I am relatively new to the AWS cli, and am very new to LocalStack. I recently created a new secret on my local Docker-hosted LocalStack instance via the cli (awslocal secretsmanager create-secret ....).
(awslocal is a part of the localstack/awscli-local project described here).
Afterwards I realized that I needed to delete this secret. So I ran awslocal secretsmanager delete-secret <secret_id>. I did not realize that this merely schedules a secret for deletion asynchrously and does not instantly purge it from Secrets Manager.
A little research told me that I could fix this by re-running delete-secret with the --force-delete-without recovery doesn't work flag. This StackOverflow post assured me that this would work even if my secret had already been scheduled for deletion.
However, it did not work. Instead, I received the following error:
An error occurred (InvalidRequestException) when calling the DeleteSecret operation: 400 Bad Request: {"__type": "InvalidRequestException", "message": "An error occurred (InvalidRequestException) when calling the DeleteSecret operation: You tried to perform the operation on a secret that's currently marked deleted."}
My version of awslocal (on Windows 11) is aws-cli/2.2.47 Python/3.8.8 Windows/10 exe/ prompt/off
Why is this not working?
Please have a look at the AWS secretsmanager documentation. You will need to restore the secret before you can modify it again.
Here is a simple PowerShell code that shows the whole cycle:
$secretName = "test"
# Create the secret
$secretArn = awslocal secretsmanager create-secret --name $secretName --query ARN --output text
Write-Host "Secret created with ARN: $secretArn"
# Delete the secret without the force-delete-without-recovery flag
Write-Host "Secret deleted without the force-delete-without-recovery flag"
awslocal secretsmanager delete-secret --secret-id $secretArn
# List the secrets
Write-Host "Secrets listed"
awslocal secretsmanager list-secrets
# Restore the secret
Write-Host "Secret restored:"
awslocal secretsmanager restore-secret --secret-id $secretArn
# delete the secret with the force-delete-without-recovery flag
Write-Host "Secret deleted with the force-delete-without-recovery flag"
awslocal secretsmanager delete-secret --secret-id $secretArn --force-delete-without-recovery
# List the secrets to confirm the deletion
awslocal secretsmanager list-secrets