aws-sdk-secretsmanager 1.37.1 → 1.42.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -36,6 +38,11 @@ module Aws::SecretsManager
36
38
  ExcludeNumbersType = Shapes::BooleanShape.new(name: 'ExcludeNumbersType')
37
39
  ExcludePunctuationType = Shapes::BooleanShape.new(name: 'ExcludePunctuationType')
38
40
  ExcludeUppercaseType = Shapes::BooleanShape.new(name: 'ExcludeUppercaseType')
41
+ Filter = Shapes::StructureShape.new(name: 'Filter')
42
+ FilterNameStringType = Shapes::StringShape.new(name: 'FilterNameStringType')
43
+ FilterValueStringType = Shapes::StringShape.new(name: 'FilterValueStringType')
44
+ FilterValuesStringList = Shapes::ListShape.new(name: 'FilterValuesStringList')
45
+ FiltersListType = Shapes::ListShape.new(name: 'FiltersListType')
39
46
  GetRandomPasswordRequest = Shapes::StructureShape.new(name: 'GetRandomPasswordRequest')
40
47
  GetRandomPasswordResponse = Shapes::StructureShape.new(name: 'GetRandomPasswordResponse')
41
48
  GetResourcePolicyRequest = Shapes::StructureShape.new(name: 'GetResourcePolicyRequest')
@@ -64,6 +71,7 @@ module Aws::SecretsManager
64
71
  OwningServiceType = Shapes::StringShape.new(name: 'OwningServiceType')
65
72
  PasswordLengthType = Shapes::IntegerShape.new(name: 'PasswordLengthType')
66
73
  PreconditionNotMetException = Shapes::StructureShape.new(name: 'PreconditionNotMetException')
74
+ PublicPolicyException = Shapes::StructureShape.new(name: 'PublicPolicyException')
67
75
  PutResourcePolicyRequest = Shapes::StructureShape.new(name: 'PutResourcePolicyRequest')
68
76
  PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse')
69
77
  PutSecretValueRequest = Shapes::StructureShape.new(name: 'PutSecretValueRequest')
@@ -93,17 +101,23 @@ module Aws::SecretsManager
93
101
  SecretVersionsListEntry = Shapes::StructureShape.new(name: 'SecretVersionsListEntry')
94
102
  SecretVersionsListType = Shapes::ListShape.new(name: 'SecretVersionsListType')
95
103
  SecretVersionsToStagesMapType = Shapes::MapShape.new(name: 'SecretVersionsToStagesMapType')
104
+ SortOrderType = Shapes::StringShape.new(name: 'SortOrderType')
96
105
  Tag = Shapes::StructureShape.new(name: 'Tag')
97
106
  TagKeyListType = Shapes::ListShape.new(name: 'TagKeyListType')
98
107
  TagKeyType = Shapes::StringShape.new(name: 'TagKeyType')
99
108
  TagListType = Shapes::ListShape.new(name: 'TagListType')
100
109
  TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
101
110
  TagValueType = Shapes::StringShape.new(name: 'TagValueType')
111
+ TimestampType = Shapes::TimestampShape.new(name: 'TimestampType')
102
112
  UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
103
113
  UpdateSecretRequest = Shapes::StructureShape.new(name: 'UpdateSecretRequest')
104
114
  UpdateSecretResponse = Shapes::StructureShape.new(name: 'UpdateSecretResponse')
105
115
  UpdateSecretVersionStageRequest = Shapes::StructureShape.new(name: 'UpdateSecretVersionStageRequest')
106
116
  UpdateSecretVersionStageResponse = Shapes::StructureShape.new(name: 'UpdateSecretVersionStageResponse')
117
+ ValidateResourcePolicyRequest = Shapes::StructureShape.new(name: 'ValidateResourcePolicyRequest')
118
+ ValidateResourcePolicyResponse = Shapes::StructureShape.new(name: 'ValidateResourcePolicyResponse')
119
+ ValidationErrorsEntry = Shapes::StructureShape.new(name: 'ValidationErrorsEntry')
120
+ ValidationErrorsType = Shapes::ListShape.new(name: 'ValidationErrorsType')
107
121
 
108
122
  CancelRotateSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
109
123
  CancelRotateSecretRequest.struct_class = Types::CancelRotateSecretRequest
@@ -164,11 +178,20 @@ module Aws::SecretsManager
164
178
  DescribeSecretResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagListType, location_name: "Tags"))
165
179
  DescribeSecretResponse.add_member(:version_ids_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "VersionIdsToStages"))
166
180
  DescribeSecretResponse.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
181
+ DescribeSecretResponse.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
167
182
  DescribeSecretResponse.struct_class = Types::DescribeSecretResponse
168
183
 
169
184
  EncryptionFailure.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
170
185
  EncryptionFailure.struct_class = Types::EncryptionFailure
171
186
 
187
+ Filter.add_member(:key, Shapes::ShapeRef.new(shape: FilterNameStringType, location_name: "Key"))
188
+ Filter.add_member(:values, Shapes::ShapeRef.new(shape: FilterValuesStringList, location_name: "Values"))
189
+ Filter.struct_class = Types::Filter
190
+
191
+ FilterValuesStringList.member = Shapes::ShapeRef.new(shape: FilterValueStringType)
192
+
193
+ FiltersListType.member = Shapes::ShapeRef.new(shape: Filter)
194
+
172
195
  GetRandomPasswordRequest.add_member(:password_length, Shapes::ShapeRef.new(shape: PasswordLengthType, location_name: "PasswordLength", metadata: {"box"=>true}))
173
196
  GetRandomPasswordRequest.add_member(:exclude_characters, Shapes::ShapeRef.new(shape: ExcludeCharactersType, location_name: "ExcludeCharacters"))
174
197
  GetRandomPasswordRequest.add_member(:exclude_numbers, Shapes::ShapeRef.new(shape: ExcludeNumbersType, location_name: "ExcludeNumbers", metadata: {"box"=>true}))
@@ -233,6 +256,8 @@ module Aws::SecretsManager
233
256
 
234
257
  ListSecretsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResultsType, location_name: "MaxResults", metadata: {"box"=>true}))
235
258
  ListSecretsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "NextToken"))
259
+ ListSecretsRequest.add_member(:filters, Shapes::ShapeRef.new(shape: FiltersListType, location_name: "Filters"))
260
+ ListSecretsRequest.add_member(:sort_order, Shapes::ShapeRef.new(shape: SortOrderType, location_name: "SortOrder"))
236
261
  ListSecretsRequest.struct_class = Types::ListSecretsRequest
237
262
 
238
263
  ListSecretsResponse.add_member(:secret_list, Shapes::ShapeRef.new(shape: SecretListType, location_name: "SecretList"))
@@ -245,8 +270,12 @@ module Aws::SecretsManager
245
270
  PreconditionNotMetException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
246
271
  PreconditionNotMetException.struct_class = Types::PreconditionNotMetException
247
272
 
273
+ PublicPolicyException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
274
+ PublicPolicyException.struct_class = Types::PublicPolicyException
275
+
248
276
  PutResourcePolicyRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
249
277
  PutResourcePolicyRequest.add_member(:resource_policy, Shapes::ShapeRef.new(shape: NonEmptyResourcePolicyType, required: true, location_name: "ResourcePolicy"))
278
+ PutResourcePolicyRequest.add_member(:block_public_policy, Shapes::ShapeRef.new(shape: BooleanType, location_name: "BlockPublicPolicy", metadata: {"box"=>true}))
250
279
  PutResourcePolicyRequest.struct_class = Types::PutResourcePolicyRequest
251
280
 
252
281
  PutResourcePolicyResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -307,6 +336,7 @@ module Aws::SecretsManager
307
336
  SecretListEntry.add_member(:tags, Shapes::ShapeRef.new(shape: TagListType, location_name: "Tags"))
308
337
  SecretListEntry.add_member(:secret_versions_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "SecretVersionsToStages"))
309
338
  SecretListEntry.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
339
+ SecretListEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
310
340
  SecretListEntry.struct_class = Types::SecretListEntry
311
341
 
