aws-sdk-secretsmanager 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0510b3d9111db1b546af3dcf7759a4fbc38eb1ae
4
- data.tar.gz: 341d393d43faa1bdf7d01997b996fa5a91b3bdf7
3
+ metadata.gz: adfd3d55ac5ae5a9c37802f343b3d6285c443559
4
+ data.tar.gz: 57c6b3a72a81a2125795101d9fb516114540e6f7
5
5
  SHA512:
6
- metadata.gz: 92735d664f25841b1a9835c8e5b20d31153329a689bc4fc1e4c9040bfbdaf8e6d488a101fc96bb7d3568d8a2def294d65e3291cd2671fd7bab033856a9980ed1
7
- data.tar.gz: f4cc5b8798f92a38e0563d0da60e2ab1344828e5204fa32524f57083a371e7799b6d3d1b6fd024729ffc441897418dd49b6eabce66a43cd0c3f067c5fbc192d3
6
+ metadata.gz: 3fa42ba1efa146eccf3d3cefd69826f844219fb3b2c412ac91231878065de20d85c2c5865c1fa952386a8e5c4c5ae07ebce1ec438fc8d74a609cc3943f379711
7
+ data.tar.gz: 3b07bfeb219f21c9eca866c7f46a649e14ed4cec82349d82a65c9e29862ccd9d34b96d23f3f0399689a0eeed06526ddac6defdc56a56b325e738a31e8dcadcda
@@ -42,6 +42,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
42
42
  # @service
43
43
  module Aws::SecretsManager
44
44
 
45
- GEM_VERSION = '1.0.0'
45
+ GEM_VERSION = '1.1.0'
46
46
 
47
47
  end
@@ -216,6 +216,23 @@ module Aws::SecretsManager
216
216
  # * {Types::CancelRotateSecretResponse#name #name} => String
217
217
  # * {Types::CancelRotateSecretResponse#version_id #version_id} => String
218
218
  #
219
+ #
220
+ # @example Example: To cancel scheduled rotation for a secret
221
+ #
222
+ # # The following example shows how to cancel rotation for a secret. The operation sets the RotationEnabled field to false
223
+ # # and cancels all scheduled rotations. To resume scheduled rotations, you must re-enable rotation by calling the
224
+ # # rotate-secret operation.
225
+ #
226
+ # resp = client.cancel_rotate_secret({
227
+ # secret_id: "MyTestDatabaseSecret",
228
+ # })
229
+ #
230
+ # resp.to_h outputs the following:
231
+ # {
232
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
233
+ # name: "Name",
234
+ # }
235
+ #
219
236
  # @example Request syntax with placeholder values
220
237
  #
221
238
  # resp = client.cancel_rotate_secret({
@@ -237,9 +254,9 @@ module Aws::SecretsManager
237
254
  req.send_request(options)
238
255
  end
239
256
 
240
- # Creates a new secret. A secret in AWS Secrets Manager consists of both
241
- # the protected secret data and the important information needed to
242
- # manage the secret.
257
+ # Creates a new secret. A secret in Secrets Manager consists of both the
258
+ # protected secret data and the important information needed to manage
259
+ # the secret.
243
260
  #
244
261
  # Secrets Manager stores the encrypted secret data in one of a
245
262
  # collection of "versions" associated with the secret. Each version
@@ -257,17 +274,17 @@ module Aws::SecretsManager
257
274
  # don't supply a staging label, automatically maps the new version's
258
275
  # ID to the staging label `AWSCURRENT`.
259
276
  #
260
- # * If you call an operation that needs to encrypt or decrypt the
277
+ # <note markdown="1"> * If you call an operation that needs to encrypt or decrypt the
261
278
  # `SecretString` and `SecretBinary` for a secret in the same account
262
279
  # as the calling user and that secret doesn't specify a KMS
263
- # encryption key, AWS Secrets Manager uses the account's default AWS
280
+ # encryption key, Secrets Manager uses the account's default AWS
264
281
  # managed customer master key (CMK) with the alias
265
282
  # `aws/secretsmanager`. If this key doesn't already exist in your
266
- # account then AWS Secrets Manager creates it for you automatically.
267
- # All users in the same AWS account automatically have access to use
268
- # the default CMK. Note that if an AWS Secrets Manager API call
269
- # results in AWS having to create the account's AWS-managed CMK, it
270
- # can result in a one-time significant delay in returning the result.
283
+ # account then Secrets Manager creates it for you automatically. All
284
+ # users in the same AWS account automatically have access to use the
285
+ # default CMK. Note that if an Secrets Manager API call results in AWS
286
+ # having to create the account's AWS-managed CMK, it can result in a
287
+ # one-time significant delay in returning the result.
271
288
  #
272
289
  # * If the secret is in a different AWS account from the credentials
273
290
  # calling an API that requires encryption or decryption of the secret
@@ -280,6 +297,10 @@ module Aws::SecretsManager
280
297
  # account then the KMS key policy must grant cross-account access to
281
298
  # that other account's user or role.
282
299
  #
300
+ # </note>
301
+ #
302
+ #
303
+ #
283
304
  # **Minimum permissions**
284
305
  #
285
306
  # To run this command, you must have the following permissions:
@@ -314,9 +335,7 @@ module Aws::SecretsManager
314
335
  # response value.
315
336
  #
316
337
  # @option params [required, String] :name
317
- # Specifies the friendly name of the new secret. The secret name can
318
- # consist of uppercase letters, lowercase letters, digits, and any of
319
- # the following characters: /\_+=.@-    Spaces are not permitted.
338
+ # Specifies the friendly name of the new secret.
320
339
  #
321
340
  # @option params [String] :client_request_token
322
341
  # (Optional) If you include `SecretString` or `SecretBinary`, then an
@@ -327,7 +346,7 @@ module Aws::SecretsManager
327
346
  # then you can leave this parameter empty. The CLI or SDK generates a
328
347
  # random UUID for you and includes as the value for this parameter in
329
348
  # the request. If you don't use the SDK and instead generate a raw HTTP
330
- # request to the AWS Secrets Manager service endpoint, then you must
349
+ # request to the Secrets Manager service endpoint, then you must
331
350
  # generate a `ClientRequestToken` yourself for the new version and
332
351
  # include that value in the request.
333
352
  #
@@ -373,8 +392,8 @@ module Aws::SecretsManager
373
392
  # If you don't specify this value, then Secrets Manager defaults to
374
393
  # using the AWS account's default CMK (the one named
375
394
  # `aws/secretsmanager`). If a KMS CMK with that name doesn't yet exist,
376
- # then AWS Secrets Manager creates it for you automatically the first
377
- # time it needs to encrypt a version's `SecretString` or `SecretBinary`
395
+ # then Secrets Manager creates it for you automatically the first time
396
+ # it needs to encrypt a version's `SecretString` or `SecretBinary`
378
397
  # fields.
379
398
  #
380
399
  # You can use the account's default CMK to encrypt and decrypt only if
@@ -437,8 +456,8 @@ module Aws::SecretsManager
437
456
  # operation only appends tags to the existing list of tags. To remove
438
457
  # tags, you must use UntagResource.
439
458
  #
440
- # * AWS Secrets Manager tag key names are case sensitive. A tag with the
441
- # key "ABC" is a different tag from one with key "abc".
