aws-sdk-bedrockagentcorecontrol 1.49.0 → 1.51.0

data/lib/aws-sdk-bedrockagentcorecontrol/types.rb

@@ -555,11 +555,26 @@ module Aws::BedrockAgentCoreControl
     #   authenticate your application.
     #   @return [String]
     #
+    # @!attribute [rw] client_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the client
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the client secret value from the secret. Required when
+    #   `clientSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret for the Atlassian OAuth2
+    #   provider. Use `MANAGED` if the secret is managed by the service, or
+    #   `EXTERNAL` if you manage the secret yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/AtlassianOauth2ProviderConfigInput AWS API Documentation
     #
     class AtlassianOauth2ProviderConfigInput < Struct.new(
       :client_id,
-      :client_secret)
+      :client_secret,
+      :client_secret_config,
+      :client_secret_source)
       SENSITIVE = [:client_secret]
       include Aws::Structure
     end
@@ -1181,16 +1196,46 @@ module Aws::BedrockAgentCoreControl
     #   The API key secret provided by Coinbase Developer Platform.
     #   @return [String]
     #
+    # @!attribute [rw] api_key_secret_source
+    #   The source type of the API key secret for the Coinbase Developer
+    #   Platform. Use `MANAGED` if the secret is managed by the service, or
+    #   `EXTERNAL` if you manage the secret yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the API
+    #   key secret. This includes the secret ID and the JSON key used to
+    #   extract the API key secret value from the secret. Required when
+    #   `apiKeySecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
     # @!attribute [rw] wallet_secret
     #   The wallet secret provided by Coinbase Developer Platform.
     #   @return [String]
     #
+    # @!attribute [rw] wallet_secret_source
+    #   The source type of the wallet secret for the Coinbase Developer
+    #   Platform. Use `MANAGED` if the secret is managed by the service, or
+    #   `EXTERNAL` if you manage the secret yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] wallet_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the wallet
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the wallet secret value from the secret. Required when
+    #   `walletSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CoinbaseCdpConfigurationInput AWS API Documentation
     #
     class CoinbaseCdpConfigurationInput < Struct.new(
       :api_key_id,
       :api_key_secret,
-      :wallet_secret)
+      :api_key_secret_source,
+      :api_key_secret_config,
+      :wallet_secret,
+      :wallet_secret_source,
+      :wallet_secret_config)
       SENSITIVE = [:api_key_secret, :wallet_secret]
       include Aws::Structure
     end
@@ -1205,16 +1250,42 @@ module Aws::BedrockAgentCoreControl
     #   Contains information about a secret in AWS Secrets Manager.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] api_key_secret_json_key
+    #   The JSON key used to extract the API key secret value from the AWS
+    #   Secrets Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key_secret_source
+    #   The source type of the API key secret. Either `MANAGED` if the
+    #   secret is managed by the service, or `EXTERNAL` if managed by the
+    #   user in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] wallet_secret_arn
     #   Contains information about a secret in AWS Secrets Manager.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] wallet_secret_json_key
+    #   The JSON key used to extract the wallet secret value from the AWS
+    #   Secrets Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] wallet_secret_source
+    #   The source type of the wallet secret. Either `MANAGED` if the secret
+    #   is managed by the service, or `EXTERNAL` if managed by the user in
+    #   AWS Secrets Manager.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CoinbaseCdpConfigurationOutput AWS API Documentation
     #
     class CoinbaseCdpConfigurationOutput < Struct.new(
       :api_key_id,
       :api_key_secret_arn,
-      :wallet_secret_arn)
+      :api_key_secret_json_key,
+      :api_key_secret_source,
+      :wallet_secret_arn,
+      :wallet_secret_json_key,
+      :wallet_secret_source)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1348,13 +1419,18 @@ module Aws::BedrockAgentCoreControl
     #   The description of the configuration bundle.
     #   @return [String]
     #
+    # @!attribute [rw] created_at
+    #   The timestamp when the configuration bundle was created.
