Force Deleting AWS Secrets

If you were to log into AWS and try to delete a Secrets Manager secret, you will be told that the secret will not be removed straight away. Instead, you’ll be asked to specify a “recovery window” in which the deleted secret can be recovered. The shortest recovery window you can specify is 7 days. Until that time, you cannot use this secret at all: cannot read it, cannot modify it. Nothing.

I complained about this before, and without thinking too much about it, I thought it was just an immutable rule of AWS (it wouldn’t be the only one). But a colleague of mine pointed out to me that it is possible to remove a secret immediately, using the AWS CLI tool.

The way to do so is with the the --force-delete-without-recovery flag:

aws secretsmanager delete-secret --force-delete-without-recovery …

This is really good to know for next time I need to do this.