312
342
  SecretListType.member = Shapes::ShapeRef.new(shape: SecretListEntry)
@@ -363,6 +393,20 @@ module Aws::SecretsManager
363
393
  UpdateSecretVersionStageResponse.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
364
394
  UpdateSecretVersionStageResponse.struct_class = Types::UpdateSecretVersionStageResponse
365
395
 
396
+ ValidateResourcePolicyRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, location_name: "SecretId"))
397
+ ValidateResourcePolicyRequest.add_member(:resource_policy, Shapes::ShapeRef.new(shape: NonEmptyResourcePolicyType, required: true, location_name: "ResourcePolicy"))
398
+ ValidateResourcePolicyRequest.struct_class = Types::ValidateResourcePolicyRequest
399
+
400
+ ValidateResourcePolicyResponse.add_member(:policy_validation_passed, Shapes::ShapeRef.new(shape: BooleanType, location_name: "PolicyValidationPassed"))
401
+ ValidateResourcePolicyResponse.add_member(:validation_errors, Shapes::ShapeRef.new(shape: ValidationErrorsType, location_name: "ValidationErrors"))
402
+ ValidateResourcePolicyResponse.struct_class = Types::ValidateResourcePolicyResponse
403
+
404
+ ValidationErrorsEntry.add_member(:check_name, Shapes::ShapeRef.new(shape: NameType, location_name: "CheckName"))
405
+ ValidationErrorsEntry.add_member(:error_message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "ErrorMessage"))
406
+ ValidationErrorsEntry.struct_class = Types::ValidationErrorsEntry
407
+
408
+ ValidationErrorsType.member = Shapes::ShapeRef.new(shape: ValidationErrorsEntry)
409
+
366
410
 
367
411
  # @api private
368
412
  API = Seahorse::Model::Api.new.tap do |api|
@@ -524,6 +568,7 @@ module Aws::SecretsManager
524
568
  o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
525
569
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
526
570
  o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
571
+ o.errors << Shapes::ShapeRef.new(shape: PublicPolicyException)
527
572
  end)
528
573
 
529
574
  api.add_operation(:put_secret_value, Seahorse::Model::Operation.new.tap do |o|
@@ -618,6 +663,19 @@ module Aws::SecretsManager
618
663
  o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
619
664
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
620
665
  end)
666
+
667
+ api.add_operation(:validate_resource_policy, Seahorse::Model::Operation.new.tap do |o|
668
+ o.name = "ValidateResourcePolicy"
669
+ o.http_method = "POST"
670
+ o.http_request_uri = "/"
671
+ o.input = Shapes::ShapeRef.new(shape: ValidateResourcePolicyRequest)
672
+ o.output = Shapes::ShapeRef.new(shape: ValidateResourcePolicyResponse)
673
+ o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
674
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
675
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
676
+ o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
677
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
678
+ end)
621
679
  end
622
680
 
623
681
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -34,6 +36,7 @@ module Aws::SecretsManager
34
36
  # * {LimitExceededException}
35
37
  # * {MalformedPolicyDocumentException}
36
38
  # * {PreconditionNotMetException}
39
+ # * {PublicPolicyException}
37
40
  # * {ResourceExistsException}
38
41
  # * {ResourceNotFoundException}
39
42
  #
@@ -178,6 +181,21 @@ module Aws::SecretsManager
178
181
  end
179
182
  end
180
183
 
184
+ class PublicPolicyException < ServiceError
185
+
186
+ # @param [Seahorse::Client::RequestContext] context
187
+ # @param [String] message
188
+ # @param [Aws::SecretsManager::Types::PublicPolicyException] data
189
+ def initialize(context, message, data = Aws::EmptyStructure.new)
190
+ super(context, message, data)
191
+ end
192
+
193
+ # @return [String]
194
+ def message
195
+ @message || @data[:message]
196
+ end
197
+ end
198
+
181
199
  class ResourceExistsException < ServiceError
182
200
 
183
201
  # @param [Seahorse::Client::RequestContext] context
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -16,9 +18,9 @@ module Aws::SecretsManager
16
18
  # }
17
19
  #
18
20
  # @!attribute [rw] secret_id
19
- # Specifies the secret for which you want to cancel a rotation
20
- # request. You can specify either the Amazon Resource Name (ARN) or
21
- # the friendly name of the secret.
21
+ # Specifies the secret to cancel a rotation request. You can specify
22
+ # either the Amazon Resource Name (ARN) or the friendly name of the
23
+ # secret.
22
24
  #
23
25
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
24
26
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -31,9 +33,15 @@ module Aws::SecretsManager
31
33
  # partial ARN, then those characters cause Secrets Manager to assume
32
34
  # that you’re specifying a complete ARN. This confusion can cause
33
35
  # unexpected results. To avoid this situation, we recommend that you
34
- # don’t create secret names that end with a hyphen followed by six
36
+ # don’t create secret names ending with a hyphen followed by six
35
37
  # characters.
36
38
  #
39
+ # If you specify an incomplete ARN without the random suffix, and
40
+ # instead provide the 'friendly name', you *must* not include the
41
+ # random suffix. If you do include the random suffix added by Secrets
42
+ # Manager, you receive either a *ResourceNotFoundException* or an
43
+ # *AccessDeniedException* error, depending on your permissions.
44
+ #
37
45
  # </note>
38
46
  # @return [String]
39
47
  #
@@ -41,6 +49,7 @@ module Aws::SecretsManager
41
49
  #
42
50
  class CancelRotateSecretRequest < Struct.new(
43
51
  :secret_id)
52
+ SENSITIVE = []
44
53
  include Aws::Structure
45
54
  end
46
55
 
@@ -53,9 +62,9 @@ module Aws::SecretsManager
53
62
  # @return [String]
54
63
  #
55
64
  # @!attribute [rw] version_id
56
- # The unique identifier of the version of the secret that was created
57
- # during the rotation. This version might not be complete, and should
58
- # be evaluated for possible deletion. At the very least, you should
65
+ # The unique identifier of the version of the secret created during
66
+ # the rotation. This version might not be complete, and should be
67
+ # evaluated for possible deletion. At the very least, you should
59
68
  # remove the `VersionStage` value `AWSPENDING` to enable this version
60
69
  # to be deleted. Failing to clean up a cancelled rotation can block
61
70
  # you from successfully starting future rotations.
@@ -67,6 +76,7 @@ module Aws::SecretsManager
67
76
  :arn,
68
77
  :name,
69
78
  :version_id)
79
+ SENSITIVE = []
70
80
  include Aws::Structure
71
81
  end
72
82
 