+    #   @return [Time]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/ConfigurationBundleSummary AWS API Documentation
     #
     class ConfigurationBundleSummary < Struct.new(
       :bundle_arn,
       :bundle_id,
       :bundle_name,
-      :description)
+      :description,
+      :created_at)
       SENSITIVE = [:description]
       include Aws::Structure
     end
@@ -1706,6 +1782,19 @@ module Aws::BedrockAgentCoreControl
     #   stored securely.
     #   @return [String]
     #
+    # @!attribute [rw] api_key_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the API
+    #   key. This includes the secret ID and the JSON key used to extract
+    #   the API key value from the secret. Required when
+    #   `apiKeySecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] api_key_secret_source
+    #   The source type of the API key secret. Use `MANAGED` if the secret
+    #   is managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] tags
     #   A map of tag keys and values to assign to the API key credential
     #   provider. Tags enable you to categorize your resources in different
@@ -1717,6 +1806,8 @@ module Aws::BedrockAgentCoreControl
     class CreateApiKeyCredentialProviderRequest < Struct.new(
       :name,
       :api_key,
+      :api_key_secret_config,
+      :api_key_secret_source,
       :tags)
       SENSITIVE = [:api_key]
       include Aws::Structure
@@ -1726,6 +1817,17 @@ module Aws::BedrockAgentCoreControl
     #   The Amazon Resource Name (ARN) of the secret containing the API key.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] api_key_secret_json_key
+    #   The JSON key used to extract the API key value from the AWS Secrets
+    #   Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key_secret_source
+    #   The source type of the API key secret. Either `MANAGED` if the
+    #   secret is managed by the service, or `EXTERNAL` if managed by the
+    #   user in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] name
     #   The name of the created API key credential provider.
     #   @return [String]
@@ -1739,6 +1841,8 @@ module Aws::BedrockAgentCoreControl
     #
     class CreateApiKeyCredentialProviderResponse < Struct.new(
       :api_key_secret_arn,
+      :api_key_secret_json_key,
+      :api_key_secret_source,
       :name,
       :credential_provider_arn)
       SENSITIVE = []
@@ -3053,6 +3157,17 @@ module Aws::BedrockAgentCoreControl
     #   Manager.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] client_secret_json_key
+    #   The JSON key used to extract the client secret value from the AWS
+    #   Secrets Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Either `MANAGED` if the secret
+    #   is managed by the service, or `EXTERNAL` if managed by the user in
+    #   AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] name
     #   The name of the OAuth2 credential provider.
     #   @return [String]
@@ -3079,6 +3194,8 @@ module Aws::BedrockAgentCoreControl
     #
     class CreateOauth2CredentialProviderResponse < Struct.new(
       :client_secret_arn,
+      :client_secret_json_key,
+      :client_secret_source,
       :name,
       :credential_provider_arn,
       :callback_url,
@@ -4422,16 +4539,18 @@ module Aws::BedrockAgentCoreControl
     #   The client secret for the custom OAuth2 provider.
     #   @return [String]
     #
-    # @!attribute [rw] private_endpoint
-    #   The default private endpoint for the custom OAuth2 provider,
-    #   enabling secure connectivity through a VPC Lattice resource
-    #   configuration.
-    #   @return [Types::PrivateEndpoint]
+    # @!attribute [rw] client_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the client
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the client secret value from the secret. Required when
+    #   `clientSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
     #
-    # @!attribute [rw] private_endpoint_overrides
-    #   The private endpoint overrides for the custom OAuth2 provider
-    #   configuration.
-    #   @return [Array<Types::PrivateEndpointOverride>]
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Use `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
     #
     # @!attribute [rw] on_behalf_of_token_exchange_config
     #   The configuration for on-behalf-of token exchange. This enables
@@ -4444,16 +4563,29 @@ module Aws::BedrockAgentCoreControl
     #   token endpoint.
     #   @return [String]
     #
+    # @!attribute [rw] private_endpoint
+    #   The default private endpoint for the custom OAuth2 provider,
+    #   enabling secure connectivity through a VPC Lattice resource
+    #   configuration.
