2024-03-02'" | grep "NAME:" | tr -d "NAME: " > versions_to_disable.txt
+gcloud secrets versions list jans-secret --filter="state = enabled" --filter="createTime < '2024-03-02'" | grep "NAME:" | tr -d "NAME: " > versions_to_destroy.txt
 while read -r line; do
-  gcloud secrets versions disable "$line" --secret=flex-secret
-done < "versions_to_disable.txt"
+  gcloud secrets versions destroy "$line" --secret=jans-secret
+done < "versions_to_destroy.txt"
 ```
 
 ### Vault
diff --git a/jans-pycloudlib/jans/pycloudlib/config/google_config.py b/jans-pycloudlib/jans/pycloudlib/config/google_config.py
index efca9539fe8..182fa15a83a 100644
--- a/jans-pycloudlib/jans/pycloudlib/config/google_config.py
+++ b/jans-pycloudlib/jans/pycloudlib/config/google_config.py
@@ -10,7 +10,9 @@
 from functools import cached_property
 
 from google.cloud import secretmanager
-from google.api_core.exceptions import AlreadyExists, NotFound
+from google.api_core.exceptions import AlreadyExists
+from google.api_core.exceptions import NotFound
+from google.api_core.exceptions import FailedPrecondition
 
 from jans.pycloudlib.config.base_config import BaseConfig
 from jans.pycloudlib.utils import safe_value
@@ -220,10 +222,10 @@ def add_secret_version(self, payload: _t.AnyStr) -> bool:
         )
 
         logger.info("Added secret version: {}".format(response.name))
-        self._disable_old_versions(parent)
+        self._destroy_old_versions(parent)
         return bool(response)
 
-    def _disable_old_versions(self, parent):
+    def _destroy_old_versions(self, parent):
         # list of version.state enum
         #
         # - STATE_UNSPECIFIED = 0
@@ -251,7 +253,13 @@ def _disable_old_versions(self, parent):
             # hence we only disable 1 version after allowed enabled versions are reaching threshold
             logger.info(
                 f"The soft-limit for max. versions (currently set to {self.max_versions}) has been reached; "
-                f"disabling previous version {version.name} (state={version.state.name})"
+                f"destroying previous version {version.name} (state={version.state.name})"
             )
-            self.client.disable_secret_version(request={"name": version.name})
+
+            try:
+                self.client.destroy_secret_version(request={"name": version.name})
+            except FailedPrecondition as exc:
+                # re-raise error if the state is not DESTROYED (400 status code)
+                if exc.code != 400:
+                    raise exc
             break
diff --git a/jans-pycloudlib/jans/pycloudlib/secret/google_secret.py b/jans-pycloudlib/jans/pycloudlib/secret/google_secret.py
index 17b6e540e89..b50325c1b94 100644
--- a/jans-pycloudlib/jans/pycloudlib/secret/google_secret.py
+++ b/jans-pycloudlib/jans/pycloudlib/secret/google_secret.py
@@ -18,7 +18,9 @@
 from cryptography.hazmat.primitives.ciphers.aead import AESGCM
 from cryptography.exceptions import InvalidTag
 from google.cloud import secretmanager
-from google.api_core.exceptions import AlreadyExists, NotFound
+from google.api_core.exceptions import AlreadyExists
+from google.api_core.exceptions import NotFound
+from google.api_core.exceptions import FailedPrecondition
 
 from jans.pycloudlib.secret.base_secret import BaseSecret
 from jans.pycloudlib.utils import safe_value
@@ -286,7 +288,7 @@ def _add_secret_version_multipart(self, payload: _t.AnyStr) -> bool:
                 request={"parent": parent, "payload": {"data": fragment}}
             )
             logger.info(f"Added secret version: {response.name}")
-            self._disable_old_versions(parent)
+            self._destroy_old_versions(parent)
         return True
 
     def _prepare_secret_multipart(self, part: int) -> str:
@@ -351,7 +353,7 @@ def _maybe_legacy_payload(self, payload: bytes) -> dict[str, _t.Any]:
             data = json.loads(payload_str)
         return data
 
-    def _disable_old_versions(self, parent):
+    def _destroy_old_versions(self, parent):
         # list of version.state enum
         #
         # - STATE_UNSPECIFIED = 0
@@ -379,7 +381,13 @@ def _disable_old_versions(self, parent):
             # hence we only disable 1 version after allowed enabled versions are reaching threshold
             logger.info(
                 f"The soft-limit for max. versions (currently set to {self.max_versions}) has been reached; "
-                f"disabling previous version {version.name} (state={version.state.name})"
+                f"destroying previous version {version.name} (state={version.state.name})"
             )
-            self.client.disable_secret_version(request={"name": version.name})
+
+            try:
+                self.client.destroy_secret_version(request={"name": version.name})
+            except FailedPrecondition as exc:
+                # re-raise error if the state is not DESTROYED (400 status code)
+                if exc.code != 400:
+                    raise exc
             break