@@ -94,11 +104,11 @@ module Aws::SecretsManager
94
104
  # The secret name must be ASCII letters, digits, or the following
95
105
  # characters : /\_+=.@-
96
106
  #
97
- # <note markdown="1"> Don't end your secret name with a hyphen followed by six
107
+ # <note markdown="1"> Do not end your secret name with a hyphen followed by six
98
108
  # characters. If you do so, you risk confusion and unexpected results
99
- # when searching for a secret by partial ARN. This is because Secrets
100
- # Manager automatically adds a hyphen and six random characters at the
101
- # end of the ARN.
109
+ # when searching for a secret by partial ARN. Secrets Manager
110
+ # automatically adds a hyphen and six random characters at the end of
111
+ # the ARN.
102
112
  #
103
113
  # </note>
104
114
  # @return [String]
@@ -114,7 +124,7 @@ module Aws::SecretsManager
114
124
  # in the request. If you don't use the SDK and instead generate a raw
115
125
  # HTTP request to the Secrets Manager service endpoint, then you must
116
126
  # generate a `ClientRequestToken` yourself for the new version and
117
- # include that value in the request.
127
+ # include the value in the request.
118
128
  #
119
129
  # </note>
120
130
  #
@@ -127,10 +137,9 @@ module Aws::SecretsManager
127
137
  # * If the `ClientRequestToken` value isn't already associated with a
128
138
  # version of the secret then a new version of the secret is created.
129
139
  #
130
- # * If a version with this value already exists and that version's
140
+ # * If a version with this value already exists and the version
131
141
  # `SecretString` and `SecretBinary` values are the same as those in
132
- # the request, then the request is ignored (the operation is
133
- # idempotent).
142
+ # the request, then the request is ignored.
134
143
  #
135
144
  # * If a version with this value already exists and that version's
136
145
  # `SecretString` and `SecretBinary` values are different from those
@@ -168,9 +177,9 @@ module Aws::SecretsManager
168
177
  # first time it needs to encrypt a version's `SecretString` or
169
178
  # `SecretBinary` fields.
170
179
  #
171
- # You can use the account's default CMK to encrypt and decrypt only
172
- # if you call this operation using credentials from the same account
173
- # that owns the secret. If the secret is in a different account, then
180
+ # You can use the account default CMK to encrypt and decrypt only if
181
+ # you call this operation using credentials from the same account that
182
+ # owns the secret. If the secret resides in a different account, then
174
183
  # you must create a custom CMK and specify the ARN in this field.
175
184
  # @return [String]
176
185
  #
@@ -207,7 +216,7 @@ module Aws::SecretsManager
207
216
  # environments, see [Using JSON for Parameters][1] in the *AWS CLI
208
217
  # User Guide*. For example:
209
218
  #
210
- # `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
219
+ # `\{"username":"bob","password":"abc123xyz456"\}`
211
220
  #
212
221
  # If your command-line tool or SDK requires quotation marks around the
213
222
  # parameter, you should use single quotes to avoid confusion with the
@@ -255,15 +264,15 @@ module Aws::SecretsManager
255
264
  # * Tag keys and values are case sensitive.
256
265
  #
257
266
  # * Do not use the `aws:` prefix in your tag names or values because
258
- # it is reserved for AWS use. You can't edit or delete tag names or
259
- # values with this prefix. Tags with this prefix do not count
267
+ # AWS reserves it for AWS use. You can't edit or delete tag names
268
+ # or values with this prefix. Tags with this prefix do not count
260
269
  # against your tags per secret limit.
261
270
  #
262
- # * If your tagging schema will be used across multiple services and
263
- # resources, remember that other services might have restrictions on
264
- # allowed characters. Generally allowed characters are: letters,
265
- # spaces, and numbers representable in UTF-8, plus the following
266
- # special characters: + - = . \_ : / @.
271
+ # * If you use your tagging schema across multiple services and
272
+ # resources, remember other services might have restrictions on
273
+ # allowed characters. Generally allowed characters: letters, spaces,
274
+ # and numbers representable in UTF-8, plus the following special
275
+ # characters: + - = . \_ : / @.
267
276
  #
268
277
  #
269
278
  #
@@ -280,6 +289,7 @@ module Aws::SecretsManager
280
289
  :secret_binary,
281
290
  :secret_string,
282
291
  :tags)
292
+ SENSITIVE = [:secret_binary, :secret_string]
283
293
  include Aws::Structure
284
294
  end
285
295
 
@@ -302,8 +312,8 @@ module Aws::SecretsManager
302
312
  # @return [String]
303
313
  #
304
314
  # @!attribute [rw] version_id
305
- # The unique identifier that's associated with the version of the
306
- # secret you just created.
315
+ # The unique identifier associated with the version of the secret you
316
+ # just created.
307
317
  # @return [String]
308
318
  #
309
319
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretResponse AWS API Documentation
@@ -312,6 +322,7 @@ module Aws::SecretsManager
312
322
  :arn,
313
323
  :name,
314
324
  :version_id)
325
+ SENSITIVE = []
315
326
  include Aws::Structure
316
327
  end
317
328
 
@@ -325,6 +336,7 @@ module Aws::SecretsManager
325
336
  #
326
337
  class DecryptionFailure < Struct.new(
327
338
  :message)
339
+ SENSITIVE = []
328
340
  include Aws::Structure
329
341
  end
330
342
 
@@ -351,9 +363,15 @@ module Aws::SecretsManager
351
363
  # partial ARN, then those characters cause Secrets Manager to assume
352
364
  # that you’re specifying a complete ARN. This confusion can cause
353
365
  # unexpected results. To avoid this situation, we recommend that you
354
- # don’t create secret names that end with a hyphen followed by six
366
+ # don’t create secret names ending with a hyphen followed by six
355
367
  # characters.
356
368
  #
369
+ # If you specify an incomplete ARN without the random suffix, and
370
+ # instead provide the 'friendly name', you *must* not include the
371
+ # random suffix. If you do include the random suffix added by Secrets
372
+ # Manager, you receive either a *ResourceNotFoundException* or an
373
+ # *AccessDeniedException* error, depending on your permissions.
374
+ #
357
375
  # </note>
358
376
  # @return [String]
359
377
  #
@@ -361,6 +379,7 @@ module Aws::SecretsManager
361
379
  #
362
380
  class DeleteResourcePolicyRequest < Struct.new(
363
381
  :secret_id)
382
+ SENSITIVE = []
364
383
  include Aws::Structure
365
384
  end
366
385
 
@@ -379,6 +398,7 @@ module Aws::SecretsManager
379
398
  class DeleteResourcePolicyResponse < Struct.new(
380
399
  :arn,
381
400
  :name)
401
+ SENSITIVE = []
382
402
  include Aws::Structure
383
403
  end
384
404
 
@@ -406,9 +426,15 @@ module Aws::SecretsManager
406
426
  # partial ARN, then those characters cause Secrets Manager to assume
407
427
  # that you’re specifying a complete ARN. This confusion can cause
408
428
  # unexpected results. To avoid this situation, we recommend that you
409
- # don’t create secret names that end with a hyphen followed by six
429
+ # don’t create secret names ending with a hyphen followed by six
410
430
  # characters.
411
431
  #
432
+ # If you specify an incomplete ARN without the random suffix, and
433
+ # instead provide the 'friendly name', you *must* not include the
434
+ # random suffix. If you do include the random suffix added by Secrets
435
+ # Manager, you receive either a *ResourceNotFoundException* or an
436
+ # *AccessDeniedException* error, depending on your permissions.
437
+ #
412
438
  # </note>
413
439
  # @return [String]
414
440
  #
@@ -445,6 +471,7 @@ module Aws::SecretsManager
445
471
  :secret_id,
446
472
  :recovery_window_in_days,
447
473
  :force_delete_without_recovery)
474
+ SENSITIVE = []
448
475
  include Aws::Structure
449
476
  end
450
477
 
@@ -469,6 +496,7 @@ module Aws::SecretsManager
469
496
  :arn,
470
497
  :name,
471
498
  :deletion_date)
499
+ SENSITIVE = []
472
500
  include Aws::Structure
473
501
  end
474
502
 
@@ -495,9 +523,15 @@ module Aws::SecretsManager
495
523
  # partial ARN, then those characters cause Secrets Manager to assume
496
524
  # that you’re specifying a complete ARN. This confusion can cause
497
525
  # unexpected results. To avoid this situation, we recommend that you
498
- # don’t create secret names that end with a hyphen followed by six
526
+ # don’t create secret names ending with a hyphen followed by six
499
527
  # characters.
500
528
  #
529
+ # If you specify an incomplete ARN without the random suffix, and
530
+ # instead provide the 'friendly name', you *must* not include the
531
+ # random suffix. If you do include the random suffix added by Secrets
532
+ # Manager, you receive either a *ResourceNotFoundException* or an
533
+ # *AccessDeniedException* error, depending on your permissions.
534
+ #
501
535
  # </note>
502
536
  # @return [String]
503
537
  #
@@ -505,6 +539,7 @@ module Aws::SecretsManager
505
539
  #
506
540
  class DescribeSecretRequest < Struct.new(
507
541
  :secret_id)
542
+ SENSITIVE = []
508
543
  include Aws::Structure
509
544
  end
510
545
 
