aws-sdk-secretsmanager 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,14 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing guide for more information:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws::SecretsManager
9
+ module Errors
10
+
11
+ extend Aws::Errors::DynamicErrors
12
+
13
+ end
14
+ end
@@ -0,0 +1,23 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing guide for more information:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws::SecretsManager
9
+ class Resource
10
+
11
+ # @param options ({})
12
+ # @option options [Client] :client
13
+ def initialize(options = {})
14
+ @client = options[:client] || Client.new(options)
15
+ end
16
+
17
+ # @return [Client]
18
+ def client
19
+ @client
20
+ end
21
+
22
+ end
23
+ end
@@ -0,0 +1,1630 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing guide for more information:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws::SecretsManager
9
+ module Types
10
+
11
+ # @note When making an API call, you may pass CancelRotateSecretRequest
12
+ # data as a hash:
13
+ #
14
+ # {
15
+ # secret_id: "SecretIdType", # required
16
+ # }
17
+ #
18
+ # @!attribute [rw] secret_id
19
+ # Specifies the secret for which you want to cancel a rotation
20
+ # request. You can specify either the Amazon Resource Name (ARN) or
21
+ # the friendly name of the secret.
22
+ # @return [String]
23
+ #
24
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecretRequest AWS API Documentation
25
+ #
26
+ class CancelRotateSecretRequest < Struct.new(
27
+ :secret_id)
28
+ include Aws::Structure
29
+ end
30
+
31
+ # @!attribute [rw] arn
32
+ # The ARN of the secret for which rotation was canceled.
33
+ # @return [String]
34
+ #
35
+ # @!attribute [rw] name
36
+ # The friendly name of the secret for which rotation was canceled.
37
+ # @return [String]
38
+ #
39
+ # @!attribute [rw] version_id
40
+ # The unique identifier of the version of the secret that was created
41
+ # during the rotation. This version might not be complete, and should
42
+ # be evaluated for possible deletion. At the very least, you should
43
+ # remove the `VersionStage` value `AWSPENDING` to enable this version
44
+ # to be deleted. Failing to clean up a cancelled rotation can block
45
+ # you from successfully starting future rotations.
46
+ # @return [String]
47
+ #
48
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecretResponse AWS API Documentation
49
+ #
50
+ class CancelRotateSecretResponse < Struct.new(
51
+ :arn,
52
+ :name,
53
+ :version_id)
54
+ include Aws::Structure
55
+ end
56
+
57
+ # @note When making an API call, you may pass CreateSecretRequest
58
+ # data as a hash:
59
+ #
60
+ # {
61
+ # name: "NameType", # required
62
+ # client_request_token: "ClientRequestTokenType",
63
+ # description: "DescriptionType",
64
+ # kms_key_id: "KmsKeyIdType",
65
+ # secret_binary: "data",
66
+ # secret_string: "SecretStringType",
67
+ # tags: [
68
+ # {
69
+ # key: "TagKeyType",
70
+ # value: "TagValueType",
71
+ # },
72
+ # ],
73
+ # }
74
+ #
75
+ # @!attribute [rw] name
76
+ # Specifies the friendly name of the new secret. The secret name can
77
+ # consist of uppercase letters, lowercase letters, digits, and any of
78
+ # the following characters: /\_+=.@-    Spaces are not permitted.
79
+ # @return [String]
80
+ #
81
+ # @!attribute [rw] client_request_token
82
+ # (Optional) If you include `SecretString` or `SecretBinary`, then an
83
+ # initial version is created as part of the secret, and this parameter
84
+ # specifies a unique identifier for the new version.
85
+ #
86
+ # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
87
+ # then you can leave this parameter empty. The CLI or SDK generates a
88
+ # random UUID for you and includes as the value for this parameter in
89
+ # the request. If you don't use the SDK and instead generate a raw
90
+ # HTTP request to the AWS Secrets Manager service endpoint, then you
91
+ # must generate a `ClientRequestToken` yourself for the new version
92
+ # and include that value in the request.
93
+ #
94
+ # </note>
95
+ #
96
+ # This value helps ensure idempotency. Secrets Manager uses this value
97
+ # to prevent the accidental creation of duplicate versions if there
98
+ # are failures and retries during a rotation. We recommend that you
99
+ # generate a [UUID-type][1] value to ensure uniqueness of your
100
+ # versions within the specified secret.
101
+ #
102
+ # * If the `ClientRequestToken` value isn't already associated with a
103
+ # version of the secret then a new version of the secret is created.
104
+ #
105
+ # * If a version with this value already exists and that version's
106
+ # `SecretString` and `SecretBinary` values are the same as those in
107
+ # the request, then the request is ignored (the operation is
108
+ # idempotent).
109
+ #
110
+ # * If a version with this value already exists and that version's
111
+ # `SecretString` and `SecretBinary` values are different from those
112
+ # in the request then the request fails because you cannot modify an
113
+ # existing version. Instead, use PutSecretValue to create a new
114
+ # version.
115
+ #
116
+ # This value becomes the `SecretVersionId` of the new version.
117
+ #
118
+ # **A suitable default value is auto-generated.** You should normally
119
+ # not need to pass this option.
120
+ #
121
+ #
122
+ #
123
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
124
+ # @return [String]
125
+ #
126
+ # @!attribute [rw] description
127
+ # (Optional) Specifies a user-provided description of the secret.
128
+ # @return [String]
129
+ #
130
+ # @!attribute [rw] kms_key_id
131
+ # (Optional) Specifies the ARN or alias of the AWS KMS customer master
132
+ # key (CMK) to be used to encrypt the `SecretString` and
133
+ # `SecretBinary` values in the versions stored in this secret.
134
+ #
135
+ # If you don't specify this value, then Secrets Manager defaults to
136
+ # using the AWS account's default CMK (the one named
137
+ # `aws/secretsmanager`). If a KMS CMK with that name doesn't yet
138
+ # exist, then AWS Secrets Manager creates it for you automatically the
139
+ # first time it needs to encrypt a version's `SecretString` or
140
+ # `SecretBinary` fields.
141
+ #
142
+ # You can use the account's default CMK to encrypt and decrypt only
143
+ # if you call this operation using credentials from the same account
144
+ # that owns the secret. If the secret is in a different account, then
145
+ # you must create a custom CMK and specify the ARN in this field.
146
+ # @return [String]
147
+ #
148
+ # @!attribute [rw] secret_binary
149
+ # (Optional) Specifies binary data that you want to encrypt and store
150
+ # in the new version of the secret. To use this parameter in the
151
+ # command-line tools, we recommend that you store your binary data in
152
+ # a file and then use the appropriate technique for your tool to pass
153
+ # the contents of the file as a parameter.
154
+ #
155
+ # Either `SecretString`, `SecretBinary`, or both must have a value.
156
+ # They cannot both be empty.
157
+ #
158
+ # This `SecretBinary` value is stored separately from the
159
+ # `SecretString`, but the two parameters jointly share a maximum size
160
+ # limit.
161
+ #
162
+ # This parameter is not available using the Secrets Manager console.
163
+ # It can be accessed only by using the AWS CLI or one of the AWS SDKs.
164
+ # @return [String]
165
+ #
166
+ # @!attribute [rw] secret_string
167
+ # (Optional) Specifies text data that you want to encrypt and store in
168
+ # this new version of the secret.
169
+ #
170
+ # Either `SecretString`, `SecretBinary`, or both must have a value.
171
+ # They cannot both be empty.
172
+ #
173
+ # This string value is stored separately from the `SecretBinary`, but
174
+ # the two parameters jointly share a maximum size limit.
175
+ #
176
+ # If you create a secret by using the Secrets Manager console then
177
+ # Secrets Manager puts the protected secret text in only the
178
+ # `SecretString` parameter. The Secrets Manager console stores the
179
+ # information as a JSON structure of key/value pairs that the Lambda
180
+ # rotation function knows how to parse.
