diff --git a/src/charm.py b/src/charm.py
index 87c8b5edf1..e90658cca1 100755
--- a/src/charm.py
+++ b/src/charm.py
@@ -46,6 +46,7 @@
     InstallEvent,
     LeaderElectedEvent,
     RelationDepartedEvent,
+    SecretRemoveEvent,
     StartEvent,
 )
 from ops.framework import EventBase
@@ -201,6 +202,7 @@ def __init__(self, *args):
         self.framework.observe(self.on.set_password_action, self._on_set_password)
         self.framework.observe(self.on.promote_to_primary_action, self._on_promote_to_primary)
         self.framework.observe(self.on.update_status, self._on_update_status)
+        self.framework.observe(self.on.secret_remove, self._on_secret_remove)
         self.cluster_name = self.app.name
         self._member_name = self.unit.name.replace("/", "-")
 
@@ -435,6 +437,17 @@ def get_hostname_by_unit(self, _) -> str:
         # the underlying provider (LXD, MAAS, etc.), the unit IP is returned.
         return self._unit_ip
 
+    def _on_secret_remove(self, event: SecretRemoveEvent) -> None:
+        # A secret removal (entire removal, not just a revision removal) causes
+        # https://github.com/juju/juju/issues/20794. This check is to avoid the
+        # errors that would happen if we tried to remove the revision in that case
+        # (in the revision removal, the label is present).
+        if event.secret.label is None:
+            logger.debug("Secret with no label cannot be removed")
+            return
+        logger.debug(f"Removing secret with label {event.secret.label} revision {event.revision}")
+        event.remove_revision()
+
     def _on_get_primary(self, event: ActionEvent) -> None:
         """Get primary instance."""
         try: