aws-sdk-secretsmanager 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0510b3d9111db1b546af3dcf7759a4fbc38eb1ae
+  data.tar.gz: 341d393d43faa1bdf7d01997b996fa5a91b3bdf7
+SHA512:
+  metadata.gz: 92735d664f25841b1a9835c8e5b20d31153329a689bc4fc1e4c9040bfbdaf8e6d488a101fc96bb7d3568d8a2def294d65e3291cd2671fd7bab033856a9980ed1
+  data.tar.gz: f4cc5b8798f92a38e0563d0da60e2ab1344828e5204fa32524f57083a371e7799b6d3d1b6fd024729ffc441897418dd49b6eabce66a43cd0c3f067c5fbc192d3

data/lib/aws-sdk-secretsmanager.rb

@@ -0,0 +1,47 @@
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+require 'aws-sdk-core'
+require 'aws-sigv4'
+
+require_relative 'aws-sdk-secretsmanager/types'
+require_relative 'aws-sdk-secretsmanager/client_api'
+require_relative 'aws-sdk-secretsmanager/client'
+require_relative 'aws-sdk-secretsmanager/errors'
+require_relative 'aws-sdk-secretsmanager/resource'
+require_relative 'aws-sdk-secretsmanager/customizations'
+
+# This module provides support for AWS Secrets Manager. This module is available in the
+# `aws-sdk-secretsmanager` gem.
+#
+# # Client
+#
+# The {Client} class provides one method for each API operation. Operation
+# methods each accept a hash of request parameters and return a response
+# structure.
+#
+# See {Client} for more information.
+#
+# # Errors
+#
+# Errors returned from AWS Secrets Manager all
+# extend {Errors::ServiceError}.
+#
+#     begin
+#       # do stuff
+#     rescue Aws::SecretsManager::Errors::ServiceError
+#       # rescues all service API errors
+#     end
+#
+# See {Errors} for more information.
+#
+# @service
+module Aws::SecretsManager
+
+  GEM_VERSION = '1.0.0'
+
+end

data/lib/aws-sdk-secretsmanager/client.rb

@@ -0,0 +1,1937 @@
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+require 'seahorse/client/plugins/content_length.rb'
+require 'aws-sdk-core/plugins/credentials_configuration.rb'
+require 'aws-sdk-core/plugins/logging.rb'
+require 'aws-sdk-core/plugins/param_converter.rb'
+require 'aws-sdk-core/plugins/param_validator.rb'
+require 'aws-sdk-core/plugins/user_agent.rb'
+require 'aws-sdk-core/plugins/helpful_socket_errors.rb'
+require 'aws-sdk-core/plugins/retry_errors.rb'
+require 'aws-sdk-core/plugins/global_configuration.rb'
+require 'aws-sdk-core/plugins/regional_endpoint.rb'
+require 'aws-sdk-core/plugins/response_paging.rb'
+require 'aws-sdk-core/plugins/stub_responses.rb'
+require 'aws-sdk-core/plugins/idempotency_token.rb'
+require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
+require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
+
+Aws::Plugins::GlobalConfiguration.add_identifier(:secretsmanager)
+
+module Aws::SecretsManager
+  class Client < Seahorse::Client::Base
+
+    include Aws::ClientStubs
+
+    @identifier = :secretsmanager
+
+    set_api(ClientApi::API)
+
+    add_plugin(Seahorse::Client::Plugins::ContentLength)
+    add_plugin(Aws::Plugins::CredentialsConfiguration)
+    add_plugin(Aws::Plugins::Logging)
+    add_plugin(Aws::Plugins::ParamConverter)
+    add_plugin(Aws::Plugins::ParamValidator)
+    add_plugin(Aws::Plugins::UserAgent)
+    add_plugin(Aws::Plugins::HelpfulSocketErrors)
+    add_plugin(Aws::Plugins::RetryErrors)
+    add_plugin(Aws::Plugins::GlobalConfiguration)
+    add_plugin(Aws::Plugins::RegionalEndpoint)
+    add_plugin(Aws::Plugins::ResponsePaging)
+    add_plugin(Aws::Plugins::StubResponses)
+    add_plugin(Aws::Plugins::IdempotencyToken)
+    add_plugin(Aws::Plugins::JsonvalueConverter)
+    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::Protocols::JsonRpc)
+
+    # @option options [required, Aws::CredentialProvider] :credentials
+    #   Your AWS credentials. This can be an instance of any one of the
+    #   following classes:
+    #
+    #   * `Aws::Credentials` - Used for configuring static, non-refreshing
+    #     credentials.
+    #
+    #   * `Aws::InstanceProfileCredentials` - Used for loading credentials
+    #     from an EC2 IMDS on an EC2 instance.
+    #
+    #   * `Aws::SharedCredentials` - Used for loading credentials from a
+    #     shared file, such as `~/.aws/config`.
+    #
+    #   * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #   When `:credentials` are not configured directly, the following
+    #   locations will be searched for credentials:
+    #
+    #   * `Aws.config[:credentials]`
+    #   * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
+    #   * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
+    #   * `~/.aws/credentials`
+    #   * `~/.aws/config`
+    #   * EC2 IMDS instance profile - When used by default, the timeouts are
+    #     very aggressive. Construct and pass an instance of
+    #     `Aws::InstanceProfileCredentails` to enable retries and extended
+    #     timeouts.
+    #
+    # @option options [required, String] :region
+    #   The AWS region to connect to.  The configured `:region` is
+    #   used to determine the service `:endpoint`. When not passed,
+    #   a default `:region` is search for in the following locations:
+    #
+    #   * `Aws.config[:region]`
+    #   * `ENV['AWS_REGION']`
+    #   * `ENV['AMAZON_REGION']`
+    #   * `ENV['AWS_DEFAULT_REGION']`
+    #   * `~/.aws/credentials`
+    #   * `~/.aws/config`
+    #
+    # @option options [String] :access_key_id
+    #
+    # @option options [Boolean] :convert_params (true)
+    #   When `true`, an attempt is made to coerce request parameters into
+    #   the required types.
+    #
+    # @option options [String] :endpoint
+    #   The client endpoint is normally constructed from the `:region`
+    #   option. You should only configure an `:endpoint` when connecting
+    #   to test endpoints. This should be avalid HTTP(S) URI.
+    #
+    # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
+    #   The log formatter.
+    #
+    # @option options [Symbol] :log_level (:info)
+    #   The log level to send messages to the `:logger` at.
+    #
+    # @option options [Logger] :logger
+    #   The Logger instance to send log messages to.  If this option
+    #   is not set, logging will be disabled.
+    #
+    # @option options [String] :profile ("default")
+    #   Used when loading credentials from the shared credentials file
+    #   at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #
+    # @option options [Integer] :retry_limit (3)
+    #   The maximum number of times to retry failed requests.  Only
+    #   ~ 500 level server errors and certain ~ 400 level client errors
+    #   are retried.  Generally, these are throttling errors, data
+    #   checksum errors, networking errors, timeout errors and auth
+    #   errors from expired credentials.
+    #
+    # @option options [String] :secret_access_key
+    #
+    # @option options [String] :session_token
+    #
+    # @option options [Boolean] :simple_json (false)
+    #   Disables request parameter conversion, validation, and formatting.
+    #   Also disable response data type conversions. This option is useful
+    #   when you want to ensure the highest level of performance by
+    #   avoiding overhead of walking request parameters and response data
+    #   structures.
+    #
+    #   When `:simple_json` is enabled, the request parameters hash must
+    #   be formatted exactly as the DynamoDB API expects.
+    #
+    # @option options [Boolean] :stub_responses (false)
+    #   Causes the client to return stubbed responses. By default
+    #   fake responses are generated and returned. You can specify
+    #   the response data to return or errors to raise by calling
+    #   {ClientStubs#stub_responses}. See {ClientStubs} for more information.
+    #
+    #   ** Please note ** When response stubbing is enabled, no HTTP
+    #   requests are made, and retries are disabled.
+    #
+    # @option options [Boolean] :validate_params (true)
+    #   When `true`, request parameters are validated before
+    #   sending the request.
+    #
+    def initialize(*args)
+      super
+    end
+
+    # @!group API Operations
+
+    # Disables automatic scheduled rotation and cancels the rotation of a
+    # secret if one is currently in progress.
+    #
+    # To re-enable scheduled rotation, call RotateSecret with
+    # `AutomaticallyRotateAfterDays` set to a value greater than 0. This
+    # will immediately rotate your secret and then enable the automatic
+    # schedule.
