aws-sdk-secretsmanager 1.36.0 → 1.41.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 89dc81a4d48b5e1bb8a41414db6aafb4e565ad950d51ab257b73e24dedcb8493
-  data.tar.gz: 0b0e04fff3e2343bd7046809efcff96f17bae2dfc4eb307bf766a76457b7033d
+  metadata.gz: 49a9df70bca437d8d4c359afd6adca86e7c3b32ae4d4c03896f0e829d4bfd7ad
+  data.tar.gz: 47834c3354b531844f1ca4116cb0daac6b48527a5e28229aa04da3bceb06fa1c
 SHA512:
-  metadata.gz: 3d7f401317a50c0a8b442ea38ef7896fc1418844d906ad49b48e91616e3918f18db165a0ec5bbeafff1659d0400b490f4ac458db63ac6904ae900c9e3817aece
-  data.tar.gz: 9fa672d95620e8f7ea140b78f879a398bc495d9a01322ccf6093a77615073904abf071212a24e174d0cde32c1b2b9c77a9a8b35146bce52002ee7052616c881a
+  metadata.gz: 4975ecc76204074581310cb95abf9f00f4f767c95bc258af1dab8b78ab5b95b3bc07fbe8e94ad6d1240ea7c2fc23ac361166dc506a075c1c8dd8aa32f1177287
+  data.tar.gz: 7998ad7a9171982145b0319f036fd478660da373c2d5afd9c655c45a9c635b9889e4583b7d8cbb3207369e43067219188ed683d9bfa4beadcc9769e6dd0e76cc

data/lib/aws-sdk-secretsmanager.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -42,9 +44,9 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 #
 # See {Errors} for more information.
 #
-# @service
+# @!group service
 module Aws::SecretsManager
 
-  GEM_VERSION = '1.36.0'
+  GEM_VERSION = '1.41.0'
 
 end

data/lib/aws-sdk-secretsmanager/client.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -24,6 +26,7 @@ require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
 require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
+require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
@@ -69,6 +72,7 @@ module Aws::SecretsManager
     add_plugin(Aws::Plugins::ClientMetricsPlugin)
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
+    add_plugin(Aws::Plugins::HttpChecksum)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
 
@@ -81,13 +85,28 @@ module Aws::SecretsManager
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
     #
+    #     * `Aws::SharedCredentials` - Used for loading static credentials from a
+    #       shared file, such as `~/.aws/config`.
+    #
+    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #     * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+    #       assume a role after providing credentials via the web.
+    #
+    #     * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     * `Aws::ProcessCredentials` - Used for loading credentials from a
+    #       process that outputs to stdout.
+    #
     #     * `Aws::InstanceProfileCredentials` - Used for loading credentials
     #       from an EC2 IMDS on an EC2 instance.
     #
-    #     * `Aws::SharedCredentials` - Used for loading credentials from a
-    #       shared file, such as `~/.aws/config`.
+    #     * `Aws::ECSCredentials` - Used for loading credentials from
+    #       instances running in ECS.
     #
-    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+    #       from the Cognito Identity service.
     #
     #     When `:credentials` are not configured directly, the following
     #     locations will be searched for credentials:
@@ -97,10 +116,10 @@ module Aws::SecretsManager
     #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
-    #     * EC2 IMDS instance profile - When used by default, the timeouts are
-    #       very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` to enable retries and extended
-    #       timeouts.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
+    #       are very aggressive. Construct and pass an instance of
+    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -161,7 +180,7 @@ module Aws::SecretsManager
     #   @option options [String] :endpoint
     #     The client endpoint is normally constructed from the `:region`
     #     option. You should only configure an `:endpoint` when connecting
-    #     to test endpoints. This should be a valid HTTP(S) URI.
+    #     to test or custom endpoints. This should be a valid HTTP(S) URI.
     #
     #   @option options [Integer] :endpoint_cache_max_entries (1000)
     #     Used for the maximum size limit of the LRU cache storing endpoints data
@@ -319,20 +338,20 @@ module Aws::SecretsManager
     # @!group API Operations
 
     # Disables automatic scheduled rotation and cancels the rotation of a
-    # secret if one is currently in progress.
+    # secret if currently in progress.
