diff --git a/CryptCommandListener.cpp b/CryptCommandListener.cpp
index e4a2d3a..094a474 100644
--- a/CryptCommandListener.cpp
+++ b/CryptCommandListener.cpp
@@ -414,6 +414,11 @@ int CryptCommandListener::CryptfsCmd::runCommand(SocketClient *cli,
         return sendGenericOkFailOnBool(cli,
                 e4crypt_destroy_user_storage(parseNull(argv[2]), atoi(argv[3]), atoi(argv[4])));
 
+    } else if (subcommand == "secdiscard") {
+        if (!check_argc(cli, subcommand, argc, 3, "<path>")) return 0;
+        return sendGenericOkFailOnBool(cli,
+                e4crypt_secdiscard(parseNull(argv[2])));
+
     } else {
         dumpArgs(argc, argv, -1);
         cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs subcommand", false);
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index e40593e..b41e09c 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -830,3 +830,7 @@ bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int
 
     return res;
 }
+
+bool e4crypt_secdiscard(const char* path) {
+    return android::vold::runSecdiscardSingle(std::string(path));
+}
diff --git a/Ext4Crypt.h b/Ext4Crypt.h
index 2dcc197..e90167b 100644
--- a/Ext4Crypt.h
+++ b/Ext4Crypt.h
@@ -38,4 +38,5 @@ bool e4crypt_lock_user_key(userid_t user_id);
 bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int serial, int flags);
 bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int flags);
 
+bool e4crypt_secdiscard(const char* path);
 __END_DECLS
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 34dd6c0..a36ac6a 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -489,6 +489,16 @@ static bool runSecdiscard(const std::string& dir) {
     return true;
 }
 
+bool runSecdiscardSingle(const std::string& file) {
+    if (ForkExecvp(
+            std::vector<std::string>{kSecdiscardPath, "--",
+                file}) != 0) {
+        LOG(ERROR) << "secdiscard failed";
+        return false;
+    }
+    return true;
+}
+
 static bool recursiveDeleteKey(const std::string& dir) {
     if (ForkExecvp(std::vector<std::string>{kRmPath, "-rf", dir}) != 0) {
         LOG(ERROR) << "recursive delete failed";
diff --git a/KeyStorage.h b/KeyStorage.h
index 65458d4..bce6a99 100644
--- a/KeyStorage.h
+++ b/KeyStorage.h
@@ -51,6 +51,7 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, std::str
 // Securely destroy the key stored in the named directory and delete the directory.
 bool destroyKey(const std::string& dir);
 
+bool runSecdiscardSingle(const std::string& file);
 }  // namespace vold
 }  // namespace android