+    #
+    # <note markdown="1"> If you cancel a rotation that is in progress, it can leave the
+    # `VersionStage` labels in an unexpected state. Depending on what step
+    # of the rotation was in progress, you might need to remove the staging
+    # label `AWSPENDING` from the partially created version, specified by
+    # the `SecretVersionId` response value. You should also evaluate the
+    # partially rotated new version to see if it should be deleted, which
+    # you can do by removing all staging labels from the new version's
+    # `VersionStage` field.
+    #
+    #  </note>
+    #
+    # To successfully start a rotation, the staging label `AWSPENDING` must
+    # be in one of the following states:
+    #
+    # * Not be attached to any version at all
+    #
+    # * Attached to the same version as the staging label `AWSCURRENT`
+    #
+    # If the staging label `AWSPENDING` is attached to a different version
+    # than the version with `AWSCURRENT` then the attempt to rotate fails.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:CancelRotateSecret
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To configure rotation for a secret or to manually trigger a
+    #   rotation, use RotateSecret.
+    #
+    # * To get the rotation configuration details for a secret, use
+    #   DescribeSecret.
+    #
+    # * To list all of the currently available secrets, use ListSecrets.
+    #
+    # * To list all of the versions currently associated with a secret, use
+    #   ListSecretVersionIds.
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret for which you want to cancel a rotation request.
+    #   You can specify either the Amazon Resource Name (ARN) or the friendly
+    #   name of the secret.
+    #
+    # @return [Types::CancelRotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CancelRotateSecretResponse#arn #arn} => String
+    #   * {Types::CancelRotateSecretResponse#name #name} => String
+    #   * {Types::CancelRotateSecretResponse#version_id #version_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.cancel_rotate_secret({
+    #     secret_id: "SecretIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #   resp.version_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret AWS API Documentation
+    #
+    # @overload cancel_rotate_secret(params = {})
+    # @param [Hash] params ({})
+    def cancel_rotate_secret(params = {}, options = {})
+      req = build_request(:cancel_rotate_secret, params)
+      req.send_request(options)
+    end
+
+    # Creates a new secret. A secret in AWS Secrets Manager consists of both
+    # the protected secret data and the important information needed to
+    # manage the secret.
+    #
+    # Secrets Manager stores the encrypted secret data in one of a
+    # collection of "versions" associated with the secret. Each version
+    # contains a copy of the encrypted secret data. Each version is
+    # associated with one or more "staging labels" that identify where the
+    # version is in the rotation cycle. The `SecretVersionsToStages` field
+    # of the secret contains the mapping of staging labels to the active
+    # versions of the secret. Versions without a staging label are
+    # considered deprecated and are not included in the list.
+    #
+    # You provide the secret data to be encrypted by putting text in the
+    # `SecretString` parameter or binary data in the `SecretBinary`
+    # parameter. If you include `SecretString` or `SecretBinary` then
+    # Secrets Manager also creates an initial secret version and, if you
+    # don't supply a staging label, automatically maps the new version's
+    # ID to the staging label `AWSCURRENT`.
+    #
+    # * If you call an operation that needs to encrypt or decrypt the
+    #   `SecretString` and `SecretBinary` for a secret in the same account
+    #   as the calling user and that secret doesn't specify a KMS
+    #   encryption key, AWS Secrets Manager uses the account's default AWS
+    #   managed customer master key (CMK) with the alias
+    #   `aws/secretsmanager`. If this key doesn't already exist in your
+    #   account then AWS Secrets Manager creates it for you automatically.
+    #   All users in the same AWS account automatically have access to use
+    #   the default CMK. Note that if an AWS Secrets Manager API call
+    #   results in AWS having to create the account's AWS-managed CMK, it
+    #   can result in a one-time significant delay in returning the result.
+    #
+    # * If the secret is in a different AWS account from the credentials
+    #   calling an API that requires encryption or decryption of the secret
+    #   value then you must create and use a custom KMS CMK because you
+    #   can't access the default CMK for the account using credentials from
+    #   a different AWS account. Store the ARN of the CMK in the secret when
+    #   you create the secret or when you update it by including it in the
+    #   `KMSKeyId`. If you call an API that must encrypt or decrypt
+    #   `SecretString` or `SecretBinary` using credentials from a different
+    #   account then the KMS key policy must grant cross-account access to
+    #   that other account's user or role.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:CreateSecret
+    #
+    # * kms:GenerateDataKey - needed only if you use a customer-created KMS
+    #   key to encrypt the secret. You do not need this permission to use
+    #   the account's default AWS managed CMK for Secrets Manager.
+    #
+    # * kms:Encrypt - needed only if you use a customer-created KMS key to
+    #   encrypt the secret. You do not need this permission to use the
+    #   account's default AWS managed CMK for Secrets Manager.
+    #
+    # **Related operations**
+    #
+    # * To delete a secret, use DeleteSecret.
+    #
+    # * To modify an existing secret, use UpdateSecret.
+    #
+    # * To create a new version of a secret, use PutSecretValue.
+    #
+    # * To retrieve the encrypted secure string and secure binary values,
+    #   use GetSecretValue.
+    #
+    # * To retrieve all other details for a secret, use DescribeSecret. This
+    #   does not include the encrypted secure string and secure binary
+    #   values.
+    #
+    # * To retrieve the list of secret versions associated with the current
+    #   secret, use DescribeSecret and examine the `SecretVersionsToStages`
+    #   response value.
+    #
+    # @option params [required, String] :name
+    #   Specifies the friendly name of the new secret. The secret name can
+    #   consist of uppercase letters, lowercase letters, digits, and any of
+    #   the following characters: /\_+=.@-    Spaces are not permitted.
+    #
+    # @option params [String] :client_request_token
+    #   (Optional) If you include `SecretString` or `SecretBinary`, then an
+    #   initial version is created as part of the secret, and this parameter
+    #   specifies a unique identifier for the new version.
+    #
+    #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
+    #   then you can leave this parameter empty. The CLI or SDK generates a
+    #   random UUID for you and includes as the value for this parameter in
+    #   the request. If you don't use the SDK and instead generate a raw HTTP
+    #   request to the AWS Secrets Manager service endpoint, then you must
+    #   generate a `ClientRequestToken` yourself for the new version and
+    #   include that value in the request.
+    #
+    #    </note>
+    #
+    #   This value helps ensure idempotency. Secrets Manager uses this value
+    #   to prevent the accidental creation of duplicate versions if there are
+    #   failures and retries during a rotation. We recommend that you generate
+    #   a [UUID-type][1] value to ensure uniqueness of your versions within
+    #   the specified secret.
+    #
+    #   * If the `ClientRequestToken` value isn't already associated with a
+    #     version of the secret then a new version of the secret is created.
+    #
+    #   * If a version with this value already exists and that version's
+    #     `SecretString` and `SecretBinary` values are the same as those in
+    #     the request, then the request is ignored (the operation is
+    #     idempotent).
+    #
+    #   * If a version with this value already exists and that version's
+    #     `SecretString` and `SecretBinary` values are different from those in
+    #     the request then the request fails because you cannot modify an
+    #     existing version. Instead, use PutSecretValue to create a new
+    #     version.
+    #
+    #   This value becomes the `SecretVersionId` of the new version.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
+    #
+    # @option params [String] :description
+    #   (Optional) Specifies a user-provided description of the secret.
+    #
+    # @option params [String] :kms_key_id
+    #   (Optional) Specifies the ARN or alias of the AWS KMS customer master
+    #   key (CMK) to be used to encrypt the `SecretString` and `SecretBinary`
+    #   values in the versions stored in this secret.
+    #
+    #   If you don't specify this value, then Secrets Manager defaults to
+    #   using the AWS account's default CMK (the one named
+    #   `aws/secretsmanager`). If a KMS CMK with that name doesn't yet exist,
+    #   then AWS Secrets Manager creates it for you automatically the first
+    #   time it needs to encrypt a version's `SecretString` or `SecretBinary`
+    #   fields.
+    #
+    #   You can use the account's default CMK to encrypt and decrypt only if
+    #   you call this operation using credentials from the same account that
+    #   owns the secret. If the secret is in a different account, then you
+    #   must create a custom CMK and specify the ARN in this field.
+    #
+    # @option params [String, IO] :secret_binary
+    #   (Optional) Specifies binary data that you want to encrypt and store in
+    #   the new version of the secret. To use this parameter in the
+    #   command-line tools, we recommend that you store your binary data in a
+    #   file and then use the appropriate technique for your tool to pass the
+    #   contents of the file as a parameter.
+    #
+    #   Either `SecretString`, `SecretBinary`, or both must have a value. They
+    #   cannot both be empty.
+    #
+    #   This `SecretBinary` value is stored separately from the
+    #   `SecretString`, but the two parameters jointly share a maximum size
+    #   limit.
