While I was deploying my application using serverless
npx serverless deploy
Error received
> Serverless Error ---------------------------------------- > > An error occurred: KeypairSecretRotationSchedule - Rotation is > blocked by pending secret version 2e0f7504-bc12-1234-3455-23f74aeabacf > not created by rotation. Remove the AWSPENDING staging label and > restart rotation. (Service: AWSSecretsManager; Status Code: 400; Error > Code: InvalidRequestException; Request ID: > adc85817-9744-4f94-9760-abf753205e92; Proxy: null).
so, I executed
D:\scripts>aws secretsmanager describe-secret --secret-id dev-rohit
Output received
{
"ARN": "arn:aws:secretsmanager:ap-southeast-1:123456789012:secret:dev-rohit-jwt",
"Name": "c2p-dev-rohit-jwt-keypair",
"RotationEnabled": false,
"RotationLambdaARN": "arn:aws:lambda:ap-southeast-1:123456789012:function:dev-rohit",
"RotationRules": {
"AutomaticallyAfterDays": 30
},
"LastRotatedDate": "2021-08-01T10:39:02.132000+05:30",
"LastChangedDate": "2021-09-16T11:52:07.427000+05:30",
"LastAccessedDate": "2021-09-16T05:30:00+05:30",
"VersionIdsToStages": {
"2e0f7504-bc12-1234-3455-23f74aeabacf": [
"bed7",
"AWSPENDING"
],
"4ca2e0e8-56f1-4d3d-a234-3987a6e1044f": [
"AWSPREVIOUS",
"bed5"
],
"afffc3ac-12b5-2348-3274-23ae068c3515": [
"bed6",
"AWSCURRENT"
]
},
"CreatedDate": "2021-03-02T10:35:55.015000+05:30"
}
How do I fix this issue? Can someone please help me? Will this rotation happen after sometime on its own or i have to do something for resolution?
D:\scripts>aws secretsmanager get-secret-value --secret-id dev-rohit-jwt --version-stage AWSPENDING
{ "ARN": "arn:aws:secretsmanager:ap-southeast-1:123456789012:secret:dev-rohit-jwt-keypair-BlGCxN", "Name": "dev-rohit-jwt", "VersionId": "2e0f7504-bc12-1234-3455-23f74aeabacf", "SecretString": "{"publicKey":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDZ3dhYmZQSmJHV3FSTXdqV05LNApyWUkrUG9DRGNHbWRsaDJicTUvbDNwV0FqUUE0SmF4ZURLbkVaWEpUc2VyOGlwMlNoRHpVbU5BR1llSUpXZitxClB5VlJlR2RMSUtiQmNGTlhSU3pRV3JzcUlkUmZwT2lsSUp4cUE1QPdk0wcmsKSTI0Y1lXN3IxVHBncGpldnNRSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=","privateKey":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUNkZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQW1Bd2dnSmNBZ0VBQW9HQkFLREJwdDg4bHNaYXBFek4KL05QOHRhTlkwcml0Z2o0K2dJTndhWjJXSFp1cm4rWGVsWUNOQURnbHJGNE1xY1JsY2xPeDZ2eUtuWktFUE5TWQowQVpoNGdsWi82by9KVkY0WjBzZ3BzRndVMWRGTE5CYXV5b2gxRitrNktVZ25Hb0RrSCtiZ3EvRXJBd3RtMUtjCmYyeWowNjh6U3VRamJoeGhidXZWT21DbU42K3hBZ01CQUFFQ2dZQm1hQmE2dlNrN2dNQ0xvT2svemd1VDNHQ1kKZndlcVNUeXEvckI1VUFqYWd6RmdTVFFwNlNqTG04dzdPWXZvYmN1djMzWlhuS0lXbFNEL09iM0RZeFdQWndyZApETE5CaWhCUHl4QURzMGxWaVZoNUd1WUpOdHdMOVZXWXZ4WVAvMFM1Y2xTYVJIbWtteWlrbXNISDI3WHF1cXRBCkF2M1ZNcVJOYVp2MTN2dUM5UUpCQU13R2FHR3RucktkZHgwbnNKL3dGbXBHdkdpaGNWaHVpSmkzOGRSSS9ZY0gKQ2hmVzlteDNMK0lhVTVtc1dyMzuTEhQRXlqVjVIckp4QWtFQXE5d2lPOG9FCnJsRXBMWU5DUDBSQWUvSXdUdkZLbVdrYm44Y3k4MWlIUHZ0Q0R0KzhLV2N6STdCQTZRV2tMd0NNQ0pOY2tDdlMKZG5QSzExQmNoZ3FXZHc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg=="}", "VersionStages": [ "kid7", "AWSPENDING" ], "CreatedDate": "2021-08-31T15:38:01.597000+05:30" }
D:\scripts>aws secretsmanager update-secret-version-stage --secret-id dev-rohit-jwt --version-stage AWSPENDING --remove-from-version-id 2e0f7504-bc12-1234-3455-23f74aeabacf
{ "ARN": "arn:aws:secretsmanager:ap-southeast-1:123456789012:secret:dev-rohit-jwt-keypair-BlGCxN", "Name": "dev-rohit-jwt" }
Now to test if secret key with AWSPENDING is deleted or not
D:\scripts>aws secretsmanager get-secret-value --secret-id dev-rohit-jwt --version-stage AWSPENDING
An error occurred (ResourceNotFoundException) when calling the GetSecretValue operation: Secrets Manager can't find the specified secret value for staging label: AWSPENDING
Now try deployment again and it should work fine.
Special Thanks @Shimo for guidance. Refer to answer by @committedandroider answer for more explanation AWS secrets manager, 'A previous rotation isn’t complete' when rotating secrets