# Protecting Precious Entities

ConfigHub makes operations, including [bulk operations](../background/concepts/bulk-operations.md), pretty easy to perform.

This reduces friction in typical cases, but also makes it easy to delete [units](../background/entities/unit.md) and [spaces](../background/entities/space.md) corresponding to production infrastructure.

To prevent accidental deletion or destruction, ConfigHub supports [delete and destroy gates](../background/concepts/gates.md).

You can add delete and/or destroy gates when creating entities and with update.

For example, to add delete and destroy gates to a `database` unit with the CLI, you can do:

```
cub unit update --patch --delete-gate critical --destroy-gate critical --space prod database
```

You'll also want to protect spaces that are in use:

```
cub space update --patch --delete-gate used-until-dec25 kubecon25-demo
```

The string specified as the gate has the same restrictions as label keys: alphanumeric plus `-`, `_`, and `.`. It's useful to provide information regarding the purpose of the gate and/or why/when the entity is needed.

To remove a gate, use `-`:

```
cub space update --patch --delete-gate used-until-dec25=- kubecon25-demo
cub space delete --recursive kubecon25-demo
```