Este contenido no está disponible en el idioma seleccionado

Trabajamos constantemente para que el contenido esté disponible en el idioma seleccionado. Gracias por tu paciencia.

How can I immediately delete a Secrets Manager secret so that I can create a new secret with the same name?

3 minutos de lectura

I deleted an AWS Secrets Manager secret. Then I tried to recreate the secret using the same name. However, I received an error similar to the following: "You can't create this secret because a secret with this name is already scheduled for deletion"

Short description

When you delete a secret, Secrets Manager doesn't immediately delete the secret. Secrets Manager schedules the secret for deletion after a recovery window of a minimum of seven days. This means that you can't recreate a secret using the same name using the AWS Management Console until the recovery window ends. You can permanently delete a secret without any recovery window using the AWS Command Line Interface (AWS CLI). For more information, see Delete a secret.

Resolution

Run the DeleteSecret API call with the ForceDeleteWithoutRecovery parameter to delete the secret permanently.

Notes:

If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.
Secrets deleted using the ForceDeleteWithoutRecovery parameter can't be recovered or restored.

Use the AWS Secrets Manager console to get the deleted Secrets Manager secret ID

Note: You can skip this step if you already know the deleted secret's ID.

Open the Secrets Manager console.
In the navigation pane, choose Secrets.
Choose the settings icon, and then in Preferences, select Show secrets scheduled for deletion.
In Visible columns, turn on the Deleted on toggle switch, and then choose Save.
In the Secrets pane, note the Secret name and Deleted on fields to locate the deleted secret ID.
In Secret name, choose your secret.
In Secrets detail, copy the Secret name.

Use the AWS CLI to permanently delete the secret

In this example, replace your-secret-name with your Secrets Manager secret ID or ARN, and your-region with your AWS Region.

aws secretsmanager delete-secret --secret-id your-secret-name --force-delete-without-recovery --region your-region

Run the DescribeSecret API call to verify that the secret is permanently deleted.

Note: The deletion is an asynchronous process. There might be a short delay.

aws secretsmanager describe-secret --secret-id your-secret-name --region your-region

You receive an error similar to the following:

An error occurred (ResourceNotFoundException) when calling the DescribeSecret operation: Secrets Manager can't find the specified secret.

This error means that the secret is successfully deleted.

Related information

delete-secret

Temas

Seguridad, identidad y cumplimiento

Etiquetas

AWS Secrets Manager

Idioma

English

Vídeos relacionados

Watch Taiye's video to learn more (3:03)

OFICIAL DE AWSActualizada hace 10 meses

Sin comentarios

Contenido relevante

Mi función de rotación de Lambda llamó a una segunda función para rotar un secreto de Secrets Manager, pero se produjo un error. ¿Por qué se ha producido un error en la segunda función Lambda?
OFICIAL DE AWSActualizada hace 2 meses
¿Por qué al actualizar un secreto en Secrets Manager no se actualiza automáticamente el secreto en AWS CloudFormation?
OFICIAL DE AWSActualizada hace un año
¿Cómo soluciono el error “error pulling image configuration: toomanyrequests” (Error al extraer la configuración de imagen: demasiadas solicitudes) cuando utilizo imágenes de Docker en AWS CodeBuild?
OFICIAL DE AWSActualizada hace 2 meses
¿Cómo soluciono los problemas relacionados con los secretos de AWS Secrets Manager en Amazon ECS?
OFICIAL DE AWSActualizada hace un año