Rotate an AWS Secrets Manager secret immediately
You can only rotate a secret that has rotation configured.
To determine whether a secret has been configured for rotation, in the console, view the secret and
scroll down to the Rotation configuration section. If Rotation status
is Enabled, then the secret is configured for rotation. Or in the AWS CLI, call describe-secret
.
If the response has a RotationLambdaARN
and RotationRules
, then the secret
is configured for rotation. If not, you can set up automatic rotation:
To rotate a secret immediately (console)
Open the Secrets Manager console at https://console.aws.amazon.com/secretsmanager/
. -
Choose your secret.
-
On the secret details page, under Rotation configuration, choose Rotate secret immediately.
-
In the Rotate secret dialog box, choose Rotate.
AWS CLI
Example Rotate a secret immediately
The following rotate-secret
example starts an immediate rotation. The output shows the VersionId of the new secret version created by rotation. The secret must already have rotation configured.
aws secretsmanager rotate-secret \ --secret-id MyTestSecret