+    #   @return [Types::PrivateEndpoint]
+    #
+    # @!attribute [rw] private_endpoint_overrides
+    #   The private endpoint overrides for the custom OAuth2 provider
+    #   configuration.
+    #   @return [Array<Types::PrivateEndpointOverride>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/CustomOauth2ProviderConfigInput AWS API Documentation
     #
     class CustomOauth2ProviderConfigInput < Struct.new(
       :oauth_discovery,
       :client_id,
       :client_secret,
-      :private_endpoint,
-      :private_endpoint_overrides,
+      :client_secret_config,
+      :client_secret_source,
       :on_behalf_of_token_exchange_config,
-      :client_authentication_method)
+      :client_authentication_method,
+      :private_endpoint,
+      :private_endpoint_overrides)
       SENSITIVE = [:client_secret]
       include Aws::Structure
     end
@@ -6999,6 +7131,17 @@ module Aws::BedrockAgentCoreControl
     #   Manager.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] api_key_secret_json_key
+    #   The JSON key used to extract the API key value from the AWS Secrets
+    #   Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key_secret_source
+    #   The source type of the API key secret. Either `MANAGED` if the
+    #   secret is managed by the service, or `EXTERNAL` if managed by the
+    #   user in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] name
     #   The name of the API key credential provider.
     #   @return [String]
@@ -7019,6 +7162,8 @@ module Aws::BedrockAgentCoreControl
     #
     class GetApiKeyCredentialProviderResponse < Struct.new(
       :api_key_secret_arn,
+      :api_key_secret_json_key,
+      :api_key_secret_source,
       :name,
       :credential_provider_arn,
       :created_time,
@@ -7997,6 +8142,17 @@ module Aws::BedrockAgentCoreControl
     #   Manager.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] client_secret_json_key
+    #   The JSON key used to extract the client secret value from the AWS
+    #   Secrets Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Either `MANAGED` if the secret
+    #   is managed by the service, or `EXTERNAL` if managed by the user in
+    #   AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] name
     #   The name of the OAuth2 credential provider.
     #   @return [String]
@@ -8040,6 +8196,8 @@ module Aws::BedrockAgentCoreControl
     #
     class GetOauth2CredentialProviderResponse < Struct.new(
       :client_secret_arn,
+      :client_secret_json_key,
+      :client_secret_source,
       :name,
       :credential_provider_arn,
       :credential_provider_vendor,
@@ -9127,11 +9285,26 @@ module Aws::BedrockAgentCoreControl
     #   The client secret for the GitHub OAuth2 provider.
     #   @return [String]
     #
+    # @!attribute [rw] client_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the client
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the client secret value from the secret. Required when
+    #   `clientSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Use `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GithubOauth2ProviderConfigInput AWS API Documentation
     #
     class GithubOauth2ProviderConfigInput < Struct.new(
       :client_id,
-      :client_secret)
+      :client_secret,
+      :client_secret_config,
+      :client_secret_source)
       SENSITIVE = [:client_secret]
       include Aws::Structure
     end
@@ -9165,11 +9338,26 @@ module Aws::BedrockAgentCoreControl
     #   The client secret for the Google OAuth2 provider.
     #   @return [String]
     #
+    # @!attribute [rw] client_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the client
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the client secret value from the secret. Required when
+    #   `clientSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Use `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GoogleOauth2ProviderConfigInput AWS API Documentation
     #
     class GoogleOauth2ProviderConfigInput < Struct.new(
       :client_id,
-      :client_secret)
+      :client_secret,
+      :client_secret_config,
+      :client_secret_source)
       SENSITIVE = [:client_secret]
       include Aws::Structure
     end
@@ -9510,13 +9698,24 @@ module Aws::BedrockAgentCoreControl
     #   The topP set when calling the model.
     #   @return [Float]
     #
+    # @!attribute [rw] api_format
+    #   The API format to use when calling the Bedrock provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] additional_params
+    #   Provider-specific parameters passed through to the model provider
+    #   unchanged.
