AWS Secrets Manager

2018/08/08 - AWS Secrets Manager - 1 updated api methods

Changes  Update secretsmanager client to latest version

DeleteSecret (updated) Link ΒΆ
Changes (request) 
{'ForceDeleteWithoutRecovery': 'boolean'}

Deletes an entire secret and all of its versions. You can optionally include a recovery window during which you can restore the secret. If you don't specify a recovery window value, the operation defaults to 30 days. Secrets Manager attaches a DeletionDate stamp to the secret that specifies the end of the recovery window. At the end of the recovery window, Secrets Manager deletes the secret permanently.

At any time before recovery window ends, you can use RestoreSecret to remove the DeletionDate and cancel the deletion of the secret.

You cannot access the encrypted secret information in any secret that is scheduled for deletion. If you need to access that information, you must cancel the deletion with RestoreSecret and then retrieve the information.

Minimum permissions

To run this command, you must have the following permissions:

  • secretsmanager:DeleteSecret

Related operations

  • To create a secret, use CreateSecret.

  • To cancel deletion of a version of a secret before the recovery window has expired, use RestoreSecret.

See also: AWS API Documentation

Request Syntax

client.delete_secret(
    SecretId='string',
    RecoveryWindowInDays=123,
    ForceDeleteWithoutRecovery=True|False
)
type SecretId:

string

param SecretId:

[REQUIRED]

Specifies the secret that you want to delete. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.

type RecoveryWindowInDays:

integer

param RecoveryWindowInDays:

(Optional) Specifies the number of days that Secrets Manager waits before it can delete the secret.

This value can range from 7 to 30 days. The default value is 30.

type ForceDeleteWithoutRecovery:

boolean

param ForceDeleteWithoutRecovery:

(Optional) Specifies that the secret is to be deleted immediately without any recovery window. You cannot use both this parameter and the RecoveryWindowInDays parameter in the same API call.

An asynchronous background process performs the actual deletion, so there can be a short delay before the operation completes. If you write code to delete and then immediately recreate a secret with the same name, ensure that your code includes appropriate back off and retry logic.

rtype:

dict

returns:

Response Syntax

{
    'ARN': 'string',
    'Name': 'string',
    'DeletionDate': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • ARN (string) --

      The ARN of the secret that is now scheduled for deletion.

    • Name (string) --

      The friendly name of the secret that is now scheduled for deletion.

    • DeletionDate (datetime) --

      The date and time after which this secret can be deleted by Secrets Manager and can no longer be restored. This value is the date and time of the delete request plus the number of days specified in RecoveryWindowInDays.