@@ -596,6 +631,10 @@ module Aws::SecretsManager
596
631
  # Returns the name of the service that created this secret.
597
632
  # @return [String]
598
633
  #
634
+ # @!attribute [rw] created_date
635
+ # The date that the secret was created.
636
+ # @return [Time]
637
+ #
599
638
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretResponse AWS API Documentation
600
639
  #
601
640
  class DescribeSecretResponse < Struct.new(
@@ -612,7 +651,9 @@ module Aws::SecretsManager
612
651
  :deleted_date,
613
652
  :tags,
614
653
  :version_ids_to_stages,
615
- :owning_service)
654
+ :owning_service,
655
+ :created_date)
656
+ SENSITIVE = []
616
657
  include Aws::Structure
617
658
  end
618
659
 
@@ -632,6 +673,34 @@ module Aws::SecretsManager
632
673
  #
633
674
  class EncryptionFailure < Struct.new(
634
675
  :message)
676
+ SENSITIVE = []
677
+ include Aws::Structure
678
+ end
679
+
680
+ # Allows you to filter your list of secrets.
681
+ #
682
+ # @note When making an API call, you may pass Filter
683
+ # data as a hash:
684
+ #
685
+ # {
686
+ # key: "description", # accepts description, name, tag-key, tag-value, all
687
+ # values: ["FilterValueStringType"],
688
+ # }
689
+ #
690
+ # @!attribute [rw] key
691
+ # Filters your list of secrets by a specific key.
692
+ # @return [String]
693
+ #
694
+ # @!attribute [rw] values
695
+ # Filters your list of secrets by a specific value.
696
+ # @return [Array<String>]
697
+ #
698
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Filter AWS API Documentation
699
+ #
700
+ class Filter < Struct.new(
701
+ :key,
702
+ :values)
703
+ SENSITIVE = []
635
704
  include Aws::Structure
636
705
  end
637
706
 
@@ -715,6 +784,7 @@ module Aws::SecretsManager
715
784
  :exclude_lowercase,
716
785
  :include_space,
717
786
  :require_each_included_type)
787
+ SENSITIVE = []
718
788
  include Aws::Structure
719
789
  end
720
790
 
@@ -726,6 +796,7 @@ module Aws::SecretsManager
726
796
  #
727
797
  class GetRandomPasswordResponse < Struct.new(
728
798
  :random_password)
799
+ SENSITIVE = [:random_password]
729
800
  include Aws::Structure
730
801
  end
731
802
 
@@ -752,9 +823,15 @@ module Aws::SecretsManager
752
823
  # partial ARN, then those characters cause Secrets Manager to assume
753
824
  # that you’re specifying a complete ARN. This confusion can cause
754
825
  # unexpected results. To avoid this situation, we recommend that you
755
- # don’t create secret names that end with a hyphen followed by six
826
+ # don’t create secret names ending with a hyphen followed by six
756
827
  # characters.
757
828
  #
829
+ # If you specify an incomplete ARN without the random suffix, and
830
+ # instead provide the 'friendly name', you *must* not include the
831
+ # random suffix. If you do include the random suffix added by Secrets
832
+ # Manager, you receive either a *ResourceNotFoundException* or an
833
+ # *AccessDeniedException* error, depending on your permissions.
834
+ #
758
835
  # </note>
759
836
  # @return [String]
760
837
  #
@@ -762,6 +839,7 @@ module Aws::SecretsManager
762
839
  #
763
840
  class GetResourcePolicyRequest < Struct.new(
764
841
  :secret_id)
842
+ SENSITIVE = []
765
843
  include Aws::Structure
766
844
  end
767
845
 
@@ -795,6 +873,7 @@ module Aws::SecretsManager
795
873
  :arn,
796
874
  :name,
797
875
  :resource_policy)
876
+ SENSITIVE = []
798
877
  include Aws::Structure
799
878
  end
800
879
 
@@ -823,9 +902,15 @@ module Aws::SecretsManager
823
902
  # partial ARN, then those characters cause Secrets Manager to assume
824
903
  # that you’re specifying a complete ARN. This confusion can cause
825
904
  # unexpected results. To avoid this situation, we recommend that you
826
- # don’t create secret names that end with a hyphen followed by six
905
+ # don’t create secret names ending with a hyphen followed by six
827
906
  # characters.
828
907
  #
908
+ # If you specify an incomplete ARN without the random suffix, and
909
+ # instead provide the 'friendly name', you *must* not include the
910
+ # random suffix. If you do include the random suffix added by Secrets
911
+ # Manager, you receive either a *ResourceNotFoundException* or an
912
+ # *AccessDeniedException* error, depending on your permissions.
913
+ #
829
914
  # </note>
830
915
  # @return [String]
831
916
  #
@@ -862,6 +947,7 @@ module Aws::SecretsManager
862
947
  :secret_id,
863
948
  :version_id,
864
949
  :version_stage)
950
+ SENSITIVE = []
865
951
  include Aws::Structure
866
952
  end
867
953
 
@@ -930,6 +1016,7 @@ module Aws::SecretsManager
930
1016
  :secret_string,
931
1017
  :version_stages,
932
1018
  :created_date)
1019
+ SENSITIVE = [:secret_binary, :secret_string]
933
1020
  include Aws::Structure
934
1021
  end
935
1022
 
@@ -942,6 +1029,7 @@ module Aws::SecretsManager
942
1029
  #
943
1030
  class InternalServiceError < Struct.new(
944
1031
  :message)
1032
+ SENSITIVE = []
945
1033
  include Aws::Structure
946
1034
  end
947
1035
 
@@ -954,6 +1042,7 @@ module Aws::SecretsManager
954
1042
  #
955
1043
  class InvalidNextTokenException < Struct.new(
956
1044
  :message)
1045
+ SENSITIVE = []
957
1046
  include Aws::Structure
958
1047
  end
959
1048
 
@@ -966,6 +1055,7 @@ module Aws::SecretsManager
966
1055
  #
967
1056
  class InvalidParameterException < Struct.new(
968
1057
  :message)
1058
+ SENSITIVE = []
969
1059
  include Aws::Structure
970
1060
  end
971
1061
 
@@ -988,6 +1078,7 @@ module Aws::SecretsManager
988
1078
  #
989
1079
  class InvalidRequestException < Struct.new(
990
1080
  :message)
1081
+ SENSITIVE = []
991
1082
  include Aws::Structure
992
1083
  end
993
1084
 
@@ -1001,6 +1092,7 @@ module Aws::SecretsManager
1001
1092
  #
1002
1093
  class LimitExceededException < Struct.new(
1003
1094
  :message)
1095
+ SENSITIVE = []
1004
1096
  include Aws::Structure
1005
1097
  end
1006
1098
 
@@ -1030,15 +1122,21 @@ module Aws::SecretsManager
1030
1122
  # partial ARN, then those characters cause Secrets Manager to assume
1031
1123
  # that you’re specifying a complete ARN. This confusion can cause
1032
1124
  # unexpected results. To avoid this situation, we recommend that you
1033
- # don’t create secret names that end with a hyphen followed by six
1125
+ # don’t create secret names ending with a hyphen followed by six
1034
1126
  # characters.
1035
1127
  #
1128
+ # If you specify an incomplete ARN without the random suffix, and
1129
+ # instead provide the 'friendly name', you *must* not include the
1130
+ # random suffix. If you do include the random suffix added by Secrets
1131
+ # Manager, you receive either a *ResourceNotFoundException* or an
1132
+ # *AccessDeniedException* error, depending on your permissions.
1133
+ #
1036
1134
  # </note>
1037
1135
  # @return [String]
1038
1136
  #
1039
1137
  # @!attribute [rw] max_results
1040
- # (Optional) Limits the number of results that you want to include in
1041
- # the response. If you don't include this parameter, it defaults to a
1138
+ # (Optional) Limits the number of results you want to include in the
1139
+ # response. If you don't include this parameter, it defaults to a
1042
1140
  # value that's specific to the operation. If additional items exist
1043
1141
  # beyond the maximum you specify, the `NextToken` response element is
1044
1142
  # present and has a value (isn't null). Include that value as the
@@ -1051,10 +1149,10 @@ module Aws::SecretsManager
1051
1149
  #
1052
1150
  # @!attribute [rw] next_token
1053
1151
  # (Optional) Use this parameter in a request if you receive a
1054
- # `NextToken` response in a previous request that indicates that
1055
- # there's more output available. In a subsequent call, set it to the
1056
- # value of the previous call's `NextToken` response to indicate where
1057
- # the output should continue from.
1152
+ # `NextToken` response in a previous request indicating there's more
1153
+ # output available. In a subsequent call, set it to the value of the
1154
+ # previous call `NextToken` response to indicate where the output
1155
+ # should continue from.
1058
1156
  # @return [String]
1059
1157
  #
1060
1158
  # @!attribute [rw] include_deprecated
@@ -1071,6 +1169,7 @@ module Aws::SecretsManager
1071
1169
  :max_results,
1072
1170
  :next_token,
1073
1171
  :include_deprecated)
1172
+ SENSITIVE = []
1074
1173
  include Aws::Structure
1075
1174
  end
1076
1175
 
