Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
How do I immediately delete a Secrets Manager secret so that I can create a new secret with the same name?
I deleted an AWS Secrets Manager secret. When I try to create a new secret with the same name, I get the following error: "You can't create this secret because a secret with this name is already scheduled for deletion."
Short description
When you delete a secret, Secrets Manager schedules the secret for deletion after a recovery window with a minimum of seven days. You can't create a secret with the previously used name on the Secrets Manager console until the recovery window ends. To immediately delete a secret without the recovery window, use the AWS Command Line Interface (AWS CLI). For more information, see Delete an AWS Secrets Manager secret.
Resolution
Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
To delete the secret permanently without any recovery window, run the DeleteSecret API call with the ForceDeleteWithoutRecovery parameter.
Important: When you use the ForceDeleteWithoutRecovery parameter, the secret can't be recovered or restored.
To get the deleted Secrets Manager secret ID, use the AWS Secrets Manager console
Note: If you know the deleted secret's ID, then skip this step.
- Open the Secrets Manager console.
- In the navigation pane, choose Secrets.
- Choose the Settings icon. Then, in Preferences, select Show secrets scheduled for deletion.
- In Visible columns, turn on the Deleted on toggle switch. Then, choose Save.
- In the Secrets pane, note the Secret name and Deleted on fields to locate the deleted secret ID.
- In Secret name, choose your secret.
- In Secrets detail, copy the Secret name.
Use the AWS CLI to permanently delete the secret
Replace your-secret-name with your Secrets Manager secret ID and your-region with your AWS Region:
aws secretsmanager delete-secret --secret-id your-secret-name --force-delete-without-recovery --region your-region
To verify that you permanently deleted the secret, run the DescribeSecret API call:
aws secretsmanager describe-secret --secret-id your-secret-name --region your-region
Note: The deletion has a short time delay.
When you delete the secret, you receive the following error:
An error occurred (ResourceNotFoundException) when calling the DescribeSecret operation: Secrets Manager can't find the specified secret.
Related information
We have a new redshift serverless cluster that created secrets for it's admin account. We deleted the cluster and it's supposed to take it's secrets with it but it did not.
When I try to delete the secret with this CLI command I get this error:
❯ aws secretsmanager delete-secret --secret-id 'arn:aws:secretsmanager:us-west-1:111111111111:secret:redshift!test-admin-sdxvUc' --force-delete-without-recovery --region us-west-1
An error occurred (InvalidRequestException) when calling the DeleteSecret operation: Operation is not allowed on secret owned by redshift
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked a month ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 years ago
