diff --git a/proto/common/v1/common.proto b/proto/common/v1/common.proto
index 645971e..dac9d31 100644
--- a/proto/common/v1/common.proto
+++ b/proto/common/v1/common.proto
@@ -18,7 +18,7 @@ syntax = "proto3";
 package common;
 
 import "google/protobuf/timestamp.proto";
-import "storage/datapol/annotations/proto/semantic_annotations.proto";
+
 
 option go_package = "github.com/GoogleCloudPlatform/healthcare-federated-access-services/proto/common/v1";
 
@@ -149,8 +149,8 @@ message CliState {
   bytes encrypted_secret = 9;
   bytes encrypted_code = 10;
   string secret = 11;
-  string access_token = 12 [(datapol.semantic_type) = ST_ACCOUNT_CREDENTIAL];
-  string refresh_token = 13 [(datapol.semantic_type) = ST_ACCOUNT_CREDENTIAL];
+  string access_token = 12;
+  string refresh_token = 13;
   string state = 14;
   google.protobuf.Timestamp accepted_at = 15;
   map<string, string> user_profile = 16;
diff --git a/proto/common/v1/oauthclient.proto b/proto/common/v1/oauthclient.proto
index 9f9c6d2..88dffb8 100644
--- a/proto/common/v1/oauthclient.proto
+++ b/proto/common/v1/oauthclient.proto
@@ -17,7 +17,7 @@ syntax = "proto3";
 package common;
 
 import "google/rpc/status.proto";
-import "storage/datapol/annotations/proto/semantic_annotations.proto";
+
 
 option go_package = "github.com/GoogleCloudPlatform/healthcare-federated-access-services/proto/common/v1";
 
diff --git a/proto/dam/v1/dam_secrets.proto b/proto/dam/v1/dam_secrets.proto
index e2aca6d..0ffc40b 100644
--- a/proto/dam/v1/dam_secrets.proto
+++ b/proto/dam/v1/dam_secrets.proto
@@ -18,7 +18,7 @@ syntax = "proto3";
 // end points to receive requests and returns responses using these messages.
 package dam.v1;
 
-import "storage/datapol/annotations/proto/semantic_annotations.proto";
+
 
 option go_package = "github.com/GoogleCloudPlatform/healthcare-federated-access-services/proto/dam/v1";
 
@@ -32,7 +32,7 @@ message DamSecrets {
   map<string, string> public_token_keys = 5 [deprecated = true];
 
   message GatekeeperTokenKeys {
-    string private_key = 1 [(datapol.semantic_type) = ST_SECURITY_MATERIAL];
+    string private_key = 1;
     string public_key = 2;
   }
   GatekeeperTokenKeys gatekeeper_token_keys = 6 [deprecated = true];
diff --git a/proto/dam/v1/dam_service.proto b/proto/dam/v1/dam_service.proto
index a0b1f7c..fa612eb 100644
--- a/proto/dam/v1/dam_service.proto
+++ b/proto/dam/v1/dam_service.proto
@@ -18,7 +18,7 @@ syntax = "proto3";
 // end points to receive requests and returns responses using these messages.
 package dam.v1;
 
-import "storage/datapol/annotations/proto/semantic_annotations.proto";
+
 import "proto/common/v1/common.proto"; /* copybara-comment */
 import "proto/common/v1/oauthclient.proto"; /* copybara-comment */
 import "proto/process/v1/process.proto"; /* copybara-comment */
@@ -383,7 +383,7 @@ message ConfigViewRequest {
 message ConfigTrustedIssuerRequest {
   TrustedIssuer item = 1;
   // client_secret is write only field.
-  string client_secret = 3 [(datapol.semantic_type) = ST_SECURITY_MATERIAL];
+  string client_secret = 3;
   ConfigModification modification = 2;
 }
 
diff --git a/proto/ic/v1/ic_service.proto b/proto/ic/v1/ic_service.proto
index cd26a5c..736cd4a 100644
--- a/proto/ic/v1/ic_service.proto
+++ b/proto/ic/v1/ic_service.proto
@@ -18,7 +18,7 @@ syntax = "proto3";
 // end points to receive requests and returns responses using these messages.
 package ic.v1;
 
-import "storage/datapol/annotations/proto/semantic_annotations.proto";
+
 import "proto/common/v1/account.proto"; /* copybara-comment */
 import "proto/common/v1/common.proto"; /* copybara-comment */
 import "proto/common/v1/oauthclient.proto"; /* copybara-comment */
@@ -58,7 +58,7 @@ message IcSecrets {
   map<string, string> id_provider_secrets = 5;
 
   message TokenKeys {
-    string private_key = 1 [(datapol.semantic_type) = ST_SECURITY_MATERIAL];
+    string private_key = 1;
     string public_key = 2;
   }
   map<string, TokenKeys> token_keys = 6;
@@ -111,7 +111,7 @@ message ConfigResponse {}
 
 message ConfigIdentityProviderRequest {
   common.IdentityProvider item = 1;
-  string client_secret = 3 [(datapol.semantic_type) = ST_SECURITY_MATERIAL];
+  string client_secret = 3;
   ConfigModification modification = 2;
 }
 
diff --git a/proto/scim/v2/users.proto b/proto/scim/v2/users.proto
index b560f5a..bf6cad9 100644
--- a/proto/scim/v2/users.proto
+++ b/proto/scim/v2/users.proto
@@ -21,7 +21,7 @@ syntax = "proto3";
 // Protocol: https://tools.ietf.org/html/rfc7644
 package scim.v2;
 
-import "storage/datapol/annotations/proto/semantic_annotations.proto";
+
 
 option go_package = "github.com/GoogleCloudPlatform/healthcare-federated-access-services/proto/scim/v2";
 
@@ -149,7 +149,7 @@ message User {
   bool active = 15;
 
   // UNUSED but present for completeness.
-  string password = 16 [(datapol.semantic_type) = ST_ACCOUNT_CREDENTIAL];
+  string password = 16;
 
   // E-mail addresses for the User. The value SHOULD be canonicalized by the
   // Service Provider, e.g. bjensen@example.com instead of bjensen@EXAMPLE.COM.