diff --git a/CASA/CASA.changes b/CASA/CASA.changes
index 1ae0b437..72b11662 100644
--- a/CASA/CASA.changes
+++ b/CASA/CASA.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri May 18 16:15:21 MDT 2007 - jnorman@novell.com
+
+- Bug 265898. Added option to remove all secrets to cli 
+
 -------------------------------------------------------------------
 Thu May 17 10:09:57 MDT 2007 - jnorman@novell.com
 
diff --git a/CASA/cli/casacli.c b/CASA/cli/casacli.c
index 1fe5f49c..ac6cc4ec 100644
--- a/CASA/cli/casacli.c
+++ b/CASA/cli/casacli.c
@@ -60,6 +60,7 @@ int		iAction = 0;
 #define GETCRED		2
 #define DELCRED		3
 #define LISTCREDS	4
+#define REMOVECREDS 5
 
 ///////////////////////////////////////////////////////////////////////
 
@@ -233,6 +234,67 @@ void ListCredentials()
 		{
 			//printf("%s\r\n", secretIDList.secIDList[i].name);
 			DisplaySecretEx(context, &kc, &secretIDList.secIDList[i]);
+		}
+	}
+
+	if (secretIDList.secIDList)
+		free(secretIDList.secIDList);
+
+	// close it	
+	CloseStore(context);
+
+}
+
+void DeleteAllCredentials()
+{
+	int rcode = 0;
+	int i = 0;
+	SSCS_SECRETSTORE_T 			store = {0};
+	SSCS_SECRET_ID_T			appSecretId = {0};
+	SSCS_SECRET_ID_T			sharedSecretId = {0};
+	
+	void						*context;
+	SSCS_KEYCHAIN_ID_T 			kc = {0};
+	
+	SSCS_SH_SECRET_ID_LIST_T	secretIDList = {0};
+	context = OpenStore(&kc);
+	if (context == NULL)
+	{
+		printf("Could not open miCASA store\r\n");
+		return; // NSSCS_E_SYSTEM_FAILURE;
+	}
+
+	secretIDList.secIDList = malloc(128 * sizeof(SSCS_SH_SECRET_ID_T));
+	if (secretIDList.secIDList == NULL)
+	{
+		printf("Memory failure\r\n");
+		return;
+	}
+
+	// set size of buffer
+	secretIDList.enumHandle = 0;
+	secretIDList.returnedIDs = 128;
+
+	rcode = miCASAEnumerateSecretIDs(context, 
+										&kc,					//SSCS_KEYCHAIN_ID_T			*	keyChainID, 
+										0,						//uint32_t						ssFlags, 
+										NULL,					//SSCS_SRCH_KEY_T				*	searchKey, 
+										&secretIDList,			//SSCS_SH_SECRET_ID_LIST_T	*	secretIDList, 
+										NULL					//SSCS_EXT_T					*	ext
+									);
+
+	if (rcode)
+	{
+		printf("Enumerate secretIDs returned %x\r\n", rcode);
+	}
+	else
+	{
+		printf("Found %d credential sets\r\n", secretIDList.returnedIDs);
+		for (i=0; i<secretIDList.returnedIDs; i++)
+		{
+			printf("Deleting %s\r\n", secretIDList.secIDList[i].name);
+			//DisplaySecretEx(context, &kc, &secretIDList.secIDList[i]);
+			miCASARemoveSecret(context, &kc, 0, &secretIDList.secIDList[i], NULL, NULL);
 		}
 	}
 
@@ -431,7 +493,7 @@ int	main
 		return 0;
 	}
 	
-	while ((c = sss_GetOpt(argc, argv, "lLhHsSgGdDn=N=k=K=u=U=")) != -1)
+	while ((c = sss_GetOpt(argc, argv, "lLhHsSgGdDrRn=N=k=K=u=U=")) != -1)
 	{
 		//printf("processing arg \r\n");
 		switch(c)
@@ -440,6 +502,11 @@ int	main
 			case 'L':
 				iAction = LISTCREDS;
 				//ListCredentials();
+				break;
+
+			case 'r':
+			case 'R':
+				iAction = REMOVECREDS;
 				break;
 
 			case 's':
@@ -491,6 +558,7 @@ int	main
 				printf("      -s         Sets the key and value of the named credential\r\n");
 				printf("      -g         Gets and displays the keys and values of the named credential\r\n");
 				printf("      -d         Delete all keys and values of the named credential\r\n");
+				printf("      -r         Removes all credentials scoped for named UID, or UID of this process\r\n");
 				printf("\r\n");
 				printf("      -n [name]  Specify the credential name\r\n");
 				printf("      -k [key]   Specify the key name to set\r\n");
@@ -525,7 +593,9 @@ int	main
 	if (iAction > 0)
 	{
 		// check for cred name
-		if ((iAction != LISTCREDS) && (credName == NULL))
+		if ((iAction != LISTCREDS) 
+			&& (iAction != REMOVECREDS) 
+			&& (credName == NULL))
 		{
 			printf("No credential name entered\r\n");
 			exit(0);			
@@ -538,6 +608,10 @@ int	main
 				ListCredentials();
 				break;
 
+			case REMOVECREDS:
+				DeleteAllCredentials();
+				break;
+
 			case GETCRED:
 				{
 					printf("Getting %s\r\n", credName);