How can I immediately delete a Secrets Manager secret so that I can create a new secret with the same name?
Last updated: 2022-07-19
I deleted an AWS Secrets Manager secret. Then I tried to recreate the secret using the same name. However, I received an error similar to the following:
"You can't create this secret because a secret with this name is already scheduled for deletion"
When you delete a secret, Secrets Manager doesn't immediately delete the secret. Secrets Manager schedules the secret for deletion after a recovery window of a minimum of seven days. This means that you can't recreate a secret using the same name using the AWS Management Console until the recovery window ends. You can permanently delete a secret without any recovery window using the AWS Command Line Interface (AWS CLI). For more information, see Delete a secret.
- If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.
- Secrets deleted using the ForceDeleteWithoutRecovery parameter can't be recovered or restored.
Use the AWS Secrets Manager console to get the deleted Secrets Manager secret ID
Note: You can skip this step if you already know the deleted secret's ID.
- Open the Secrets Manager console.
- In the navigation pane, choose Secrets.
- Choose the settings icon, and then in Preferences, select Show secrets scheduled for deletion.
- In Visible columns, turn on the Deleted on toggle switch, and then choose Save.
- In the Secrets pane, note the Secret name and Deleted on fields to locate the deleted secret ID.
- In Secret name, choose your secret.
- In Secrets detail, copy the Secret name.
Use the AWS CLI to permanently delete the secret
In this example, replace your-secret-name with your Secrets Manager secret ID or ARN, and your-region with your AWS Region.
aws secretsmanager delete-secret --secret-id your-secret-name --force-delete-without-recovery --region your-region
Run the DescribeSecret API call to verify that the secret is permanently deleted.
Note: The deletion is an asynchronous process. There might be a short delay.
aws secretsmanager describe-secret --secret-id your-secret-name --region your-region
You receive an error similar to the following:
An error occurred (ResourceNotFoundException) when calling the DescribeSecret operation: Secrets Manager can't find the specified secret.
This error means that the secret is successfully deleted.