aws-sdk-secretsmanager 1.37.1 → 1.42.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -36,6 +38,11 @@ module Aws::SecretsManager
36
38
  ExcludeNumbersType = Shapes::BooleanShape.new(name: 'ExcludeNumbersType')
37
39
  ExcludePunctuationType = Shapes::BooleanShape.new(name: 'ExcludePunctuationType')
38
40
  ExcludeUppercaseType = Shapes::BooleanShape.new(name: 'ExcludeUppercaseType')
41
+ Filter = Shapes::StructureShape.new(name: 'Filter')
42
+ FilterNameStringType = Shapes::StringShape.new(name: 'FilterNameStringType')
43
+ FilterValueStringType = Shapes::StringShape.new(name: 'FilterValueStringType')
44
+ FilterValuesStringList = Shapes::ListShape.new(name: 'FilterValuesStringList')
45
+ FiltersListType = Shapes::ListShape.new(name: 'FiltersListType')
39
46
  GetRandomPasswordRequest = Shapes::StructureShape.new(name: 'GetRandomPasswordRequest')
40
47
  GetRandomPasswordResponse = Shapes::StructureShape.new(name: 'GetRandomPasswordResponse')
41
48
  GetResourcePolicyRequest = Shapes::StructureShape.new(name: 'GetResourcePolicyRequest')
@@ -64,6 +71,7 @@ module Aws::SecretsManager
64
71
  OwningServiceType = Shapes::StringShape.new(name: 'OwningServiceType')
65
72
  PasswordLengthType = Shapes::IntegerShape.new(name: 'PasswordLengthType')
66
73
  PreconditionNotMetException = Shapes::StructureShape.new(name: 'PreconditionNotMetException')
74
+ PublicPolicyException = Shapes::StructureShape.new(name: 'PublicPolicyException')
67
75
  PutResourcePolicyRequest = Shapes::StructureShape.new(name: 'PutResourcePolicyRequest')
68
76
  PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse')
69
77
  PutSecretValueRequest = Shapes::StructureShape.new(name: 'PutSecretValueRequest')
@@ -93,17 +101,23 @@ module Aws::SecretsManager
93
101
  SecretVersionsListEntry = Shapes::StructureShape.new(name: 'SecretVersionsListEntry')
94
102
  SecretVersionsListType = Shapes::ListShape.new(name: 'SecretVersionsListType')
95
103
  SecretVersionsToStagesMapType = Shapes::MapShape.new(name: 'SecretVersionsToStagesMapType')
104
+ SortOrderType = Shapes::StringShape.new(name: 'SortOrderType')
96
105
  Tag = Shapes::StructureShape.new(name: 'Tag')
97
106
  TagKeyListType = Shapes::ListShape.new(name: 'TagKeyListType')
98
107
  TagKeyType = Shapes::StringShape.new(name: 'TagKeyType')
99
108
  TagListType = Shapes::ListShape.new(name: 'TagListType')
100
109
  TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
101
110
  TagValueType = Shapes::StringShape.new(name: 'TagValueType')
111
+ TimestampType = Shapes::TimestampShape.new(name: 'TimestampType')
102
112
  UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
103
113
  UpdateSecretRequest = Shapes::StructureShape.new(name: 'UpdateSecretRequest')
104
114
  UpdateSecretResponse = Shapes::StructureShape.new(name: 'UpdateSecretResponse')
105
115
  UpdateSecretVersionStageRequest = Shapes::StructureShape.new(name: 'UpdateSecretVersionStageRequest')
106
116
  UpdateSecretVersionStageResponse = Shapes::StructureShape.new(name: 'UpdateSecretVersionStageResponse')
117
+ ValidateResourcePolicyRequest = Shapes::StructureShape.new(name: 'ValidateResourcePolicyRequest')
118
+ ValidateResourcePolicyResponse = Shapes::StructureShape.new(name: 'ValidateResourcePolicyResponse')
119
+ ValidationErrorsEntry = Shapes::StructureShape.new(name: 'ValidationErrorsEntry')
120
+ ValidationErrorsType = Shapes::ListShape.new(name: 'ValidationErrorsType')
107
121
 