+    #   @return [Hash,Array,String,Numeric,Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessBedrockModelConfig AWS API Documentation
     #
     class HarnessBedrockModelConfig < Struct.new(
       :model_id,
       :max_tokens,
       :temperature,
-      :top_p)
+      :top_p,
+      :api_format,
+      :additional_params)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9602,9 +9801,7 @@ module Aws::BedrockAgentCoreControl
     #   @return [Types::Unit]
     #
     # @!attribute [rw] oauth
-    #   An OAuth credential provider for gateway authentication. This
-    #   structure contains the configuration for authenticating with the
-    #   target endpoint using OAuth.
+    #   Use OAuth credentials for outbound authentication to the gateway.
     #   @return [Types::OAuthCredentialProvider]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessGatewayOutboundAuth AWS API Documentation
@@ -9685,6 +9882,54 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # Configuration for a LiteLLM model provider, enabling connection to
+    # third-party model providers.
+    #
+    # @!attribute [rw] model_id
+    #   The LiteLLM model identifier (e.g., "anthropic/claude-3-sonnet").
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key_arn
+    #   The ARN of the API key in AgentCore Identity for authenticating with
+    #   the model provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_base
+    #   The base URL for the model provider's API endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_tokens
+    #   The maximum number of tokens to allow in the generated response per
+    #   iteration.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] temperature
+    #   The temperature to set when calling the model.
+    #   @return [Float]
+    #
+    # @!attribute [rw] top_p
+    #   The topP set when calling the model.
+    #   @return [Float]
+    #
+    # @!attribute [rw] additional_params
+    #   Provider-specific parameters passed through to the model provider
+    #   unchanged.
+    #   @return [Hash,Array,String,Numeric,Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessLiteLlmModelConfig AWS API Documentation
+    #
+    class HarnessLiteLlmModelConfig < Struct.new(
+      :model_id,
+      :api_key_arn,
+      :api_base,
+      :max_tokens,
+      :temperature,
+      :top_p,
+      :additional_params)
+      SENSITIVE = [:api_base]
+      include Aws::Structure
+    end
+
     # The memory configuration for a harness.
     #
     # @note HarnessMemoryConfiguration is a union - when making an API calls you must set exactly one of the members.
@@ -9726,12 +9971,18 @@ module Aws::BedrockAgentCoreControl
     #   Configuration for a Google Gemini model.
     #   @return [Types::HarnessGeminiModelConfig]
     #
+    # @!attribute [rw] lite_llm_model_config
+    #   The LiteLLM model configuration for connecting to third-party model
+    #   providers.
+    #   @return [Types::HarnessLiteLlmModelConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessModelConfiguration AWS API Documentation
     #
     class HarnessModelConfiguration < Struct.new(
       :bedrock_model_config,
       :open_ai_model_config,
       :gemini_model_config,
+      :lite_llm_model_config,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
@@ -9740,6 +9991,7 @@ module Aws::BedrockAgentCoreControl
       class BedrockModelConfig < HarnessModelConfiguration; end
       class OpenAiModelConfig < HarnessModelConfiguration; end
       class GeminiModelConfig < HarnessModelConfiguration; end
+      class LiteLlmModelConfig < HarnessModelConfiguration; end
       class Unknown < HarnessModelConfiguration; end
     end
 
@@ -9767,6 +10019,15 @@ module Aws::BedrockAgentCoreControl
     #   The topP set when calling the model.
     #   @return [Float]
     #
+    # @!attribute [rw] api_format
+    #   The API format to use when calling the OpenAI provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] additional_params
+    #   Provider-specific parameters passed through to the model provider
+    #   unchanged.
+    #   @return [Hash,Array,String,Numeric,Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessOpenAiModelConfig AWS API Documentation
     #
     class HarnessOpenAiModelConfig < Struct.new(
@@ -9774,7 +10035,9 @@ module Aws::BedrockAgentCoreControl
       :api_key_arn,
       :max_tokens,
       :temperature,
-      :top_p)
+      :top_p,
+      :api_format,
+      :additional_params)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9808,19 +10071,91 @@ module Aws::BedrockAgentCoreControl
     #   The filesystem path to the skill definition.
     #   @return [String]
     #
+    # @!attribute [rw] s3
+    #   An S3 source containing the skill.