+    #
+    #   This parameter is not available using the Secrets Manager console. It
+    #   can be accessed only by using the AWS CLI or one of the AWS SDKs.
+    #
+    # @option params [String] :secret_string
+    #   (Optional) Specifies text data that you want to encrypt and store in
+    #   this new version of the secret.
+    #
+    #   Either `SecretString`, `SecretBinary`, or both must have a value. They
+    #   cannot both be empty.
+    #
+    #   This string value is stored separately from the `SecretBinary`, but
+    #   the two parameters jointly share a maximum size limit.
+    #
+    #   If you create a secret by using the Secrets Manager console then
+    #   Secrets Manager puts the protected secret text in only the
+    #   `SecretString` parameter. The Secrets Manager console stores the
+    #   information as a JSON structure of key/value pairs that the Lambda
+    #   rotation function knows how to parse.
+    #
+    #   For storing multiple values, we recommend that you use a JSON text
+    #   string argument and specify key/value pairs. For information on how to
+    #   format a JSON parameter for the various command line tool
+    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI User
+    #   Guide*. For example:
+    #
+    #   `[\{"Key":"username","Value":"bob"\},\{"Key":"password","Value":"abc123xyz456"\}]`
+    #
+    #   If your command-line tool or SDK requires quotation marks around the
+    #   parameter, you should use single quotes to avoid confusion with the
+    #   double quotes required in the JSON text.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   (Optional) Specifies a list of user-defined tags that are attached to
+    #   the secret. Each tag is a "Key" and "Value" pair of strings. This
+    #   operation only appends tags to the existing list of tags. To remove
+    #   tags, you must use UntagResource.
+    #
+    #   * AWS Secrets Manager tag key names are case sensitive. A tag with the
+    #     key "ABC" is a different tag from one with key "abc".
+    #
+    #   * If you check tags in IAM policy `Condition` elements as part of your
+    #     security strategy, then adding or removing a tag can change
+    #     permissions. If the successful completion of this operation would
+    #     result in you losing your permissions for this secret, then this
+    #     operation is blocked and returns an `Access Denied` error.
+    #
+    #   This parameter requires a JSON text string argument. For information
+    #   on how to format a JSON parameter for the various command line tool
+    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI User
+    #   Guide*. For example:
+    #
+    #   `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
+    #
+    #   If your command-line tool or SDK requires quotation marks around the
+    #   parameter, you should use single quotes to avoid confusion with the
+    #   double quotes required in the JSON text.
+    #
+    #   The following basic restrictions apply to tags:
+    #
+    #   * Maximum number of tags per secret—50
+    #
+    #   * Maximum key length—127 Unicode characters in UTF-8
+    #
+    #   * Maximum value length—255 Unicode characters in UTF-8
+    #
+    #   * Tag keys and values are case sensitive.
+    #
+    #   * Do not use the `aws:` prefix in your tag names or values because it
+    #     is reserved for AWS use. You can't edit or delete tag names or
+    #     values with this prefix. Tags with this prefix do not count against
+    #     your tags per secret limit.
+    #
+    #   * If your tagging schema will be used across multiple services and
+    #     resources, remember that other services might have restrictions on
+    #     allowed characters. Generally allowed characters are: letters,
+    #     spaces, and numbers representable in UTF-8, plus the following
+    #     special characters: + - = . \_ : / @.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #
+    # @return [Types::CreateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateSecretResponse#arn #arn} => String
+    #   * {Types::CreateSecretResponse#name #name} => String
+    #   * {Types::CreateSecretResponse#version_id #version_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_secret({
+    #     name: "NameType", # required
+    #     client_request_token: "ClientRequestTokenType",
+    #     description: "DescriptionType",
+    #     kms_key_id: "KmsKeyIdType",
+    #     secret_binary: "data",
+    #     secret_string: "SecretStringType",
+    #     tags: [
+    #       {
+    #         key: "TagKeyType",
+    #         value: "TagValueType",
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #   resp.version_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret AWS API Documentation
+    #
+    # @overload create_secret(params = {})
+    # @param [Hash] params ({})
+    def create_secret(params = {}, options = {})
+      req = build_request(:create_secret, params)
+      req.send_request(options)
+    end
+
+    # Deletes an entire secret and all of its versions. You can optionally
+    # include a recovery window during which you can restore the secret. If
+    # you don't provide a recovery window value, the operation defaults to
+    # 30 days. Secrets Manager attaches a `DeletionDate` stamp to the secret
+    # that specifies the end of the recovery window. At the end of the
+    # recovery window, Secrets Manager deletes the secret permanently.
+    #
+    # At any time before recovery period ends, you can use RestoreSecret to
+    # remove the `DeletionDate` and cancel the deletion of the secret.
+    #
+    # You cannot access the encrypted secret information in any secret that
+    # is scheduled for deletion. If you need to access that information, you
+    # can cancel the deletion with RestoreSecret and then retrieve the
+    # information.
+    #
+    # <note markdown="1"> * There is no explicit operation to delete a version of a secret.
+    #   Instead, remove all staging labels from the `VersionStage` field of
+    #   a version. That marks the version as deprecated and allows AWS
+    #   Secrets Manager to delete it as needed. Versions that do not have
+    #   any staging labels do not show up in ListSecretVersionIds unless you
+    #   specify `IncludeDeprecated`.
+    #
+    # * The permanent secret deletion at the end of the waiting period is
+    #   performed as a background task with low priority. There is no
+    #   guarantee of a specific time after the recovery window for the
+    #   actual delete operation to occur.
+    #
+    #  </note>
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:DeleteSecret
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To create a secret, use CreateSecret.
+    #
+    # * To cancel deletion of a version of a secret before the recovery
+    #   period has expired, use RestoreSecret.
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret that you want to delete. You can specify either
+    #   the Amazon Resource Name (ARN) or the friendly name of the secret.
+    #
+    # @option params [Integer] :recovery_window_in_days
+    #   (Optional) Specifies the number of days that AWS Secrets Manager waits
+    #   before it can delete the secret.
+    #
+    #   This value can range from 7 to 30 days. The default value is 30.
+    #
+    # @return [Types::DeleteSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteSecretResponse#arn #arn} => String
+    #   * {Types::DeleteSecretResponse#name #name} => String
+    #   * {Types::DeleteSecretResponse#deletion_date #deletion_date} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_secret({
+    #     secret_id: "SecretIdType", # required
+    #     recovery_window_in_days: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #   resp.deletion_date #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret AWS API Documentation
+    #
+    # @overload delete_secret(params = {})
+    # @param [Hash] params ({})
+    def delete_secret(params = {}, options = {})
+      req = build_request(:delete_secret, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the details of a secret. It does not include the encrypted
+    # fields. Only those fields that are populated with a value are returned
+    # in the response.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:DescribeSecret
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To create a secret, use CreateSecret.
+    #
+    # * To modify a secret, use UpdateSecret.
+    #
+    # * To retrieve the encrypted secret information in a version of the
+    #   secret, use GetSecretValue.
+    #
+    # * To list all of the secrets in the AWS account, use ListSecrets.
+    #
+    # @option params [required, String] :secret_id
+    #   The identifier of the secret whose details you want to retrieve. You
+    #   can specify either the Amazon Resource Name (ARN) or the friendly name
+    #   of the secret.