     #
     # To re-enable scheduled rotation, call RotateSecret with
     # `AutomaticallyRotateAfterDays` set to a value greater than 0. This
-    # will immediately rotate your secret and then enable the automatic
+    # immediately rotates your secret and then enables the automatic
     # schedule.
     #
-    # <note markdown="1"> If you cancel a rotation that is in progress, it can leave the
-    # `VersionStage` labels in an unexpected state. Depending on what step
-    # of the rotation was in progress, you might need to remove the staging
-    # label `AWSPENDING` from the partially created version, specified by
-    # the `VersionId` response value. You should also evaluate the partially
+    # <note markdown="1"> If you cancel a rotation while in progress, it can leave the
+    # `VersionStage` labels in an unexpected state. Depending on the step of
+    # the rotation in progress, you might need to remove the staging label
+    # `AWSPENDING` from the partially created version, specified by the
+    # `VersionId` response value. You should also evaluate the partially
     # rotated new version to see if it should be deleted, which you can do
-    # by removing all staging labels from the new version's `VersionStage`
+    # by removing all staging labels from the new version `VersionStage`
     # field.
     #
     #  </note>
@@ -340,12 +359,12 @@ module Aws::SecretsManager
     # To successfully start a rotation, the staging label `AWSPENDING` must
     # be in one of the following states:
     #
-    # * Not be attached to any version at all
+    # * Not attached to any version at all
     #
     # * Attached to the same version as the staging label `AWSCURRENT`
     #
-    # If the staging label `AWSPENDING` is attached to a different version
-    # than the version with `AWSCURRENT` then the attempt to rotate fails.
+    # If the staging label `AWSPENDING` attached to a different version than
+    # the version with `AWSCURRENT` then the attempt to rotate fails.
     #
     # **Minimum permissions**
     #
@@ -369,9 +388,9 @@ module Aws::SecretsManager
     #   ListSecretVersionIds.
     #
     # @option params [required, String] :secret_id
-    #   Specifies the secret for which you want to cancel a rotation request.
-    #   You can specify either the Amazon Resource Name (ARN) or the friendly
-    #   name of the secret.
+    #   Specifies the secret to cancel a rotation request. You can specify
+    #   either the Amazon Resource Name (ARN) or the friendly name of the
+    #   secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -384,7 +403,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -443,7 +468,7 @@ module Aws::SecretsManager
     # version is in the rotation cycle. The `SecretVersionsToStages` field
     # of the secret contains the mapping of staging labels to the active
     # versions of the secret. Versions without a staging label are
-    # considered deprecated and are not included in the list.
+    # considered deprecated and not included in the list.
     #
     # You provide the secret data to be encrypted by putting text in either
     # the `SecretString` parameter or binary data in the `SecretBinary`
@@ -452,29 +477,29 @@ module Aws::SecretsManager
     # version and automatically attaches the staging label `AWSCURRENT` to
     # the new version.
     #
-    # <note markdown="1"> * If you call an operation that needs to encrypt or decrypt the
-    #   `SecretString` or `SecretBinary` for a secret in the same account as
-    #   the calling user and that secret doesn't specify a AWS KMS
-    #   encryption key, Secrets Manager uses the account's default AWS
-    #   managed customer master key (CMK) with the alias
-    #   `aws/secretsmanager`. If this key doesn't already exist in your
-    #   account then Secrets Manager creates it for you automatically. All
-    #   users and roles in the same AWS account automatically have access to
-    #   use the default CMK. Note that if an Secrets Manager API call
-    #   results in AWS having to create the account's AWS-managed CMK, it
-    #   can result in a one-time significant delay in returning the result.
-    #
-    # * If the secret is in a different AWS account from the credentials
-    #   calling an API that requires encryption or decryption of the secret
-    #   value then you must create and use a custom AWS KMS CMK because you
-    #   can't access the default CMK for the account using credentials from
-    #   a different AWS account. Store the ARN of the CMK in the secret when
-    #   you create the secret or when you update it by including it in the
-    #   `KMSKeyId`. If you call an API that must encrypt or decrypt
-    #   `SecretString` or `SecretBinary` using credentials from a different
-    #   account then the AWS KMS key policy must grant cross-account access
-    #   to that other account's user or role for both the
-    #   kms:GenerateDataKey and kms:Decrypt operations.
+    # <note markdown="1"> * If you call an operation to encrypt or decrypt the `SecretString` or
+    #   `SecretBinary` for a secret in the same account as the calling user
+    #   and that secret doesn't specify a AWS KMS encryption key, Secrets
+    #   Manager uses the account's default AWS managed customer master key
+    #   (CMK) with the alias `aws/secretsmanager`. If this key doesn't
+    #   already exist in your account then Secrets Manager creates it for
+    #   you automatically. All users and roles in the same AWS account
+    #   automatically have access to use the default CMK. Note that if an
+    #   Secrets Manager API call results in AWS creating the account's
+    #   AWS-managed CMK, it can result in a one-time significant delay in
+    #   returning the result.
+    #
+    # * If the secret resides in a different AWS account from the
+    #   credentials calling an API that requires encryption or decryption of
+    #   the secret value then you must create and use a custom AWS KMS CMK
+    #   because you can't access the default CMK for the account using
+    #   credentials from a different AWS account. Store the ARN of the CMK
+    #   in the secret when you create the secret or when you update it by
+    #   including it in the `KMSKeyId`. If you call an API that must encrypt
+    #   or decrypt `SecretString` or `SecretBinary` using credentials from a
+    #   different account then the AWS KMS key policy must grant
+    #   cross-account access to that other account's user or role for both
+    #   the kms:GenerateDataKey and kms:Decrypt operations.