459
+ # * Secrets Manager tag key names are case sensitive. A tag with the key
460
+ # "ABC" is a different tag from one with key "abc".
442
461
  #
443
462
  # * If you check tags in IAM policy `Condition` elements as part of your
444
463
  # security strategy, then adding or removing a tag can change
@@ -488,6 +507,26 @@ module Aws::SecretsManager
488
507
  # * {Types::CreateSecretResponse#name #name} => String
489
508
  # * {Types::CreateSecretResponse#version_id #version_id} => String
490
509
  #
510
+ #
511
+ # @example Example: To create a basic secret
512
+ #
513
+ # # The following example shows how to create a secret. The credentials stored in the encrypted secret value are retrieved
514
+ # # from a file on disk named mycreds.json.
515
+ #
516
+ # resp = client.create_secret({
517
+ # client_request_token: "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1",
518
+ # description: "My test database secret created with the CLI",
519
+ # name: "MyTestDatabaseSecret",
520
+ # secret_string: "{\"username\":\"david\",\"password\":\"BnQw!XDWgaEeT9XGTT29\"}",
521
+ # })
522
+ #
523
+ # resp.to_h outputs the following:
524
+ # {
525
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
526
+ # name: "MyTestDatabaseSecret",
527
+ # version_id: "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1",
528
+ # }
529
+ #
491
530
  # @example Request syntax with placeholder values
492
531
  #
493
532
  # resp = client.create_secret({
@@ -522,24 +561,24 @@ module Aws::SecretsManager
522
561
 
523
562
  # Deletes an entire secret and all of its versions. You can optionally
524
563
  # include a recovery window during which you can restore the secret. If
525
- # you don't provide a recovery window value, the operation defaults to
564
+ # you don't specify a recovery window value, the operation defaults to
526
565
  # 30 days. Secrets Manager attaches a `DeletionDate` stamp to the secret
527
566
  # that specifies the end of the recovery window. At the end of the
528
567
  # recovery window, Secrets Manager deletes the secret permanently.
529
568
  #
530
- # At any time before recovery period ends, you can use RestoreSecret to
569
+ # At any time before recovery window ends, you can use RestoreSecret to
531
570
  # remove the `DeletionDate` and cancel the deletion of the secret.
532
571
  #
533
572
  # You cannot access the encrypted secret information in any secret that
534
573
  # is scheduled for deletion. If you need to access that information, you
535
- # can cancel the deletion with RestoreSecret and then retrieve the
574
+ # must cancel the deletion with RestoreSecret and then retrieve the
536
575
  # information.
537
576
  #
538
577
  # <note markdown="1"> * There is no explicit operation to delete a version of a secret.
539
578
  # Instead, remove all staging labels from the `VersionStage` field of
540
- # a version. That marks the version as deprecated and allows AWS
541
- # Secrets Manager to delete it as needed. Versions that do not have
542
- # any staging labels do not show up in ListSecretVersionIds unless you
579
+ # a version. That marks the version as deprecated and allows Secrets
580
+ # Manager to delete it as needed. Versions that do not have any
581
+ # staging labels do not show up in ListSecretVersionIds unless you
543
582
  # specify `IncludeDeprecated`.
544
583
  #
545
584
  # * The permanent secret deletion at the end of the waiting period is
@@ -562,14 +601,14 @@ module Aws::SecretsManager
562
601
  # * To create a secret, use CreateSecret.
563
602
  #
564
603
  # * To cancel deletion of a version of a secret before the recovery
565
- # period has expired, use RestoreSecret.
604
+ # window has expired, use RestoreSecret.
566
605
  #
567
606
  # @option params [required, String] :secret_id
568
607
  # Specifies the secret that you want to delete. You can specify either
569
608
  # the Amazon Resource Name (ARN) or the friendly name of the secret.
570
609
  #
571
610
  # @option params [Integer] :recovery_window_in_days
572
- # (Optional) Specifies the number of days that AWS Secrets Manager waits
611
+ # (Optional) Specifies the number of days that Secrets Manager waits
573
612
  # before it can delete the secret.
574
613
  #
575
614
  # This value can range from 7 to 30 days. The default value is 30.
@@ -580,6 +619,25 @@ module Aws::SecretsManager
580
619
  # * {Types::DeleteSecretResponse#name #name} => String
581
620
  # * {Types::DeleteSecretResponse#deletion_date #deletion_date} => Time
582
621
  #
622
+ #
623
+ # @example Example: To delete a secret
624
+ #
625
+ # # The following example shows how to delete a secret. The secret stays in your account in a deprecated and inaccessible
626
+ # # state until the recovery window ends. After the date and time in the DeletionDate response field has passed, you can no
627
+ # # longer recover this secret with restore-secret.
628
+ #
629
+ # resp = client.delete_secret({
630
+ # recovery_window_in_days: 7,
631
+ # secret_id: "MyTestDatabaseSecret1",
632
+ # })
633
+ #
634
+ # resp.to_h outputs the following:
635
+ # {
636
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
637
+ # deletion_date: Time.parse("1524085349.095"),
638
+ # name: "MyTestDatabaseSecret",
639
+ # }
640
+ #
583
641
  # @example Request syntax with placeholder values
584
642
  #
585
643
  # resp = client.delete_secret({
@@ -646,6 +704,49 @@ module Aws::SecretsManager
646
704
  # * {Types::DescribeSecretResponse#tags #tags} => Array&lt;Types::Tag&gt;
647
705
  # * {Types::DescribeSecretResponse#version_ids_to_stages #version_ids_to_stages} => Hash&lt;String,Array&lt;String&gt;&gt;
648
706
  #
707
+ #
708
+ # @example Example: To retrieve the details of a secret
709
+ #
710
+ # # The following example shows how to get the details about a secret.
711
+ #
712
+ # resp = client.describe_secret({
713
+ # secret_id: "MyTestDatabaseSecret",
714
+ # })
715
+ #
716
+ # resp.to_h outputs the following:
717
+ # {
718
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
719
+ # description: "My test database secret",
720
+ # kms_key_id: "arn:aws:kms:us-west-2:123456789012:key/EXAMPLE1-90ab-cdef-fedc-ba987KMSKEY1",
721
+ # last_accessed_date: Time.parse("1523923200"),
722
+ # last_changed_date: Time.parse(1523477145.729),
723
+ # last_rotated_date: Time.parse(1525747253.72),
724
+ # name: "MyTestDatabaseSecret",
725
+ # rotation_enabled: true,
726
+ # rotation_lambda_arn: "arn:aws:lambda:us-west-2:123456789012:function:MyTestRotationLambda",
727
+ # rotation_rules: {
728
+ # automatically_after_days: 30,
729
+ # },
730
+ # tags: [
731
+ # {
732
+ # key: "SecondTag",
733
+ # value: "AnotherValue",
734
+ # },
735
+ # {
736
+ # key: "FirstTag",
737
+ # value: "SomeValue",
738
+ # },
739
+ # ],
740
+ # version_ids_to_stages: {
741
+ # "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE" => [
742
+ # "AWSPREVIOUS",
743
+ # ],
744
+ # "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE" => [
745
+ # "AWSCURRENT",
746
+ # ],
747
+ # },
748
+ # }
749
+ #
649
750
  # @example Request syntax with placeholder values
650
751
  #
651
752
  # resp = client.describe_secret({
@@ -739,6 +840,23 @@ module Aws::SecretsManager
739
840
  #
740
841
  # * {Types::GetRandomPasswordResponse#random_password #random_password} => String
741
842
  #
843
+ #
844
+ # @example Example: To generate a random password
845
+ #
846
+ # # The following example shows how to request a randomly generated password. This example includes the optional flags to
847
+ # # require spaces and at least one character of each included type. It specifies a length of 20 characters.