+    #
+    # @return [Types::DescribeSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeSecretResponse#arn #arn} => String
+    #   * {Types::DescribeSecretResponse#name #name} => String
+    #   * {Types::DescribeSecretResponse#description #description} => String
+    #   * {Types::DescribeSecretResponse#kms_key_id #kms_key_id} => String
+    #   * {Types::DescribeSecretResponse#rotation_enabled #rotation_enabled} => Boolean
+    #   * {Types::DescribeSecretResponse#rotation_lambda_arn #rotation_lambda_arn} => String
+    #   * {Types::DescribeSecretResponse#rotation_rules #rotation_rules} => Types::RotationRulesType
+    #   * {Types::DescribeSecretResponse#last_rotated_date #last_rotated_date} => Time
+    #   * {Types::DescribeSecretResponse#last_changed_date #last_changed_date} => Time
+    #   * {Types::DescribeSecretResponse#last_accessed_date #last_accessed_date} => Time
+    #   * {Types::DescribeSecretResponse#deleted_date #deleted_date} => Time
+    #   * {Types::DescribeSecretResponse#tags #tags} => Array&lt;Types::Tag&gt;
+    #   * {Types::DescribeSecretResponse#version_ids_to_stages #version_ids_to_stages} => Hash&lt;String,Array&lt;String&gt;&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_secret({
+    #     secret_id: "SecretIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #   resp.description #=> String
+    #   resp.kms_key_id #=> String
+    #   resp.rotation_enabled #=> Boolean
+    #   resp.rotation_lambda_arn #=> String
+    #   resp.rotation_rules.automatically_after_days #=> Integer
+    #   resp.last_rotated_date #=> Time
+    #   resp.last_changed_date #=> Time
+    #   resp.last_accessed_date #=> Time
+    #   resp.deleted_date #=> Time
+    #   resp.tags #=> Array
+    #   resp.tags[0].key #=> String
+    #   resp.tags[0].value #=> String
+    #   resp.version_ids_to_stages #=> Hash
+    #   resp.version_ids_to_stages["SecretVersionIdType"] #=> Array
+    #   resp.version_ids_to_stages["SecretVersionIdType"][0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret AWS API Documentation
+    #
+    # @overload describe_secret(params = {})
+    # @param [Hash] params ({})
+    def describe_secret(params = {}, options = {})
+      req = build_request(:describe_secret, params)
+      req.send_request(options)
+    end
+
+    # Generates a random password of the specified complexity. This
+    # operation is intended for use in the Lambda rotation function. Per
+    # best practice, we recommend that you specify the maximum length and
+    # include every character type that the system you are generating a
+    # password for can support.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:GetRandomPassword
+    #
+    # ^
+    #
+    # @option params [Integer] :password_length
+    #   The desired length of the generated password. The default value if you
+    #   do not include this parameter is 32 characters.
+    #
+    # @option params [String] :exclude_characters
+    #   A string that includes characters that should not be included in the
+    #   generated password. The default is that all characters from the
+    #   included sets can be used.
+    #
+    # @option params [Boolean] :exclude_numbers
+    #   Specifies that the generated password should not include digits. The
+    #   default if you do not include this switch parameter is that digits can
+    #   be included.
+    #
+    # @option params [Boolean] :exclude_punctuation
+    #   Specifies that the generated password should not include punctuation
+    #   characters. The default if you do not include this switch parameter is
+    #   that punctuation characters can be included.
+    #
+    # @option params [Boolean] :exclude_uppercase
+    #   Specifies that the generated password should not include uppercase
+    #   letters. The default if you do not include this switch parameter is
+    #   that uppercase letters can be included.
+    #
+    # @option params [Boolean] :exclude_lowercase
+    #   Specifies that the generated password should not include lowercase
+    #   letters. The default if you do not include this switch parameter is
+    #   that lowercase letters can be included.
+    #
+    # @option params [Boolean] :include_space
+    #   Specifies that the generated password can include the space character.
+    #   The default if you do not include this switch parameter is that the
+    #   space character is not included.
+    #
+    # @option params [Boolean] :require_each_included_type
+    #   A boolean value that specifies whether the generated password must
+    #   include at least one of every allowed character type. The default
+    #   value is `True` and the operation requires at least one of every
+    #   character type.
+    #
+    # @return [Types::GetRandomPasswordResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetRandomPasswordResponse#random_password #random_password} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_random_password({
+    #     password_length: 1,
+    #     exclude_characters: "ExcludeCharactersType",
+    #     exclude_numbers: false,
+    #     exclude_punctuation: false,
+    #     exclude_uppercase: false,
+    #     exclude_lowercase: false,
+    #     include_space: false,
+    #     require_each_included_type: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.random_password #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword AWS API Documentation
+    #
+    # @overload get_random_password(params = {})
+    # @param [Hash] params ({})
+    def get_random_password(params = {}, options = {})
+      req = build_request(:get_random_password, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the contents of the encrypted fields `SecretString` and
+    # `SecretBinary` from the specified version of a secret.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:GetSecretValue
+    #
+    # * kms:Decrypt - required only if you use a customer-created KMS key to
+    #   encrypt the secret. You do not need this permission to use the
+    #   account's default AWS managed CMK for Secrets Manager.
+    #
+    # **Related operations**
+    #
+    # * To create a new version of the secret with different encrypted
+    #   information, use PutSecretValue.
+    #
+    # * To retrieve the non-encrypted details for the secret, use
+    #   DescribeSecret.
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret containing the version that you want to retrieve.
+    #   You can specify either the Amazon Resource Name (ARN) or the friendly
+    #   name of the secret.
+    #
+    # @option params [String] :version_id
+    #   Specifies the unique identifier of the version of the secret that you
+    #   want to retrieve. If you specify this parameter then don't specify
+    #   `VersionStage`. If you don't specify either a `VersionStage` or
+    #   `SecretVersionId` then the default is to perform the operation on the
+    #   version with the `VersionStage` value of `AWSCURRENT`.
+    #
+    #   This value is typically a [UUID-type][1] value with 32 hexadecimal
+    #   digits.
+    #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
+    #
+    # @option params [String] :version_stage
+    #   Specifies the secret version that you want to retrieve by the staging
+    #   label attached to the version.
+    #
+    #   Staging labels are used to keep track of different versions during the
+    #   rotation process. If you use this parameter then don't specify
+    #   `SecretVersionId`. If you don't specify either a `VersionStage` or
+    #   `SecretVersionId`, then the default is to perform the operation on the
+    #   version with the `VersionStage` value of `AWSCURRENT`.
+    #
+    # @return [Types::GetSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetSecretValueResponse#arn #arn} => String
+    #   * {Types::GetSecretValueResponse#name #name} => String
+    #   * {Types::GetSecretValueResponse#version_id #version_id} => String
+    #   * {Types::GetSecretValueResponse#secret_binary #secret_binary} => String
+    #   * {Types::GetSecretValueResponse#secret_string #secret_string} => String
+    #   * {Types::GetSecretValueResponse#version_stages #version_stages} => Array&lt;String&gt;
+    #   * {Types::GetSecretValueResponse#created_date #created_date} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_secret_value({
+    #     secret_id: "SecretIdType", # required
+    #     version_id: "SecretVersionIdType",
+    #     version_stage: "SecretVersionStageType",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #   resp.version_id #=> String
+    #   resp.secret_binary #=> String
+    #   resp.secret_string #=> String
+    #   resp.version_stages #=> Array
+    #   resp.version_stages[0] #=> String
+    #   resp.created_date #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue AWS API Documentation
+    #
+    # @overload get_secret_value(params = {})
+    # @param [Hash] params ({})
+    def get_secret_value(params = {}, options = {})
+      req = build_request(:get_secret_value, params)
+      req.send_request(options)
+    end
+
+    # Lists all of the versions attached to the specified secret. The output
+    # does not include the `SecretString` or `SecretBinary` fields. By
+    # default, the list includes only versions that have at least one
+    # staging label in `VersionStage` attached.
+    #
+    # <note markdown="1"> Always check the `NextToken` response parameter when calling any of
+    # the `List*` operations. These operations can occasionally return an
+    # empty or shorter than expected list of results even when there are
+    # more results available. When this happens, the `NextToken` response
+    # parameter contains a value to pass to the next call to the same API to
+    # request the next part of the list.
+    #
+    #  </note>
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:ListSecretVersionIds
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To list the secrets in an account, use ListSecrets.
+    #
+    # ^
+    #
+    # @option params [required, String] :secret_id
+    #   The identifier for the secret containing the versions you want to
+    #   list. You can specify either the Amazon Resource Name (ARN) or the
+    #   friendly name of the secret.
+    #
+    # @option params [Integer] :max_results
+    #   (Optional) Limits the number of results that you want to include in
+    #   the response. If you don't include this parameter, it defaults to a
+    #   value that's specific to the operation. If additional items exist
+    #   beyond the maximum you specify, the `NextToken` response element is
+    #   present and has a value (isn't null). Include that value as the
+    #   `NextToken` request parameter in the next call to the operation to get
+    #   the next part of the results. Note that AWS Secrets Manager might
+    #   return fewer results than the maximum even when there are more results
+    #   available. You should check `NextToken` after every operation to
+    #   ensure that you receive all of the results.
+    #
+    # @option params [String] :next_token
+    #   (Optional) Use this parameter in a request if you receive a
+    #   `NextToken` response in a previous request that indicates that
+    #   there's more output available. In a subsequent call, set it to the
+    #   value of the previous call's `NextToken` response to indicate where
+    #   the output should continue from.
+    #
+    # @option params [Boolean] :include_deprecated
+    #   (Optional) Specifies that you want the results to include versions
+    #   that do not have any staging labels attached to them. Such versions
+    #   are considered deprecated and are subject to deletion by Secrets
+    #   Manager as needed.