     #
     #  </note>
     #
@@ -488,11 +513,11 @@ module Aws::SecretsManager
     #
     # * kms:GenerateDataKey - needed only if you use a customer-managed AWS
     #   KMS key to encrypt the secret. You do not need this permission to
-    #   use the account's default AWS managed CMK for Secrets Manager.
+    #   use the account default AWS managed CMK for Secrets Manager.
     #
     # * kms:Decrypt - needed only if you use a customer-managed AWS KMS key
     #   to encrypt the secret. You do not need this permission to use the
-    #   account's default AWS managed CMK for Secrets Manager.
+    #   account default AWS managed CMK for Secrets Manager.
     #
     # * secretsmanager:TagResource - needed only if you include the `Tags`
     #   parameter.
@@ -522,11 +547,10 @@ module Aws::SecretsManager
     #   The secret name must be ASCII letters, digits, or the following
     #   characters : /\_+=.@-
     #
-    #   <note markdown="1"> Don't end your secret name with a hyphen followed by six characters.
+    #   <note markdown="1"> Do not end your secret name with a hyphen followed by six characters.
     #   If you do so, you risk confusion and unexpected results when searching
-    #   for a secret by partial ARN. This is because Secrets Manager
-    #   automatically adds a hyphen and six random characters at the end of
-    #   the ARN.
+    #   for a secret by partial ARN. Secrets Manager automatically adds a
+    #   hyphen and six random characters at the end of the ARN.
     #
     #    </note>
     #
@@ -541,7 +565,7 @@ module Aws::SecretsManager
     #   the request. If you don't use the SDK and instead generate a raw HTTP
     #   request to the Secrets Manager service endpoint, then you must
     #   generate a `ClientRequestToken` yourself for the new version and
-    #   include that value in the request.
+    #   include the value in the request.
     #
     #    </note>
     #
@@ -554,10 +578,9 @@ module Aws::SecretsManager
     #   * If the `ClientRequestToken` value isn't already associated with a
     #     version of the secret then a new version of the secret is created.
     #
-    #   * If a version with this value already exists and that version's
+    #   * If a version with this value already exists and the version
     #     `SecretString` and `SecretBinary` values are the same as those in
-    #     the request, then the request is ignored (the operation is
-    #     idempotent).
+    #     the request, then the request is ignored.
     #
     #   * If a version with this value already exists and that version's
     #     `SecretString` and `SecretBinary` values are different from those in
@@ -593,12 +616,12 @@ module Aws::SecretsManager
     #   time it needs to encrypt a version's `SecretString` or `SecretBinary`
     #   fields.
     #
-    #   You can use the account's default CMK to encrypt and decrypt only if
-    #   you call this operation using credentials from the same account that
-    #   owns the secret. If the secret is in a different account, then you
+    #   You can use the account default CMK to encrypt and decrypt only if you
+    #   call this operation using credentials from the same account that owns
+    #   the secret. If the secret resides in a different account, then you
     #   must create a custom CMK and specify the ARN in this field.
     #
-    # @option params [String, IO] :secret_binary
+    # @option params [String, StringIO, File] :secret_binary
     #   (Optional) Specifies binary data that you want to encrypt and store in
     #   the new version of the secret. To use this parameter in the
     #   command-line tools, we recommend that you store your binary data in a
@@ -630,7 +653,7 @@ module Aws::SecretsManager
     #   environments, see [Using JSON for Parameters][1] in the *AWS CLI User
     #   Guide*. For example:
     #
-    #   `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
+    #   `\{"username":"bob","password":"abc123xyz456"\}`
     #
     #   If your command-line tool or SDK requires quotation marks around the
     #   parameter, you should use single quotes to avoid confusion with the
@@ -676,16 +699,16 @@ module Aws::SecretsManager
     #
     #   * Tag keys and values are case sensitive.
     #
-    #   * Do not use the `aws:` prefix in your tag names or values because it
-    #     is reserved for AWS use. You can't edit or delete tag names or
+    #   * Do not use the `aws:` prefix in your tag names or values because AWS
+    #     reserves it for AWS use. You can't edit or delete tag names or
     #     values with this prefix. Tags with this prefix do not count against
     #     your tags per secret limit.
     #
-    #   * If your tagging schema will be used across multiple services and
-    #     resources, remember that other services might have restrictions on
-    #     allowed characters. Generally allowed characters are: letters,
-    #     spaces, and numbers representable in UTF-8, plus the following
-    #     special characters: + - = . \_ : / @.
+    #   * If you use your tagging schema across multiple services and
+    #     resources, remember other services might have restrictions on
+    #     allowed characters. Generally allowed characters: letters, spaces,
+    #     and numbers representable in UTF-8, plus the following special
+    #     characters: + - = . \_ : / @.