108
122
  CancelRotateSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
109
123
  CancelRotateSecretRequest.struct_class = Types::CancelRotateSecretRequest
@@ -164,11 +178,20 @@ module Aws::SecretsManager
164
178
  DescribeSecretResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagListType, location_name: "Tags"))
165
179
  DescribeSecretResponse.add_member(:version_ids_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "VersionIdsToStages"))
166
180
  DescribeSecretResponse.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
181
+ DescribeSecretResponse.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
167
182
  DescribeSecretResponse.struct_class = Types::DescribeSecretResponse
168
183
 
169
184
  EncryptionFailure.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
170
185
  EncryptionFailure.struct_class = Types::EncryptionFailure
171
186
 
187
+ Filter.add_member(:key, Shapes::ShapeRef.new(shape: FilterNameStringType, location_name: "Key"))
188
+ Filter.add_member(:values, Shapes::ShapeRef.new(shape: FilterValuesStringList, location_name: "Values"))
189
+ Filter.struct_class = Types::Filter
190
+
191
+ FilterValuesStringList.member = Shapes::ShapeRef.new(shape: FilterValueStringType)
192
+
193
+ FiltersListType.member = Shapes::ShapeRef.new(shape: Filter)
194
+
172
195
  GetRandomPasswordRequest.add_member(:password_length, Shapes::ShapeRef.new(shape: PasswordLengthType, location_name: "PasswordLength", metadata: {"box"=>true}))
173
196
  GetRandomPasswordRequest.add_member(:exclude_characters, Shapes::ShapeRef.new(shape: ExcludeCharactersType, location_name: "ExcludeCharacters"))
174
197
  GetRandomPasswordRequest.add_member(:exclude_numbers, Shapes::ShapeRef.new(shape: ExcludeNumbersType, location_name: "ExcludeNumbers", metadata: {"box"=>true}))
@@ -233,6 +256,8 @@ module Aws::SecretsManager
233
256
 
234
257
  ListSecretsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResultsType, location_name: "MaxResults", metadata: {"box"=>true}))
235
258
  ListSecretsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "NextToken"))
259
+ ListSecretsRequest.add_member(:filters, Shapes::ShapeRef.new(shape: FiltersListType, location_name: "Filters"))
260
+ ListSecretsRequest.add_member(:sort_order, Shapes::ShapeRef.new(shape: SortOrderType, location_name: "SortOrder"))
236
261
  ListSecretsRequest.struct_class = Types::ListSecretsRequest
237
262
 
238
263
  ListSecretsResponse.add_member(:secret_list, Shapes::ShapeRef.new(shape: SecretListType, location_name: "SecretList"))
@@ -245,8 +270,12 @@ module Aws::SecretsManager
245
270
  PreconditionNotMetException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
246
271
  PreconditionNotMetException.struct_class = Types::PreconditionNotMetException
247
272
 
273
+ PublicPolicyException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
274
+ PublicPolicyException.struct_class = Types::PublicPolicyException
275
+
248
276
  PutResourcePolicyRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
249
277
  PutResourcePolicyRequest.add_member(:resource_policy, Shapes::ShapeRef.new(shape: NonEmptyResourcePolicyType, required: true, location_name: "ResourcePolicy"))
278
+ PutResourcePolicyRequest.add_member(:block_public_policy, Shapes::ShapeRef.new(shape: BooleanType, location_name: "BlockPublicPolicy", metadata: {"box"=>true}))
250
279
  PutResourcePolicyRequest.struct_class = Types::PutResourcePolicyRequest
251
280
 
252
281
  PutResourcePolicyResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -307,6 +336,7 @@ module Aws::SecretsManager
307
336
  SecretListEntry.add_member(:tags, Shapes::ShapeRef.new(shape: TagListType, location_name: "Tags"))
308
337
  SecretListEntry.add_member(:secret_versions_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "SecretVersionsToStages"))
309
338
  SecretListEntry.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
339
+ SecretListEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
310
340
  SecretListEntry.struct_class = Types::SecretListEntry
311
341
 
