How can I immediately delete a Secrets Manager secret so that I can create a new secret with the same name?

Last updated: 2020-04-28

I deleted an AWS Secrets Manager secret. Then I tried to recreate the secret using the same name. However, I received the error "You can't create this secret because a secret with this name is already scheduled for deletion"

Short Description

When you delete a secret, Secrets Manager deprecates it with a seven-day recovery window. This means that you can't recreate a secret using the same name using the AWS Management Console until seven days have passed. You can permanently delete a secret without any recover window using the AWS Command Line Interface (AWS CLI). For more information, see Deleting and Restoring a Secret.

Resolution

Run the DeleteSecret API call with the ForceDeleteWithoutRecovery parameter to delete the secret permanently.

Notes:

  • Before you begin, be sure that you installed and configured the AWS CLI.
  • Secrets deleted using the ForceDeleteWithoutRecovery parameter can't be recovered or restored.

In this example, replace your-secret with your Secrets Manager secret ID and your-region with your AWS Region.

aws secretsmanager delete-secret --secret-id your-secret --force-delete-without-recovery --region your-region

Run the DescribeSecret API call to verify that the secret is permanently deleted.

Note: The deletion is an asynchronous process. There might be a short delay.  

aws secretsmanager describe-secret --secret-id your-secret --region your-region

You receive an error similar to the following:

An error occurred (ResourceNotFoundException) when calling the DescribeSecret operation: Secrets Manager can't find the specified secret.

This error means that the secret is successfully deleted.  


Did this article help you?

Anything we could improve?


Need more help?