181
+ #
182
+ # For storing multiple values, we recommend that you use a JSON text
183
+ # string argument and specify key/value pairs. For information on how
184
+ # to format a JSON parameter for the various command line tool
185
+ # environments, see [Using JSON for Parameters][1] in the *AWS CLI
186
+ # User Guide*. For example:
187
+ #
188
+ # `[\{"Key":"username","Value":"bob"\},\{"Key":"password","Value":"abc123xyz456"\}]`
189
+ #
190
+ # If your command-line tool or SDK requires quotation marks around the
191
+ # parameter, you should use single quotes to avoid confusion with the
192
+ # double quotes required in the JSON text.
193
+ #
194
+ #
195
+ #
196
+ # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
197
+ # @return [String]
198
+ #
199
+ # @!attribute [rw] tags
200
+ # (Optional) Specifies a list of user-defined tags that are attached
201
+ # to the secret. Each tag is a "Key" and "Value" pair of strings.
202
+ # This operation only appends tags to the existing list of tags. To
203
+ # remove tags, you must use UntagResource.
204
+ #
205
+ # * AWS Secrets Manager tag key names are case sensitive. A tag with
206
+ # the key "ABC" is a different tag from one with key "abc".
207
+ #
208
+ # * If you check tags in IAM policy `Condition` elements as part of
209
+ # your security strategy, then adding or removing a tag can change
210
+ # permissions. If the successful completion of this operation would
211
+ # result in you losing your permissions for this secret, then this
212
+ # operation is blocked and returns an `Access Denied` error.
213
+ #
214
+ # This parameter requires a JSON text string argument. For information
215
+ # on how to format a JSON parameter for the various command line tool
216
+ # environments, see [Using JSON for Parameters][1] in the *AWS CLI
217
+ # User Guide*. For example:
218
+ #
219
+ # `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
220
+ #
221
+ # If your command-line tool or SDK requires quotation marks around the
222
+ # parameter, you should use single quotes to avoid confusion with the
223
+ # double quotes required in the JSON text.
224
+ #
225
+ # The following basic restrictions apply to tags:
226
+ #
227
+ # * Maximum number of tags per secret—50
228
+ #
229
+ # * Maximum key length—127 Unicode characters in UTF-8
230
+ #
231
+ # * Maximum value length—255 Unicode characters in UTF-8
232
+ #
233
+ # * Tag keys and values are case sensitive.
234
+ #
235
+ # * Do not use the `aws:` prefix in your tag names or values because
236
+ # it is reserved for AWS use. You can't edit or delete tag names or
237
+ # values with this prefix. Tags with this prefix do not count
238
+ # against your tags per secret limit.
239
+ #
240
+ # * If your tagging schema will be used across multiple services and
241
+ # resources, remember that other services might have restrictions on
242
+ # allowed characters. Generally allowed characters are: letters,
243
+ # spaces, and numbers representable in UTF-8, plus the following
244
+ # special characters: + - = . \_ : / @.
245
+ #
246
+ #
247
+ #
248
+ # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
249
+ # @return [Array<Types::Tag>]
250
+ #
251
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretRequest AWS API Documentation
252
+ #
253
+ class CreateSecretRequest < Struct.new(
254
+ :name,
255
+ :client_request_token,
256
+ :description,
257
+ :kms_key_id,
258
+ :secret_binary,
259
+ :secret_string,
260
+ :tags)
261
+ include Aws::Structure
262
+ end
263
+
264
+ # @!attribute [rw] arn
265
+ # The Amazon Resource Name (ARN) of the secret that you just created.
266
+ #
267
+ # <note markdown="1"> AWS Secrets Manager automatically adds several random characters to
268
+ # the name at the end of the ARN when you initially create a secret.
269
+ # This affects only the ARN and not the actual friendly name. This
270
+ # ensures that if you create a new secret with the same name as an old
271
+ # secret that you previously deleted, then users with access to the
272
+ # old secret *don't* automatically get access to the new secret
273
+ # because the ARNs are different.
274
+ #
275
+ # </note>
276
+ # @return [String]
277
+ #
278
+ # @!attribute [rw] name
279
+ # The friendly name of the secret that you just created.
280
+ # @return [String]
281
+ #
282
+ # @!attribute [rw] version_id
283
+ # The unique identifier that's associated with the version of the
284
+ # secret you just created.
285
+ # @return [String]
286
+ #
287
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretResponse AWS API Documentation
288
+ #
289
+ class CreateSecretResponse < Struct.new(
290
+ :arn,
291
+ :name,
292
+ :version_id)
293
+ include Aws::Structure
294
+ end
295
+
296
+ # @note When making an API call, you may pass DeleteSecretRequest
297
+ # data as a hash:
298
+ #
299
+ # {
300
+ # secret_id: "SecretIdType", # required
301
+ # recovery_window_in_days: 1,
302
+ # }
303
+ #
304
+ # @!attribute [rw] secret_id
305
+ # Specifies the secret that you want to delete. You can specify either
306
+ # the Amazon Resource Name (ARN) or the friendly name of the secret.
307
+ # @return [String]
308
+ #
309
+ # @!attribute [rw] recovery_window_in_days
310
+ # (Optional) Specifies the number of days that AWS Secrets Manager
311
+ # waits before it can delete the secret.
312
+ #
313
+ # This value can range from 7 to 30 days. The default value is 30.
314
+ # @return [Integer]
315
+ #
316
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretRequest AWS API Documentation
317
+ #
318
+ class DeleteSecretRequest < Struct.new(
319
+ :secret_id,
320
+ :recovery_window_in_days)
321
+ include Aws::Structure
322
+ end
323
+
324
+ # @!attribute [rw] arn
325
+ # The ARN of the secret that is now scheduled for deletion.
326
+ # @return [String]
327
+ #
328
+ # @!attribute [rw] name
329
+ # The friendly name of the secret that is now scheduled for deletion.
330
+ # @return [String]
331
+ #
332
+ # @!attribute [rw] deletion_date
333
+ # The date and time after which this secret will be deleted by AWS
334
+ # Secrets Manager and is no longer recoverable. This value is the date
335
+ # and time of the delete request plus the number of days specified in
336
+ # `RecoveryWindowInDays`.
337
+ # @return [Time]
338
+ #
339
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretResponse AWS API Documentation
340
+ #
341
+ class DeleteSecretResponse < Struct.new(
342
+ :arn,
343
+ :name,
344
+ :deletion_date)
345
+ include Aws::Structure
346
+ end
347
+
348
+ # @note When making an API call, you may pass DescribeSecretRequest
349
+ # data as a hash:
350
+ #
351
+ # {
352
+ # secret_id: "SecretIdType", # required
353
+ # }
354
+ #
355
+ # @!attribute [rw] secret_id
356
+ # The identifier of the secret whose details you want to retrieve. You
357
+ # can specify either the Amazon Resource Name (ARN) or the friendly
358
+ # name of the secret.
359
+ # @return [String]
360
+ #
361
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretRequest AWS API Documentation
362
+ #
363
+ class DescribeSecretRequest < Struct.new(
364
+ :secret_id)
365
+ include Aws::Structure
366
+ end
367
+
368
+ # @!attribute [rw] arn
369
+ # The ARN of the secret.
370
+ # @return [String]
371
+ #
372
+ # @!attribute [rw] name
373
+ # The user-provided friendly name of the secret.
374
+ # @return [String]
375
+ #
376
+ # @!attribute [rw] description
377
+ # The user-provided description of the secret.
378
+ # @return [String]
379
+ #
380
+ # @!attribute [rw] kms_key_id
381
+ # The ARN or alias of the AWS KMS customer master key (CMK) that's
382
+ # used to encrypt the `SecretString` and `SecretBinary` fields in each
383
+ # version of the secret. If you don't provide a key, then AWS Secrets
384
+ # Manager defaults to encrypting the secret fields with the default
385
+ # KMS CMK (the one named `awssecretsmanager`) for this account.
386
+ # @return [String]
387
+ #
388
+ # @!attribute [rw] rotation_enabled
389
+ # Specifies whether automatic rotation is enabled for this secret.
390
+ #
391
+ # To enable rotation, use RotateSecret with
392
+ # `AutomaticallyRotateAfterDays` set to a value greater than 0. To
393
+ # disable rotation, use CancelRotateSecret.
394
+ # @return [Boolean]
395
+ #
396
+ # @!attribute [rw] rotation_lambda_arn
397
+ # The ARN of a Lambda function that's invoked by AWS Secrets Manager
398
+ # to rotate the secret either automatically per the schedule or
399
+ # manually by a call to `RotateSecret`.
