Copyright	(c) 2013-2021 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None

Amazonka.SecretsManager.DeleteSecret

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Deletes an entire secret and all of the versions. You can optionally include a recovery window during which you can restore the secret. If you don't specify a recovery window value, the operation defaults to 30 days. Secrets Manager attaches a DeletionDate stamp to the secret that specifies the end of the recovery window. At the end of the recovery window, Secrets Manager deletes the secret permanently.

At any time before recovery window ends, you can use RestoreSecret to remove the DeletionDate and cancel the deletion of the secret.

You cannot access the encrypted secret information in any secret scheduled for deletion. If you need to access that information, you must cancel the deletion with RestoreSecret and then retrieve the information.

There is no explicit operation to delete a version of a secret. Instead, remove all staging labels from the VersionStage field of a version. That marks the version as deprecated and allows Secrets Manager to delete it as needed. Versions without any staging labels do not show up in ListSecretVersionIds unless you specify IncludeDeprecated.
The permanent secret deletion at the end of the waiting period is performed as a background task with low priority. There is no guarantee of a specific time after the recovery window for the actual delete operation to occur.

Minimum permissions

To run this command, you must have the following permissions:

secretsmanager:DeleteSecret

Related operations

To create a secret, use CreateSecret.
To cancel deletion of a version of a secret before the recovery window has expired, use RestoreSecret.

Creating a Request

data DeleteSecret Source #

See: newDeleteSecret smart constructor.

Constructors

DeleteSecret'

Fields

recoveryWindowInDays :: Maybe Integer
(Optional) Specifies the number of days that Secrets Manager waits before Secrets Manager can delete the secret. You can't use both this parameter and the ForceDeleteWithoutRecovery parameter in the same API call.
This value can range from 7 to 30 days with a default value of 30.
forceDeleteWithoutRecovery :: Maybe Bool
(Optional) Specifies that the secret is to be deleted without any recovery window. You can't use both this parameter and the RecoveryWindowInDays parameter in the same API call.
An asynchronous background process performs the actual deletion, so there can be a short delay before the operation completes. If you write code to delete and then immediately recreate a secret with the same name, ensure that your code includes appropriate back off and retry logic.
Use this parameter with caution. This parameter causes the operation to skip the normal waiting period before the permanent deletion that Amazon Web Services would normally impose with the RecoveryWindowInDays parameter. If you delete a secret with the ForceDeleteWithouRecovery parameter, then you have no opportunity to recover the secret. You lose the secret permanently.
If you use this parameter and include a previously deleted or nonexistent secret, the operation does not return the error ResourceNotFoundException in order to correctly handle retries.
secretId :: Text
Specifies the secret to delete. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.
For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

Instances

Instances details

Eq DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods (==) :: DeleteSecret -> DeleteSecret -> Bool # (/=) :: DeleteSecret -> DeleteSecret -> Bool #
Read DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods readsPrec :: Int -> ReadS DeleteSecret # readList :: ReadS [DeleteSecret] # readPrec :: ReadPrec DeleteSecret # readListPrec :: ReadPrec [DeleteSecret] #
Show DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods showsPrec :: Int -> DeleteSecret -> ShowS # show :: DeleteSecret -> String # showList :: [DeleteSecret] -> ShowS #
Generic DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Associated Types type Rep DeleteSecret :: Type -> Type # Methods from :: DeleteSecret -> Rep DeleteSecret x # to :: Rep DeleteSecret x -> DeleteSecret #
NFData DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods rnf :: DeleteSecret -> () #
Hashable DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods hashWithSalt :: Int -> DeleteSecret -> Int # hash :: DeleteSecret -> Int #
ToJSON DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods toJSON :: DeleteSecret -> Value # toEncoding :: DeleteSecret -> Encoding # toJSONList :: [DeleteSecret] -> Value # toEncodingList :: [DeleteSecret] -> Encoding #
AWSRequest DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Associated Types type AWSResponse DeleteSecret # Methods request :: DeleteSecret -> Request DeleteSecret # response :: MonadResource m => Logger -> Service -> Proxy DeleteSecret -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse DeleteSecret))) #
ToHeaders DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods toHeaders :: DeleteSecret -> [Header] #
ToPath DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods toPath :: DeleteSecret -> ByteString #
ToQuery DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods toQuery :: DeleteSecret -> QueryString #
type Rep DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret type Rep DeleteSecret = D1 ('MetaData "DeleteSecret" "Amazonka.SecretsManager.DeleteSecret" "libZSservicesZSamazonka-secretsmanagerZSamazonka-secretsmanager" 'False) (C1 ('MetaCons "DeleteSecret'" 'PrefixI 'True) (S1 ('MetaSel ('Just "recoveryWindowInDays") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Integer)) :: (S1 ('MetaSel ('Just "forceDeleteWithoutRecovery") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :: S1 ('MetaSel ('Just "secretId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))
type AWSResponse DeleteSecret Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret type AWSResponse DeleteSecret = DeleteSecretResponse