848
+ #
849
+ # resp = client.get_random_password({
850
+ # include_space: true,
851
+ # password_length: 20,
852
+ # require_each_included_type: true,
853
+ # })
854
+ #
855
+ # resp.to_h outputs the following:
856
+ # {
857
+ # random_password: "N+Z43a,>vx7j O8^*<8i3",
858
+ # }
859
+ #
742
860
  # @example Request syntax with placeholder values
743
861
  #
744
862
  # resp = client.get_random_password({
@@ -825,6 +943,30 @@ module Aws::SecretsManager
825
943
  # * {Types::GetSecretValueResponse#version_stages #version_stages} => Array&lt;String&gt;
826
944
  # * {Types::GetSecretValueResponse#created_date #created_date} => Time
827
945
  #
946
+ #
947
+ # @example Example: To retrieve the encrypted secret value of a secret
948
+ #
949
+ # # The following example shows how to retrieve the secret string value from the version of the secret that has the
950
+ # # AWSPREVIOUS staging label attached. If you want to retrieve the AWSCURRENT version of the secret, then you can omit the
951
+ # # VersionStage parameter because it defaults to AWSCURRENT.
952
+ #
953
+ # resp = client.get_secret_value({
954
+ # secret_id: "MyTestDatabaseSecret",
955
+ # version_stage: "AWSPREVIOUS",
956
+ # })
957
+ #
958
+ # resp.to_h outputs the following:
959
+ # {
960
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
961
+ # created_date: Time.parse(1523477145.713),
962
+ # name: "MyTestDatabaseSecret",
963
+ # secret_string: "{\n \"username\":\"david\",\n \"password\":\"BnQw&XDWgaEeT9XGTT29\"\n}\n",
964
+ # version_id: "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1",
965
+ # version_stages: [
966
+ # "AWSPREVIOUS",
967
+ # ],
968
+ # }
969
+ #
828
970
  # @example Request syntax with placeholder values
829
971
  #
830
972
  # resp = client.get_secret_value({
@@ -893,8 +1035,8 @@ module Aws::SecretsManager
893
1035
  # beyond the maximum you specify, the `NextToken` response element is
894
1036
  # present and has a value (isn't null). Include that value as the
895
1037
  # `NextToken` request parameter in the next call to the operation to get
896
- # the next part of the results. Note that AWS Secrets Manager might
897
- # return fewer results than the maximum even when there are more results
1038
+ # the next part of the results. Note that Secrets Manager might return
1039
+ # fewer results than the maximum even when there are more results
898
1040
  # available. You should check `NextToken` after every operation to
899
1041
  # ensure that you receive all of the results.
900
1042
  #
@@ -918,6 +1060,43 @@ module Aws::SecretsManager
918
1060
  # * {Types::ListSecretVersionIdsResponse#arn #arn} => String
919
1061
  # * {Types::ListSecretVersionIdsResponse#name #name} => String
920
1062
  #
1063
+ #
1064
+ # @example Example: To list all of the secret versions associated with a secret
1065
+ #
1066
+ # # The following example shows how to retrieve a list of all of the versions of a secret, including those without any
1067
+ # # staging labels.
1068
+ #
1069
+ # resp = client.list_secret_version_ids({
1070
+ # include_deprecated: true,
1071
+ # secret_id: "MyTestDatabaseSecret",
1072
+ # })
1073
+ #
1074
+ # resp.to_h outputs the following:
1075
+ # {
1076
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
1077
+ # name: "MyTestDatabaseSecret",
1078
+ # versions: [
1079
+ # {
1080
+ # created_date: Time.parse(1523477145.713),
1081
+ # version_id: "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE",
1082
+ # version_stages: [
1083
+ # "AWSPREVIOUS",
1084
+ # ],
1085
+ # },
1086
+ # {
1087
+ # created_date: Time.parse(1523486221.391),
1088
+ # version_id: "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE",
1089
+ # version_stages: [
1090
+ # "AWSCURRENT",
1091
+ # ],
1092
+ # },
1093
+ # {
1094
+ # created_date: Time.parse(1511974462.36),
1095
+ # version_id: "EXAMPLE3-90ab-cdef-fedc-ba987EXAMPLE;",
1096
+ # },
1097
+ # ],
1098
+ # }
1099
+ #
921
1100
  # @example Request syntax with placeholder values
922
1101
  #
923
1102
  # resp = client.list_secret_version_ids({
@@ -948,10 +1127,10 @@ module Aws::SecretsManager
948
1127
  req.send_request(options)
949
1128
  end
950
1129
 
951
- # Lists all of the secrets that are stored by AWS Secrets Manager in the
952
- # AWS account. To list the versions currently stored for a specific
953
- # secret, use ListSecretVersionIds. The encrypted fields `SecretString`
954
- # and `SecretBinary` are not included in the output. To get that
1130
+ # Lists all of the secrets that are stored by Secrets Manager in the AWS
1131
+ # account. To list the versions currently stored for a specific secret,
1132
+ # use ListSecretVersionIds. The encrypted fields `SecretString` and
1133
+ # `SecretBinary` are not included in the output. To get that
955
1134
  # information, call the GetSecretValue operation.
956
1135
  #
957
1136
  # <note markdown="1"> Always check the `NextToken` response parameter when calling any of
@@ -984,8 +1163,8 @@ module Aws::SecretsManager
984
1163
  # beyond the maximum you specify, the `NextToken` response element is
985
1164
  # present and has a value (isn't null). Include that value as the
986
1165
  # `NextToken` request parameter in the next call to the operation to get
987
- # the next part of the results. Note that AWS Secrets Manager might
988
- # return fewer results than the maximum even when there are more results
1166
+ # the next part of the results. Note that Secrets Manager might return
1167
+ # fewer results than the maximum even when there are more results
989
1168
  # available. You should check `NextToken` after every operation to
990
1169
  # ensure that you receive all of the results.
991
1170
  #
@@ -1001,6 +1180,42 @@ module Aws::SecretsManager
1001
1180
  # * {Types::ListSecretsResponse#secret_list #secret_list} => Array&lt;Types::SecretListEntry&gt;
1002
1181
  # * {Types::ListSecretsResponse#next_token #next_token} => String
1003
1182
  #
1183
+ #
1184
+ # @example Example: To list the secrets in your account
1185
+ #
1186
+ # # The following example shows how to list all of the secrets in your account.