     #
     #
     #
@@ -749,8 +772,7 @@ module Aws::SecretsManager
       req.send_request(options)
     end
 
-    # Deletes the resource-based permission policy that's attached to the
-    # secret.
+    # Deletes the resource-based permission policy attached to the secret.
     #
     # **Minimum permissions**
     #
@@ -785,7 +807,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -888,7 +916,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -966,8 +1000,8 @@ module Aws::SecretsManager
     end
 
     # Retrieves the details of a secret. It does not include the encrypted
-    # fields. Only those fields that are populated with a value are returned
-    # in the response.
+    # fields. Secrets Manager only returns fields populated with a value in
+    # the response.
     #
     # **Minimum permissions**
     #
@@ -1004,7 +1038,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -1024,6 +1064,7 @@ module Aws::SecretsManager
     #   * {Types::DescribeSecretResponse#tags #tags} => Array&lt;Types::Tag&gt;
     #   * {Types::DescribeSecretResponse#version_ids_to_stages #version_ids_to_stages} => Hash&lt;String,Array&lt;String&gt;&gt;
     #   * {Types::DescribeSecretResponse#owning_service #owning_service} => String
+    #   * {Types::DescribeSecretResponse#created_date #created_date} => Time
     #
     #
     # @example Example: To retrieve the details of a secret
@@ -1094,6 +1135,7 @@ module Aws::SecretsManager
     #   resp.version_ids_to_stages["SecretVersionIdType"] #=> Array
     #   resp.version_ids_to_stages["SecretVersionIdType"][0] #=> String
     #   resp.owning_service #=> String
+    #   resp.created_date #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret AWS API Documentation
     #
@@ -1212,11 +1254,10 @@ module Aws::SecretsManager
       req.send_request(options)
     end
 
-    # Retrieves the JSON text of the resource-based policy document that's
-    # attached to the specified secret. The JSON request string input and
-    # response output are shown formatted with white space and line breaks
-    # for better readability. Submit your input as a single line JSON
-    # string.
+    # Retrieves the JSON text of the resource-based policy document attached
+    # to the specified secret. The JSON request string input and response
+    # output displays formatted code with white space and line breaks for
+    # better readability. Submit your input as a single line JSON string.
     #
     # **Minimum permissions**
     #
@@ -1230,8 +1271,8 @@ module Aws::SecretsManager
     #
     # * To attach a resource policy to a secret, use PutResourcePolicy.
     #
-    # * To delete the resource-based policy that's attached to a secret,
-    #   use DeleteResourcePolicy.
+    # * To delete the resource-based policy attached to a secret, use
+    #   DeleteResourcePolicy.
     #
     # * To list all of the currently available secrets, use ListSecrets.
     #
@@ -1251,7 +1292,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -1336,7 +1383,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -1433,8 +1486,8 @@ module Aws::SecretsManager
     #
     # <note markdown="1"> Always check the `NextToken` response parameter when calling any of
     # the `List*` operations. These operations can occasionally return an
-    # empty or shorter than expected list of results even when there are
-    # more results available. When this happens, the `NextToken` response
+    # empty or shorter than expected list of results even when there more
+    # results become available. When this happens, the `NextToken` response
     # parameter contains a value to pass to the next call to the same API to
     # request the next part of the list.
     #
@@ -1470,28 +1523,34 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
     # @option params [Integer] :max_results
-    #   (Optional) Limits the number of results that you want to include in
-    #   the response. If you don't include this parameter, it defaults to a
-    #   value that's specific to the operation. If additional items exist
-    #   beyond the maximum you specify, the `NextToken` response element is
-    #   present and has a value (isn't null). Include that value as the
-    #   `NextToken` request parameter in the next call to the operation to get
-    #   the next part of the results. Note that Secrets Manager might return
-    #   fewer results than the maximum even when there are more results
-    #   available. You should check `NextToken` after every operation to
-    #   ensure that you receive all of the results.
+    #   (Optional) Limits the number of results you want to include in the
+    #   response. If you don't include this parameter, it defaults to a value
+    #   that's specific to the operation. If additional items exist beyond
+    #   the maximum you specify, the `NextToken` response element is present
+    #   and has a value (isn't null). Include that value as the `NextToken`
+    #   request parameter in the next call to the operation to get the next
+    #   part of the results. Note that Secrets Manager might return fewer
+    #   results than the maximum even when there are more results available.
+    #   You should check `NextToken` after every operation to ensure that you
+    #   receive all of the results.
     #
     # @option params [String] :next_token
     #   (Optional) Use this parameter in a request if you receive a
-    #   `NextToken` response in a previous request that indicates that
-    #   there's more output available. In a subsequent call, set it to the
-    #   value of the previous call's `NextToken` response to indicate where
-    #   the output should continue from.
+    #   `NextToken` response in a previous request indicating there's more
+    #   output available. In a subsequent call, set it to the value of the
+    #   previous call `NextToken` response to indicate where the output should
+    #   continue from.