newDeleteSecret Source #

Arguments

:: Text	`$sel:secretId:DeleteSecret'`
-> DeleteSecret

Create a value of DeleteSecret with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:recoveryWindowInDays:DeleteSecret', deleteSecret_recoveryWindowInDays - (Optional) Specifies the number of days that Secrets Manager waits before Secrets Manager can delete the secret. You can't use both this parameter and the ForceDeleteWithoutRecovery parameter in the same API call.

This value can range from 7 to 30 days with a default value of 30.

$sel:forceDeleteWithoutRecovery:DeleteSecret', deleteSecret_forceDeleteWithoutRecovery - (Optional) Specifies that the secret is to be deleted without any recovery window. You can't use both this parameter and the RecoveryWindowInDays parameter in the same API call.

An asynchronous background process performs the actual deletion, so there can be a short delay before the operation completes. If you write code to delete and then immediately recreate a secret with the same name, ensure that your code includes appropriate back off and retry logic.

Use this parameter with caution. This parameter causes the operation to skip the normal waiting period before the permanent deletion that Amazon Web Services would normally impose with the RecoveryWindowInDays parameter. If you delete a secret with the ForceDeleteWithouRecovery parameter, then you have no opportunity to recover the secret. You lose the secret permanently.

If you use this parameter and include a previously deleted or nonexistent secret, the operation does not return the error ResourceNotFoundException in order to correctly handle retries.

$sel:secretId:DeleteSecret', deleteSecret_secretId - Specifies the secret to delete. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.

For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

Request Lenses

deleteSecret_recoveryWindowInDays :: Lens' DeleteSecret (Maybe Integer) Source #

(Optional) Specifies the number of days that Secrets Manager waits before Secrets Manager can delete the secret. You can't use both this parameter and the ForceDeleteWithoutRecovery parameter in the same API call.

This value can range from 7 to 30 days with a default value of 30.

deleteSecret_forceDeleteWithoutRecovery :: Lens' DeleteSecret (Maybe Bool) Source #

(Optional) Specifies that the secret is to be deleted without any recovery window. You can't use both this parameter and the RecoveryWindowInDays parameter in the same API call.

An asynchronous background process performs the actual deletion, so there can be a short delay before the operation completes. If you write code to delete and then immediately recreate a secret with the same name, ensure that your code includes appropriate back off and retry logic.

Use this parameter with caution. This parameter causes the operation to skip the normal waiting period before the permanent deletion that Amazon Web Services would normally impose with the RecoveryWindowInDays parameter. If you delete a secret with the ForceDeleteWithouRecovery parameter, then you have no opportunity to recover the secret. You lose the secret permanently.