1187
+ #
1188
+ # resp = client.list_secrets({
1189
+ # })
1190
+ #
1191
+ # resp.to_h outputs the following:
1192
+ # {
1193
+ # secret_list: [
1194
+ # {
1195
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
1196
+ # description: "My test database secret",
1197
+ # last_changed_date: Time.parse(1523477145.729),
1198
+ # name: "MyTestDatabaseSecret",
1199
+ # secret_versions_to_stages: {
1200
+ # "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE" => [
1201
+ # "AWSCURRENT",
1202
+ # ],
1203
+ # },
1204
+ # },
1205
+ # {
1206
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret1-d4e5f6",
1207
+ # description: "Another secret created for a different database",
1208
+ # last_changed_date: Time.parse(1523482025.685),
1209
+ # name: "MyTestDatabaseSecret1",
1210
+ # secret_versions_to_stages: {
1211
+ # "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE" => [
1212
+ # "AWSCURRENT",
1213
+ # ],
1214
+ # },
1215
+ # },
1216
+ # ],
1217
+ # }
1218
+ #
1004
1219
  # @example Request syntax with placeholder values
1005
1220
  #
1006
1221
  # resp = client.list_secrets({
@@ -1044,9 +1259,9 @@ module Aws::SecretsManager
1044
1259
  # secret. The version can contain a new `SecretString` value or a new
1045
1260
  # `SecretBinary` value.
1046
1261
  #
1047
- # <note markdown="1"> The AWS Secrets Manager console uses only the `SecretString` field. To
1048
- # add binary data to a secret with the `SecretBinary` field you must use
1049
- # the AWS CLI or one of the AWS SDKs.
1262
+ # <note markdown="1"> The Secrets Manager console uses only the `SecretString` field. To add
1263
+ # binary data to a secret with the `SecretBinary` field you must use the
1264
+ # AWS CLI or one of the AWS SDKs.
1050
1265
  #
1051
1266
  # </note>
1052
1267
  #
@@ -1070,17 +1285,17 @@ module Aws::SecretsManager
1070
1285
  # then Secrets Manager also automatically moves the staging label
1071
1286
  # `AWSPREVIOUS` to the version that `AWSCURRENT` was removed from.
1072
1287
  #
1073
- # * If you call an operation that needs to encrypt or decrypt the
1288
+ # <note markdown="1"> * If you call an operation that needs to encrypt or decrypt the
1074
1289
  # `SecretString` and `SecretBinary` for a secret in the same account
1075
1290
  # as the calling user and that secret doesn't specify a KMS
1076
- # encryption key, AWS Secrets Manager uses the account's default AWS
1291
+ # encryption key, Secrets Manager uses the account's default AWS
1077
1292
  # managed customer master key (CMK) with the alias
1078
1293
  # `aws/secretsmanager`. If this key doesn't already exist in your
1079
- # account then AWS Secrets Manager creates it for you automatically.
1080
- # All users in the same AWS account automatically have access to use
1081
- # the default CMK. Note that if an AWS Secrets Manager API call
1082
- # results in AWS having to create the account's AWS-managed CMK, it
1083
- # can result in a one-time significant delay in returning the result.
1294
+ # account then Secrets Manager creates it for you automatically. All
1295
+ # users in the same AWS account automatically have access to use the
1296
+ # default CMK. Note that if an Secrets Manager API call results in AWS
1297
+ # having to create the account's AWS-managed CMK, it can result in a
1298
+ # one-time significant delay in returning the result.
1084
1299
  #
1085
1300
  # * If the secret is in a different AWS account from the credentials
1086
1301
  # calling an API that requires encryption or decryption of the secret
@@ -1093,6 +1308,8 @@ module Aws::SecretsManager
1093
1308
  # account then the KMS key policy must grant cross-account access to
1094
1309
  # that other account's user or role.
1095
1310
  #
1311
+ # </note>
1312
+ #
1096
1313
  # **Minimum permissions**
1097
1314
  #
1098
1315
  # To run this command, you must have the following permissions:
@@ -1123,10 +1340,6 @@ module Aws::SecretsManager
1123
1340
  # specify either the Amazon Resource Name (ARN) or the friendly name of
1124
1341
  # the secret. The secret must already exist.
1125
1342
  #
1126
- # The secret name can consist of uppercase letters, lowercase letters,
1127
- # digits, and any of the following characters: /\_+=.@-    Spaces are
1128
- # not permitted.
1129
- #
1130
1343
  # @option params [String] :client_request_token
1131
1344
  # (Optional) Specifies a unique identifier for the new version of the
1132
1345
  # secret.
@@ -1134,7 +1347,7 @@ module Aws::SecretsManager
1134
1347
  # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
1135
1348
  # then you can leave this parameter empty. The CLI or SDK generates a
1136
1349
  # random UUID for you and includes that in the request. If you don't
1137
- # use the SDK and instead generate a raw HTTP request to the AWS Secrets
1350
+ # use the SDK and instead generate a raw HTTP request to the Secrets
1138
1351
  # Manager service endpoint, then you must generate a
1139
1352
  # `ClientRequestToken` yourself for new versions and include that value
1140
1353
  # in the request.
@@ -1212,8 +1425,8 @@ module Aws::SecretsManager
1212
1425
  # automatically removed from the other version and attached to this
1213
1426
  # version.
1214
1427
  #
1215
- # If you do not specify a value for `VersionStages` then AWS Secrets
1216
- # Manager automatically moves the staging label `AWSCURRENT` to this new
1428
+ # If you do not specify a value for `VersionStages` then Secrets Manager
1429
+ # automatically moves the staging label `AWSCURRENT` to this new
1217
1430
  # version.
1218
1431
  #
1219
1432
  # @return [Types::PutSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -1223,6 +1436,28 @@ module Aws::SecretsManager
1223
1436
  # * {Types::PutSecretValueResponse#version_id #version_id} => String
1224
1437
  # * {Types::PutSecretValueResponse#version_stages #version_stages} => Array&lt;String&gt;
1225
1438
  #
1439
+ #
1440
+ # @example Example: To store a secret value in a new version of a secret
1441
+ #
1442
+ # # The following example shows how to create a new version of the secret. Alternatively, you can use the update-secret
1443
+ # # command.
1444
+ #
1445
+ # resp = client.put_secret_value({
1446
+ # client_request_token: "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE",
1447
+ # secret_id: "MyTestDatabaseSecret",
1448
+ # secret_string: "{\"username\":\"david\",\"password\":\"BnQw!XDWgaEeT9XGTT29\"}",
1449
+ # })
1450
+ #
1451
+ # resp.to_h outputs the following:
1452
+ # {
1453
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
1454
+ # name: "MyTestDatabaseSecret",
1455
+ # version_id: "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE",
1456
+ # version_stages: [
1457
+ # "AWSCURRENT",
1458
+ # ],
1459
+ # }
1460
+ #
1226
1461
  # @example Request syntax with placeholder values
1227
1462
  #
1228
1463
  # resp = client.put_secret_value({
@@ -1278,6 +1513,21 @@ module Aws::SecretsManager
1278
1513
  # * {Types::RestoreSecretResponse#arn #arn} => String
1279
1514
  # * {Types::RestoreSecretResponse#name #name} => String
1280
1515
  #
1516
+ #
1517
+ # @example Example: To restore a previously deleted secret
1518
+ #
1519
+ # # The following example shows how to restore a secret that you previously scheduled for deletion.
