我对 AWS cli 比较陌生,对 LocalStack 也很陌生。我最近通过 cli (awslocal secretsmanager create-secret ....) 在本地 Docker 托管的 LocalStack 实例上创建了一个新密钥。
awslocal是
here描述的localstack/awscli-local项目的一部分)。 后来我意识到我需要删除这个秘密。于是我就跑了
awslocal secretsmanager delete-secret <secret_id>。我没有意识到这只是安排异步删除密钥,并不会立即从 Secrets Manager 中清除它。
一些研究告诉我,我可以通过使用delete-secret标志重新运行
--force-delete-without recovery doesn't workStackOverflow 帖子向我保证,即使我的秘密已被安排删除,这也会起作用。 然而,并没有成功。相反,我收到以下错误:
An error occurred (InvalidRequestException) when calling the DeleteSecret operation: 400 Bad Request: {"__type": "InvalidRequestException", "message": "An error occurred (InvalidRequestException) when calling the DeleteSecret operation: You tried to perform the operation on a secret that's currently marked deleted."}
我的
awslocal版本(在 Windows 11 上)是
aws-cli/2.2.47 Python/3.8.8 Windows/10 exe/ prompt/off
。您需要先恢复机密,然后才能再次修改它。 这是一个简单的 PowerShell 代码,显示了整个周期:
$secretName = "test"
# Create the secret
$secretArn = awslocal secretsmanager create-secret --name $secretName --query ARN --output text
Write-Host "Secret created with ARN: $secretArn"
# Delete the secret without the force-delete-without-recovery flag
Write-Host "Secret deleted without the force-delete-without-recovery flag"
awslocal secretsmanager delete-secret --secret-id $secretArn
# List the secrets
Write-Host "Secrets listed"
awslocal secretsmanager list-secrets
# Restore the secret
Write-Host "Secret restored:"
awslocal secretsmanager restore-secret --secret-id $secretArn
# delete the secret with the force-delete-without-recovery flag
Write-Host "Secret deleted with the force-delete-without-recovery flag"
awslocal secretsmanager delete-secret --secret-id $secretArn --force-delete-without-recovery
# List the secrets to confirm the deletion
awslocal secretsmanager list-secrets