diff --git a/.changelog/6888.txt b/.changelog/6888.txt
new file mode 100644
index 00000000000..1cfa1cadb90
--- /dev/null
+++ b/.changelog/6888.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+kms: fixed issues with deleting crypto key versions in states other than ENABLED
+```
diff --git a/google/kms_utils.go b/google/kms_utils.go
index c7526ad53d7..a7ccbe66bb4 100644
--- a/google/kms_utils.go
+++ b/google/kms_utils.go
@@ -221,7 +221,7 @@ func clearCryptoKeyVersions(cryptoKeyId *kmsCryptoKeyId, userAgent string, confi
 
 	for _, version := range versionsResponse.CryptoKeyVersions {
 		// skip the versions that have been destroyed earlier
-		if version.State == "ENABLED" {
+		if version.State != "DESTROYED" && version.State != "DESTROY_SCHEDULED" {
 			request := &cloudkms.DestroyCryptoKeyVersionRequest{}
 			destroyCall := versionsClient.Destroy(version.Name, request)
 			if config.UserProjectOverride {