1520
+ #
1521
+ # resp = client.restore_secret({
1522
+ # secret_id: "MyTestDatabaseSecret",
1523
+ # })
1524
+ #
1525
+ # resp.to_h outputs the following:
1526
+ # {
1527
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
1528
+ # name: "MyTestDatabaseSecret",
1529
+ # }
1530
+ #
1281
1531
  # @example Request syntax with placeholder values
1282
1532
  #
1283
1533
  # resp = client.restore_secret({
@@ -1353,7 +1603,7 @@ module Aws::SecretsManager
1353
1603
  #
1354
1604
  #
1355
1605
  #
1356
- # [1]: http://docs.aws.amazon.com/http:/docs.aws.amazon.com/;asm-service-name;/latest/userguide/rotating-secrets.html
1606
+ # [1]: http://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
1357
1607
  #
1358
1608
  # @option params [required, String] :secret_id
1359
1609
  # Specifies the secret that you want to rotate. You can specify either
@@ -1367,7 +1617,7 @@ module Aws::SecretsManager
1367
1617
  # then you can leave this parameter empty. The CLI or SDK generates a
1368
1618
  # random UUID for you and includes that in the request for this
1369
1619
  # parameter. If you don't use the SDK and instead generate a raw HTTP
1370
- # request to the AWS Secrets Manager service endpoint, then you must
1620
+ # request to the Secrets Manager service endpoint, then you must
1371
1621
  # generate a `ClientRequestToken` yourself for new versions and include
1372
1622
  # that value in the request.
1373
1623
  #
@@ -1508,6 +1758,26 @@ module Aws::SecretsManager
1508
1758
  #
1509
1759
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1510
1760
  #
1761
+ #
1762
+ # @example Example: To add tags to a secret
1763
+ #
1764
+ # # The following example shows how to attach two tags each with a Key and Value to a secret. There is no output from this
1765
+ # # API. To see the result, use the DescribeSecret operation.
1766
+ #
1767
+ # resp = client.tag_resource({
1768
+ # secret_id: "MyExampleSecret",
1769
+ # tags: [
1770
+ # {
1771
+ # key: "FirstTag",
1772
+ # value: "SomeValue",
1773
+ # },
1774
+ # {
1775
+ # key: "SecondTag",
1776
+ # value: "AnotherValue",
1777
+ # },
1778
+ # ],
1779
+ # })
1780
+ #
1511
1781
  # @example Request syntax with placeholder values
1512
1782
  #
1513
1783
  # resp = client.tag_resource({
@@ -1574,6 +1844,20 @@ module Aws::SecretsManager
1574
1844
  #
1575
1845
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1576
1846
  #
1847
+ #
1848
+ # @example Example: To remove tags from a secret
1849
+ #
1850
+ # # The following example shows how to remove two tags from a secret's metadata. For each, both the tag and the associated
1851
+ # # value are removed. There is no output from this API. To see the result, use the DescribeSecret operation.
1852
+ #
1853
+ # resp = client.untag_resource({
1854
+ # secret_id: "MyTestDatabaseSecret",
1855
+ # tag_keys: [
1856
+ # "FirstTag",
1857
+ # "SecondTag",
1858
+ # ],
1859
+ # })
1860
+ #
1577
1861
  # @example Request syntax with placeholder values
1578
1862
  #
1579
1863
  # resp = client.untag_resource({
@@ -1597,10 +1881,10 @@ module Aws::SecretsManager
1597
1881
  # To modify the rotation configuration of a secret, use RotateSecret
1598
1882
  # instead.
1599
1883
  #
1600
- # <note markdown="1"> The AWS Secrets Manager console uses only the `SecretString` parameter
1601
- # and therefore limits you to encrypting and storing only a text string.
1602
- # To encrypt and store binary data as part of the version of a secret,
1603
- # you must use either the AWS CLI or one of the AWS SDKs.
1884
+ # <note markdown="1"> The Secrets Manager console uses only the `SecretString` parameter and
1885
+ # therefore limits you to encrypting and storing only a text string. To
1886
+ # encrypt and store binary data as part of the version of a secret, you
1887
+ # must use either the AWS CLI or one of the AWS SDKs.
1604
1888
  #
1605
1889
  # </note>
1606
1890
  #
@@ -1616,17 +1900,17 @@ module Aws::SecretsManager
1616
1900
  # generates an error. You cannot modify an existing version, you can
1617
1901
  # only create new ones.
1618
1902
  #
1619
- # * If you call an operation that needs to encrypt or decrypt the
1903
+ # <note markdown="1"> * If you call an operation that needs to encrypt or decrypt the
1620
1904
  # `SecretString` and `SecretBinary` for a secret in the same account
1621
1905
  # as the calling user and that secret doesn't specify a KMS
1622
- # encryption key, AWS Secrets Manager uses the account's default AWS
1906
+ # encryption key, Secrets Manager uses the account's default AWS
1623
1907
  # managed customer master key (CMK) with the alias
1624
1908
  # `aws/secretsmanager`. If this key doesn't already exist in your
1625
- # account then AWS Secrets Manager creates it for you automatically.
1626
- # All users in the same AWS account automatically have access to use
1627
- # the default CMK. Note that if an AWS Secrets Manager API call
1628
- # results in AWS having to create the account's AWS-managed CMK, it
1629
- # can result in a one-time significant delay in returning the result.
1909
+ # account then Secrets Manager creates it for you automatically. All
1910
+ # users in the same AWS account automatically have access to use the
1911
+ # default CMK. Note that if an Secrets Manager API call results in AWS
1912
+ # having to create the account's AWS-managed CMK, it can result in a
1913
+ # one-time significant delay in returning the result.
1630
1914
  #
1631
1915
  # * If the secret is in a different AWS account from the credentials
1632
1916
  # calling an API that requires encryption or decryption of the secret
@@ -1639,6 +1923,8 @@ module Aws::SecretsManager
1639
1923
  # account then the KMS key policy must grant cross-account access to
1640
1924
  # that other account's user or role.
1641
1925
  #
1926
+ # </note>
1927
+ #
1642
1928
  # **Minimum permissions**
1643
1929
  #
1644
1930
  # To run this command, you must have the following permissions:
@@ -1677,7 +1963,7 @@ module Aws::SecretsManager
1677
1963
  # If you use the AWS CLI or one of the AWS SDK to call this operation,
1678
1964
  # then you can leave this parameter empty. The CLI or SDK generates a
1679
1965
  # random UUID for you and includes that in the request. If you don't
1680
- # use the SDK and instead generate a raw HTTP request to the AWS Secrets
1966
+ # use the SDK and instead generate a raw HTTP request to the Secrets
1681
1967
  # Manager service endpoint, then you must generate a
1682
1968
  # `ClientRequestToken` yourself for new versions and include that value
1683
1969
  # in the request.
@@ -1724,8 +2010,8 @@ module Aws::SecretsManager
1724
2010
  # If you don't specify this value, then Secrets Manager defaults to
1725
2011
  # using the default CMK in the account (the one named
1726
2012
  # `aws/secretsmanager`). If a KMS CMK with that name doesn't exist,
1727
- # then AWS Secrets Manager creates it for you automatically the first
1728
- # time it needs to encrypt a version's `Plaintext` or `PlaintextString`
2013
+ # then Secrets Manager creates it for you automatically the first time
2014
+ # it needs to encrypt a version's `Plaintext` or `PlaintextString`
1729
2015
  # fields.
1730
2016
  #
1731
2017
  # You can only use the account's default CMK to encrypt and decrypt if
@@ -1770,6 +2056,56 @@ module Aws::SecretsManager
1770
2056
  # * {Types::UpdateSecretResponse#name #name} => String
1771
2057
  # * {Types::UpdateSecretResponse#version_id #version_id} => String
1772
2058
  #
2059
+ #
2060
+ # @example Example: To update the description of a secret
2061
+ #
2062
+ # # The following example shows how to modify the description of a secret.