400
+ # @return [String]
401
+ #
402
+ # @!attribute [rw] rotation_rules
403
+ # A structure that contains the rotation configuration for this
404
+ # secret.
405
+ # @return [Types::RotationRulesType]
406
+ #
407
+ # @!attribute [rw] last_rotated_date
408
+ # The last date and time that the Secrets Manager rotation process for
409
+ # this secret was invoked.
410
+ # @return [Time]
411
+ #
412
+ # @!attribute [rw] last_changed_date
413
+ # The last date and time that this secret was modified in any way.
414
+ # @return [Time]
415
+ #
416
+ # @!attribute [rw] last_accessed_date
417
+ # The last date that this secret was accessed. This value is truncated
418
+ # to midnight of the date and therefore shows only the date, not the
419
+ # time.
420
+ # @return [Time]
421
+ #
422
+ # @!attribute [rw] deleted_date
423
+ # This value exists if the secret is scheduled for deletion. Some time
424
+ # after the specified date and time, Secrets Manager deletes the
425
+ # secret and all of its versions.
426
+ #
427
+ # If a secret is scheduled for deletion, then its details, including
428
+ # the encrypted secret information, is not accessible. To cancel a
429
+ # scheduled deletion and restore access, use RestoreSecret.
430
+ # @return [Time]
431
+ #
432
+ # @!attribute [rw] tags
433
+ # The list of user-defined tags that are associated with the secret.
434
+ # To add tags to a secret, use TagResource. To remove tags, use
435
+ # UntagResource.
436
+ # @return [Array<Types::Tag>]
437
+ #
438
+ # @!attribute [rw] version_ids_to_stages
439
+ # A list of all of the currently assigned `VersionStage` staging
440
+ # labels and the `SecretVersionId` that each is attached to. Staging
441
+ # labels are used to keep track of the different versions during the
442
+ # rotation process.
443
+ #
444
+ # <note markdown="1"> A version that does not have any staging labels attached is
445
+ # considered deprecated and subject to deletion. Such versions are not
446
+ # included in this list.
447
+ #
448
+ # </note>
449
+ # @return [Hash<String,Array<String>>]
450
+ #
451
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretResponse AWS API Documentation
452
+ #
453
+ class DescribeSecretResponse < Struct.new(
454
+ :arn,
455
+ :name,
456
+ :description,
457
+ :kms_key_id,
458
+ :rotation_enabled,
459
+ :rotation_lambda_arn,
460
+ :rotation_rules,
461
+ :last_rotated_date,
462
+ :last_changed_date,
463
+ :last_accessed_date,
464
+ :deleted_date,
465
+ :tags,
466
+ :version_ids_to_stages)
467
+ include Aws::Structure
468
+ end
469
+
470
+ # @note When making an API call, you may pass GetRandomPasswordRequest
471
+ # data as a hash:
472
+ #
473
+ # {
474
+ # password_length: 1,
475
+ # exclude_characters: "ExcludeCharactersType",
476
+ # exclude_numbers: false,
477
+ # exclude_punctuation: false,
478
+ # exclude_uppercase: false,
479
+ # exclude_lowercase: false,
480
+ # include_space: false,
481
+ # require_each_included_type: false,
482
+ # }
483
+ #
484
+ # @!attribute [rw] password_length
485
+ # The desired length of the generated password. The default value if
486
+ # you do not include this parameter is 32 characters.
487
+ # @return [Integer]
488
+ #
489
+ # @!attribute [rw] exclude_characters
490
+ # A string that includes characters that should not be included in the
491
+ # generated password. The default is that all characters from the
492
+ # included sets can be used.
493
+ # @return [String]
494
+ #
495
+ # @!attribute [rw] exclude_numbers
496
+ # Specifies that the generated password should not include digits. The
497
+ # default if you do not include this switch parameter is that digits
498
+ # can be included.
499
+ # @return [Boolean]
500
+ #
501
+ # @!attribute [rw] exclude_punctuation
502
+ # Specifies that the generated password should not include punctuation
503
+ # characters. The default if you do not include this switch parameter
504
+ # is that punctuation characters can be included.
505
+ # @return [Boolean]
506
+ #
507
+ # @!attribute [rw] exclude_uppercase
508
+ # Specifies that the generated password should not include uppercase
509
+ # letters. The default if you do not include this switch parameter is
510
+ # that uppercase letters can be included.
511
+ # @return [Boolean]
512
+ #
513
+ # @!attribute [rw] exclude_lowercase
514
+ # Specifies that the generated password should not include lowercase
515
+ # letters. The default if you do not include this switch parameter is
516
+ # that lowercase letters can be included.
517
+ # @return [Boolean]
518
+ #
519
+ # @!attribute [rw] include_space
520
+ # Specifies that the generated password can include the space
521
+ # character. The default if you do not include this switch parameter
522
+ # is that the space character is not included.
523
+ # @return [Boolean]
524
+ #
525
+ # @!attribute [rw] require_each_included_type
526
+ # A boolean value that specifies whether the generated password must
527
+ # include at least one of every allowed character type. The default
528
+ # value is `True` and the operation requires at least one of every
529
+ # character type.
530
+ # @return [Boolean]
531
+ #
532
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPasswordRequest AWS API Documentation
533
+ #
534
+ class GetRandomPasswordRequest < Struct.new(
535
+ :password_length,
536
+ :exclude_characters,
537
+ :exclude_numbers,
538
+ :exclude_punctuation,
539
+ :exclude_uppercase,
540
+ :exclude_lowercase,
541
+ :include_space,
542
+ :require_each_included_type)
543
+ include Aws::Structure
544
+ end
545
+
546
+ # @!attribute [rw] random_password
547
+ # A string with the generated password.
548
+ # @return [String]
549
+ #
550
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPasswordResponse AWS API Documentation
551
+ #
552
+ class GetRandomPasswordResponse < Struct.new(
553
+ :random_password)
554
+ include Aws::Structure
555
+ end
556
+
557
+ # @note When making an API call, you may pass GetSecretValueRequest
558
+ # data as a hash:
559
+ #
560
+ # {
561
+ # secret_id: "SecretIdType", # required
562
+ # version_id: "SecretVersionIdType",
563
+ # version_stage: "SecretVersionStageType",
564
+ # }
565
+ #
566
+ # @!attribute [rw] secret_id
567
+ # Specifies the secret containing the version that you want to
568
+ # retrieve. You can specify either the Amazon Resource Name (ARN) or
569
+ # the friendly name of the secret.
570
+ # @return [String]
571
+ #
572
+ # @!attribute [rw] version_id
573
+ # Specifies the unique identifier of the version of the secret that
574
+ # you want to retrieve. If you specify this parameter then don't
575
+ # specify `VersionStage`. If you don't specify either a
576
+ # `VersionStage` or `SecretVersionId` then the default is to perform
577
+ # the operation on the version with the `VersionStage` value of
578
+ # `AWSCURRENT`.
579
+ #
580
+ # This value is typically a [UUID-type][1] value with 32 hexadecimal
581
+ # digits.
582
+ #
583
+ #
584
+ #
585
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
586
+ # @return [String]
587
+ #
588
+ # @!attribute [rw] version_stage
589
+ # Specifies the secret version that you want to retrieve by the
590
+ # staging label attached to the version.
591
+ #
592
+ # Staging labels are used to keep track of different versions during
593
+ # the rotation process. If you use this parameter then don't specify
594
+ # `SecretVersionId`. If you don't specify either a `VersionStage` or
595
+ # `SecretVersionId`, then the default is to perform the operation on
596
+ # the version with the `VersionStage` value of `AWSCURRENT`.
597
+ # @return [String]
598
+ #
599
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValueRequest AWS API Documentation
600
+ #
601
+ class GetSecretValueRequest < Struct.new(
602
+ :secret_id,
603
+ :version_id,
604
+ :version_stage)
605
+ include Aws::Structure
606
+ end
607
+
608
+ # @!attribute [rw] arn
609
+ # The ARN of the secret.
610
+ # @return [String]
611
+ #
612
+ # @!attribute [rw] name
613
+ # The friendly name of the secret.