     #
     # @option params [Boolean] :include_deprecated
     #   (Optional) Specifies that you want the results to include versions
@@ -1583,8 +1642,8 @@ module Aws::SecretsManager
     #
     # <note markdown="1"> Always check the `NextToken` response parameter when calling any of
     # the `List*` operations. These operations can occasionally return an
-    # empty or shorter than expected list of results even when there are
-    # more results available. When this happens, the `NextToken` response
+    # empty or shorter than expected list of results even when there more
+    # results become available. When this happens, the `NextToken` response
     # parameter contains a value to pass to the next call to the same API to
     # request the next part of the list.
     #
@@ -1605,23 +1664,29 @@ module Aws::SecretsManager
     # ^
     #
     # @option params [Integer] :max_results
-    #   (Optional) Limits the number of results that you want to include in
-    #   the response. If you don't include this parameter, it defaults to a
-    #   value that's specific to the operation. If additional items exist
-    #   beyond the maximum you specify, the `NextToken` response element is
-    #   present and has a value (isn't null). Include that value as the
-    #   `NextToken` request parameter in the next call to the operation to get
-    #   the next part of the results. Note that Secrets Manager might return
-    #   fewer results than the maximum even when there are more results
-    #   available. You should check `NextToken` after every operation to
-    #   ensure that you receive all of the results.
+    #   (Optional) Limits the number of results you want to include in the
+    #   response. If you don't include this parameter, it defaults to a value
+    #   that's specific to the operation. If additional items exist beyond
+    #   the maximum you specify, the `NextToken` response element is present
+    #   and has a value (isn't null). Include that value as the `NextToken`
+    #   request parameter in the next call to the operation to get the next
+    #   part of the results. Note that Secrets Manager might return fewer
+    #   results than the maximum even when there are more results available.
+    #   You should check `NextToken` after every operation to ensure that you
+    #   receive all of the results.
     #
     # @option params [String] :next_token
     #   (Optional) Use this parameter in a request if you receive a
-    #   `NextToken` response in a previous request that indicates that
-    #   there's more output available. In a subsequent call, set it to the
-    #   value of the previous call's `NextToken` response to indicate where
-    #   the output should continue from.
+    #   `NextToken` response in a previous request indicating there's more
+    #   output available. In a subsequent call, set it to the value of the
+    #   previous call `NextToken` response to indicate where the output should
+    #   continue from.
+    #
+    # @option params [Array<Types::Filter>] :filters
+    #   Lists the secret request filters.
+    #
+    # @option params [String] :sort_order
+    #   Lists secrets in the requested order.
     #
     # @return [Types::ListSecretsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1671,6 +1736,13 @@ module Aws::SecretsManager
     #   resp = client.list_secrets({
     #     max_results: 1,
     #     next_token: "NextTokenType",
+    #     filters: [
+    #       {
+    #         key: "description", # accepts description, name, tag-key, tag-value, all
+    #         values: ["FilterValueStringType"],
+    #       },
+    #     ],
+    #     sort_order: "asc", # accepts asc, desc
     #   })
     #
     # @example Response structure
@@ -1694,6 +1766,7 @@ module Aws::SecretsManager
     #   resp.secret_list[0].secret_versions_to_stages["SecretVersionIdType"] #=> Array
     #   resp.secret_list[0].secret_versions_to_stages["SecretVersionIdType"][0] #=> String
     #   resp.secret_list[0].owning_service #=> String
+    #   resp.secret_list[0].created_date #=> Time
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets AWS API Documentation
@@ -1727,7 +1800,7 @@ module Aws::SecretsManager
     #
     # **Related operations**
     #
-    # * To retrieve the resource policy that's attached to a secret, use
+    # * To retrieve the resource policy attached to a secret, use
     #   GetResourcePolicy.
     #
     # * To delete the resource-based policy that's attached to a secret,
@@ -1755,7 +1828,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -1771,6 +1850,10 @@ module Aws::SecretsManager
     #
     #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
     #
+    # @option params [Boolean] :block_public_policy
+    #   Makes an optional API call to Zelkova to validate the Resource Policy
+    #   to prevent broad access to your secret.
+    #
     # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutResourcePolicyResponse#arn #arn} => String
@@ -1797,6 +1880,7 @@ module Aws::SecretsManager
     #   resp = client.put_resource_policy({
     #     secret_id: "SecretIdType", # required
     #     resource_policy: "NonEmptyResourcePolicyType", # required
+    #     block_public_policy: false,
     #   })
     #
     # @example Response structure
@@ -1846,29 +1930,29 @@ module Aws::SecretsManager
     #   operation fails because you cannot modify an existing version; you
     #   can only create new ones.
     #
-    # <note markdown="1"> * If you call an operation that needs to encrypt or decrypt the
-    #   `SecretString` or `SecretBinary` for a secret in the same account as
-    #   the calling user and that secret doesn't specify a AWS KMS
-    #   encryption key, Secrets Manager uses the account's default AWS
-    #   managed customer master key (CMK) with the alias
-    #   `aws/secretsmanager`. If this key doesn't already exist in your
-    #   account then Secrets Manager creates it for you automatically. All
-    #   users and roles in the same AWS account automatically have access to
-    #   use the default CMK. Note that if an Secrets Manager API call
-    #   results in AWS having to create the account's AWS-managed CMK, it
-    #   can result in a one-time significant delay in returning the result.