2063
+ #
2064
+ # resp = client.update_secret({
2065
+ # client_request_token: "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE",
2066
+ # description: "This is a new description for the secret.",
2067
+ # secret_id: "MyTestDatabaseSecret",
2068
+ # })
2069
+ #
2070
+ # resp.to_h outputs the following:
2071
+ # {
2072
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
2073
+ # name: "MyTestDatabaseSecret",
2074
+ # }
2075
+ #
2076
+ # @example Example: To update the KMS key associated with a secret
2077
+ #
2078
+ # # This example shows how to update the KMS customer managed key (CMK) used to encrypt the secret value. The KMS CMK must
2079
+ # # be in the same region as the secret.
2080
+ #
2081
+ # resp = client.update_secret({
2082
+ # kms_key_id: "arn:aws:kms:us-west-2:123456789012:key/EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE",
2083
+ # secret_id: "MyTestDatabaseSecret",
2084
+ # })
2085
+ #
2086
+ # resp.to_h outputs the following:
2087
+ # {
2088
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
2089
+ # name: "MyTestDatabaseSecret",
2090
+ # }
2091
+ #
2092
+ # @example Example: To create a new version of the encrypted secret value
2093
+ #
2094
+ # # The following example shows how to create a new version of the secret by updating the SecretString field. Alternatively,
2095
+ # # you can use the put-secret-value operation.
2096
+ #
2097
+ # resp = client.update_secret({
2098
+ # secret_id: "MyTestDatabaseSecret",
2099
+ # secret_string: "{JSON STRING WITH CREDENTIALS}",
2100
+ # })
2101
+ #
2102
+ # resp.to_h outputs the following:
2103
+ # {
2104
+ # arn: "aws:arn:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
2105
+ # name: "MyTestDatabaseSecret",
2106
+ # version_id: "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE",
2107
+ # }
2108
+ #
1773
2109
  # @example Request syntax with placeholder values
1774
2110
  #
1775
2111
  # resp = client.update_secret({
@@ -1840,7 +2176,7 @@ module Aws::SecretsManager
1840
2176
  #
1841
2177
  #
1842
2178
  #
1843
- # [1]: http://docs.aws.amazon.com/http:/docs.aws.amazon.com/;asm-service-name;/latest/userguide/terms-concepts.html#term_label
2179
+ # [1]: http://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label
1844
2180
  #
1845
2181
  # @option params [required, String] :secret_id
1846
2182
  # Specifies the secret with the version whose list of staging labels you
@@ -1876,6 +2212,61 @@ module Aws::SecretsManager
1876
2212
  # * {Types::UpdateSecretVersionStageResponse#arn #arn} => String
1877
2213
  # * {Types::UpdateSecretVersionStageResponse#name #name} => String
1878
2214
  #
2215
+ #
2216
+ # @example Example: To add a staging label attached to a version of a secret
2217
+ #
2218
+ # # The following example shows you how to add a staging label to a version of a secret. You can review the results by
2219
+ # # running the operation ListSecretVersionIds and viewing the VersionStages response field for the affected version.
2220
+ #
2221
+ # resp = client.update_secret_version_stage({
2222
+ # move_to_version_id: "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1",
2223
+ # secret_id: "MyTestDatabaseSecret",
2224
+ # version_stage: "STAGINGLABEL1",
2225
+ # })
2226
+ #
2227
+ # resp.to_h outputs the following:
2228
+ # {
2229
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
2230
+ # name: "MyTestDatabaseSecret",
2231
+ # }
2232
+ #
2233
+ # @example Example: To delete a staging label attached to a version of a secret
2234
+ #
2235
+ # # The following example shows you how to delete a staging label that is attached to a version of a secret. You can review
2236
+ # # the results by running the operation ListSecretVersionIds and viewing the VersionStages response field for the affected
2237
+ # # version.
2238
+ #
2239
+ # resp = client.update_secret_version_stage({
2240
+ # remove_from_version_id: "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1",
2241
+ # secret_id: "MyTestDatabaseSecret",
2242
+ # version_stage: "STAGINGLABEL1",
2243
+ # })
2244
+ #
2245
+ # resp.to_h outputs the following:
2246
+ # {
2247
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
2248
+ # name: "MyTestDatabaseSecret",
2249
+ # }
2250
+ #
2251
+ # @example Example: To move a staging label from one version of a secret to another
2252
+ #
2253
+ # # The following example shows you how to move a staging label that is attached to one version of a secret to a different
2254
+ # # version. You can review the results by running the operation ListSecretVersionIds and viewing the VersionStages response
2255
+ # # field for the affected version.
2256
+ #
2257
+ # resp = client.update_secret_version_stage({
2258
+ # move_to_version_id: "EXAMPLE2-90ab-cdef-fedc-ba987SECRET2",
2259
+ # remove_from_version_id: "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1",
2260
+ # secret_id: "MyTestDatabaseSecret",
2261
+ # version_stage: "AWSCURRENT",
2262
+ # })
2263
+ #
2264
+ # resp.to_h outputs the following:
2265
+ # {
2266
+ # arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3",
2267
+ # name: "MyTestDatabaseSecret",
2268
+ # }
2269
+ #
1879
2270
  # @example Request syntax with placeholder values
1880
2271
  #
1881
2272
  # resp = client.update_secret_version_stage({
@@ -1912,7 +2303,7 @@ module Aws::SecretsManager
1912
2303
  params: params,
1913
2304
  config: config)
1914
2305
  context[:gem_name] = 'aws-sdk-secretsmanager'
1915
- context[:gem_version] = '1.0.0'
2306
+ context[:gem_version] = '1.1.0'
1916
2307
  Seahorse::Client::Request.new(handlers, context)
1917
2308
  end
1918
2309
 
@@ -73,9 +73,7 @@ module Aws::SecretsManager
73
73
  # }
74
74
  #
75
75
  # @!attribute [rw] name
76
- # Specifies the friendly name of the new secret. The secret name can
77
- # consist of uppercase letters, lowercase letters, digits, and any of
78
- # the following characters: /\_+=.@-    Spaces are not permitted.
76
+ # Specifies the friendly name of the new secret.
79
77
  # @return [String]
80
78
  #
81
79
  # @!attribute [rw] client_request_token
@@ -87,9 +85,9 @@ module Aws::SecretsManager
87
85
  # then you can leave this parameter empty. The CLI or SDK generates a
88
86
  # random UUID for you and includes as the value for this parameter in
89
87
  # the request. If you don't use the SDK and instead generate a raw
90
- # HTTP request to the AWS Secrets Manager service endpoint, then you
91
- # must generate a `ClientRequestToken` yourself for the new version
92
- # and include that value in the request.