312
342
  SecretListType.member = Shapes::ShapeRef.new(shape: SecretListEntry)
@@ -363,6 +393,20 @@ module Aws::SecretsManager
363
393
  UpdateSecretVersionStageResponse.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
364
394
  UpdateSecretVersionStageResponse.struct_class = Types::UpdateSecretVersionStageResponse
365
395
 
396
+ ValidateResourcePolicyRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, location_name: "SecretId"))
397
+ ValidateResourcePolicyRequest.add_member(:resource_policy, Shapes::ShapeRef.new(shape: NonEmptyResourcePolicyType, required: true, location_name: "ResourcePolicy"))
398
+ ValidateResourcePolicyRequest.struct_class = Types::ValidateResourcePolicyRequest
399
+
400
+ ValidateResourcePolicyResponse.add_member(:policy_validation_passed, Shapes::ShapeRef.new(shape: BooleanType, location_name: "PolicyValidationPassed"))
401
+ ValidateResourcePolicyResponse.add_member(:validation_errors, Shapes::ShapeRef.new(shape: ValidationErrorsType, location_name: "ValidationErrors"))
402
+ ValidateResourcePolicyResponse.struct_class = Types::ValidateResourcePolicyResponse
403
+
404
+ ValidationErrorsEntry.add_member(:check_name, Shapes::ShapeRef.new(shape: NameType, location_name: "CheckName"))
405
+ ValidationErrorsEntry.add_member(:error_message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "ErrorMessage"))
406
+ ValidationErrorsEntry.struct_class = Types::ValidationErrorsEntry
407
+
408
+ ValidationErrorsType.member = Shapes::ShapeRef.new(shape: ValidationErrorsEntry)
409
+
366
410
 
367
411
  # @api private
368
412
  API = Seahorse::Model::Api.new.tap do |api|
@@ -524,6 +568,7 @@ module Aws::SecretsManager
524
568
  o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
525
569
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
526
570
  o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
571
+ o.errors << Shapes::ShapeRef.new(shape: PublicPolicyException)
527
572
  end)
528
573
 
529
574
  api.add_operation(:put_secret_value, Seahorse::Model::Operation.new.tap do |o|
@@ -618,6 +663,19 @@ module Aws::SecretsManager
618
663
  o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
619
664
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
620
665
  end)
666
+
667
+ api.add_operation(:validate_resource_policy, Seahorse::Model::Operation.new.tap do |o|
668
+ o.name = "ValidateResourcePolicy"
669
+ o.http_method = "POST"
670
+ o.http_request_uri = "/"
671
+ o.input = Shapes::ShapeRef.new(shape: ValidateResourcePolicyRequest)
672
+ o.output = Shapes::ShapeRef.new(shape: ValidateResourcePolicyResponse)
673
+ o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
674
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
675
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
676
+ o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
677
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
678
+ end)
621
679
  end
622
680
 
623
681
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -34,6 +36,7 @@ module Aws::SecretsManager
34
36
  # * {LimitExceededException}
35
37
  # * {MalformedPolicyDocumentException}
36
38
  # * {PreconditionNotMetException}
39
+ # * {PublicPolicyException}
37
40
  # * {ResourceExistsException}
38
41
  # * {ResourceNotFoundException}
39
42
  #
@@ -178,6 +181,21 @@ module Aws::SecretsManager
178
181
  end
179
182
  end
180
183
 
184
+ class PublicPolicyException < ServiceError
185
+
186
+ # @param [Seahorse::Client::RequestContext] context
187
+ # @param [String] message
188
+ # @param [Aws::SecretsManager::Types::PublicPolicyException] data
189
+ def initialize(context, message, data = Aws::EmptyStructure.new)
190
+ super(context, message, data)
191
+ end
192
+
193
+ # @return [String]
194
+ def message
195
+ @message || @data[:message]
196
+ end
197
+ end
198
+
181
199
  class ResourceExistsException < ServiceError
182
200
 