+    #   @return [Types::HarnessSkillS3Source]
+    #
+    # @!attribute [rw] git
+    #   A git repository containing the skill.
+    #   @return [Types::HarnessSkillGitSource]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessSkill AWS API Documentation
     #
     class HarnessSkill < Struct.new(
       :path,
+      :s3,
+      :git,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
       include Aws::Structure::Union
 
       class Path < HarnessSkill; end
+      class S3 < HarnessSkill; end
+      class Git < HarnessSkill; end
       class Unknown < HarnessSkill; end
     end
 
+    # Authentication configuration for accessing a private git repository.
+    #
+    # @!attribute [rw] credential_arn
+    #   The ARN of the credential in AgentCore Identity containing the
+    #   password or personal access token.
+    #   @return [String]
+    #
+    # @!attribute [rw] username
+    #   Username for authentication. Defaults to 'oauth2' if not
+    #   specified.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessSkillGitAuth AWS API Documentation
+    #
+    class HarnessSkillGitAuth < Struct.new(
+      :credential_arn,
+      :username)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A git repository source for a skill.
+    #
+    # @!attribute [rw] url
+    #   The HTTPS URL of the git repository.
+    #   @return [String]
+    #
+    # @!attribute [rw] path
+    #   Subdirectory within the repository containing the skill.
+    #   @return [String]
+    #
+    # @!attribute [rw] auth
+    #   Authentication configuration for private repositories.
+    #   @return [Types::HarnessSkillGitAuth]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessSkillGitSource AWS API Documentation
+    #
+    class HarnessSkillGitSource < Struct.new(
+      :url,
+      :path,
+      :auth)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An S3 source for a skill.
+    #
+    # @!attribute [rw] uri
+    #   The S3 URI pointing to the skill directory (e.g.,
+    #   s3://bucket/skills/my-skill/).
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/HarnessSkillS3Source AWS API Documentation
+    #
+    class HarnessSkillS3Source < Struct.new(
+      :uri)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Configuration for sliding window truncation strategy.
     #
     # @!attribute [rw] messages_count
@@ -10128,6 +10463,19 @@ module Aws::BedrockAgentCoreControl
     #   authenticate your application.
     #   @return [String]
     #
+    # @!attribute [rw] client_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the client
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the client secret value from the secret. Required when
+    #   `clientSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Use `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] issuer
     #   Token issuer of your isolated OAuth2 application tenant. This URL
     #   identifies the authorization server that issues tokens for this
@@ -10150,6 +10498,8 @@ module Aws::BedrockAgentCoreControl
     class IncludedOauth2ProviderConfigInput < Struct.new(
       :client_id,
       :client_secret,
+      :client_secret_config,
+      :client_secret_source,
       :issuer,
       :authorization_endpoint,
       :token_endpoint)
@@ -10452,11 +10802,26 @@ module Aws::BedrockAgentCoreControl
     #   authenticate your application.
     #   @return [String]
     #
+    # @!attribute [rw] client_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the client
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the client secret value from the secret. Required when
+    #   `clientSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Use `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/LinkedinOauth2ProviderConfigInput AWS API Documentation
     #
     class LinkedinOauth2ProviderConfigInput < Struct.new(
       :client_id,
-      :client_secret)
+      :client_secret,
+      :client_secret_config,
+      :client_secret_source)
       SENSITIVE = [:client_secret]