@@ -1081,10 +1180,10 @@ module Aws::SecretsManager
1081
1180
  #
1082
1181
  # @!attribute [rw] next_token
1083
1182
  # If present in the response, this value indicates that there's more
1084
- # output available than what's included in the current response. This
1085
- # can occur even when the response includes no values at all, such as
1086
- # when you ask for a filtered view of a very long list. Use this value
1087
- # in the `NextToken` request parameter in a subsequent call to the
1183
+ # output available than included in the current response. This can
1184
+ # occur even when the response includes no values at all, such as when
1185
+ # you ask for a filtered view of a very long list. Use this value in
1186
+ # the `NextToken` request parameter in a subsequent call to the
1088
1187
  # operation to continue processing and get the next part of the
1089
1188
  # output. You should repeat this until the `NextToken` response
1090
1189
  # element comes back empty (as `null`).
@@ -1115,6 +1214,7 @@ module Aws::SecretsManager
1115
1214
  :next_token,
1116
1215
  :arn,
1117
1216
  :name)
1217
+ SENSITIVE = []
1118
1218
  include Aws::Structure
1119
1219
  end
1120
1220
 
@@ -1124,11 +1224,18 @@ module Aws::SecretsManager
1124
1224
  # {
1125
1225
  # max_results: 1,
1126
1226
  # next_token: "NextTokenType",
1227
+ # filters: [
1228
+ # {
1229
+ # key: "description", # accepts description, name, tag-key, tag-value, all
1230
+ # values: ["FilterValueStringType"],
1231
+ # },
1232
+ # ],
1233
+ # sort_order: "asc", # accepts asc, desc
1127
1234
  # }
1128
1235
  #
1129
1236
  # @!attribute [rw] max_results
1130
- # (Optional) Limits the number of results that you want to include in
1131
- # the response. If you don't include this parameter, it defaults to a
1237
+ # (Optional) Limits the number of results you want to include in the
1238
+ # response. If you don't include this parameter, it defaults to a
1132
1239
  # value that's specific to the operation. If additional items exist
1133
1240
  # beyond the maximum you specify, the `NextToken` response element is
1134
1241
  # present and has a value (isn't null). Include that value as the
@@ -1141,17 +1248,28 @@ module Aws::SecretsManager
1141
1248
  #
1142
1249
  # @!attribute [rw] next_token
1143
1250
  # (Optional) Use this parameter in a request if you receive a
1144
- # `NextToken` response in a previous request that indicates that
1145
- # there's more output available. In a subsequent call, set it to the
1146
- # value of the previous call's `NextToken` response to indicate where
1147
- # the output should continue from.
1251
+ # `NextToken` response in a previous request indicating there's more
1252
+ # output available. In a subsequent call, set it to the value of the
1253
+ # previous call `NextToken` response to indicate where the output
1254
+ # should continue from.
1255
+ # @return [String]
1256
+ #
1257
+ # @!attribute [rw] filters
1258
+ # Lists the secret request filters.
1259
+ # @return [Array<Types::Filter>]
1260
+ #
1261
+ # @!attribute [rw] sort_order
1262
+ # Lists secrets in the requested order.
1148
1263
  # @return [String]
1149
1264
  #
1150
1265
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretsRequest AWS API Documentation
1151
1266
  #
1152
1267
  class ListSecretsRequest < Struct.new(
1153
1268
  :max_results,
1154
- :next_token)
1269
+ :next_token,
1270
+ :filters,
1271
+ :sort_order)
1272
+ SENSITIVE = []
1155
1273
  include Aws::Structure
1156
1274
  end
1157
1275
 
@@ -1161,10 +1279,10 @@ module Aws::SecretsManager
1161
1279
  #
1162
1280
  # @!attribute [rw] next_token
1163
1281
  # If present in the response, this value indicates that there's more
1164
- # output available than what's included in the current response. This
1165
- # can occur even when the response includes no values at all, such as
1166
- # when you ask for a filtered view of a very long list. Use this value
1167
- # in the `NextToken` request parameter in a subsequent call to the
1282
+ # output available than included in the current response. This can
1283
+ # occur even when the response includes no values at all, such as when
1284
+ # you ask for a filtered view of a very long list. Use this value in
1285
+ # the `NextToken` request parameter in a subsequent call to the
1168
1286
  # operation to continue processing and get the next part of the
1169
1287
  # output. You should repeat this until the `NextToken` response
1170
1288
  # element comes back empty (as `null`).
@@ -1175,6 +1293,7 @@ module Aws::SecretsManager
1175
1293
  class ListSecretsResponse < Struct.new(
1176
1294
  :secret_list,
1177
1295
  :next_token)
1296
+ SENSITIVE = []
1178
1297
  include Aws::Structure
1179
1298
  end
1180
1299
 
@@ -1187,6 +1306,7 @@ module Aws::SecretsManager
1187
1306
  #
1188
1307
  class MalformedPolicyDocumentException < Struct.new(
1189
1308
  :message)
1309
+ SENSITIVE = []
1190
1310
  include Aws::Structure
1191
1311
  end
1192
1312
 
@@ -1200,6 +1320,20 @@ module Aws::SecretsManager
1200
1320
  #
1201
1321
  class PreconditionNotMetException < Struct.new(
1202
1322
  :message)
1323
+ SENSITIVE = []
1324
+ include Aws::Structure
1325
+ end
1326
+
1327
+ # The resource policy did not prevent broad access to the secret.
1328
+ #
1329
+ # @!attribute [rw] message
1330
+ # @return [String]
1331
+ #
1332
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PublicPolicyException AWS API Documentation
1333
+ #
1334
+ class PublicPolicyException < Struct.new(
1335
+ :message)
1336
+ SENSITIVE = []
1203
1337
  include Aws::Structure
1204
1338
  end
1205
1339
 
@@ -1209,6 +1343,7 @@ module Aws::SecretsManager
1209
1343
  # {
1210
1344
  # secret_id: "SecretIdType", # required
1211
1345
  # resource_policy: "NonEmptyResourcePolicyType", # required
1346
+ # block_public_policy: false,
1212
1347
  # }
1213
1348
  #
1214
1349
  # @!attribute [rw] secret_id
@@ -1227,9 +1362,15 @@ module Aws::SecretsManager
1227
1362
  # partial ARN, then those characters cause Secrets Manager to assume
1228
1363
  # that you’re specifying a complete ARN. This confusion can cause
1229
1364
  # unexpected results. To avoid this situation, we recommend that you
1230
- # don’t create secret names that end with a hyphen followed by six
1365
+ # don’t create secret names ending with a hyphen followed by six
1231
1366
  # characters.
1232
1367
  #
1368
+ # If you specify an incomplete ARN without the random suffix, and
1369
+ # instead provide the 'friendly name', you *must* not include the
1370
+ # random suffix. If you do include the random suffix added by Secrets
1371
+ # Manager, you receive either a *ResourceNotFoundException* or an
1372
+ # *AccessDeniedException* error, depending on your permissions.
1373
+ #
1233
1374
  # </note>
1234
1375
  # @return [String]
1235
1376
  #
@@ -1246,22 +1387,28 @@ module Aws::SecretsManager
1246
1387
  # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
1247
1388
  # @return [String]
1248
1389
  #
1390
+ # @!attribute [rw] block_public_policy
1391
+ # Makes an optional API call to Zelkova to validate the Resource
1392
+ # Policy to prevent broad access to your secret.
1393
+ # @return [Boolean]
1394
+ #
1249
1395
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyRequest AWS API Documentation
1250
1396
  #
1251
1397
  class PutResourcePolicyRequest < Struct.new(
1252
1398
  :secret_id,
1253
- :resource_policy)
1399
+ :resource_policy,
1400
+ :block_public_policy)
1401
+ SENSITIVE = []
1254
1402
  include Aws::Structure
1255
1403
  end
1256
1404
 