+    #
+    # @return [Types::ListSecretVersionIdsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListSecretVersionIdsResponse#versions #versions} => Array&lt;Types::SecretVersionsListEntry&gt;
+    #   * {Types::ListSecretVersionIdsResponse#next_token #next_token} => String
+    #   * {Types::ListSecretVersionIdsResponse#arn #arn} => String
+    #   * {Types::ListSecretVersionIdsResponse#name #name} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_secret_version_ids({
+    #     secret_id: "SecretIdType", # required
+    #     max_results: 1,
+    #     next_token: "NextTokenType",
+    #     include_deprecated: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.versions #=> Array
+    #   resp.versions[0].version_id #=> String
+    #   resp.versions[0].version_stages #=> Array
+    #   resp.versions[0].version_stages[0] #=> String
+    #   resp.versions[0].last_accessed_date #=> Time
+    #   resp.versions[0].created_date #=> Time
+    #   resp.next_token #=> String
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds AWS API Documentation
+    #
+    # @overload list_secret_version_ids(params = {})
+    # @param [Hash] params ({})
+    def list_secret_version_ids(params = {}, options = {})
+      req = build_request(:list_secret_version_ids, params)
+      req.send_request(options)
+    end
+
+    # Lists all of the secrets that are stored by AWS Secrets Manager in the
+    # AWS account. To list the versions currently stored for a specific
+    # secret, use ListSecretVersionIds. The encrypted fields `SecretString`
+    # and `SecretBinary` are not included in the output. To get that
+    # information, call the GetSecretValue operation.
+    #
+    # <note markdown="1"> Always check the `NextToken` response parameter when calling any of
+    # the `List*` operations. These operations can occasionally return an
+    # empty or shorter than expected list of results even when there are
+    # more results available. When this happens, the `NextToken` response
+    # parameter contains a value to pass to the next call to the same API to
+    # request the next part of the list.
+    #
+    #  </note>
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:ListSecrets
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To list the versions attached to a secret, use ListSecretVersionIds.
+    #
+    # ^
+    #
+    # @option params [Integer] :max_results
+    #   (Optional) Limits the number of results that you want to include in
+    #   the response. If you don't include this parameter, it defaults to a
+    #   value that's specific to the operation. If additional items exist
+    #   beyond the maximum you specify, the `NextToken` response element is
+    #   present and has a value (isn't null). Include that value as the
+    #   `NextToken` request parameter in the next call to the operation to get
+    #   the next part of the results. Note that AWS Secrets Manager might
+    #   return fewer results than the maximum even when there are more results
+    #   available. You should check `NextToken` after every operation to
+    #   ensure that you receive all of the results.
+    #
+    # @option params [String] :next_token
+    #   (Optional) Use this parameter in a request if you receive a
+    #   `NextToken` response in a previous request that indicates that
+    #   there's more output available. In a subsequent call, set it to the
+    #   value of the previous call's `NextToken` response to indicate where
+    #   the output should continue from.
+    #
+    # @return [Types::ListSecretsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListSecretsResponse#secret_list #secret_list} => Array&lt;Types::SecretListEntry&gt;
+    #   * {Types::ListSecretsResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_secrets({
+    #     max_results: 1,
+    #     next_token: "NextTokenType",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.secret_list #=> Array
+    #   resp.secret_list[0].arn #=> String
+    #   resp.secret_list[0].name #=> String
+    #   resp.secret_list[0].description #=> String
+    #   resp.secret_list[0].kms_key_id #=> String
+    #   resp.secret_list[0].rotation_enabled #=> Boolean
+    #   resp.secret_list[0].rotation_lambda_arn #=> String
+    #   resp.secret_list[0].rotation_rules.automatically_after_days #=> Integer
+    #   resp.secret_list[0].last_rotated_date #=> Time
+    #   resp.secret_list[0].last_changed_date #=> Time
+    #   resp.secret_list[0].last_accessed_date #=> Time
+    #   resp.secret_list[0].deleted_date #=> Time
+    #   resp.secret_list[0].tags #=> Array
+    #   resp.secret_list[0].tags[0].key #=> String
+    #   resp.secret_list[0].tags[0].value #=> String
+    #   resp.secret_list[0].secret_versions_to_stages #=> Hash
+    #   resp.secret_list[0].secret_versions_to_stages["SecretVersionIdType"] #=> Array
+    #   resp.secret_list[0].secret_versions_to_stages["SecretVersionIdType"][0] #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets AWS API Documentation
+    #
+    # @overload list_secrets(params = {})
+    # @param [Hash] params ({})
+    def list_secrets(params = {}, options = {})
+      req = build_request(:list_secrets, params)
+      req.send_request(options)
+    end
+
+    # Stores a new encrypted secret value in the specified secret. To do
+    # this, the operation creates a new version and attaches it to the
+    # secret. The version can contain a new `SecretString` value or a new
+    # `SecretBinary` value.
+    #
+    # <note markdown="1"> The AWS Secrets Manager console uses only the `SecretString` field. To
+    # add binary data to a secret with the `SecretBinary` field you must use
+    # the AWS CLI or one of the AWS SDKs.
+    #
+    #  </note>
+    #
+    # * If this operation creates the first version for the secret then
+    #   Secrets Manager automatically attaches the staging label
+    #   `AWSCURRENT` to the new version.
+    #
+    # * If another version of this secret already exists, then this
+    #   operation does not automatically move any staging labels other than
+    #   those that you specify in the `VersionStages` parameter.
+    #
+    # * This operation is idempotent. If a version with a `SecretVersionId`
+    #   with the same value as the `ClientRequestToken` parameter already
+    #   exists and you specify the same secret data, the operation succeeds
+    #   but does nothing. However, if the secret data is different, then the
+    #   operation fails because you cannot modify an existing version; you
+    #   can only create new ones.
+    #
+    # * If this operation moves the staging label `AWSCURRENT` to this
+    #   version (because you included it in the `StagingLabels` parameter)
+    #   then Secrets Manager also automatically moves the staging label
+    #   `AWSPREVIOUS` to the version that `AWSCURRENT` was removed from.
+    #
+    # * If you call an operation that needs to encrypt or decrypt the
+    #   `SecretString` and `SecretBinary` for a secret in the same account
+    #   as the calling user and that secret doesn't specify a KMS
+    #   encryption key, AWS Secrets Manager uses the account's default AWS
+    #   managed customer master key (CMK) with the alias
+    #   `aws/secretsmanager`. If this key doesn't already exist in your
+    #   account then AWS Secrets Manager creates it for you automatically.
+    #   All users in the same AWS account automatically have access to use
+    #   the default CMK. Note that if an AWS Secrets Manager API call
+    #   results in AWS having to create the account's AWS-managed CMK, it
+    #   can result in a one-time significant delay in returning the result.
+    #
+    # * If the secret is in a different AWS account from the credentials
+    #   calling an API that requires encryption or decryption of the secret
+    #   value then you must create and use a custom KMS CMK because you
+    #   can't access the default CMK for the account using credentials from
+    #   a different AWS account. Store the ARN of the CMK in the secret when
+    #   you create the secret or when you update it by including it in the
+    #   `KMSKeyId`. If you call an API that must encrypt or decrypt
+    #   `SecretString` or `SecretBinary` using credentials from a different
+    #   account then the KMS key policy must grant cross-account access to
+    #   that other account's user or role.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:PutSecretValue
+    #
+    # * kms:GenerateDataKey - needed only if you use a customer-created KMS
+    #   key to encrypt the secret. You do not need this permission to use
+    #   the account's AWS managed CMK for Secrets Manager.
+    #
+    # * kms:Encrypt - needed only if you use a customer-created KMS key to
+    #   encrypt the secret. You do not need this permission to use the
+    #   account's AWS managed CMK for Secrets Manager.
+    #
+    # **Related operations**
+    #
+    # * To retrieve the encrypted value you store in the version of a
+    #   secret, use GetSecretValue.
+    #
+    # * To create a secret, use CreateSecret.
+    #
+    # * To get the details for a secret, use DescribeSecret.
+    #
+    # * To list the versions attached to a secret, use ListSecretVersionIds.
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret to which you want to add a new version. You can
+    #   specify either the Amazon Resource Name (ARN) or the friendly name of
+    #   the secret. The secret must already exist.
+    #
+    #   The secret name can consist of uppercase letters, lowercase letters,
+    #   digits, and any of the following characters: /\_+=.@-    Spaces are
+    #   not permitted.
+    #
+    # @option params [String] :client_request_token
+    #   (Optional) Specifies a unique identifier for the new version of the
+    #   secret.
+    #
+    #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
+    #   then you can leave this parameter empty. The CLI or SDK generates a
+    #   random UUID for you and includes that in the request. If you don't
+    #   use the SDK and instead generate a raw HTTP request to the AWS Secrets
+    #   Manager service endpoint, then you must generate a
+    #   `ClientRequestToken` yourself for new versions and include that value
+    #   in the request.