If you use this parameter and include a previously deleted or nonexistent secret, the operation does not return the error ResourceNotFoundException in order to correctly handle retries.

deleteSecret_secretId :: Lens' DeleteSecret Text Source #

Specifies the secret to delete. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.

For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.

Destructuring the Response

data DeleteSecretResponse Source #

See: newDeleteSecretResponse smart constructor.

Constructors

DeleteSecretResponse'

Fields

arn :: Maybe Text
The ARN of the secret that is now scheduled for deletion.
name :: Maybe Text
The friendly name of the secret currently scheduled for deletion.
deletionDate :: Maybe POSIX
The date and time after which this secret can be deleted by Secrets Manager and can no longer be restored. This value is the date and time of the delete request plus the number of days specified in RecoveryWindowInDays.
httpStatus :: Int
The response's http status code.

Instances

Instances details

Eq DeleteSecretResponse Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods (==) :: DeleteSecretResponse -> DeleteSecretResponse -> Bool # (/=) :: DeleteSecretResponse -> DeleteSecretResponse -> Bool #
Read DeleteSecretResponse Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods readsPrec :: Int -> ReadS DeleteSecretResponse # readList :: ReadS [DeleteSecretResponse] # readPrec :: ReadPrec DeleteSecretResponse # readListPrec :: ReadPrec [DeleteSecretResponse] #
Show DeleteSecretResponse Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods showsPrec :: Int -> DeleteSecretResponse -> ShowS # show :: DeleteSecretResponse -> String # showList :: [DeleteSecretResponse] -> ShowS #
Generic DeleteSecretResponse Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Associated Types type Rep DeleteSecretResponse :: Type -> Type # Methods from :: DeleteSecretResponse -> Rep DeleteSecretResponse x # to :: Rep DeleteSecretResponse x -> DeleteSecretResponse #
NFData DeleteSecretResponse Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret Methods rnf :: DeleteSecretResponse -> () #
type Rep DeleteSecretResponse Source #
Instance details Defined in Amazonka.SecretsManager.DeleteSecret type Rep DeleteSecretResponse = D1 ('MetaData "DeleteSecretResponse" "Amazonka.SecretsManager.DeleteSecret" "libZSservicesZSamazonka-secretsmanagerZSamazonka-secretsmanager" 'False) (C1 ('MetaCons "DeleteSecretResponse'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "arn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "name") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))) :: (S1 ('MetaSel ('Just "deletionDate") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe POSIX)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int))))

newDeleteSecretResponse Source #

Arguments

:: Int	`$sel:httpStatus:DeleteSecretResponse'`
-> DeleteSecretResponse

Create a value of DeleteSecretResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:arn:DeleteSecretResponse', deleteSecretResponse_arn - The ARN of the secret that is now scheduled for deletion.

$sel:name:DeleteSecretResponse', deleteSecretResponse_name - The friendly name of the secret currently scheduled for deletion.

$sel:deletionDate:DeleteSecretResponse', deleteSecretResponse_deletionDate - The date and time after which this secret can be deleted by Secrets Manager and can no longer be restored. This value is the date and time of the delete request plus the number of days specified in RecoveryWindowInDays.

$sel:httpStatus:DeleteSecretResponse', deleteSecretResponse_httpStatus - The response's http status code.

Response Lenses

deleteSecretResponse_arn :: Lens' DeleteSecretResponse (Maybe Text) Source #

The ARN of the secret that is now scheduled for deletion.

deleteSecretResponse_name :: Lens' DeleteSecretResponse (Maybe Text) Source #

The friendly name of the secret currently scheduled for deletion.

deleteSecretResponse_deletionDate :: Lens' DeleteSecretResponse (Maybe UTCTime) Source #

The date and time after which this secret can be deleted by Secrets Manager and can no longer be restored. This value is the date and time of the delete request plus the number of days specified in RecoveryWindowInDays.

deleteSecretResponse_httpStatus :: Lens' DeleteSecretResponse Int Source #

The response's http status code.