       include Aws::Structure
     end
@@ -12737,6 +13102,19 @@ module Aws::BedrockAgentCoreControl
     #   The client secret for the Microsoft OAuth2 provider.
     #   @return [String]
     #
+    # @!attribute [rw] client_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the client
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the client secret value from the secret. Required when
+    #   `clientSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Use `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] tenant_id
     #   The Microsoft Entra ID (formerly Azure AD) tenant ID for your
     #   organization. This identifies the specific tenant within
@@ -12748,6 +13126,8 @@ module Aws::BedrockAgentCoreControl
     class MicrosoftOauth2ProviderConfigInput < Struct.new(
       :client_id,
       :client_secret,
+      :client_secret_config,
+      :client_secret_source,
       :tenant_id)
       SENSITIVE = [:client_secret]
       include Aws::Structure
@@ -14899,11 +15279,26 @@ module Aws::BedrockAgentCoreControl
     #   The client secret for the Salesforce OAuth2 provider.
     #   @return [String]
     #
+    # @!attribute [rw] client_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the client
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the client secret value from the secret. Required when
+    #   `clientSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Use `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/SalesforceOauth2ProviderConfigInput AWS API Documentation
     #
     class SalesforceOauth2ProviderConfigInput < Struct.new(
       :client_id,
-      :client_secret)
+      :client_secret,
+      :client_secret_config,
+      :client_secret_source)
       SENSITIVE = [:client_secret]
       include Aws::Structure
     end
@@ -14997,6 +15392,27 @@ module Aws::BedrockAgentCoreControl
       include Aws::Structure
     end
 
+    # Contains a reference to a secret stored in AWS Secrets Manager.
+    #
+    # @!attribute [rw] secret_id
+    #   The ID of the AWS Secrets Manager secret that stores the secret
+    #   value.
+    #   @return [String]
+    #
+    # @!attribute [rw] json_key
+    #   The JSON key used to extract the secret value from the AWS Secrets
+    #   Manager secret.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/SecretReference AWS API Documentation
+    #
+    class SecretReference < Struct.new(
+      :secret_id,
+      :json_key)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The Amazon Web Services Secrets Manager location configuration.
     #
     # @!attribute [rw] secret_arn
@@ -15405,11 +15821,26 @@ module Aws::BedrockAgentCoreControl
     #   The client secret for the Slack OAuth2 provider.
     #   @return [String]
     #
+    # @!attribute [rw] client_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the client
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the client secret value from the secret. Required when
+    #   `clientSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Use `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/SlackOauth2ProviderConfigInput AWS API Documentation
     #
     class SlackOauth2ProviderConfigInput < Struct.new(
       :client_id,
-      :client_secret)
+      :client_secret,
+      :client_secret_config,
+      :client_secret_source)
       SENSITIVE = [:client_secret]
       include Aws::Structure
     end
@@ -15704,10 +16135,37 @@ module Aws::BedrockAgentCoreControl
     #   The app secret provided by Privy.
     #   @return [String]
     #
+    # @!attribute [rw] app_secret_source
+    #   The source type of the app secret. Use `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] app_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the app
+    #   secret. This includes the secret ID and the JSON key used to extract
+    #   the app secret value from the secret. Required when
+    #   `appSecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
     # @!attribute [rw] authorization_private_key
     #   The authorization private key for the Stripe Privy integration.
     #   @return [String]
     #
+    # @!attribute [rw] authorization_private_key_source
+    #   The source type of the authorization private key. Use `MANAGED` if
+    #   the secret is managed by the service, or `EXTERNAL` if you manage
+    #   the secret yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorization_private_key_config