+    #
+    #    </note>
+    #
+    #   This value helps ensure idempotency. Secrets Manager uses this value
+    #   to prevent the accidental creation of duplicate versions if there are
+    #   failures and retries during the Lambda rotation function's
+    #   processing. We recommend that you generate a [UUID-type][1] value to
+    #   ensure uniqueness within the specified secret.
+    #
+    #   * If the `ClientRequestToken` value isn't already associated with a
+    #     version of the secret then a new version of the secret is created.
+    #
+    #   * If a version with this value already exists and that version's
+    #     `SecretString` or `SecretBinary` values are the same as those in the
+    #     request then the request is ignored (the operation is idempotent).
+    #
+    #   * If a version with this value already exists and that version's
+    #     `SecretString` and `SecretBinary` values are different from those in
+    #     the request then the request fails because you cannot modify an
+    #     existing secret version. You can only create new versions to store
+    #     new secret values.
+    #
+    #   This value becomes the `SecretVersionId` of the new version.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
+    #
+    # @option params [String, IO] :secret_binary
+    #   (Optional) Specifies binary data that you want to encrypt and store in
+    #   the new version of the secret. To use this parameter in the
+    #   command-line tools, we recommend that you store your binary data in a
+    #   file and then use the appropriate technique for your tool to pass the
+    #   contents of the file as a parameter. Either `SecretBinary` or
+    #   `SecretString` must have a value. They cannot both be empty.
+    #
+    #   This parameter is not accessible if the secret using the Secrets
+    #   Manager console.
+    #
+    # @option params [String] :secret_string
+    #   (Optional) Specifies text data that you want to encrypt and store in
+    #   this new version of the secret. Either `SecretString` or
+    #   `SecretBinary` must have a value. They cannot both be empty.
+    #
+    #   If you create this secret by using the Secrets Manager console then
+    #   Secrets Manager puts the protected secret text in only the
+    #   `SecretString` parameter. The Secrets Manager console stores the
+    #   information as a JSON structure of key/value pairs that the default
+    #   Lambda rotation function knows how to parse.
+    #
+    #   For storing multiple values, we recommend that you use a JSON text
+    #   string argument and specify key/value pairs. For information on how to
+    #   format a JSON parameter for the various command line tool
+    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #
+    # @option params [Array<String>] :version_stages
+    #   (Optional) Specifies a list of staging labels that are attached to
+    #   this version of the secret. These staging labels are used to track the
+    #   versions through the rotation process by the Lambda rotation function.
+    #
+    #   A staging label must be unique to a single version of the secret. If
+    #   you specify a staging label that's already associated with a
+    #   different version of the same secret then that staging label is
+    #   automatically removed from the other version and attached to this
+    #   version.
+    #
+    #   If you do not specify a value for `VersionStages` then AWS Secrets
+    #   Manager automatically moves the staging label `AWSCURRENT` to this new
+    #   version.
+    #
+    # @return [Types::PutSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutSecretValueResponse#arn #arn} => String
+    #   * {Types::PutSecretValueResponse#name #name} => String
+    #   * {Types::PutSecretValueResponse#version_id #version_id} => String
+    #   * {Types::PutSecretValueResponse#version_stages #version_stages} => Array&lt;String&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_secret_value({
+    #     secret_id: "SecretIdType", # required
+    #     client_request_token: "ClientRequestTokenType",
+    #     secret_binary: "data",
+    #     secret_string: "SecretStringType",
+    #     version_stages: ["SecretVersionStageType"],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #   resp.version_id #=> String
+    #   resp.version_stages #=> Array
+    #   resp.version_stages[0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue AWS API Documentation
+    #
+    # @overload put_secret_value(params = {})
+    # @param [Hash] params ({})
+    def put_secret_value(params = {}, options = {})
+      req = build_request(:put_secret_value, params)
+      req.send_request(options)
+    end
+
+    # Cancels the scheduled deletion of a secret by removing the
+    # `DeletedDate` time stamp. This makes the secret accessible to query
+    # once again.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:RestoreSecret
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To delete a secret, use DeleteSecret.
+    #
+    # ^
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret that you want to restore from a previously
+    #   scheduled deletion. You can specify either the Amazon Resource Name
+    #   (ARN) or the friendly name of the secret.
+    #
+    # @return [Types::RestoreSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::RestoreSecretResponse#arn #arn} => String
+    #   * {Types::RestoreSecretResponse#name #name} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.restore_secret({
+    #     secret_id: "SecretIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret AWS API Documentation
+    #
+    # @overload restore_secret(params = {})
+    # @param [Hash] params ({})
+    def restore_secret(params = {}, options = {})
+      req = build_request(:restore_secret, params)
+      req.send_request(options)
+    end
+
+    # Configures and starts the asynchronous process of rotating this
+    # secret. If you include the configuration parameters, the operation
+    # sets those values for the secret and then immediately starts a
+    # rotation. If you do not include the configuration parameters, the
+    # operation starts a rotation with the values already stored in the
+    # secret. After the rotation completes, the protected service and its
+    # clients all use the new version of the secret.
+    #
+    # This required configuration information includes the ARN of an AWS
+    # Lambda function and the time between scheduled rotations. The Lambda
+    # rotation function creates a new version of the secret and creates or
+    # updates the credentials on the protected service to match. After
+    # testing the new credentials, the function marks the new secret with
+    # the staging label `AWSCURRENT` so that your clients all immediately
+    # begin to use the new version. For more information about rotating
+    # secrets and how to configure a Lambda function to rotate the secrets
+    # for your protected service, see [Rotating Secrets in AWS Secrets
+    # Manager][1] in the *AWS Secrets Manager User Guide*.
+    #
+    # The rotation function must end with the versions of the secret in one
+    # of two states:
+    #
+    # * The `AWSPENDING` and `AWSCURRENT` staging labels are attached to the
+    #   same version of the secret, or
+    #
+    # * The `AWSPENDING` staging label is not attached to any version of the
+    #   secret.
+    #
+    # If instead the `AWSPENDING` staging label is present but is not
+    # attached to the same version as `AWSCURRENT` then any later invocation
+    # of `RotateSecret` assumes that a previous rotation request is still in
+    # progress and returns an error.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:RotateSecret
+    #
+    # * lambda:InvokeFunction (on the function specified in the secret's
+    #   metadata)
+    #
+    # **Related operations**
+    #
+    # * To list the secrets in your account, use ListSecrets.
+    #
+    # * To get the details for a version of a secret, use DescribeSecret.
+    #
+    # * To create a new version of a secret, use CreateSecret.
+    #
+    # * To attach staging labels to or remove staging labels from a version
+    #   of a secret, use UpdateSecretVersionStage.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/http:/docs.aws.amazon.com/;asm-service-name;/latest/userguide/rotating-secrets.html
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret that you want to rotate. You can specify either
+    #   the Amazon Resource Name (ARN) or the friendly name of the secret.
+    #
+    # @option params [String] :client_request_token
+    #   (Optional) Specifies a unique identifier for the new version of the
+    #   secret that helps ensure idempotency.
+    #
+    #   If you use the AWS CLI or one of the AWS SDK to call this operation,
+    #   then you can leave this parameter empty. The CLI or SDK generates a
+    #   random UUID for you and includes that in the request for this
+    #   parameter. If you don't use the SDK and instead generate a raw HTTP
+    #   request to the AWS Secrets Manager service endpoint, then you must
+    #   generate a `ClientRequestToken` yourself for new versions and include
+    #   that value in the request.
+    #
+    #   You only need to specify your own value if you are implementing your
+    #   own retry logic and want to ensure that a given secret is not created
+    #   twice. We recommend that you generate a [UUID-type][1] value to ensure
+    #   uniqueness within the specified secret.
+    #
+    #   Secrets Manager uses this value to prevent the accidental creation of
+    #   duplicate versions if there are failures and retries during the
+    #   function's processing.
+    #
+    #   * If the `ClientRequestToken` value isn't already associated with a
+    #     version of the secret then a new version of the secret is created.
+    #
+    #   * If a version with this value already exists and that version's
+    #     `SecretString` and `SecretBinary` values are the same as the
+    #     request, then the request is ignored (the operation is idempotent).
+    #
+    #   * If a version with this value already exists and that version's
+    #     `SecretString` and `SecretBinary` values are different from the
+    #     request then an error occurs because you cannot modify an existing
+    #     secret value.
+    #
+    #   This value becomes the `SecretVersionId` of the new version.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
+    #
+    # @option params [String] :rotation_lambda_arn
+    #   (Optional) Specifies the ARN of the Lambda function that can rotate
+    #   the secret.