183
201
  # @param [Seahorse::Client::RequestContext] context
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -16,9 +18,9 @@ module Aws::SecretsManager
16
18
  # }
17
19
  #
18
20
  # @!attribute [rw] secret_id
19
- # Specifies the secret for which you want to cancel a rotation
20
- # request. You can specify either the Amazon Resource Name (ARN) or
21
- # the friendly name of the secret.
21
+ # Specifies the secret to cancel a rotation request. You can specify
22
+ # either the Amazon Resource Name (ARN) or the friendly name of the
23
+ # secret.
22
24
  #
23
25
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
24
26
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -31,9 +33,15 @@ module Aws::SecretsManager
31
33
  # partial ARN, then those characters cause Secrets Manager to assume
32
34
  # that you’re specifying a complete ARN. This confusion can cause
33
35
  # unexpected results. To avoid this situation, we recommend that you
34
- # don’t create secret names that end with a hyphen followed by six
36
+ # don’t create secret names ending with a hyphen followed by six
35
37
  # characters.
36
38
  #
39
+ # If you specify an incomplete ARN without the random suffix, and
40
+ # instead provide the 'friendly name', you *must* not include the
41
+ # random suffix. If you do include the random suffix added by Secrets
42
+ # Manager, you receive either a *ResourceNotFoundException* or an
43
+ # *AccessDeniedException* error, depending on your permissions.
44
+ #
37
45
  # </note>
38
46
  # @return [String]
39
47
  #
@@ -41,6 +49,7 @@ module Aws::SecretsManager
41
49
  #
42
50
  class CancelRotateSecretRequest < Struct.new(
43
51
  :secret_id)
52
+ SENSITIVE = []
44
53
  include Aws::Structure
45
54
  end
46
55
 
@@ -53,9 +62,9 @@ module Aws::SecretsManager
53
62
  # @return [String]
54
63
  #
55
64
  # @!attribute [rw] version_id
56
- # The unique identifier of the version of the secret that was created
57
- # during the rotation. This version might not be complete, and should
58
- # be evaluated for possible deletion. At the very least, you should
65
+ # The unique identifier of the version of the secret created during
66
+ # the rotation. This version might not be complete, and should be
67
+ # evaluated for possible deletion. At the very least, you should
59
68
  # remove the `VersionStage` value `AWSPENDING` to enable this version
60
69
  # to be deleted. Failing to clean up a cancelled rotation can block
61
70
  # you from successfully starting future rotations.
@@ -67,6 +76,7 @@ module Aws::SecretsManager
67
76
  :arn,
68
77
  :name,
69
78
  :version_id)
79
+ SENSITIVE = []
70
80
  include Aws::Structure
71
81
  end
72
82
 