614
+ # @return [String]
615
+ #
616
+ # @!attribute [rw] version_id
617
+ # The unique identifier of this version of the secret.
618
+ # @return [String]
619
+ #
620
+ # @!attribute [rw] secret_binary
621
+ # The decrypted part of the protected secret information that was
622
+ # originally provided as binary data in the form of a byte array. The
623
+ # response parameter represents the binary data as a
624
+ # [base64-encoded][1] string.
625
+ #
626
+ # This parameter is not used if the secret is created by the Secrets
627
+ # Manager console.
628
+ #
629
+ # If you store custom information in this field of the secret, then
630
+ # you must code your Lambda rotation function to parse and interpret
631
+ # whatever you store in the `SecretString` or `SecretBinary` fields.
632
+ #
633
+ #
634
+ #
635
+ # [1]: https://tools.ietf.org/html/rfc4648#section-4
636
+ # @return [String]
637
+ #
638
+ # @!attribute [rw] secret_string
639
+ # The decrypted part of the protected secret information that was
640
+ # originally provided as a string.
641
+ #
642
+ # If you create this secret by using the Secrets Manager console then
643
+ # only the `SecretString` parameter contains data. Secrets Manager
644
+ # stores the information as a JSON structure of key/value pairs that
645
+ # the Lambda rotation function knows how to parse.
646
+ #
647
+ # If you store custom information in the secret by using the
648
+ # CreateSecret, UpdateSecret, or PutSecretValue API operations instead
649
+ # of the AWS Secrets Manager console, or by using the **Other secret
650
+ # type** in the console, then you must code your Lambda rotation
651
+ # function to parse and interpret those values.
652
+ # @return [String]
653
+ #
654
+ # @!attribute [rw] version_stages
655
+ # A list of all of the staging labels currently attached to this
656
+ # version of the secret.
657
+ # @return [Array<String>]
658
+ #
659
+ # @!attribute [rw] created_date
660
+ # The date and time that this version of the secret was created.
661
+ # @return [Time]
662
+ #
663
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValueResponse AWS API Documentation
664
+ #
665
+ class GetSecretValueResponse < Struct.new(
666
+ :arn,
667
+ :name,
668
+ :version_id,
669
+ :secret_binary,
670
+ :secret_string,
671
+ :version_stages,
672
+ :created_date)
673
+ include Aws::Structure
674
+ end
675
+
676
+ # @note When making an API call, you may pass ListSecretVersionIdsRequest
677
+ # data as a hash:
678
+ #
679
+ # {
680
+ # secret_id: "SecretIdType", # required
681
+ # max_results: 1,
682
+ # next_token: "NextTokenType",
683
+ # include_deprecated: false,
684
+ # }
685
+ #
686
+ # @!attribute [rw] secret_id
687
+ # The identifier for the secret containing the versions you want to
688
+ # list. You can specify either the Amazon Resource Name (ARN) or the
689
+ # friendly name of the secret.
690
+ # @return [String]
691
+ #
692
+ # @!attribute [rw] max_results
693
+ # (Optional) Limits the number of results that you want to include in
694
+ # the response. If you don't include this parameter, it defaults to a
695
+ # value that's specific to the operation. If additional items exist
696
+ # beyond the maximum you specify, the `NextToken` response element is
697
+ # present and has a value (isn't null). Include that value as the
698
+ # `NextToken` request parameter in the next call to the operation to
699
+ # get the next part of the results. Note that AWS Secrets Manager
700
+ # might return fewer results than the maximum even when there are more
701
+ # results available. You should check `NextToken` after every
702
+ # operation to ensure that you receive all of the results.
703
+ # @return [Integer]
704
+ #
705
+ # @!attribute [rw] next_token
706
+ # (Optional) Use this parameter in a request if you receive a
707
+ # `NextToken` response in a previous request that indicates that
708
+ # there's more output available. In a subsequent call, set it to the
709
+ # value of the previous call's `NextToken` response to indicate where
710
+ # the output should continue from.
711
+ # @return [String]
712
+ #
713
+ # @!attribute [rw] include_deprecated
714
+ # (Optional) Specifies that you want the results to include versions
715
+ # that do not have any staging labels attached to them. Such versions
716
+ # are considered deprecated and are subject to deletion by Secrets
717
+ # Manager as needed.
718
+ # @return [Boolean]
719
+ #
720
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIdsRequest AWS API Documentation
721
+ #
722
+ class ListSecretVersionIdsRequest < Struct.new(
723
+ :secret_id,
724
+ :max_results,
725
+ :next_token,
726
+ :include_deprecated)
727
+ include Aws::Structure
728
+ end
729
+
730
+ # @!attribute [rw] versions
731
+ # The list of the currently available versions of the specified
732
+ # secret.
733
+ # @return [Array<Types::SecretVersionsListEntry>]
734
+ #
735
+ # @!attribute [rw] next_token
736
+ # If present in the response, this value indicates that there's more
737
+ # output available than what's included in the current response. This
738
+ # can occur even when the response includes no values at all, such as
739
+ # when you ask for a filtered view of a very long list. Use this value
740
+ # in the `NextToken` request parameter in a subsequent call to the
741
+ # operation to continue processing and get the next part of the
742
+ # output. You should repeat this until the `NextToken` response
743
+ # element comes back empty (as `null`).
744
+ # @return [String]
745
+ #
746
+ # @!attribute [rw] arn
747
+ # The Amazon Resource Name (ARN) for the secret.
748
+ #
749
+ # <note markdown="1"> AWS Secrets Manager automatically adds several random characters to
750
+ # the name at the end of the ARN when you initially create a secret.
751
+ # This affects only the ARN and not the actual friendly name. This
752
+ # ensures that if you create a new secret with the same name as an old
753
+ # secret that you previously deleted, then users with access to the
754
+ # old secret *don't* automatically get access to the new secret
755
+ # because the ARNs are different.
756
+ #
757
+ # </note>
758
+ # @return [String]
759
+ #
760
+ # @!attribute [rw] name
761
+ # The friendly name of the secret.
762
+ # @return [String]
763
+ #
764
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIdsResponse AWS API Documentation
765
+ #
766
+ class ListSecretVersionIdsResponse < Struct.new(
767
+ :versions,
768
+ :next_token,
769
+ :arn,
770
+ :name)
771
+ include Aws::Structure
772
+ end
773
+
774
+ # @note When making an API call, you may pass ListSecretsRequest
775
+ # data as a hash:
776
+ #
777
+ # {
778
+ # max_results: 1,
779
+ # next_token: "NextTokenType",
780
+ # }
781
+ #
782
+ # @!attribute [rw] max_results
783
+ # (Optional) Limits the number of results that you want to include in
784
+ # the response. If you don't include this parameter, it defaults to a
785
+ # value that's specific to the operation. If additional items exist
786
+ # beyond the maximum you specify, the `NextToken` response element is
787
+ # present and has a value (isn't null). Include that value as the
788
+ # `NextToken` request parameter in the next call to the operation to
789
+ # get the next part of the results. Note that AWS Secrets Manager
790
+ # might return fewer results than the maximum even when there are more
791
+ # results available. You should check `NextToken` after every
792
+ # operation to ensure that you receive all of the results.
793
+ # @return [Integer]
794
+ #
795
+ # @!attribute [rw] next_token
796
+ # (Optional) Use this parameter in a request if you receive a
797
+ # `NextToken` response in a previous request that indicates that
798
+ # there's more output available. In a subsequent call, set it to the
799
+ # value of the previous call's `NextToken` response to indicate where
800
+ # the output should continue from.
801
+ # @return [String]
802
+ #
803
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretsRequest AWS API Documentation
804
+ #
805
+ class ListSecretsRequest < Struct.new(
806
+ :max_results,
807
+ :next_token)
808
+ include Aws::Structure
809
+ end
810
+
811
+ # @!attribute [rw] secret_list
812
+ # A list of the secrets in the account.
