I am using Terraform to create a AWS Secret and I see that it has a default 30 day recovery period. I need to create a permanent secret that does not get deleted, is there a way I can do that?
Asked
Active
Viewed 127 times
-3
-
Don't delete the password and it will not get deleted :) You can try to protect the secret with SCPs but that sounds like overkill. – luk2302 Oct 19 '22 at 09:58
-
@luk2302 wouldn't the default recovery_window_in_days mark it for deletion after 30 days? – Arpit Tomar Oct 19 '22 at 10:05
-
No, that windows is for ***recovery*** after deletion, it does not cause any deletion. – luk2302 Oct 19 '22 at 10:16
-
@luk2302 oh ok, got it. I misunderstood that the recovery_window_in_days marks it for deletion after this many days. – Arpit Tomar Oct 19 '22 at 10:30
1 Answers
1
The default recovery period refers to the time you will be able to restore the secret IF it gets deleted.
So if you don't delete it, you will never reach this point.
Christoph Fischer
- 107
- 9