@@ -94,11 +104,11 @@ module Aws::SecretsManager
94
104
  # The secret name must be ASCII letters, digits, or the following
95
105
  # characters : /\_+=.@-
96
106
  #
97
- # <note markdown="1"> Don't end your secret name with a hyphen followed by six
107
+ # <note markdown="1"> Do not end your secret name with a hyphen followed by six
98
108
  # characters. If you do so, you risk confusion and unexpected results
99
- # when searching for a secret by partial ARN. This is because Secrets
100
- # Manager automatically adds a hyphen and six random characters at the
101
- # end of the ARN.
109
+ # when searching for a secret by partial ARN. Secrets Manager
110
+ # automatically adds a hyphen and six random characters at the end of
111
+ # the ARN.
102
112
  #
103
113
  # </note>
104
114
  # @return [String]
@@ -114,7 +124,7 @@ module Aws::SecretsManager
114
124
  # in the request. If you don't use the SDK and instead generate a raw
115
125
  # HTTP request to the Secrets Manager service endpoint, then you must
116
126
  # generate a `ClientRequestToken` yourself for the new version and
117
- # include that value in the request.
127
+ # include the value in the request.
118
128
  #
119
129
  # </note>
120
130
  #
@@ -127,10 +137,9 @@ module Aws::SecretsManager
127
137
  # * If the `ClientRequestToken` value isn't already associated with a
128
138
  # version of the secret then a new version of the secret is created.
129
139
  #
130
- # * If a version with this value already exists and that version's
140
+ # * If a version with this value already exists and the version
131
141
  # `SecretString` and `SecretBinary` values are the same as those in
132
- # the request, then the request is ignored (the operation is
133
- # idempotent).
142
+ # the request, then the request is ignored.
134
143
  #
135
144
  # * If a version with this value already exists and that version's
136
145
  # `SecretString` and `SecretBinary` values are different from those
@@ -168,9 +177,9 @@ module Aws::SecretsManager
168
177
  # first time it needs to encrypt a version's `SecretString` or
169
178
  # `SecretBinary` fields.
170
179
  #
171
- # You can use the account's default CMK to encrypt and decrypt only
172
- # if you call this operation using credentials from the same account
173
- # that owns the secret. If the secret is in a different account, then
180
+ # You can use the account default CMK to encrypt and decrypt only if
181
+ # you call this operation using credentials from the same account that
182
+ # owns the secret. If the secret resides in a different account, then
174
183
  # you must create a custom CMK and specify the ARN in this field.
175
184
  # @return [String]
176
185
  #
@@ -207,7 +216,7 @@ module Aws::SecretsManager
207
216
  # environments, see [Using JSON for Parameters][1] in the *AWS CLI
208
217
  # User Guide*. For example:
209
218
  #
210
- # `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
219
+ # `\{"username":"bob","password":"abc123xyz456"\}`
211
220
  #
212
221
  # If your command-line tool or SDK requires quotation marks around the
213
222
  # parameter, you should use single quotes to avoid confusion with the
@@ -255,15 +264,15 @@ module Aws::SecretsManager
255
264
  # * Tag keys and values are case sensitive.
256
265
  #
257
266
  # * Do not use the `aws:` prefix in your tag names or values because
258
- # it is reserved for AWS use. You can't edit or delete tag names or
259
- # values with this prefix. Tags with this prefix do not count
267
+ # AWS reserves it for AWS use. You can't edit or delete tag names
268
+ # or values with this prefix. Tags with this prefix do not count
260
269
  # against your tags per secret limit.
261
270
  #
262
- # * If your tagging schema will be used across multiple services and
263
- # resources, remember that other services might have restrictions on
264
- # allowed characters. Generally allowed characters are: letters,
265
- # spaces, and numbers representable in UTF-8, plus the following
266
- # special characters: + - = . \_ : / @.
271
+ # * If you use your tagging schema across multiple services and
272
+ # resources, remember other services might have restrictions on
273
+ # allowed characters. Generally allowed characters: letters, spaces,
274
+ # and numbers representable in UTF-8, plus the following special
275
+ # characters: + - = . \_ : / @.
267
276
  #
268
277
  #
269
278
  #
@@ -280,6 +289,7 @@ module Aws::SecretsManager
280
289
  :secret_binary,
281
290
  :secret_string,
282
291
  :tags)
292
+ SENSITIVE = [:secret_binary, :secret_string]
283
293
  include Aws::Structure
284
294
  end
285
295
 
@@ -302,8 +312,8 @@ module Aws::SecretsManager
302
312
  # @return [String]
303
313
  #
304
314
  # @!attribute [rw] version_id
305
- # The unique identifier that's associated with the version of the
306
- # secret you just created.
315
+ # The unique identifier associated with the version of the secret you
316
+ # just created.
307
317
  # @return [String]
308
318
  #
309
319
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretResponse AWS API Documentation
@@ -312,6 +322,7 @@ module Aws::SecretsManager
312
322
  :arn,
313
323
  :name,
314
324
  :version_id)
325
+ SENSITIVE = []
315
326
  include Aws::Structure
316
327
  end
317
328
 
@@ -325,6 +336,7 @@ module Aws::SecretsManager
325
336
  #
326
337
  class DecryptionFailure < Struct.new(
327
338
  :message)
339
+ SENSITIVE = []
328
340
  include Aws::Structure
329
341
  end
330
342
 