813
+ # @return [Array<Types::SecretListEntry>]
814
+ #
815
+ # @!attribute [rw] next_token
816
+ # If present in the response, this value indicates that there's more
817
+ # output available than what's included in the current response. This
818
+ # can occur even when the response includes no values at all, such as
819
+ # when you ask for a filtered view of a very long list. Use this value
820
+ # in the `NextToken` request parameter in a subsequent call to the
821
+ # operation to continue processing and get the next part of the
822
+ # output. You should repeat this until the `NextToken` response
823
+ # element comes back empty (as `null`).
824
+ # @return [String]
825
+ #
826
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretsResponse AWS API Documentation
827
+ #
828
+ class ListSecretsResponse < Struct.new(
829
+ :secret_list,
830
+ :next_token)
831
+ include Aws::Structure
832
+ end
833
+
834
+ # @note When making an API call, you may pass PutSecretValueRequest
835
+ # data as a hash:
836
+ #
837
+ # {
838
+ # secret_id: "SecretIdType", # required
839
+ # client_request_token: "ClientRequestTokenType",
840
+ # secret_binary: "data",
841
+ # secret_string: "SecretStringType",
842
+ # version_stages: ["SecretVersionStageType"],
843
+ # }
844
+ #
845
+ # @!attribute [rw] secret_id
846
+ # Specifies the secret to which you want to add a new version. You can
847
+ # specify either the Amazon Resource Name (ARN) or the friendly name
848
+ # of the secret. The secret must already exist.
849
+ #
850
+ # The secret name can consist of uppercase letters, lowercase letters,
851
+ # digits, and any of the following characters: /\_+=.@-    Spaces are
852
+ # not permitted.
853
+ # @return [String]
854
+ #
855
+ # @!attribute [rw] client_request_token
856
+ # (Optional) Specifies a unique identifier for the new version of the
857
+ # secret.
858
+ #
859
+ # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
860
+ # then you can leave this parameter empty. The CLI or SDK generates a
861
+ # random UUID for you and includes that in the request. If you don't
862
+ # use the SDK and instead generate a raw HTTP request to the AWS
863
+ # Secrets Manager service endpoint, then you must generate a
864
+ # `ClientRequestToken` yourself for new versions and include that
865
+ # value in the request.
866
+ #
867
+ # </note>
868
+ #
869
+ # This value helps ensure idempotency. Secrets Manager uses this value
870
+ # to prevent the accidental creation of duplicate versions if there
871
+ # are failures and retries during the Lambda rotation function's
872
+ # processing. We recommend that you generate a [UUID-type][1] value to
873
+ # ensure uniqueness within the specified secret.
874
+ #
875
+ # * If the `ClientRequestToken` value isn't already associated with a
876
+ # version of the secret then a new version of the secret is created.
877
+ #
878
+ # * If a version with this value already exists and that version's
879
+ # `SecretString` or `SecretBinary` values are the same as those in
880
+ # the request then the request is ignored (the operation is
881
+ # idempotent).
882
+ #
883
+ # * If a version with this value already exists and that version's
884
+ # `SecretString` and `SecretBinary` values are different from those
885
+ # in the request then the request fails because you cannot modify an
886
+ # existing secret version. You can only create new versions to store
887
+ # new secret values.
888
+ #
889
+ # This value becomes the `SecretVersionId` of the new version.
890
+ #
891
+ # **A suitable default value is auto-generated.** You should normally
892
+ # not need to pass this option.
893
+ #
894
+ #
895
+ #
896
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
897
+ # @return [String]
898
+ #
899
+ # @!attribute [rw] secret_binary
900
+ # (Optional) Specifies binary data that you want to encrypt and store
901
+ # in the new version of the secret. To use this parameter in the
902
+ # command-line tools, we recommend that you store your binary data in
903
+ # a file and then use the appropriate technique for your tool to pass
904
+ # the contents of the file as a parameter. Either `SecretBinary` or
905
+ # `SecretString` must have a value. They cannot both be empty.
906
+ #
907
+ # This parameter is not accessible if the secret using the Secrets
908
+ # Manager console.
909
+ # @return [String]
910
+ #
911
+ # @!attribute [rw] secret_string
912
+ # (Optional) Specifies text data that you want to encrypt and store in
913
+ # this new version of the secret. Either `SecretString` or
914
+ # `SecretBinary` must have a value. They cannot both be empty.
915
+ #
916
+ # If you create this secret by using the Secrets Manager console then
917
+ # Secrets Manager puts the protected secret text in only the
918
+ # `SecretString` parameter. The Secrets Manager console stores the
919
+ # information as a JSON structure of key/value pairs that the default
920
+ # Lambda rotation function knows how to parse.
921
+ #
922
+ # For storing multiple values, we recommend that you use a JSON text
923
+ # string argument and specify key/value pairs. For information on how
924
+ # to format a JSON parameter for the various command line tool
925
+ # environments, see [Using JSON for Parameters][1] in the *AWS CLI
926
+ # User Guide*.
927
+ #
928
+ #
929
+ #
930
+ # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
931
+ # @return [String]
932
+ #
933
+ # @!attribute [rw] version_stages
934
+ # (Optional) Specifies a list of staging labels that are attached to
935
+ # this version of the secret. These staging labels are used to track
936
+ # the versions through the rotation process by the Lambda rotation
937
+ # function.
938
+ #
939
+ # A staging label must be unique to a single version of the secret. If
940
+ # you specify a staging label that's already associated with a
941
+ # different version of the same secret then that staging label is
942
+ # automatically removed from the other version and attached to this
943
+ # version.
944
+ #
945
+ # If you do not specify a value for `VersionStages` then AWS Secrets
946
+ # Manager automatically moves the staging label `AWSCURRENT` to this
947
+ # new version.
948
+ # @return [Array<String>]
949
+ #
950
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueRequest AWS API Documentation
951
+ #
952
+ class PutSecretValueRequest < Struct.new(
953
+ :secret_id,
954
+ :client_request_token,
955
+ :secret_binary,
956
+ :secret_string,
957
+ :version_stages)
958
+ include Aws::Structure
959
+ end
960
+
961
+ # @!attribute [rw] arn
962
+ # The Amazon Resource Name (ARN) for the secret for which you just
963
+ # created a version.
964
+ # @return [String]
965
+ #
966
+ # @!attribute [rw] name
967
+ # The friendly name of the secret for which you just created or
968
+ # updated a version.
969
+ # @return [String]
970
+ #
971
+ # @!attribute [rw] version_id
972
+ # The unique identifier of the version of the secret you just created
973
+ # or updated.
974
+ # @return [String]
975
+ #
976
+ # @!attribute [rw] version_stages
977
+ # The list of staging labels that are currently attached to this
978
+ # version of the secret. Staging labels are used to track a version as
979
+ # it progresses through the secret rotation process.
980
+ # @return [Array<String>]
981
+ #
982
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueResponse AWS API Documentation
983
+ #
984
+ class PutSecretValueResponse < Struct.new(
985
+ :arn,
986
+ :name,
987
+ :version_id,
988
+ :version_stages)
989
+ include Aws::Structure
990
+ end
991
+
992
+ # @note When making an API call, you may pass RestoreSecretRequest
993
+ # data as a hash:
994
+ #
995
+ # {
996
+ # secret_id: "SecretIdType", # required
997
+ # }
998
+ #
999
+ # @!attribute [rw] secret_id
1000
+ # Specifies the secret that you want to restore from a previously
1001
+ # scheduled deletion. You can specify either the Amazon Resource Name
1002
+ # (ARN) or the friendly name of the secret.
1003
+ # @return [String]
1004
+ #
1005
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecretRequest AWS API Documentation
1006
+ #
1007
+ class RestoreSecretRequest < Struct.new(
1008
+ :secret_id)
1009
+ include Aws::Structure
1010
+ end
1011
+
1012
+ # @!attribute [rw] arn
1013
+ # The ARN of the secret that was restored.
1014
+ # @return [String]
1015
+ #
1016
+ # @!attribute [rw] name
1017
+ # The friendly name of the secret that was restored.