88
+ # HTTP request to the Secrets Manager service endpoint, then you must
89
+ # generate a `ClientRequestToken` yourself for the new version and
90
+ # include that value in the request.
93
91
  #
94
92
  # </note>
95
93
  #
@@ -135,7 +133,7 @@ module Aws::SecretsManager
135
133
  # If you don't specify this value, then Secrets Manager defaults to
136
134
  # using the AWS account's default CMK (the one named
137
135
  # `aws/secretsmanager`). If a KMS CMK with that name doesn't yet
138
- # exist, then AWS Secrets Manager creates it for you automatically the
136
+ # exist, then Secrets Manager creates it for you automatically the
139
137
  # first time it needs to encrypt a version's `SecretString` or
140
138
  # `SecretBinary` fields.
141
139
  #
@@ -202,8 +200,8 @@ module Aws::SecretsManager
202
200
  # This operation only appends tags to the existing list of tags. To
203
201
  # remove tags, you must use UntagResource.
204
202
  #
205
- # * AWS Secrets Manager tag key names are case sensitive. A tag with
206
- # the key "ABC" is a different tag from one with key "abc".
203
+ # * Secrets Manager tag key names are case sensitive. A tag with the
204
+ # key "ABC" is a different tag from one with key "abc".
207
205
  #
208
206
  # * If you check tags in IAM policy `Condition` elements as part of
209
207
  # your security strategy, then adding or removing a tag can change
@@ -264,13 +262,13 @@ module Aws::SecretsManager
264
262
  # @!attribute [rw] arn
265
263
  # The Amazon Resource Name (ARN) of the secret that you just created.
266
264
  #
267
- # <note markdown="1"> AWS Secrets Manager automatically adds several random characters to
268
- # the name at the end of the ARN when you initially create a secret.
269
- # This affects only the ARN and not the actual friendly name. This
270
- # ensures that if you create a new secret with the same name as an old
271
- # secret that you previously deleted, then users with access to the
272
- # old secret *don't* automatically get access to the new secret
273
- # because the ARNs are different.
265
+ # <note markdown="1"> Secrets Manager automatically adds several random characters to the
266
+ # name at the end of the ARN when you initially create a secret. This
267
+ # affects only the ARN and not the actual friendly name. This ensures
268
+ # that if you create a new secret with the same name as an old secret
269
+ # that you previously deleted, then users with access to the old
270
+ # secret *don't* automatically get access to the new secret because
271
+ # the ARNs are different.
274
272
  #
275
273
  # </note>
276
274
  # @return [String]
@@ -307,8 +305,8 @@ module Aws::SecretsManager
307
305
  # @return [String]
308
306
  #
309
307
  # @!attribute [rw] recovery_window_in_days
310
- # (Optional) Specifies the number of days that AWS Secrets Manager
311
- # waits before it can delete the secret.
308
+ # (Optional) Specifies the number of days that Secrets Manager waits
309
+ # before it can delete the secret.
312
310
  #
313
311
  # This value can range from 7 to 30 days. The default value is 30.
314
312
  # @return [Integer]
@@ -330,9 +328,9 @@ module Aws::SecretsManager
330
328
  # @return [String]
331
329
  #
332
330
  # @!attribute [rw] deletion_date
333
- # The date and time after which this secret will be deleted by AWS
334
- # Secrets Manager and is no longer recoverable. This value is the date
335
- # and time of the delete request plus the number of days specified in
331
+ # The date and time after which this secret can be deleted by Secrets
332
+ # Manager and can no longer be restored. This value is the date and
333
+ # time of the delete request plus the number of days specified in
336
334
  # `RecoveryWindowInDays`.
337
335
  # @return [Time]
338
336
  #
@@ -380,7 +378,7 @@ module Aws::SecretsManager
380
378
  # @!attribute [rw] kms_key_id
381
379
  # The ARN or alias of the AWS KMS customer master key (CMK) that's
382
380
  # used to encrypt the `SecretString` and `SecretBinary` fields in each
383
- # version of the secret. If you don't provide a key, then AWS Secrets
381
+ # version of the secret. If you don't provide a key, then Secrets
384
382
  # Manager defaults to encrypting the secret fields with the default
385
383
  # KMS CMK (the one named `awssecretsmanager`) for this account.
386
384
  # @return [String]
@@ -394,9 +392,9 @@ module Aws::SecretsManager
394
392
  # @return [Boolean]
395
393
  #
396
394
  # @!attribute [rw] rotation_lambda_arn
397
- # The ARN of a Lambda function that's invoked by AWS Secrets Manager
398
- # to rotate the secret either automatically per the schedule or
399
- # manually by a call to `RotateSecret`.
395
+ # The ARN of a Lambda function that's invoked by Secrets Manager to
396
+ # rotate the secret either automatically per the schedule or manually
397
+ # by a call to `RotateSecret`.
400
398
  # @return [String]
401
399
  #
402
400
  # @!attribute [rw] rotation_rules
@@ -646,7 +644,7 @@ module Aws::SecretsManager
646
644
  #
647
645
  # If you store custom information in the secret by using the
648
646
  # CreateSecret, UpdateSecret, or PutSecretValue API operations instead
649
- # of the AWS Secrets Manager console, or by using the **Other secret
647
+ # of the Secrets Manager console, or by using the **Other secret
650
648
  # type** in the console, then you must code your Lambda rotation
651
649
  # function to parse and interpret those values.
652
650
  # @return [String]
@@ -696,8 +694,8 @@ module Aws::SecretsManager
696
694
  # beyond the maximum you specify, the `NextToken` response element is
697
695
  # present and has a value (isn't null). Include that value as the
698
696
  # `NextToken` request parameter in the next call to the operation to
699
- # get the next part of the results. Note that AWS Secrets Manager
700
- # might return fewer results than the maximum even when there are more
697
+ # get the next part of the results. Note that Secrets Manager might
698
+ # return fewer results than the maximum even when there are more
701
699
  # results available. You should check `NextToken` after every
702
700
  # operation to ensure that you receive all of the results.
703
701
  # @return [Integer]
@@ -746,13 +744,13 @@ module Aws::SecretsManager
746
744
  # @!attribute [rw] arn
747
745
  # The Amazon Resource Name (ARN) for the secret.
748
746
  #
749
- # <note markdown="1"> AWS Secrets Manager automatically adds several random characters to
750
- # the name at the end of the ARN when you initially create a secret.
751
- # This affects only the ARN and not the actual friendly name. This
752
- # ensures that if you create a new secret with the same name as an old
753
- # secret that you previously deleted, then users with access to the
754
- # old secret *don't* automatically get access to the new secret
755
- # because the ARNs are different.
747
+ # <note markdown="1"> Secrets Manager automatically adds several random characters to the
748
+ # name at the end of the ARN when you initially create a secret. This
749
+ # affects only the ARN and not the actual friendly name. This ensures
750
+ # that if you create a new secret with the same name as an old secret
751
+ # that you previously deleted, then users with access to the old
752
+ # secret *don't* automatically get access to the new secret because
753
+ # the ARNs are different.
