Restore an Amazon Secrets Manager secret - Amazon Secrets Manager
Amazon CLIAmazon SDK
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Restore an Amazon Secrets Manager secret

Secrets Manager considers a secret scheduled for deletion deprecated and you can no longer directly access it. After the recovery window has passed, Secrets Manager deletes the secret permanently. Once Secrets Manager deletes the secret, you can't recover it. Before the end of the recovery window, you can recover the secret and make it accessible again. This removes the DeletionDate field, which cancels the scheduled permanent deletion.

To restore a secret and the metadata in the console, you must have secretsmanager:ListSecrets and secretsmanager:RestoreSecret permissions.

Secrets Manager generates a CloudTrail log entry when you restore a secret. For more information, see Log Amazon Secrets Manager events with Amazon CloudTrail.

To restore a secret (console)

  1. Open the Secrets Manager console at https://console.amazonaws.cn/secretsmanager/.

  2. In the list of secrets, choose the secret you want to restore.

    If deleted secrets don't appear in your list of secrets, choose Preferences ( ). In the Preferences dialog box, select Show secrets scheduled for deletion, and then choose Save.

  3. On the Secret details page, choose Cancel deletion.

  4. In the Cancel secret deletion dialog box, choose Cancel deletion.

Amazon CLI

Example Restore a previously deleted secret

The following restore-secret example restores a secret that was previously scheduled for deletion.

aws secretsmanager restore-secret \
    --secret-id MyTestSecret

Amazon SDK

To restore a secret marked for deletion, use the RestoreSecret command. For more information, see Amazon SDKs.