1257
1405
  # @!attribute [rw] arn
1258
- # The ARN of the secret that the resource-based policy was retrieved
1259
- # for.
1406
+ # The ARN of the secret retrieved by the resource-based policy.
1260
1407
  # @return [String]
1261
1408
  #
1262
1409
  # @!attribute [rw] name
1263
- # The friendly name of the secret that the resource-based policy was
1264
- # retrieved for.
1410
+ # The friendly name of the secret that the retrieved by the
1411
+ # resource-based policy.
1265
1412
  # @return [String]
1266
1413
  #
1267
1414
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyResponse AWS API Documentation
@@ -1269,6 +1416,7 @@ module Aws::SecretsManager
1269
1416
  class PutResourcePolicyResponse < Struct.new(
1270
1417
  :arn,
1271
1418
  :name)
1419
+ SENSITIVE = []
1272
1420
  include Aws::Structure
1273
1421
  end
1274
1422
 
@@ -1299,9 +1447,15 @@ module Aws::SecretsManager
1299
1447
  # partial ARN, then those characters cause Secrets Manager to assume
1300
1448
  # that you’re specifying a complete ARN. This confusion can cause
1301
1449
  # unexpected results. To avoid this situation, we recommend that you
1302
- # don’t create secret names that end with a hyphen followed by six
1450
+ # don’t create secret names ending with a hyphen followed by six
1303
1451
  # characters.
1304
1452
  #
1453
+ # If you specify an incomplete ARN without the random suffix, and
1454
+ # instead provide the 'friendly name', you *must* not include the
1455
+ # random suffix. If you do include the random suffix added by Secrets
1456
+ # Manager, you receive either a *ResourceNotFoundException* or an
1457
+ # *AccessDeniedException* error, depending on your permissions.
1458
+ #
1305
1459
  # </note>
1306
1460
  # @return [String]
1307
1461
  #
@@ -1333,7 +1487,7 @@ module Aws::SecretsManager
1333
1487
  # the request then the request is ignored (the operation is
1334
1488
  # idempotent).
1335
1489
  #
1336
- # * If a version with this value already exists and that version's
1490
+ # * If a version with this value already exists and the version of the
1337
1491
  # `SecretString` and `SecretBinary` values are different from those
1338
1492
  # in the request then the request fails because you cannot modify an
1339
1493
  # existing secret version. You can only create new versions to store
@@ -1418,6 +1572,7 @@ module Aws::SecretsManager
1418
1572
  :secret_binary,
1419
1573
  :secret_string,
1420
1574
  :version_stages)
1575
+ SENSITIVE = [:secret_binary, :secret_string]
1421
1576
  include Aws::Structure
1422
1577
  end
1423
1578
 
@@ -1449,6 +1604,7 @@ module Aws::SecretsManager
1449
1604
  :name,
1450
1605
  :version_id,
1451
1606
  :version_stages)
1607
+ SENSITIVE = []
1452
1608
  include Aws::Structure
1453
1609
  end
1454
1610
 
@@ -1461,6 +1617,7 @@ module Aws::SecretsManager
1461
1617
  #
1462
1618
  class ResourceExistsException < Struct.new(
1463
1619
  :message)
1620
+ SENSITIVE = []
1464
1621
  include Aws::Structure
1465
1622
  end
1466
1623
 
@@ -1473,6 +1630,7 @@ module Aws::SecretsManager
1473
1630
  #
1474
1631
  class ResourceNotFoundException < Struct.new(
1475
1632
  :message)
1633
+ SENSITIVE = []
1476
1634
  include Aws::Structure
1477
1635
  end
1478
1636
 
@@ -1499,9 +1657,15 @@ module Aws::SecretsManager
1499
1657
  # partial ARN, then those characters cause Secrets Manager to assume
1500
1658
  # that you’re specifying a complete ARN. This confusion can cause
1501
1659
  # unexpected results. To avoid this situation, we recommend that you
1502
- # don’t create secret names that end with a hyphen followed by six
1660
+ # don’t create secret names ending with a hyphen followed by six
1503
1661
  # characters.
1504
1662
  #
1663
+ # If you specify an incomplete ARN without the random suffix, and
1664
+ # instead provide the 'friendly name', you *must* not include the
1665
+ # random suffix. If you do include the random suffix added by Secrets
1666
+ # Manager, you receive either a *ResourceNotFoundException* or an
1667
+ # *AccessDeniedException* error, depending on your permissions.
1668
+ #
1505
1669
  # </note>
1506
1670
  # @return [String]
1507
1671
  #
@@ -1509,6 +1673,7 @@ module Aws::SecretsManager
1509
1673
  #
1510
1674
  class RestoreSecretRequest < Struct.new(
1511
1675
  :secret_id)
1676
+ SENSITIVE = []
1512
1677
  include Aws::Structure
1513
1678
  end
1514
1679
 
@@ -1525,6 +1690,7 @@ module Aws::SecretsManager
1525
1690
  class RestoreSecretResponse < Struct.new(
1526
1691
  :arn,
1527
1692
  :name)
1693
+ SENSITIVE = []
1528
1694
  include Aws::Structure
1529
1695
  end
1530
1696
 
@@ -1555,9 +1721,15 @@ module Aws::SecretsManager
1555
1721
  # partial ARN, then those characters cause Secrets Manager to assume
1556
1722
  # that you’re specifying a complete ARN. This confusion can cause
1557
1723
  # unexpected results. To avoid this situation, we recommend that you
1558
- # don’t create secret names that end with a hyphen followed by six
1724
+ # don’t create secret names ending with a hyphen followed by six
1559
1725
  # characters.
1560
1726
  #
1727
+ # If you specify an incomplete ARN without the random suffix, and
1728
+ # instead provide the 'friendly name', you *must* not include the
1729
+ # random suffix. If you do include the random suffix added by Secrets
1730
+ # Manager, you receive either a *ResourceNotFoundException* or an
1731
+ # *AccessDeniedException* error, depending on your permissions.
1732
+ #
1561
1733
  # </note>
1562
1734
  # @return [String]
1563
1735
  #
@@ -1573,10 +1745,10 @@ module Aws::SecretsManager
1573
1745
  # generate a `ClientRequestToken` yourself for new versions and
1574
1746
  # include that value in the request.
1575
1747
  #
1576
- # You only need to specify your own value if you are implementing your
1577
- # own retry logic and want to ensure that a given secret is not
1578
- # created twice. We recommend that you generate a [UUID-type][1] value
1579
- # to ensure uniqueness within the specified secret.
1748
+ # You only need to specify your own value if you implement your own
1749
+ # retry logic and want to ensure that a given secret is not created
1750
+ # twice. We recommend that you generate a [UUID-type][1] value to
1751
+ # ensure uniqueness within the specified secret.
1580
1752
  #
1581
1753
  # Secrets Manager uses this value to prevent the accidental creation
1582
1754
  # of duplicate versions if there are failures and retries during the
@@ -1607,6 +1779,7 @@ module Aws::SecretsManager
1607
1779
  :client_request_token,
1608
1780
  :rotation_lambda_arn,
1609
1781
  :rotation_rules)
1782
+ SENSITIVE = []
1610
1783
  include Aws::Structure
1611
1784
  end
1612
1785
 
@@ -1629,6 +1802,7 @@ module Aws::SecretsManager
1629
1802
  :arn,
1630
1803
  :name,
1631
1804
  :version_id)
1805
+ SENSITIVE = []
1632
1806
  include Aws::Structure
1633
1807
  end
1634
1808
 