-    #
-    # * If the secret is in a different AWS account from the credentials
-    #   calling an API that requires encryption or decryption of the secret
-    #   value then you must create and use a custom AWS KMS CMK because you
-    #   can't access the default CMK for the account using credentials from
-    #   a different AWS account. Store the ARN of the CMK in the secret when
-    #   you create the secret or when you update it by including it in the
-    #   `KMSKeyId`. If you call an API that must encrypt or decrypt
-    #   `SecretString` or `SecretBinary` using credentials from a different
-    #   account then the AWS KMS key policy must grant cross-account access
-    #   to that other account's user or role for both the
-    #   kms:GenerateDataKey and kms:Decrypt operations.
+    # <note markdown="1"> * If you call an operation to encrypt or decrypt the `SecretString` or
+    #   `SecretBinary` for a secret in the same account as the calling user
+    #   and that secret doesn't specify a AWS KMS encryption key, Secrets
+    #   Manager uses the account's default AWS managed customer master key
+    #   (CMK) with the alias `aws/secretsmanager`. If this key doesn't
+    #   already exist in your account then Secrets Manager creates it for
+    #   you automatically. All users and roles in the same AWS account
+    #   automatically have access to use the default CMK. Note that if an
+    #   Secrets Manager API call results in AWS creating the account's
+    #   AWS-managed CMK, it can result in a one-time significant delay in
+    #   returning the result.
+    #
+    # * If the secret resides in a different AWS account from the
+    #   credentials calling an API that requires encryption or decryption of
+    #   the secret value then you must create and use a custom AWS KMS CMK
+    #   because you can't access the default CMK for the account using
+    #   credentials from a different AWS account. Store the ARN of the CMK
+    #   in the secret when you create the secret or when you update it by
+    #   including it in the `KMSKeyId`. If you call an API that must encrypt
+    #   or decrypt `SecretString` or `SecretBinary` using credentials from a
+    #   different account then the AWS KMS key policy must grant
+    #   cross-account access to that other account's user or role for both
+    #   the kms:GenerateDataKey and kms:Decrypt operations.
     #
     #  </note>
     #
@@ -1909,7 +1993,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -1940,7 +2030,7 @@ module Aws::SecretsManager
     #     `SecretString` or `SecretBinary` values are the same as those in the
     #     request then the request is ignored (the operation is idempotent).
     #
-    #   * If a version with this value already exists and that version's
+    #   * If a version with this value already exists and the version of the
     #     `SecretString` and `SecretBinary` values are different from those in
     #     the request then the request fails because you cannot modify an
     #     existing secret version. You can only create new versions to store
@@ -1955,7 +2045,7 @@ module Aws::SecretsManager
     #
     #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
     #
-    # @option params [String, IO] :secret_binary
+    # @option params [String, StringIO, File] :secret_binary
     #   (Optional) Specifies binary data that you want to encrypt and store in
     #   the new version of the secret. To use this parameter in the
     #   command-line tools, we recommend that you store your binary data in a
@@ -2102,7 +2192,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -2165,8 +2261,8 @@ module Aws::SecretsManager
     # for your protected service, see [Rotating Secrets in AWS Secrets
     # Manager][1] in the *AWS Secrets Manager User Guide*.
     #
-    # Secrets Manager schedules the next rotation when the previous one is
-    # complete. Secrets Manager schedules the date by adding the rotation
+    # Secrets Manager schedules the next rotation when the previous one
+    # completes. Secrets Manager schedules the date by adding the rotation
     # interval (number of days) to the actual date of the last rotation. The
     # service chooses the hour within that 24-hour date window randomly. The
     # minute is also chosen somewhat randomly, but weighted towards the top
@@ -2182,9 +2278,9 @@ module Aws::SecretsManager
     # * The `AWSPENDING` staging label is not attached to any version of the
     #   secret.
     #
-    # If instead the `AWSPENDING` staging label is present but is not
-    # attached to the same version as `AWSCURRENT` then any later invocation
-    # of `RotateSecret` assumes that a previous rotation request is still in
+    # If the `AWSPENDING` staging label is present but not attached to the
+    # same version as `AWSCURRENT` then any later invocation of
+    # `RotateSecret` assumes that a previous rotation request is still in
     # progress and returns an error.
     #
     # **Minimum permissions**
@@ -2226,7 +2322,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -2242,8 +2344,8 @@ module Aws::SecretsManager