+    #
+    # @option params [Types::RotationRulesType] :rotation_rules
+    #   A structure that defines the rotation configuration for this secret.
+    #
+    # @return [Types::RotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::RotateSecretResponse#arn #arn} => String
+    #   * {Types::RotateSecretResponse#name #name} => String
+    #   * {Types::RotateSecretResponse#version_id #version_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.rotate_secret({
+    #     secret_id: "SecretIdType", # required
+    #     client_request_token: "ClientRequestTokenType",
+    #     rotation_lambda_arn: "RotationLambdaARNType",
+    #     rotation_rules: {
+    #       automatically_after_days: 1,
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #   resp.version_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret AWS API Documentation
+    #
+    # @overload rotate_secret(params = {})
+    # @param [Hash] params ({})
+    def rotate_secret(params = {}, options = {})
+      req = build_request(:rotate_secret, params)
+      req.send_request(options)
+    end
+
+    # Attaches one or more tags, each consisting of a key name and a value,
+    # to the specified secret. Tags are part of the secret's overall
+    # metadata, and are not associated with any specific version of the
+    # secret. This operation only appends tags to the existing list of tags.
+    # To remove tags, you must use UntagResource.
+    #
+    # The following basic restrictions apply to tags:
+    #
+    # * Maximum number of tags per secret—50
+    #
+    # * Maximum key length—127 Unicode characters in UTF-8
+    #
+    # * Maximum value length—255 Unicode characters in UTF-8
+    #
+    # * Tag keys and values are case sensitive.
+    #
+    # * Do not use the `aws:` prefix in your tag names or values because it
+    #   is reserved for AWS use. You can't edit or delete tag names or
+    #   values with this prefix. Tags with this prefix do not count against
+    #   your tags per secret limit.
+    #
+    # * If your tagging schema will be used across multiple services and
+    #   resources, remember that other services might have restrictions on
+    #   allowed characters. Generally allowed characters are: letters,
+    #   spaces, and numbers representable in UTF-8, plus the following
+    #   special characters: + - = . \_ : / @.
+    #
+    # If you use tags as part of your security strategy, then adding or
+    # removing a tag can change permissions. If successfully completing this
+    # operation would result in you losing your permissions for this secret,
+    # then the operation is blocked and returns an Access Denied error.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:TagResource
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To remove one or more tags from the collection attached to a secret,
+    #   use UntagResource.
+    #
+    # * To view the list of tags attached to a secret, use DescribeSecret.
+    #
+    # @option params [required, String] :secret_id
+    #   The identifier for the secret that you want to attach tags to. You can
+    #   specify either the Amazon Resource Name (ARN) or the friendly name of
+    #   the secret.
+    #
+    # @option params [required, Array<Types::Tag>] :tags
+    #   The tags to attach to the secret. Each element in the list consists of
+    #   a `Key` and a `Value`.
+    #
+    #   This parameter to the API requires a JSON text string argument. For
+    #   information on how to format a JSON parameter for the various command
+    #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
+    #   CLI User Guide*. For the AWS CLI, you can also use the syntax: `--Tags
+    #   Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]`
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.tag_resource({
+    #     secret_id: "SecretIdType", # required
+    #     tags: [ # required
+    #       {
+    #         key: "TagKeyType",
+    #         value: "TagValueType",
+    #       },
+    #     ],
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource AWS API Documentation
+    #
+    # @overload tag_resource(params = {})
+    # @param [Hash] params ({})
+    def tag_resource(params = {}, options = {})
+      req = build_request(:tag_resource, params)
+      req.send_request(options)
+    end
+
+    # Removes one or more tags from the specified secret.
+    #
+    # This operation is idempotent. If a requested tag is not attached to
+    # the secret, no error is returned and the secret metadata is unchanged.
+    #
+    # If you use tags as part of your security strategy, then removing a tag
+    # can change permissions. If successfully completing this operation
+    # would result in you losing your permissions for this secret, then the
+    # operation is blocked and returns an Access Denied error.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:UntagResource
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To add one or more tags to the collection attached to a secret, use
+    #   TagResource.
+    #
+    # * To view the list of tags attached to a secret, use DescribeSecret.
+    #
+    # @option params [required, String] :secret_id
+    #   The identifier for the secret that you want to remove tags from. You
+    #   can specify either the Amazon Resource Name (ARN) or the friendly name
+    #   of the secret.
+    #
+    # @option params [required, Array<String>] :tag_keys
+    #   A list of tag key names to remove from the secret. You don't specify
+    #   the value. Both the key and its associated value are removed.
+    #
+    #   This parameter to the API requires a JSON text string argument. For
+    #   information on how to format a JSON parameter for the various command
+    #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
+    #   CLI User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.untag_resource({
+    #     secret_id: "SecretIdType", # required
+    #     tag_keys: ["TagKeyType"], # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource AWS API Documentation
+    #
+    # @overload untag_resource(params = {})
+    # @param [Hash] params ({})
+    def untag_resource(params = {}, options = {})
+      req = build_request(:untag_resource, params)
+      req.send_request(options)
+    end
+
+    # Modifies many of the details of a secret. If you include a
+    # `ClientRequestToken` and either `SecretString` or `SecretBinary` then
+    # it also creates a new version attached to the secret.
+    #
+    # To modify the rotation configuration of a secret, use RotateSecret
+    # instead.
+    #
+    # <note markdown="1"> The AWS Secrets Manager console uses only the `SecretString` parameter
+    # and therefore limits you to encrypting and storing only a text string.
+    # To encrypt and store binary data as part of the version of a secret,
+    # you must use either the AWS CLI or one of the AWS SDKs.
+    #
+    #  </note>
+    #
+    # * If this update creates the first version of the secret or if you did
+    #   not include the `VersionStages` parameter then Secrets Manager
+    #   automatically attaches the staging label `AWSCURRENT` to the new
+    #   version and removes it from any version that had it previously. The
+    #   previous version (if any) is then given the staging label
+    #   `AWSPREVIOUS`.
+    #
+    # * If a version with a `SecretVersionId` with the same value as the
+    #   `ClientRequestToken` parameter already exists, the operation
+    #   generates an error. You cannot modify an existing version, you can
+    #   only create new ones.
+    #
+    # * If you call an operation that needs to encrypt or decrypt the
+    #   `SecretString` and `SecretBinary` for a secret in the same account
+    #   as the calling user and that secret doesn't specify a KMS
+    #   encryption key, AWS Secrets Manager uses the account's default AWS
+    #   managed customer master key (CMK) with the alias
+    #   `aws/secretsmanager`. If this key doesn't already exist in your
+    #   account then AWS Secrets Manager creates it for you automatically.
+    #   All users in the same AWS account automatically have access to use
+    #   the default CMK. Note that if an AWS Secrets Manager API call
+    #   results in AWS having to create the account's AWS-managed CMK, it
+    #   can result in a one-time significant delay in returning the result.
+    #
+    # * If the secret is in a different AWS account from the credentials
+    #   calling an API that requires encryption or decryption of the secret
+    #   value then you must create and use a custom KMS CMK because you
+    #   can't access the default CMK for the account using credentials from
+    #   a different AWS account. Store the ARN of the CMK in the secret when
+    #   you create the secret or when you update it by including it in the
+    #   `KMSKeyId`. If you call an API that must encrypt or decrypt
+    #   `SecretString` or `SecretBinary` using credentials from a different
+    #   account then the KMS key policy must grant cross-account access to
+    #   that other account's user or role.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:UpdateSecret
+    #
+    # * kms:GenerateDataKey - needed only if you use a custom KMS key to
+    #   encrypt the secret. You do not need this permission to use the
+    #   account's AWS managed CMK for Secrets Manager.
+    #
+    # * kms:Decrypt - needed only if you use a custom KMS key to encrypt the
+    #   secret. You do not need this permission to use the account's AWS
+    #   managed CMK for Secrets Manager.
+    #
+    # **Related operations**
+    #
+    # * To create a new secret, use CreateSecret.
+    #
+    # * To add only a new version to an existing secret, use PutSecretValue.
+    #
+    # * To get the details for a secret, use DescribeSecret.
+    #
+    # * To list the versions contained in a secret, use
+    #   ListSecretVersionIds.
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret that you want to update or to which you want to
+    #   add a new version. You can specify either the Amazon Resource Name
+    #   (ARN) or the friendly name of the secret.
+    #
+    # @option params [String] :client_request_token
+    #   (Optional) If you want to add a new version to the secret, this
+    #   parameter specifies a unique identifier for the new version that helps
+    #   ensure idempotency.