+    #   A reference to the AWS Secrets Manager secret that stores the
+    #   authorization private key. This includes the secret ID and the JSON
+    #   key used to extract the authorization private key value from the
+    #   secret. Required when `authorizationPrivateKeySource` is set to
+    #   `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
     # @!attribute [rw] authorization_id
     #   The authorization ID for the Stripe Privy integration.
     #   @return [String]
@@ -15717,7 +16175,11 @@ module Aws::BedrockAgentCoreControl
     class StripePrivyConfigurationInput < Struct.new(
       :app_id,
       :app_secret,
+      :app_secret_source,
+      :app_secret_config,
       :authorization_private_key,
+      :authorization_private_key_source,
+      :authorization_private_key_config,
       :authorization_id)
       SENSITIVE = [:app_secret, :authorization_private_key]
       include Aws::Structure
@@ -15733,10 +16195,32 @@ module Aws::BedrockAgentCoreControl
     #   Contains information about a secret in AWS Secrets Manager.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] app_secret_json_key
+    #   The JSON key used to extract the app secret value from the AWS
+    #   Secrets Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] app_secret_source
+    #   The source type of the app secret. Either `MANAGED` if the secret is
+    #   managed by the service, or `EXTERNAL` if managed by the user in AWS
+    #   Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] authorization_private_key_arn
     #   Contains information about a secret in AWS Secrets Manager.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] authorization_private_key_json_key
+    #   The JSON key used to extract the authorization private key value
+    #   from the AWS Secrets Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorization_private_key_source
+    #   The source type of the authorization private key. Either `MANAGED`
+    #   if the secret is managed by the service, or `EXTERNAL` if managed by
+    #   the user in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] authorization_id
     #   The authorization ID for the Stripe Privy integration.
     #   @return [String]
@@ -15746,7 +16230,11 @@ module Aws::BedrockAgentCoreControl
     class StripePrivyConfigurationOutput < Struct.new(
       :app_id,
       :app_secret_arn,
+      :app_secret_json_key,
+      :app_secret_source,
       :authorization_private_key_arn,
+      :authorization_private_key_json_key,
+      :authorization_private_key_source,
       :authorization_id)
       SENSITIVE = []
       include Aws::Structure
@@ -16635,11 +17123,26 @@ module Aws::BedrockAgentCoreControl
     #   existing API key and is encrypted and stored securely.
     #   @return [String]
     #
+    # @!attribute [rw] api_key_secret_config
+    #   A reference to the AWS Secrets Manager secret that stores the API
+    #   key. This includes the secret ID and the JSON key used to extract
+    #   the API key value from the secret. Required when
+    #   `apiKeySecretSource` is set to `EXTERNAL`.
+    #   @return [Types::SecretReference]
+    #
+    # @!attribute [rw] api_key_secret_source
+    #   The source type of the API key secret. Use `MANAGED` if the secret
+    #   is managed by the service, or `EXTERNAL` if you manage the secret
+    #   yourself in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/UpdateApiKeyCredentialProviderRequest AWS API Documentation
     #
     class UpdateApiKeyCredentialProviderRequest < Struct.new(
       :name,
-      :api_key)
+      :api_key,
+      :api_key_secret_config,
+      :api_key_secret_source)
       SENSITIVE = [:api_key]
       include Aws::Structure
     end
@@ -16649,6 +17152,17 @@ module Aws::BedrockAgentCoreControl
     #   Manager.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] api_key_secret_json_key
+    #   The JSON key used to extract the API key value from the AWS Secrets
+    #   Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key_secret_source
+    #   The source type of the API key secret. Either `MANAGED` if the
+    #   secret is managed by the service, or `EXTERNAL` if managed by the
+    #   user in AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] name
     #   The name of the API key credential provider.
     #   @return [String]
@@ -16669,6 +17183,8 @@ module Aws::BedrockAgentCoreControl
     #
     class UpdateApiKeyCredentialProviderResponse < Struct.new(
       :api_key_secret_arn,
+      :api_key_secret_json_key,
+      :api_key_secret_source,
       :name,
       :credential_provider_arn,
       :created_time,
@@ -17651,6 +18167,17 @@ module Aws::BedrockAgentCoreControl
     #   Manager.
     #   @return [Types::Secret]
     #
+    # @!attribute [rw] client_secret_json_key
+    #   The JSON key used to extract the client secret value from the AWS
+    #   Secrets Manager secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_secret_source
+    #   The source type of the client secret. Either `MANAGED` if the secret
+    #   is managed by the service, or `EXTERNAL` if managed by the user in
+    #   AWS Secrets Manager.
+    #   @return [String]
+    #
     # @!attribute [rw] name
     #   The name of the OAuth2 credential provider.
     #   @return [String]
@@ -17689,6 +18216,8 @@ module Aws::BedrockAgentCoreControl
     #
     class UpdateOauth2CredentialProviderResponse < Struct.new(
       :client_secret_arn,
+      :client_secret_json_key,
+      :client_secret_source,
       :name,
       :credential_provider_vendor,
       :credential_provider_arn,