deleteSecret method
Deletes an entire secret and all of its versions. You can optionally
include a recovery window during which you can restore the secret. If you
don't specify a recovery window value, the operation defaults to 30 days.
Secrets Manager attaches a DeletionDate stamp to the secret
that specifies the end of the recovery window. At the end of the recovery
window, Secrets Manager deletes the secret permanently.
At any time before recovery window ends, you can use RestoreSecret
to remove the DeletionDate and cancel the deletion of the
secret.
You cannot access the encrypted secret information in any secret that is scheduled for deletion. If you need to access that information, you must cancel the deletion with RestoreSecret and then retrieve the information.
-
There is no explicit operation to delete a version of a secret. Instead,
remove all staging labels from the
VersionStagefield of a version. That marks the version as deprecated and allows Secrets Manager to delete it as needed. Versions that do not have any staging labels do not show up in ListSecretVersionIds unless you specifyIncludeDeprecated. - The permanent secret deletion at the end of the waiting period is performed as a background task with low priority. There is no guarantee of a specific time after the recovery window for the actual delete operation to occur.
To run this command, you must have the following permissions:
- secretsmanager:DeleteSecret
- To create a secret, use CreateSecret.
- To cancel deletion of a version of a secret before the recovery window has expired, use RestoreSecret.
May throw ResourceNotFoundException. May throw InvalidParameterException. May throw InvalidRequestException. May throw InternalServiceError.
Parameter secretId :
Specifies the secret that you want to delete. You can specify either the
Amazon Resource Name (ARN) or the friendly name of the secret.
If you specify an incomplete ARN without the random suffix, and instead provide the 'friendly name', you must not include the random suffix. If you do include the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException or an AccessDeniedException error, depending on your permissions.
Parameter forceDeleteWithoutRecovery :
(Optional) Specifies that the secret is to be deleted without any recovery
window. You can't use both this parameter and the
RecoveryWindowInDays parameter in the same API call.
An asynchronous background process performs the actual deletion, so there can be a short delay before the operation completes. If you write code to delete and then immediately recreate a secret with the same name, ensure that your code includes appropriate back off and retry logic.
Parameter recoveryWindowInDays :
(Optional) Specifies the number of days that Secrets Manager waits before
it can delete the secret. You can't use both this parameter and the
ForceDeleteWithoutRecovery parameter in the same API call.
This value can range from 7 to 30 days. The default value is 30.
Implementation
Future<DeleteSecretResponse> deleteSecret({
required String secretId,
bool? forceDeleteWithoutRecovery,
int? recoveryWindowInDays,
}) async {
ArgumentError.checkNotNull(secretId, 'secretId');
_s.validateStringLength(
'secretId',
secretId,
1,
2048,
isRequired: true,
);
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'secretsmanager.DeleteSecret'
};
final jsonResponse = await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'SecretId': secretId,
if (forceDeleteWithoutRecovery != null)
'ForceDeleteWithoutRecovery': forceDeleteWithoutRecovery,
if (recoveryWindowInDays != null)
'RecoveryWindowInDays': recoveryWindowInDays,
},
);
return DeleteSecretResponse.fromJson(jsonResponse.body);
}