     #   generate a `ClientRequestToken` yourself for new versions and include
     #   that value in the request.
     #
-    #   You only need to specify your own value if you are implementing your
-    #   own retry logic and want to ensure that a given secret is not created
+    #   You only need to specify your own value if you implement your own
+    #   retry logic and want to ensure that a given secret is not created
     #   twice. We recommend that you generate a [UUID-type][1] value to ensure
     #   uniqueness within the specified secret.
     #
@@ -2314,16 +2416,16 @@ module Aws::SecretsManager
     #
     # * Tag keys and values are case sensitive.
     #
-    # * Do not use the `aws:` prefix in your tag names or values because it
-    #   is reserved for AWS use. You can't edit or delete tag names or
+    # * Do not use the `aws:` prefix in your tag names or values because AWS
+    #   reserves it for AWS use. You can't edit or delete tag names or
     #   values with this prefix. Tags with this prefix do not count against
     #   your tags per secret limit.
     #
-    # * If your tagging schema will be used across multiple services and
-    #   resources, remember that other services might have restrictions on
-    #   allowed characters. Generally allowed characters are: letters,
-    #   spaces, and numbers representable in UTF-8, plus the following
-    #   special characters: + - = . \_ : / @.
+    # * If you use your tagging schema across multiple services and
+    #   resources, remember other services might have restrictions on
+    #   allowed characters. Generally allowed characters: letters, spaces,
+    #   and numbers representable in UTF-8, plus the following special
+    #   characters: + - = . \_ : / @.
     #
     # If you use tags as part of your security strategy, then adding or
     # removing a tag can change permissions. If successfully completing this
@@ -2361,7 +2463,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -2463,7 +2571,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -2535,29 +2649,29 @@ module Aws::SecretsManager
     #   secret version, Secrets Manager automatically attaches the staging
     #   label `AWSCURRENT` to the new version.
     #
-    # <note markdown="1"> * If you call an operation that needs to encrypt or decrypt the
-    #   `SecretString` or `SecretBinary` for a secret in the same account as
-    #   the calling user and that secret doesn't specify a AWS KMS
-    #   encryption key, Secrets Manager uses the account's default AWS
-    #   managed customer master key (CMK) with the alias
-    #   `aws/secretsmanager`. If this key doesn't already exist in your
-    #   account then Secrets Manager creates it for you automatically. All
-    #   users and roles in the same AWS account automatically have access to
-    #   use the default CMK. Note that if an Secrets Manager API call
-    #   results in AWS having to create the account's AWS-managed CMK, it
-    #   can result in a one-time significant delay in returning the result.
-    #
-    # * If the secret is in a different AWS account from the credentials
-    #   calling an API that requires encryption or decryption of the secret
-    #   value then you must create and use a custom AWS KMS CMK because you
-    #   can't access the default CMK for the account using credentials from
-    #   a different AWS account. Store the ARN of the CMK in the secret when
-    #   you create the secret or when you update it by including it in the
-    #   `KMSKeyId`. If you call an API that must encrypt or decrypt
-    #   `SecretString` or `SecretBinary` using credentials from a different
-    #   account then the AWS KMS key policy must grant cross-account access
-    #   to that other account's user or role for both the
-    #   kms:GenerateDataKey and kms:Decrypt operations.
+    # <note markdown="1"> * If you call an operation to encrypt or decrypt the `SecretString` or
+    #   `SecretBinary` for a secret in the same account as the calling user
+    #   and that secret doesn't specify a AWS KMS encryption key, Secrets
+    #   Manager uses the account's default AWS managed customer master key
+    #   (CMK) with the alias `aws/secretsmanager`. If this key doesn't
+    #   already exist in your account then Secrets Manager creates it for
+    #   you automatically. All users and roles in the same AWS account
+    #   automatically have access to use the default CMK. Note that if an
+    #   Secrets Manager API call results in AWS creating the account's
+    #   AWS-managed CMK, it can result in a one-time significant delay in
+    #   returning the result.
+    #
+    # * If the secret resides in a different AWS account from the
+    #   credentials calling an API that requires encryption or decryption of
+    #   the secret value then you must create and use a custom AWS KMS CMK
+    #   because you can't access the default CMK for the account using
+    #   credentials from a different AWS account. Store the ARN of the CMK
+    #   in the secret when you create the secret or when you update it by
+    #   including it in the `KMSKeyId`. If you call an API that must encrypt
+    #   or decrypt `SecretString` or `SecretBinary` using credentials from a
+    #   different account then the AWS KMS key policy must grant
+    #   cross-account access to that other account's user or role for both
+    #   the kms:GenerateDataKey and kms:Decrypt operations.