756
754
  #
757
755
  # </note>
758
756
  # @return [String]
@@ -786,8 +784,8 @@ module Aws::SecretsManager
786
784
  # beyond the maximum you specify, the `NextToken` response element is
787
785
  # present and has a value (isn't null). Include that value as the
788
786
  # `NextToken` request parameter in the next call to the operation to
789
- # get the next part of the results. Note that AWS Secrets Manager
790
- # might return fewer results than the maximum even when there are more
787
+ # get the next part of the results. Note that Secrets Manager might
788
+ # return fewer results than the maximum even when there are more
791
789
  # results available. You should check `NextToken` after every
792
790
  # operation to ensure that you receive all of the results.
793
791
  # @return [Integer]
@@ -846,10 +844,6 @@ module Aws::SecretsManager
846
844
  # Specifies the secret to which you want to add a new version. You can
847
845
  # specify either the Amazon Resource Name (ARN) or the friendly name
848
846
  # of the secret. The secret must already exist.
849
- #
850
- # The secret name can consist of uppercase letters, lowercase letters,
851
- # digits, and any of the following characters: /\_+=.@-    Spaces are
852
- # not permitted.
853
847
  # @return [String]
854
848
  #
855
849
  # @!attribute [rw] client_request_token
@@ -859,8 +853,8 @@ module Aws::SecretsManager
859
853
  # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
860
854
  # then you can leave this parameter empty. The CLI or SDK generates a
861
855
  # random UUID for you and includes that in the request. If you don't
862
- # use the SDK and instead generate a raw HTTP request to the AWS
863
- # Secrets Manager service endpoint, then you must generate a
856
+ # use the SDK and instead generate a raw HTTP request to the Secrets
857
+ # Manager service endpoint, then you must generate a
864
858
  # `ClientRequestToken` yourself for new versions and include that
865
859
  # value in the request.
866
860
  #
@@ -942,7 +936,7 @@ module Aws::SecretsManager
942
936
  # automatically removed from the other version and attached to this
943
937
  # version.
944
938
  #
945
- # If you do not specify a value for `VersionStages` then AWS Secrets
939
+ # If you do not specify a value for `VersionStages` then Secrets
946
940
  # Manager automatically moves the staging label `AWSCURRENT` to this
947
941
  # new version.
948
942
  # @return [Array<String>]
@@ -1050,7 +1044,7 @@ module Aws::SecretsManager
1050
1044
  # then you can leave this parameter empty. The CLI or SDK generates a
1051
1045
  # random UUID for you and includes that in the request for this
1052
1046
  # parameter. If you don't use the SDK and instead generate a raw HTTP
1053
- # request to the AWS Secrets Manager service endpoint, then you must
1047
+ # request to the Secrets Manager service endpoint, then you must
1054
1048
  # generate a `ClientRequestToken` yourself for new versions and
1055
1049
  # include that value in the request.
1056
1050
  #
@@ -1155,7 +1149,7 @@ module Aws::SecretsManager
1155
1149
  # @!attribute [rw] arn
1156
1150
  # The Amazon Resource Name (ARN) of the secret.
1157
1151
  #
1158
- # For more information about ARNs in AWS Secrets Manager, see [Policy
1152
+ # For more information about ARNs in Secrets Manager, see [Policy
1159
1153
  # Resources][1] in the *AWS Secrets Manager User Guide*.
1160
1154
  #
1161
1155
  #
@@ -1177,7 +1171,7 @@ module Aws::SecretsManager
1177
1171
  # @!attribute [rw] kms_key_id
1178
1172
  # The ARN or alias of the AWS KMS customer master key (CMK) that's
1179
1173
  # used to encrypt the `SecretString` and `SecretBinary` fields in each
1180
- # version of the secret. If you don't provide a key, then AWS Secrets
1174
+ # version of the secret. If you don't provide a key, then Secrets
1181
1175
  # Manager defaults to encrypting the secret fields with the default
1182
1176
  # KMS CMK (the one named `awssecretsmanager`) for this account.
1183
1177
  # @return [String]
@@ -1188,8 +1182,8 @@ module Aws::SecretsManager
1188
1182
  # @return [Boolean]
1189
1183
  #
1190
1184
  # @!attribute [rw] rotation_lambda_arn
1191
- # The ARN of an AWS Lambda function that's invoked by AWS Secrets
1192
- # Manager to rotate and expire the secret either automatically per the
1185
+ # The ARN of an AWS Lambda function that's invoked by Secrets Manager
1186
+ # to rotate and expire the secret either automatically per the
1193
1187
  # schedule or manually by a call to RotateSecret.
1194
1188
  # @return [String]
1195
1189
  #
@@ -1420,8 +1414,8 @@ module Aws::SecretsManager
1420
1414
  # If you use the AWS CLI or one of the AWS SDK to call this operation,
1421
1415
  # then you can leave this parameter empty. The CLI or SDK generates a
1422
1416
  # random UUID for you and includes that in the request. If you don't
1423
- # use the SDK and instead generate a raw HTTP request to the AWS
1424
- # Secrets Manager service endpoint, then you must generate a
1417
+ # use the SDK and instead generate a raw HTTP request to the Secrets
1418
+ # Manager service endpoint, then you must generate a
1425
1419
  # `ClientRequestToken` yourself for new versions and include that
1426
1420
  # value in the request.
1427
1421
  #
@@ -1469,9 +1463,9 @@ module Aws::SecretsManager
1469
1463
  # If you don't specify this value, then Secrets Manager defaults to
1470
1464
  # using the default CMK in the account (the one named
1471
1465
  # `aws/secretsmanager`). If a KMS CMK with that name doesn't exist,
1472
- # then AWS Secrets Manager creates it for you automatically the first
1473
- # time it needs to encrypt a version's `Plaintext` or
1474
- # `PlaintextString` fields.
1466
+ # then Secrets Manager creates it for you automatically the first time
1467
+ # it needs to encrypt a version's `Plaintext` or `PlaintextString`
1468
+ # fields.
1475
1469
  #
1476
1470
  # You can only use the account's default CMK to encrypt and decrypt
1477
1471
  # if you call this operation using credentials from the same account
@@ -1527,13 +1521,13 @@ module Aws::SecretsManager
1527
1521
  # @!attribute [rw] arn
1528
1522
  # The ARN of this secret.
1529
1523
  #
1530
- # <note markdown="1"> AWS Secrets Manager automatically adds several random characters to
1531
- # the name at the end of the ARN when you initially create a secret.
1532
- # This affects only the ARN and not the actual friendly name. This
1533
- # ensures that if you create a new secret with the same name as an old
1534
- # secret that you previously deleted, then users with access to the
1535
- # old secret *don't* automatically get access to the new secret
1536
- # because the ARNs are different.
1524
+ # <note markdown="1"> Secrets Manager automatically adds several random characters to the
1525
+ # name at the end of the ARN when you initially create a secret. This
1526
+ # affects only the ARN and not the actual friendly name. This ensures
1527
+ # that if you create a new secret with the same name as an old secret
1528
+ # that you previously deleted, then users with access to the old
1529
+ # secret *don't* automatically get access to the new secret because
1530
+ # the ARNs are different.
1537
1531
  #
1538
1532
  # </note>
1539
1533
  # @return [String]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-secretsmanager
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-04 00:00:00.000000000 Z
11
+ date: 2018-04-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core