@@ -1658,6 +1832,7 @@ module Aws::SecretsManager
1658
1832
  #
1659
1833
  class RotationRulesType < Struct.new(
1660
1834
  :automatically_after_days)
1835
+ SENSITIVE = []
1661
1836
  include Aws::Structure
1662
1837
  end
1663
1838
 
@@ -1688,11 +1863,11 @@ module Aws::SecretsManager
1688
1863
  # @return [String]
1689
1864
  #
1690
1865
  # @!attribute [rw] kms_key_id
1691
- # The ARN or alias of the AWS KMS customer master key (CMK) that's
1692
- # used to encrypt the `SecretString` and `SecretBinary` fields in each
1693
- # version of the secret. If you don't provide a key, then Secrets
1694
- # Manager defaults to encrypting the secret fields with the default
1695
- # KMS CMK (the one named `awssecretsmanager`) for this account.
1866
+ # The ARN or alias of the AWS KMS customer master key (CMK) used to
1867
+ # encrypt the `SecretString` and `SecretBinary` fields in each version
1868
+ # of the secret. If you don't provide a key, then Secrets Manager
1869
+ # defaults to encrypting the secret fields with the default KMS CMK,
1870
+ # the key named `awssecretsmanager`, for this account.
1696
1871
  # @return [String]
1697
1872
  #
1698
1873
  # @!attribute [rw] rotation_enabled
@@ -1701,9 +1876,9 @@ module Aws::SecretsManager
1701
1876
  # @return [Boolean]
1702
1877
  #
1703
1878
  # @!attribute [rw] rotation_lambda_arn
1704
- # The ARN of an AWS Lambda function that's invoked by Secrets Manager
1705
- # to rotate and expire the secret either automatically per the
1706
- # schedule or manually by a call to RotateSecret.
1879
+ # The ARN of an AWS Lambda function invoked by Secrets Manager to
1880
+ # rotate and expire the secret either automatically per the schedule
1881
+ # or manually by a call to RotateSecret.
1707
1882
  # @return [String]
1708
1883
  #
1709
1884
  # @!attribute [rw] rotation_rules
@@ -1726,21 +1901,21 @@ module Aws::SecretsManager
1726
1901
  # @return [Time]
1727
1902
  #
1728
1903
  # @!attribute [rw] deleted_date
1729
- # The date and time on which this secret was deleted. Not present on
1730
- # active secrets. The secret can be recovered until the number of days
1731
- # in the recovery window has passed, as specified in the
1904
+ # The date and time the deletion of the secret occurred. Not present
1905
+ # on active secrets. The secret can be recovered until the number of
1906
+ # days in the recovery window has passed, as specified in the
1732
1907
  # `RecoveryWindowInDays` parameter of the DeleteSecret operation.
1733
1908
  # @return [Time]
1734
1909
  #
1735
1910
  # @!attribute [rw] tags
1736
- # The list of user-defined tags that are associated with the secret.
1737
- # To add tags to a secret, use TagResource. To remove tags, use
1911
+ # The list of user-defined tags associated with the secret. To add
1912
+ # tags to a secret, use TagResource. To remove tags, use
1738
1913
  # UntagResource.
1739
1914
  # @return [Array<Types::Tag>]
1740
1915
  #
1741
1916
  # @!attribute [rw] secret_versions_to_stages
1742
1917
  # A list of all of the currently assigned `SecretVersionStage` staging
1743
- # labels and the `SecretVersionId` that each is attached to. Staging
1918
+ # labels and the `SecretVersionId` attached to each one. Staging
1744
1919
  # labels are used to keep track of the different versions during the
1745
1920
  # rotation process.
1746
1921
  #
@@ -1755,6 +1930,10 @@ module Aws::SecretsManager
1755
1930
  # Returns the name of the service that created the secret.
1756
1931
  # @return [String]
1757
1932
  #
1933
+ # @!attribute [rw] created_date
1934
+ # The date and time when a secret was created.
1935
+ # @return [Time]
1936
+ #
1758
1937
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretListEntry AWS API Documentation
1759
1938
  #
1760
1939
  class SecretListEntry < Struct.new(
@@ -1771,7 +1950,9 @@ module Aws::SecretsManager
1771
1950
  :deleted_date,
1772
1951
  :tags,
1773
1952
  :secret_versions_to_stages,
1774
- :owning_service)
1953
+ :owning_service,
1954
+ :created_date)
1955
+ SENSITIVE = []
1775
1956
  include Aws::Structure
1776
1957
  end
1777
1958
 
@@ -1803,6 +1984,7 @@ module Aws::SecretsManager
1803
1984
  :version_stages,
1804
1985
  :last_accessed_date,
1805
1986
  :created_date)
1987
+ SENSITIVE = []
1806
1988
  include Aws::Structure
1807
1989
  end
1808
1990
 
@@ -1821,7 +2003,7 @@ module Aws::SecretsManager
1821
2003
  # @return [String]
1822
2004
  #
1823
2005
  # @!attribute [rw] value
1824
- # The string value that's associated with the key of the tag.
2006
+ # The string value associated with the key of the tag.
1825
2007
  # @return [String]
1826
2008
  #
1827
2009
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Tag AWS API Documentation
@@ -1829,6 +2011,7 @@ module Aws::SecretsManager
1829
2011
  class Tag < Struct.new(
1830
2012
  :key,
1831
2013
  :value)
2014
+ SENSITIVE = []
1832
2015
  include Aws::Structure
1833
2016
  end
1834
2017
 
@@ -1861,9 +2044,15 @@ module Aws::SecretsManager
1861
2044
  # partial ARN, then those characters cause Secrets Manager to assume
1862
2045
  # that you’re specifying a complete ARN. This confusion can cause
1863
2046
  # unexpected results. To avoid this situation, we recommend that you
1864
- # don’t create secret names that end with a hyphen followed by six
2047
+ # don’t create secret names ending with a hyphen followed by six
1865
2048
  # characters.
1866
2049
  #
2050
+ # If you specify an incomplete ARN without the random suffix, and
2051
+ # instead provide the 'friendly name', you *must* not include the
2052
+ # random suffix. If you do include the random suffix added by Secrets
2053
+ # Manager, you receive either a *ResourceNotFoundException* or an
2054
+ # *AccessDeniedException* error, depending on your permissions.
2055
+ #
1867
2056
  # </note>
1868
2057
  # @return [String]
1869
2058
  #
@@ -1888,6 +2077,7 @@ module Aws::SecretsManager
1888
2077
  class TagResourceRequest < Struct.new(
1889
2078
  :secret_id,
1890
2079
  :tags)
2080
+ SENSITIVE = []
1891
2081
  include Aws::Structure
1892
2082
  end
1893
2083
 
@@ -1915,9 +2105,15 @@ module Aws::SecretsManager
1915
2105
  # partial ARN, then those characters cause Secrets Manager to assume
1916
2106
  # that you’re specifying a complete ARN. This confusion can cause
1917
2107
  # unexpected results. To avoid this situation, we recommend that you
1918
- # don’t create secret names that end with a hyphen followed by six
2108
+ # don’t create secret names ending with a hyphen followed by six
1919
2109
  # characters.
1920
2110
  #
2111
+ # If you specify an incomplete ARN without the random suffix, and
2112
+ # instead provide the 'friendly name', you *must* not include the
2113
+ # random suffix. If you do include the random suffix added by Secrets
2114
+ # Manager, you receive either a *ResourceNotFoundException* or an
2115
+ # *AccessDeniedException* error, depending on your permissions.
2116
+ #
1921
2117
  # </note>
1922
2118
  # @return [String]
1923
2119
  #
@@ -1941,6 +2137,7 @@ module Aws::SecretsManager
1941
2137
  class UntagResourceRequest < Struct.new(
1942
2138
  :secret_id,
1943
2139
  :tag_keys)
2140
+ SENSITIVE = []
1944
2141
  include Aws::Structure
1945
2142
  end
1946
2143
 
