IBM Cloud Docs
Why can't I restore the previous version of an IAM credentials secret?

Why can't I restore the previous version of an IAM credentials secret?

You try to restore the previous version of an IAM credentials secret in IBM Cloud® Secrets Manager, but you're unable to do so.

You want to restore the previous service ID API key that was associated with an IAM credentials secret. When you try to restore the secret version by using the Secrets Manager UI or API, you get one of the following errors:

Rotating IAM credentials is not supported when reuse credentials is off.
Version previous is not active.

You might receive these errors due to the following reasons:

  • The secret was initially created with the Reuse IAM credentials until lease expires option set to Off (or, the reuse_api_key property set to false). This means that the secret can hold only a short-lived ephemeral value that is created and and then deleted after each read operation, so its previous version can't be restored.
  • The service ID API key reached its defined time-to-live (TTL) or lease duration, and it can no longer be restored.