     #
     #  </note>
     #
@@ -2602,7 +2716,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -2666,7 +2786,7 @@ module Aws::SecretsManager
     #   field. The user making the call must have permissions to both the
     #   secret and the CMK in their respective accounts.
     #
-    # @option params [String, IO] :secret_binary
+    # @option params [String, StringIO, File] :secret_binary
     #   (Optional) Specifies updated binary data that you want to encrypt and
     #   store in the new version of the secret. To use this parameter in the
     #   command-line tools, we recommend that you store your binary data in a
@@ -2839,9 +2959,9 @@ module Aws::SecretsManager
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label
     #
     # @option params [required, String] :secret_id
-    #   Specifies the secret with the version whose list of staging labels you
-    #   want to modify. You can specify either the Amazon Resource Name (ARN)
-    #   or the friendly name of the secret.
+    #   Specifies the secret with the version with the list of staging labels
+    #   you want to modify. You can specify either the Amazon Resource Name
+    #   (ARN) or the friendly name of the secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -2854,7 +2974,13 @@ module Aws::SecretsManager
     #   then those characters cause Secrets Manager to assume that you’re
     #   specifying a complete ARN. This confusion can cause unexpected
     #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names that end with a hyphen followed by six characters.
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
     #
     #    </note>
     #
@@ -2872,7 +2998,7 @@ module Aws::SecretsManager
     #
     # @option params [String] :move_to_version_id
     #   (Optional) The secret version ID that you want to add the staging
-    #   label to. If you want to remove a label from a version, then do not
+    #   label. If you want to remove a label from a version, then do not
     #   specify this parameter.
     #
     #   If the staging label is already attached to a different version of the
@@ -2962,6 +3088,86 @@ module Aws::SecretsManager
       req.send_request(options)
     end
 
+    # Validates the JSON text of the resource-based policy document attached
+    # to the specified secret. The JSON request string input and response
+    # output displays formatted code with white space and line breaks for
+    # better readability. Submit your input as a single line JSON string. A
+    # resource-based policy is optional.
+    #
+    # @option params [String] :secret_id
+    #   The identifier for the secret that you want to validate a resource
+    #   policy. You can specify either the Amazon Resource Name (ARN) or the
+    #   friendly name of the secret.
+    #
+    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
+    #   complete ARN. You can specify a partial ARN too—for example, if you
+    #   don’t include the final hyphen and six random characters that Secrets
+    #   Manager adds at the end of the ARN when you created the secret. A
+    #   partial ARN match can work as long as it uniquely matches only one
+    #   secret. However, if your secret has a name that ends in a hyphen
+    #   followed by six characters (before Secrets Manager adds the hyphen and
+    #   six characters to the ARN) and you try to use that as a partial ARN,
+    #   then those characters cause Secrets Manager to assume that you’re
+    #   specifying a complete ARN. This confusion can cause unexpected
+    #   results. To avoid this situation, we recommend that you don’t create
+    #   secret names ending with a hyphen followed by six characters.
+    #
+    #    If you specify an incomplete ARN without the random suffix, and
+    #   instead provide the 'friendly name', you *must* not include the
+    #   random suffix. If you do include the random suffix added by Secrets
+    #   Manager, you receive either a *ResourceNotFoundException* or an
+    #   *AccessDeniedException* error, depending on your permissions.
+    #
+    #    </note>
+    #
+    # @option params [required, String] :resource_policy
+    #   Identifies the Resource Policy attached to the secret.
+    #
+    # @return [Types::ValidateResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ValidateResourcePolicyResponse#policy_validation_passed #policy_validation_passed} => Boolean
+    #   * {Types::ValidateResourcePolicyResponse#validation_errors #validation_errors} => Array&lt;Types::ValidationErrorsEntry&gt;
+    #
+    #
+    # @example Example: To validate a resource-based policy to a secret
+    #
+    #   # The following example shows how to validate a resource-based policy to a secret.
+    #
+    #   resp = client.validate_resource_policy({
+    #     resource_policy: "{\n\"Version\":\"2012-10-17\",\n\"Statement\":[{\n\"Effect\":\"Allow\",\n\"Principal\":{\n\"AWS\":\"arn:aws:iam::123456789012:root\"\n},\n\"Action\":\"secretsmanager:GetSecretValue\",\n\"Resource\":\"*\"\n}]\n}", 
+    #     secret_id: "MyTestDatabaseSecret", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     policy_validation_passed: true, 
+    #     validation_errors: [
+    #     ], 
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.validate_resource_policy({
+    #     secret_id: "SecretIdType",
+    #     resource_policy: "NonEmptyResourcePolicyType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.policy_validation_passed #=> Boolean
+    #   resp.validation_errors #=> Array
+    #   resp.validation_errors[0].check_name #=> String
+    #   resp.validation_errors[0].error_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy AWS API Documentation
+    #
+    # @overload validate_resource_policy(params = {})
+    # @param [Hash] params ({})
+    def validate_resource_policy(params = {}, options = {})
+      req = build_request(:validate_resource_policy, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -2975,7 +3181,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.36.0'
+      context[:gem_version] = '1.41.0'
       Seahorse::Client::Request.new(handlers, context)
     end