1018
+ # @return [String]
1019
+ #
1020
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecretResponse AWS API Documentation
1021
+ #
1022
+ class RestoreSecretResponse < Struct.new(
1023
+ :arn,
1024
+ :name)
1025
+ include Aws::Structure
1026
+ end
1027
+
1028
+ # @note When making an API call, you may pass RotateSecretRequest
1029
+ # data as a hash:
1030
+ #
1031
+ # {
1032
+ # secret_id: "SecretIdType", # required
1033
+ # client_request_token: "ClientRequestTokenType",
1034
+ # rotation_lambda_arn: "RotationLambdaARNType",
1035
+ # rotation_rules: {
1036
+ # automatically_after_days: 1,
1037
+ # },
1038
+ # }
1039
+ #
1040
+ # @!attribute [rw] secret_id
1041
+ # Specifies the secret that you want to rotate. You can specify either
1042
+ # the Amazon Resource Name (ARN) or the friendly name of the secret.
1043
+ # @return [String]
1044
+ #
1045
+ # @!attribute [rw] client_request_token
1046
+ # (Optional) Specifies a unique identifier for the new version of the
1047
+ # secret that helps ensure idempotency.
1048
+ #
1049
+ # If you use the AWS CLI or one of the AWS SDK to call this operation,
1050
+ # then you can leave this parameter empty. The CLI or SDK generates a
1051
+ # random UUID for you and includes that in the request for this
1052
+ # parameter. If you don't use the SDK and instead generate a raw HTTP
1053
+ # request to the AWS Secrets Manager service endpoint, then you must
1054
+ # generate a `ClientRequestToken` yourself for new versions and
1055
+ # include that value in the request.
1056
+ #
1057
+ # You only need to specify your own value if you are implementing your
1058
+ # own retry logic and want to ensure that a given secret is not
1059
+ # created twice. We recommend that you generate a [UUID-type][1] value
1060
+ # to ensure uniqueness within the specified secret.
1061
+ #
1062
+ # Secrets Manager uses this value to prevent the accidental creation
1063
+ # of duplicate versions if there are failures and retries during the
1064
+ # function's processing.
1065
+ #
1066
+ # * If the `ClientRequestToken` value isn't already associated with a
1067
+ # version of the secret then a new version of the secret is created.
1068
+ #
1069
+ # * If a version with this value already exists and that version's
1070
+ # `SecretString` and `SecretBinary` values are the same as the
1071
+ # request, then the request is ignored (the operation is
1072
+ # idempotent).
1073
+ #
1074
+ # * If a version with this value already exists and that version's
1075
+ # `SecretString` and `SecretBinary` values are different from the
1076
+ # request then an error occurs because you cannot modify an existing
1077
+ # secret value.
1078
+ #
1079
+ # This value becomes the `SecretVersionId` of the new version.
1080
+ #
1081
+ # **A suitable default value is auto-generated.** You should normally
1082
+ # not need to pass this option.
1083
+ #
1084
+ #
1085
+ #
1086
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
1087
+ # @return [String]
1088
+ #
1089
+ # @!attribute [rw] rotation_lambda_arn
1090
+ # (Optional) Specifies the ARN of the Lambda function that can rotate
1091
+ # the secret.
1092
+ # @return [String]
1093
+ #
1094
+ # @!attribute [rw] rotation_rules
1095
+ # A structure that defines the rotation configuration for this secret.
1096
+ # @return [Types::RotationRulesType]
1097
+ #
1098
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation
1099
+ #
1100
+ class RotateSecretRequest < Struct.new(
1101
+ :secret_id,
1102
+ :client_request_token,
1103
+ :rotation_lambda_arn,
1104
+ :rotation_rules)
1105
+ include Aws::Structure
1106
+ end
1107
+
1108
+ # @!attribute [rw] arn
1109
+ # The ARN of the secret.
1110
+ # @return [String]
1111
+ #
1112
+ # @!attribute [rw] name
1113
+ # The friendly name of the secret.
1114
+ # @return [String]
1115
+ #
1116
+ # @!attribute [rw] version_id
1117
+ # The ID of the new version of the secret created by the rotation
1118
+ # started by this request.
1119
+ # @return [String]
1120
+ #
1121
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretResponse AWS API Documentation
1122
+ #
1123
+ class RotateSecretResponse < Struct.new(
1124
+ :arn,
1125
+ :name,
1126
+ :version_id)
1127
+ include Aws::Structure
1128
+ end
1129
+
1130
+ # A structure that defines the rotation configuration for the secret.
1131
+ #
1132
+ # @note When making an API call, you may pass RotationRulesType
1133
+ # data as a hash:
1134
+ #
1135
+ # {
1136
+ # automatically_after_days: 1,
1137
+ # }
1138
+ #
1139
+ # @!attribute [rw] automatically_after_days
1140
+ # Specifies the number of days between automatic scheduled rotations
1141
+ # of the secret.
1142
+ # @return [Integer]
1143
+ #
1144
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotationRulesType AWS API Documentation
1145
+ #
1146
+ class RotationRulesType < Struct.new(
1147
+ :automatically_after_days)
1148
+ include Aws::Structure
1149
+ end
1150
+
1151
+ # A structure that contains the details about a secret. It does not
1152
+ # include the encrypted `SecretString` and `SecretBinary` values. To get
1153
+ # those values, use the GetSecretValue operation.
1154
+ #
1155
+ # @!attribute [rw] arn
1156
+ # The Amazon Resource Name (ARN) of the secret.
1157
+ #
1158
+ # For more information about ARNs in AWS Secrets Manager, see [Policy
1159
+ # Resources][1] in the *AWS Secrets Manager User Guide*.
1160
+ #
1161
+ #
1162
+ #
1163
+ # [1]: http://docs.aws.amazon.com/http:/docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources
1164
+ # @return [String]
1165
+ #
1166
+ # @!attribute [rw] name
1167
+ # The friendly name of the secret. You can use forward slashes in the
1168
+ # name to represent a path hierarchy. For example,
1169
+ # `/prod/databases/dbserver1` could represent the secret for a server
1170
+ # named `dbserver1` in the folder `databases` in the folder `prod`.
1171
+ # @return [String]
1172
+ #
1173
+ # @!attribute [rw] description
1174
+ # The user-provided description of the secret.
1175
+ # @return [String]
1176
+ #
1177
+ # @!attribute [rw] kms_key_id
1178
+ # The ARN or alias of the AWS KMS customer master key (CMK) that's
1179
+ # used to encrypt the `SecretString` and `SecretBinary` fields in each
1180
+ # version of the secret. If you don't provide a key, then AWS Secrets
1181
+ # Manager defaults to encrypting the secret fields with the default
1182
+ # KMS CMK (the one named `awssecretsmanager`) for this account.
1183
+ # @return [String]
1184
+ #
1185
+ # @!attribute [rw] rotation_enabled
1186
+ # Indicated whether automatic, scheduled rotation is enabled for this
1187
+ # secret.
1188
+ # @return [Boolean]
1189
+ #
1190
+ # @!attribute [rw] rotation_lambda_arn
1191
+ # The ARN of an AWS Lambda function that's invoked by AWS Secrets
1192
+ # Manager to rotate and expire the secret either automatically per the
1193
+ # schedule or manually by a call to RotateSecret.
1194
+ # @return [String]
1195
+ #
1196
+ # @!attribute [rw] rotation_rules
1197
+ # A structure that defines the rotation configuration for the secret.
1198
+ # @return [Types::RotationRulesType]
1199
+ #
1200
+ # @!attribute [rw] last_rotated_date
1201
+ # The last date and time that the rotation process for this secret was
1202
+ # invoked.
1203
+ # @return [Time]
1204
+ #
1205
+ # @!attribute [rw] last_changed_date
1206
+ # The last date and time that this secret was modified in any way.
1207
+ # @return [Time]
1208
+ #
1209
+ # @!attribute [rw] last_accessed_date
1210
+ # The last date that this secret was accessed. This value is truncated
1211
+ # to midnight of the date and therefore shows only the date, not the
1212
+ # time.
1213
+ # @return [Time]
1214
+ #
1215
+ # @!attribute [rw] deleted_date
1216
+ # The date and time on which this secret was deleted. Not present on
1217
+ # active secrets. The secret can be recovered until the number of days
1218
+ # in the recovery window has passed, as specified in the
1219
+ # `RecoveryWindowInDays` parameter of the DeleteSecret operation.
1220
+ # @return [Time]
1221
+ #
1222
+ # @!attribute [rw] tags
1223
+ # The list of user-defined tags that are associated with the secret.
