Restore a secret - AWS Secrets Manager

Restore a secret

Secrets Manager considers a secret scheduled for deletion deprecated and you can no longer directly access it. After the recovery window has passed, Secrets Manager deletes the secret permanently. Once Secrets Manager deletes the secret, you can't recover it. Before the end of the recovery window, you can recover the secret and make it accessible again. This removes the DeletionDate field, which cancels the scheduled permanent deletion.

To restore a secret and the metadata in the console, you must have secretsmanager:ListSecrets and secretsmanager:RestoreSecret permissions.

To restore a secret (console)

  1. Open the Secrets Manager console at https://console.aws.amazon.com/secretsmanager/.

  2. In the list of secrets, choose the secret you want to restore.

    If deleted secrets don't appear in your list of secrets, choose Preferences ( ). In the Preferences dialog box, select Show disabled secrets, and then choose Save

  3. On the Secret details page, choose Cancel deletion.

  4. In the Cancel secret deletion dialog box, choose Cancel deletion.

AWS CLI

You can use the restore-secret command to retrieve a secret stored in Secrets Manager.

The following example restores a previously deleted secret named "MyTestDatabase". This cancels the scheduled deletion and restores access to the secret.

$ aws secretsmanager restore-secret --secret-id development/MyTestDatabase { "ARN": "arn:aws:secretsmanager:us-east-2:111122223333:secret:development/MyTestDatabase-AbCdEf", "Name": "development/MyTestDatabase" }

AWS SDK

To restore a secret marked for deletion, use the RestoreSecret command. For more information, see AWS SDKs.