@@ -1972,9 +2169,15 @@ module Aws::SecretsManager
1972
2169
  # partial ARN, then those characters cause Secrets Manager to assume
1973
2170
  # that you’re specifying a complete ARN. This confusion can cause
1974
2171
  # unexpected results. To avoid this situation, we recommend that you
1975
- # don’t create secret names that end with a hyphen followed by six
2172
+ # don’t create secret names ending with a hyphen followed by six
1976
2173
  # characters.
1977
2174
  #
2175
+ # If you specify an incomplete ARN without the random suffix, and
2176
+ # instead provide the 'friendly name', you *must* not include the
2177
+ # random suffix. If you do include the random suffix added by Secrets
2178
+ # Manager, you receive either a *ResourceNotFoundException* or an
2179
+ # *AccessDeniedException* error, depending on your permissions.
2180
+ #
1978
2181
  # </note>
1979
2182
  # @return [String]
1980
2183
  #
@@ -2096,6 +2299,7 @@ module Aws::SecretsManager
2096
2299
  :kms_key_id,
2097
2300
  :secret_binary,
2098
2301
  :secret_string)
2302
+ SENSITIVE = [:secret_binary, :secret_string]
2099
2303
  include Aws::Structure
2100
2304
  end
2101
2305
 
@@ -2128,6 +2332,7 @@ module Aws::SecretsManager
2128
2332
  :arn,
2129
2333
  :name,
2130
2334
  :version_id)
2335
+ SENSITIVE = []
2131
2336
  include Aws::Structure
2132
2337
  end
2133
2338
 
@@ -2142,9 +2347,9 @@ module Aws::SecretsManager
2142
2347
  # }
2143
2348
  #
2144
2349
  # @!attribute [rw] secret_id
2145
- # Specifies the secret with the version whose list of staging labels
2146
- # you want to modify. You can specify either the Amazon Resource Name
2147
- # (ARN) or the friendly name of the secret.
2350
+ # Specifies the secret with the version with the list of staging
2351
+ # labels you want to modify. You can specify either the Amazon
2352
+ # Resource Name (ARN) or the friendly name of the secret.
2148
2353
  #
2149
2354
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2150
2355
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -2157,9 +2362,15 @@ module Aws::SecretsManager
2157
2362
  # partial ARN, then those characters cause Secrets Manager to assume
2158
2363
  # that you’re specifying a complete ARN. This confusion can cause
2159
2364
  # unexpected results. To avoid this situation, we recommend that you
2160
- # don’t create secret names that end with a hyphen followed by six
2365
+ # don’t create secret names ending with a hyphen followed by six
2161
2366
  # characters.
2162
2367
  #
2368
+ # If you specify an incomplete ARN without the random suffix, and
2369
+ # instead provide the 'friendly name', you *must* not include the
2370
+ # random suffix. If you do include the random suffix added by Secrets
2371
+ # Manager, you receive either a *ResourceNotFoundException* or an
2372
+ # *AccessDeniedException* error, depending on your permissions.
2373
+ #
2163
2374
  # </note>
2164
2375
  # @return [String]
2165
2376
  #
@@ -2179,7 +2390,7 @@ module Aws::SecretsManager
2179
2390
  #
2180
2391
  # @!attribute [rw] move_to_version_id
2181
2392
  # (Optional) The secret version ID that you want to add the staging
2182
- # label to. If you want to remove a label from a version, then do not
2393
+ # label. If you want to remove a label from a version, then do not
2183
2394
  # specify this parameter.
2184
2395
  #
2185
2396
  # If the staging label is already attached to a different version of
@@ -2194,16 +2405,16 @@ module Aws::SecretsManager
2194
2405
  :version_stage,
2195
2406
  :remove_from_version_id,
2196
2407
  :move_to_version_id)
2408
+ SENSITIVE = []
2197
2409
  include Aws::Structure
2198
2410
  end
2199
2411
 
2200
2412
  # @!attribute [rw] arn
2201
- # The ARN of the secret with the staging label that was modified.
2413
+ # The ARN of the secret with the modified staging label.
2202
2414
  # @return [String]
2203
2415
  #
2204
2416
  # @!attribute [rw] name
2205
- # The friendly name of the secret with the staging label that was
2206
- # modified.
2417
+ # The friendly name of the secret with the modified staging label.
2207
2418
  # @return [String]
2208
2419
  #
2209
2420
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageResponse AWS API Documentation
@@ -2211,6 +2422,95 @@ module Aws::SecretsManager
2211
2422
  class UpdateSecretVersionStageResponse < Struct.new(
2212
2423
  :arn,
2213
2424
  :name)
2425
+ SENSITIVE = []
2426
+ include Aws::Structure
2427
+ end
2428
+
2429
+ # @note When making an API call, you may pass ValidateResourcePolicyRequest
2430
+ # data as a hash:
2431
+ #
2432
+ # {
2433
+ # secret_id: "SecretIdType",
2434
+ # resource_policy: "NonEmptyResourcePolicyType", # required
2435
+ # }
2436
+ #
2437
+ # @!attribute [rw] secret_id
2438
+ # The identifier for the secret that you want to validate a resource
2439
+ # policy. You can specify either the Amazon Resource Name (ARN) or the
2440
+ # friendly name of the secret.
2441
+ #
2442
+ # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2443
+ # complete ARN. You can specify a partial ARN too—for example, if you
2444
+ # don’t include the final hyphen and six random characters that
2445
+ # Secrets Manager adds at the end of the ARN when you created the
2446
+ # secret. A partial ARN match can work as long as it uniquely matches
2447
+ # only one secret. However, if your secret has a name that ends in a
2448
+ # hyphen followed by six characters (before Secrets Manager adds the
2449
+ # hyphen and six characters to the ARN) and you try to use that as a
2450
+ # partial ARN, then those characters cause Secrets Manager to assume
2451
+ # that you’re specifying a complete ARN. This confusion can cause
2452
+ # unexpected results. To avoid this situation, we recommend that you
2453
+ # don’t create secret names ending with a hyphen followed by six
2454
+ # characters.
2455
+ #
2456
+ # If you specify an incomplete ARN without the random suffix, and
2457
+ # instead provide the 'friendly name', you *must* not include the
2458
+ # random suffix. If you do include the random suffix added by Secrets
2459
+ # Manager, you receive either a *ResourceNotFoundException* or an
2460
+ # *AccessDeniedException* error, depending on your permissions.
2461
+ #
2462
+ # </note>
2463
+ # @return [String]
2464
+ #
2465
+ # @!attribute [rw] resource_policy
2466
+ # Identifies the Resource Policy attached to the secret.
2467
+ # @return [String]
2468
+ #
2469
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicyRequest AWS API Documentation
2470
+ #
2471
+ class ValidateResourcePolicyRequest < Struct.new(
2472
+ :secret_id,
2473
+ :resource_policy)
2474
+ SENSITIVE = []
2475
+ include Aws::Structure
2476
+ end
2477
+
2478
+ # @!attribute [rw] policy_validation_passed
2479
+ # Returns a message stating that your Reource Policy passed
2480
+ # validation.
2481
+ # @return [Boolean]
2482
+ #
2483
+ # @!attribute [rw] validation_errors
2484
+ # Returns an error message if your policy doesn't pass validatation.
2485
+ # @return [Array<Types::ValidationErrorsEntry>]
2486
+ #
2487
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicyResponse AWS API Documentation
2488
+ #
2489
+ class ValidateResourcePolicyResponse < Struct.new(
2490
+ :policy_validation_passed,
2491
+ :validation_errors)
2492
+ SENSITIVE = []
2493
+ include Aws::Structure
2494
+ end
2495
+
2496
+ # Displays errors that occurred during validation of the resource
2497
+ # policy.
2498
+ #
2499
+ # @!attribute [rw] check_name
2500
+ # Checks the name of the policy.
2501
+ # @return [String]
2502
+ #
2503
+ # @!attribute [rw] error_message
2504
+ # Displays error messages if validation encounters problems during
2505
+ # validation of the resource policy.
2506
+ # @return [String]
2507
+ #
2508
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidationErrorsEntry AWS API Documentation
2509
+ #
2510
+ class ValidationErrorsEntry < Struct.new(
2511
+ :check_name,
2512
+ :error_message)
2513
+ SENSITIVE = []
2214
2514
  include Aws::Structure
2215
2515
  end
2216
2516