1224
+ # To add tags to a secret, use TagResource. To remove tags, use
1225
+ # UntagResource.
1226
+ # @return [Array<Types::Tag>]
1227
+ #
1228
+ # @!attribute [rw] secret_versions_to_stages
1229
+ # A list of all of the currently assigned `SecretVersionStage` staging
1230
+ # labels and the `SecretVersionId` that each is attached to. Staging
1231
+ # labels are used to keep track of the different versions during the
1232
+ # rotation process.
1233
+ #
1234
+ # <note markdown="1"> A version that does not have any `SecretVersionStage` is considered
1235
+ # deprecated and subject to deletion. Such versions are not included
1236
+ # in this list.
1237
+ #
1238
+ # </note>
1239
+ # @return [Hash<String,Array<String>>]
1240
+ #
1241
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretListEntry AWS API Documentation
1242
+ #
1243
+ class SecretListEntry < Struct.new(
1244
+ :arn,
1245
+ :name,
1246
+ :description,
1247
+ :kms_key_id,
1248
+ :rotation_enabled,
1249
+ :rotation_lambda_arn,
1250
+ :rotation_rules,
1251
+ :last_rotated_date,
1252
+ :last_changed_date,
1253
+ :last_accessed_date,
1254
+ :deleted_date,
1255
+ :tags,
1256
+ :secret_versions_to_stages)
1257
+ include Aws::Structure
1258
+ end
1259
+
1260
+ # A structure that contains information about one version of a secret.
1261
+ #
1262
+ # @!attribute [rw] version_id
1263
+ # The unique version identifier of this version of the secret.
1264
+ # @return [String]
1265
+ #
1266
+ # @!attribute [rw] version_stages
1267
+ # An array of staging labels that are currently associated with this
1268
+ # version of the secret.
1269
+ # @return [Array<String>]
1270
+ #
1271
+ # @!attribute [rw] last_accessed_date
1272
+ # The date that this version of the secret was last accessed. Note
1273
+ # that the resolution of this field is at the date level and does not
1274
+ # include the time.
1275
+ # @return [Time]
1276
+ #
1277
+ # @!attribute [rw] created_date
1278
+ # The date and time this version of the secret was created.
1279
+ # @return [Time]
1280
+ #
1281
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretVersionsListEntry AWS API Documentation
1282
+ #
1283
+ class SecretVersionsListEntry < Struct.new(
1284
+ :version_id,
1285
+ :version_stages,
1286
+ :last_accessed_date,
1287
+ :created_date)
1288
+ include Aws::Structure
1289
+ end
1290
+
1291
+ # A structure that contains information about a tag.
1292
+ #
1293
+ # @note When making an API call, you may pass Tag
1294
+ # data as a hash:
1295
+ #
1296
+ # {
1297
+ # key: "TagKeyType",
1298
+ # value: "TagValueType",
1299
+ # }
1300
+ #
1301
+ # @!attribute [rw] key
1302
+ # The key identifier, or name, of the tag.
1303
+ # @return [String]
1304
+ #
1305
+ # @!attribute [rw] value
1306
+ # The string value that's associated with the key of the tag.
1307
+ # @return [String]
1308
+ #
1309
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Tag AWS API Documentation
1310
+ #
1311
+ class Tag < Struct.new(
1312
+ :key,
1313
+ :value)
1314
+ include Aws::Structure
1315
+ end
1316
+
1317
+ # @note When making an API call, you may pass TagResourceRequest
1318
+ # data as a hash:
1319
+ #
1320
+ # {
1321
+ # secret_id: "SecretIdType", # required
1322
+ # tags: [ # required
1323
+ # {
1324
+ # key: "TagKeyType",
1325
+ # value: "TagValueType",
1326
+ # },
1327
+ # ],
1328
+ # }
1329
+ #
1330
+ # @!attribute [rw] secret_id
1331
+ # The identifier for the secret that you want to attach tags to. You
1332
+ # can specify either the Amazon Resource Name (ARN) or the friendly
1333
+ # name of the secret.
1334
+ # @return [String]
1335
+ #
1336
+ # @!attribute [rw] tags
1337
+ # The tags to attach to the secret. Each element in the list consists
1338
+ # of a `Key` and a `Value`.
1339
+ #
1340
+ # This parameter to the API requires a JSON text string argument. For
1341
+ # information on how to format a JSON parameter for the various
1342
+ # command line tool environments, see [Using JSON for Parameters][1]
1343
+ # in the *AWS CLI User Guide*. For the AWS CLI, you can also use the
1344
+ # syntax: `--Tags
1345
+ # Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]`
1346
+ #
1347
+ #
1348
+ #
1349
+ # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
1350
+ # @return [Array<Types::Tag>]
1351
+ #
1352
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResourceRequest AWS API Documentation
1353
+ #
1354
+ class TagResourceRequest < Struct.new(
1355
+ :secret_id,
1356
+ :tags)
1357
+ include Aws::Structure
1358
+ end
1359
+
1360
+ # @note When making an API call, you may pass UntagResourceRequest
1361
+ # data as a hash:
1362
+ #
1363
+ # {
1364
+ # secret_id: "SecretIdType", # required
1365
+ # tag_keys: ["TagKeyType"], # required
1366
+ # }
1367
+ #
1368
+ # @!attribute [rw] secret_id
1369
+ # The identifier for the secret that you want to remove tags from. You
1370
+ # can specify either the Amazon Resource Name (ARN) or the friendly
1371
+ # name of the secret.
1372
+ # @return [String]
1373
+ #
1374
+ # @!attribute [rw] tag_keys
1375
+ # A list of tag key names to remove from the secret. You don't
1376
+ # specify the value. Both the key and its associated value are
1377
+ # removed.
1378
+ #
1379
+ # This parameter to the API requires a JSON text string argument. For
1380
+ # information on how to format a JSON parameter for the various
1381
+ # command line tool environments, see [Using JSON for Parameters][1]
1382
+ # in the *AWS CLI User Guide*.
1383
+ #
1384
+ #
1385
+ #
1386
+ # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
1387
+ # @return [Array<String>]
1388
+ #
1389
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResourceRequest AWS API Documentation
1390
+ #
1391
+ class UntagResourceRequest < Struct.new(
1392
+ :secret_id,
1393
+ :tag_keys)
1394
+ include Aws::Structure
1395
+ end
1396
+
1397
+ # @note When making an API call, you may pass UpdateSecretRequest
1398
+ # data as a hash:
1399
+ #
1400
+ # {
1401
+ # secret_id: "SecretIdType", # required
1402
+ # client_request_token: "ClientRequestTokenType",
1403
+ # description: "DescriptionType",
1404
+ # kms_key_id: "KmsKeyIdType",
1405
+ # secret_binary: "data",
1406
+ # secret_string: "SecretStringType",
1407
+ # }
1408
+ #
1409
+ # @!attribute [rw] secret_id
1410
+ # Specifies the secret that you want to update or to which you want to
1411
+ # add a new version. You can specify either the Amazon Resource Name
1412
+ # (ARN) or the friendly name of the secret.
1413
+ # @return [String]
1414
+ #
1415
+ # @!attribute [rw] client_request_token
1416
+ # (Optional) If you want to add a new version to the secret, this
1417
+ # parameter specifies a unique identifier for the new version that
1418
+ # helps ensure idempotency.
1419
+ #
1420
+ # If you use the AWS CLI or one of the AWS SDK to call this operation,
1421
+ # then you can leave this parameter empty. The CLI or SDK generates a
1422
+ # random UUID for you and includes that in the request. If you don't
1423
+ # use the SDK and instead generate a raw HTTP request to the AWS
1424
+ # Secrets Manager service endpoint, then you must generate a
1425
+ # `ClientRequestToken` yourself for new versions and include that
1426
+ # value in the request.
1427
+ #
1428
+ # You typically only need to interact with this value if you implement
1429
+ # your own retry logic and want to ensure that a given secret is not
1430
+ # created twice. We recommend that you generate a [UUID-type][1] value
1431
+ # to ensure uniqueness within the specified secret.
1432
+ #
1433
+ # Secrets Manager uses this value to prevent the accidental creation
1434
+ # of duplicate versions if there are failures and retries during the
1435
+ # Lambda rotation function's processing.
