diff --git a/api/ssh.go b/api/ssh.go
index 3fa8a28c07..7c572445cc 100644
--- a/api/ssh.go
+++ b/api/ssh.go
@@ -15,6 +15,16 @@ func (c *Client) SSH() *SSH {
 	return &SSH{c: c}
 }
 
+// Invokes the SSH backend API to revoke a key identified by its lease ID.
+func (c *SSH) KeyRevoke(id string) error {
+	r := c.c.NewRequest("PUT", "/v1/sys/revoke/"+id)
+	resp, err := c.c.RawRequest(r)
+	if err == nil {
+		defer resp.Body.Close()
+	}
+	return err
+}
+
 // Invokes the SSH backend API to create a dynamic key
 func (c *SSH) KeyCreate(role string, data map[string]interface{}) (*Secret, error) {
 	r := c.c.NewRequest("PUT", fmt.Sprintf("/v1/ssh/creds/%s", role))
diff --git a/command/ssh.go b/command/ssh.go
index 81960417f5..e4232f67e8 100644
--- a/command/ssh.go
+++ b/command/ssh.go
@@ -80,7 +80,12 @@ func (c *SSHCommand) Run(args []string) int {
 
 	err = os.Remove(sshDynamicKeyFileName)
 	if err != nil {
-		c.Ui.Error(fmt.Sprintf("Error deleting temporary file:%s", sshDynamicKeyFileName))
+		c.Ui.Error("Error cleaning up") // Intentionally not mentioning the exact error
+	}
+
+	err = client.SSH().KeyRevoke(keySecret.LeaseID)
+	if err != nil {
+		c.Ui.Error("Error cleaning up") // Intentionally not mentioning the exact error
 	}
 
 	return 0