+    #
+    #   If you use the AWS CLI or one of the AWS SDK to call this operation,
+    #   then you can leave this parameter empty. The CLI or SDK generates a
+    #   random UUID for you and includes that in the request. If you don't
+    #   use the SDK and instead generate a raw HTTP request to the AWS Secrets
+    #   Manager service endpoint, then you must generate a
+    #   `ClientRequestToken` yourself for new versions and include that value
+    #   in the request.
+    #
+    #   You typically only need to interact with this value if you implement
+    #   your own retry logic and want to ensure that a given secret is not
+    #   created twice. We recommend that you generate a [UUID-type][1] value
+    #   to ensure uniqueness within the specified secret.
+    #
+    #   Secrets Manager uses this value to prevent the accidental creation of
+    #   duplicate versions if there are failures and retries during the Lambda
+    #   rotation function's processing.
+    #
+    #   * If the `ClientRequestToken` value isn't already associated with a
+    #     version of the secret then a new version of the secret is created.
+    #
+    #   * If a version with this value already exists and that version's
+    #     `SecretString` and `SecretBinary` values are the same as those in
+    #     the request then the request is ignored (the operation is
+    #     idempotent).
+    #
+    #   * If a version with this value already exists and that version's
+    #     `SecretString` and `SecretBinary` values are different from the
+    #     request then an error occurs because you cannot modify an existing
+    #     secret value.
+    #
+    #   This value becomes the `SecretVersionId` of the new version.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
+    #
+    # @option params [String] :description
+    #   (Optional) Specifies a user-provided description of the secret.
+    #
+    # @option params [String] :kms_key_id
+    #   (Optional) Specifies the ARN or alias of the KMS customer master key
+    #   (CMK) to be used to encrypt the protected text in the versions of this
+    #   secret.
+    #
+    #   If you don't specify this value, then Secrets Manager defaults to
+    #   using the default CMK in the account (the one named
+    #   `aws/secretsmanager`). If a KMS CMK with that name doesn't exist,
+    #   then AWS Secrets Manager creates it for you automatically the first
+    #   time it needs to encrypt a version's `Plaintext` or `PlaintextString`
+    #   fields.
+    #
+    #   You can only use the account's default CMK to encrypt and decrypt if
+    #   you call this operation using credentials from the same account that
+    #   owns the secret. If the secret is in a different account, then you
+    #   must create a custom CMK and provide the ARN in this field.
+    #
+    # @option params [String, IO] :secret_binary
+    #   (Optional) Specifies binary data that you want to encrypt and store in
+    #   the new version of the secret. To use this parameter in the
+    #   command-line tools, we recommend that you store your binary data in a
+    #   file and then use the appropriate technique for your tool to pass the
+    #   contents of the file as a parameter. Either `SecretBinary` or
+    #   `SecretString` must have a value. They cannot both be empty.
+    #
+    #   This parameter is not accessible using the Secrets Manager console.
+    #
+    # @option params [String] :secret_string
+    #   (Optional) Specifies text data that you want to encrypt and store in
+    #   this new version of the secret. Either `SecretBinary` or
+    #   `SecretString` must have a value. They cannot both be empty.
+    #
+    #   If you create this secret by using the Secrets Manager console then
+    #   Secrets Manager puts the protected secret text in only the
+    #   `SecretString` parameter. The Secrets Manager console stores the
+    #   information as a JSON structure of key/value pairs that the default
+    #   Lambda rotation function knows how to parse.
+    #
+    #   For storing multiple values, we recommend that you use a JSON text
+    #   string argument and specify key/value pairs. For information on how to
+    #   format a JSON parameter for the various command line tool
+    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #
+    # @return [Types::UpdateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateSecretResponse#arn #arn} => String
+    #   * {Types::UpdateSecretResponse#name #name} => String
+    #   * {Types::UpdateSecretResponse#version_id #version_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_secret({
+    #     secret_id: "SecretIdType", # required
+    #     client_request_token: "ClientRequestTokenType",
+    #     description: "DescriptionType",
+    #     kms_key_id: "KmsKeyIdType",
+    #     secret_binary: "data",
+    #     secret_string: "SecretStringType",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #   resp.version_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret AWS API Documentation
+    #
+    # @overload update_secret(params = {})
+    # @param [Hash] params ({})
+    def update_secret(params = {}, options = {})
+      req = build_request(:update_secret, params)
+      req.send_request(options)
+    end
+
+    # Modifies the staging labels attached to a version of a secret. Staging
+    # labels are used to track a version as it progresses through the secret
+    # rotation process. You can attach a staging label to only one version
+    # of a secret at a time. If a staging label to be added is already
+    # attached to another version, then it is moved--removed from the other
+    # version first and then attached to this one. For more information
+    # about staging labels, see [Staging Labels][1] in the *AWS Secrets
+    # Manager User Guide*.
+    #
+    # The staging labels that you specify in the `VersionStage` parameter
+    # are added to the existing list of staging labels--they don't replace
+    # it.
+    #
+    # You can move the `AWSCURRENT` staging label to this version by
+    # including it in this call.
+    #
+    # <note markdown="1"> Whenever you move `AWSCURRENT`, Secrets Manager automatically moves
+    # the label `AWSPREVIOUS` to the version that `AWSCURRENT` was removed
+    # from.
+    #
+    #  </note>
+    #
+    # If this action results in the last label being removed from a version,
+    # then the version is considered to be 'deprecated' and can be deleted
+    # by Secrets Manager.
+    #
+    # **Minimum permissions**
+    #
+    # To run this command, you must have the following permissions:
+    #
+    # * secretsmanager:UpdateSecretVersionStage
+    #
+    # ^
+    #
+    # **Related operations**
+    #
+    # * To get the list of staging labels that are currently associated with
+    #   a version of a secret, use ` DescribeSecret ` and examine the
+    #   `SecretVersionsToStages` response value.
+    #
+    # ^
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/http:/docs.aws.amazon.com/;asm-service-name;/latest/userguide/terms-concepts.html#term_label
+    #
+    # @option params [required, String] :secret_id
+    #   Specifies the secret with the version whose list of staging labels you
+    #   want to modify. You can specify either the Amazon Resource Name (ARN)
+    #   or the friendly name of the secret.
+    #
+    # @option params [required, String] :version_stage
+    #   The list of staging labels to add to this version.
+    #
+    # @option params [String] :remove_from_version_id
+    #   (Optional) Specifies the secret version ID of the version that the
+    #   staging labels are to be removed from.
+    #
+    #   If you want to move a label to a new version, you do not have to
+    #   explicitly remove it with this parameter. Adding a label using the
+    #   `MoveToVersionId` parameter automatically removes it from the old
+    #   version. However, if you do include both the "MoveTo" and
+    #   "RemoveFrom" parameters, then the move is successful only if the
+    #   staging labels are actually present on the "RemoveFrom" version. If
+    #   a staging label was on a different version than "RemoveFrom", then
+    #   the request fails.
+    #
+    # @option params [String] :move_to_version_id
+    #   (Optional) The secret version ID that you want to add the staging
+    #   labels to.
+    #
+    #   If any of the staging labels are already attached to a different
+    #   version of the secret, then they are removed from that version before
+    #   adding them to this version.
+    #
+    # @return [Types::UpdateSecretVersionStageResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateSecretVersionStageResponse#arn #arn} => String
+    #   * {Types::UpdateSecretVersionStageResponse#name #name} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_secret_version_stage({
+    #     secret_id: "SecretIdType", # required
+    #     version_stage: "SecretVersionStageType", # required
+    #     remove_from_version_id: "SecretVersionIdType",
+    #     move_to_version_id: "SecretVersionIdType",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage AWS API Documentation
+    #
+    # @overload update_secret_version_stage(params = {})
+    # @param [Hash] params ({})
+    def update_secret_version_stage(params = {}, options = {})
+      req = build_request(:update_secret_version_stage, params)
+      req.send_request(options)
+    end
+
+    # @!endgroup
+
+    # @param params ({})
+    # @api private
+    def build_request(operation_name, params = {})
+      handlers = @handlers.for(operation_name)
+      context = Seahorse::Client::RequestContext.new(
+        operation_name: operation_name,
+        operation: config.api.operation(operation_name),
+        client: self,
+        params: params,
+        config: config)
+      context[:gem_name] = 'aws-sdk-secretsmanager'
+      context[:gem_version] = '1.0.0'
+      Seahorse::Client::Request.new(handlers, context)
+    end
+
+    # @api private
+    # @deprecated
+    def waiter_names
+      []
+    end
+
+    class << self
+
+      # @api private
+      attr_reader :identifier
+
+      # @api private
+      def errors_module
+        Errors
+      end
+
+    end
+  end
+end