Disables automatic scheduled rotation and cancels the rotation of a secret if one is currently in progress.
To re-enable scheduled rotation, call
RotateSecret with
AutomaticallyRotateAfterDays set to a value greater than 0. This will immediately rotate your secret and then enable the automatic schedule.
If you cancel a rotation that is in progress, it can leave the
VersionStage labels in an unexpected state. Depending on what step of the rotation was in progress, you might need to remove the staging label
AWSPENDING from the partially created version, specified by the
VersionId response value. You should also evaluate the partially rotated new version to see if it should be deleted, which you can do by removing all staging labels from the new version's
VersionStage field.
To successfully start a rotation, the staging label
AWSPENDING must be in one of the following states:
- Not be attached to any version at all
- Attached to the same version as the staging label
AWSCURRENT
If the staging label
AWSPENDING is attached to a different version than the version with
AWSCURRENT then the attempt to rotate fails.
Minimum permissions To run this command, you must have the following permissions:
- secretsmanager:CancelRotateSecret
Related operations- To configure rotation for a secret or to manually trigger a rotation, use RotateSecret.
- To get the rotation configuration details for a secret, use DescribeSecret.
- To list all of the currently available secrets, use ListSecrets.
- To list all of the versions currently associated with a secret, use ListSecretVersionIds.