1436
+ #
1437
+ # * If the `ClientRequestToken` value isn't already associated with a
1438
+ # version of the secret then a new version of the secret is created.
1439
+ #
1440
+ # * If a version with this value already exists and that version's
1441
+ # `SecretString` and `SecretBinary` values are the same as those in
1442
+ # the request then the request is ignored (the operation is
1443
+ # idempotent).
1444
+ #
1445
+ # * If a version with this value already exists and that version's
1446
+ # `SecretString` and `SecretBinary` values are different from the
1447
+ # request then an error occurs because you cannot modify an existing
1448
+ # secret value.
1449
+ #
1450
+ # This value becomes the `SecretVersionId` of the new version.
1451
+ #
1452
+ # **A suitable default value is auto-generated.** You should normally
1453
+ # not need to pass this option.
1454
+ #
1455
+ #
1456
+ #
1457
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
1458
+ # @return [String]
1459
+ #
1460
+ # @!attribute [rw] description
1461
+ # (Optional) Specifies a user-provided description of the secret.
1462
+ # @return [String]
1463
+ #
1464
+ # @!attribute [rw] kms_key_id
1465
+ # (Optional) Specifies the ARN or alias of the KMS customer master key
1466
+ # (CMK) to be used to encrypt the protected text in the versions of
1467
+ # this secret.
1468
+ #
1469
+ # If you don't specify this value, then Secrets Manager defaults to
1470
+ # using the default CMK in the account (the one named
1471
+ # `aws/secretsmanager`). If a KMS CMK with that name doesn't exist,
1472
+ # then AWS Secrets Manager creates it for you automatically the first
1473
+ # time it needs to encrypt a version's `Plaintext` or
1474
+ # `PlaintextString` fields.
1475
+ #
1476
+ # You can only use the account's default CMK to encrypt and decrypt
1477
+ # if you call this operation using credentials from the same account
1478
+ # that owns the secret. If the secret is in a different account, then
1479
+ # you must create a custom CMK and provide the ARN in this field.
1480
+ # @return [String]
1481
+ #
1482
+ # @!attribute [rw] secret_binary
1483
+ # (Optional) Specifies binary data that you want to encrypt and store
1484
+ # in the new version of the secret. To use this parameter in the
1485
+ # command-line tools, we recommend that you store your binary data in
1486
+ # a file and then use the appropriate technique for your tool to pass
1487
+ # the contents of the file as a parameter. Either `SecretBinary` or
1488
+ # `SecretString` must have a value. They cannot both be empty.
1489
+ #
1490
+ # This parameter is not accessible using the Secrets Manager console.
1491
+ # @return [String]
1492
+ #
1493
+ # @!attribute [rw] secret_string
1494
+ # (Optional) Specifies text data that you want to encrypt and store in
1495
+ # this new version of the secret. Either `SecretBinary` or
1496
+ # `SecretString` must have a value. They cannot both be empty.
1497
+ #
1498
+ # If you create this secret by using the Secrets Manager console then
1499
+ # Secrets Manager puts the protected secret text in only the
1500
+ # `SecretString` parameter. The Secrets Manager console stores the
1501
+ # information as a JSON structure of key/value pairs that the default
1502
+ # Lambda rotation function knows how to parse.
1503
+ #
1504
+ # For storing multiple values, we recommend that you use a JSON text
1505
+ # string argument and specify key/value pairs. For information on how
1506
+ # to format a JSON parameter for the various command line tool
1507
+ # environments, see [Using JSON for Parameters][1] in the *AWS CLI
1508
+ # User Guide*.
1509
+ #
1510
+ #
1511
+ #
1512
+ # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
1513
+ # @return [String]
1514
+ #
1515
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest AWS API Documentation
1516
+ #
1517
+ class UpdateSecretRequest < Struct.new(
1518
+ :secret_id,
1519
+ :client_request_token,
1520
+ :description,
1521
+ :kms_key_id,
1522
+ :secret_binary,
1523
+ :secret_string)
1524
+ include Aws::Structure
1525
+ end
1526
+
1527
+ # @!attribute [rw] arn
1528
+ # The ARN of this secret.
1529
+ #
1530
+ # <note markdown="1"> AWS Secrets Manager automatically adds several random characters to
1531
+ # the name at the end of the ARN when you initially create a secret.
1532
+ # This affects only the ARN and not the actual friendly name. This
1533
+ # ensures that if you create a new secret with the same name as an old
1534
+ # secret that you previously deleted, then users with access to the
1535
+ # old secret *don't* automatically get access to the new secret
1536
+ # because the ARNs are different.
1537
+ #
1538
+ # </note>
1539
+ # @return [String]
1540
+ #
1541
+ # @!attribute [rw] name
1542
+ # The friendly name of this secret.
1543
+ # @return [String]
1544
+ #
1545
+ # @!attribute [rw] version_id
1546
+ # If a version of the secret was created or updated by this operation,
1547
+ # then its unique identifier is returned.
1548
+ # @return [String]
1549
+ #
1550
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretResponse AWS API Documentation
1551
+ #
1552
+ class UpdateSecretResponse < Struct.new(
1553
+ :arn,
1554
+ :name,
1555
+ :version_id)
1556
+ include Aws::Structure
1557
+ end
1558
+
1559
+ # @note When making an API call, you may pass UpdateSecretVersionStageRequest
1560
+ # data as a hash:
1561
+ #
1562
+ # {
1563
+ # secret_id: "SecretIdType", # required
1564
+ # version_stage: "SecretVersionStageType", # required
1565
+ # remove_from_version_id: "SecretVersionIdType",
1566
+ # move_to_version_id: "SecretVersionIdType",
1567
+ # }
1568
+ #
1569
+ # @!attribute [rw] secret_id
1570
+ # Specifies the secret with the version whose list of staging labels
1571
+ # you want to modify. You can specify either the Amazon Resource Name
1572
+ # (ARN) or the friendly name of the secret.
1573
+ # @return [String]
1574
+ #
1575
+ # @!attribute [rw] version_stage
1576
+ # The list of staging labels to add to this version.
1577
+ # @return [String]
1578
+ #
1579
+ # @!attribute [rw] remove_from_version_id
1580
+ # (Optional) Specifies the secret version ID of the version that the
1581
+ # staging labels are to be removed from.
1582
+ #
1583
+ # If you want to move a label to a new version, you do not have to
1584
+ # explicitly remove it with this parameter. Adding a label using the
1585
+ # `MoveToVersionId` parameter automatically removes it from the old
1586
+ # version. However, if you do include both the "MoveTo" and
1587
+ # "RemoveFrom" parameters, then the move is successful only if the
1588
+ # staging labels are actually present on the "RemoveFrom" version.
1589
+ # If a staging label was on a different version than "RemoveFrom",
1590
+ # then the request fails.
1591
+ # @return [String]
1592
+ #
1593
+ # @!attribute [rw] move_to_version_id
1594
+ # (Optional) The secret version ID that you want to add the staging
1595
+ # labels to.
1596
+ #
1597
+ # If any of the staging labels are already attached to a different
1598
+ # version of the secret, then they are removed from that version
1599
+ # before adding them to this version.
1600
+ # @return [String]
1601
+ #
1602
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageRequest AWS API Documentation
1603
+ #
1604
+ class UpdateSecretVersionStageRequest < Struct.new(
1605
+ :secret_id,
1606
+ :version_stage,
1607
+ :remove_from_version_id,
1608
+ :move_to_version_id)
1609
+ include Aws::Structure
1610
+ end
1611
+
1612
+ # @!attribute [rw] arn
1613
+ # The ARN of the secret with the staging labels that were modified.
1614
+ # @return [String]
1615
+ #
1616
+ # @!attribute [rw] name
1617
+ # The friendly name of the secret with the staging labels that were
1618
+ # modified.
1619
+ # @return [String]
1620
+ #
1621
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageResponse AWS API Documentation
1622
+ #
1623
+ class UpdateSecretVersionStageResponse < Struct.new(
1624
+ :arn,
1625
+ :name)
1626
+ include Aws::Structure
1627
+ end
1628
+
1629
+ end
1630
+ end