@@ -351,9 +363,15 @@ module Aws::SecretsManager
351
363
  # partial ARN, then those characters cause Secrets Manager to assume
352
364
  # that you’re specifying a complete ARN. This confusion can cause
353
365
  # unexpected results. To avoid this situation, we recommend that you
354
- # don’t create secret names that end with a hyphen followed by six
366
+ # don’t create secret names ending with a hyphen followed by six
355
367
  # characters.
356
368
  #
369
+ # If you specify an incomplete ARN without the random suffix, and
370
+ # instead provide the 'friendly name', you *must* not include the
371
+ # random suffix. If you do include the random suffix added by Secrets
372
+ # Manager, you receive either a *ResourceNotFoundException* or an
373
+ # *AccessDeniedException* error, depending on your permissions.
374
+ #
357
375
  # </note>
358
376
  # @return [String]
359
377
  #
@@ -361,6 +379,7 @@ module Aws::SecretsManager
361
379
  #
362
380
  class DeleteResourcePolicyRequest < Struct.new(
363
381
  :secret_id)
382
+ SENSITIVE = []
364
383
  include Aws::Structure
365
384
  end
366
385
 
@@ -379,6 +398,7 @@ module Aws::SecretsManager
379
398
  class DeleteResourcePolicyResponse < Struct.new(
380
399
  :arn,
381
400
  :name)
401
+ SENSITIVE = []
382
402
  include Aws::Structure
383
403
  end
384
404
 
@@ -406,9 +426,15 @@ module Aws::SecretsManager
406
426
  # partial ARN, then those characters cause Secrets Manager to assume
407
427
  # that you’re specifying a complete ARN. This confusion can cause
408
428
  # unexpected results. To avoid this situation, we recommend that you
409
- # don’t create secret names that end with a hyphen followed by six
429
+ # don’t create secret names ending with a hyphen followed by six
410
430
  # characters.
411
431
  #
432
+ # If you specify an incomplete ARN without the random suffix, and
433
+ # instead provide the 'friendly name', you *must* not include the
434
+ # random suffix. If you do include the random suffix added by Secrets
435
+ # Manager, you receive either a *ResourceNotFoundException* or an
436
+ # *AccessDeniedException* error, depending on your permissions.
437
+ #
412
438
  # </note>
413
439
  # @return [String]
414
440
  #
@@ -445,6 +471,7 @@ module Aws::SecretsManager
445
471
  :secret_id,
446
472
  :recovery_window_in_days,
447
473
  :force_delete_without_recovery)
474
+ SENSITIVE = []
448
475
  include Aws::Structure
449
476
  end
450
477
 
@@ -469,6 +496,7 @@ module Aws::SecretsManager
469
496
  :arn,
470
497
  :name,
471
498
  :deletion_date)
499
+ SENSITIVE = []
472
500
  include Aws::Structure
473
501
  end
474
502
 
@@ -495,9 +523,15 @@ module Aws::SecretsManager
495
523
  # partial ARN, then those characters cause Secrets Manager to assume
496
524
  # that you’re specifying a complete ARN. This confusion can cause
497
525
  # unexpected results. To avoid this situation, we recommend that you
498
- # don’t create secret names that end with a hyphen followed by six
526
+ # don’t create secret names ending with a hyphen followed by six
499
527
  # characters.
500
528
  #
529
+ # If you specify an incomplete ARN without the random suffix, and
530
+ # instead provide the 'friendly name', you *must* not include the
531
+ # random suffix. If you do include the random suffix added by Secrets
532
+ # Manager, you receive either a *ResourceNotFoundException* or an
533
+ # *AccessDeniedException* error, depending on your permissions.
534
+ #
501
535
  # </note>
502
536
  # @return [String]
503
537
  #
@@ -505,6 +539,7 @@ module Aws::SecretsManager
505
539
  #
506
540
  class DescribeSecretRequest < Struct.new(
507
541
  :secret_id)
542
+ SENSITIVE = []
508
543
  include Aws::Structure
509
544
  end
510
545
 
@@ -596,6 +631,10 @@ module Aws::SecretsManager
596
631
  # Returns the name of the service that created this secret.
597
632
  # @return [String]
598
633
  #
634
+ # @!attribute [rw] created_date
635
+ # The date that the secret was created.
636
+ # @return [Time]
637
+ #
599
638
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretResponse AWS API Documentation
600
639
  #
601
640
  class DescribeSecretResponse < Struct.new(
@@ -612,7 +651,9 @@ module Aws::SecretsManager
612
651
  :deleted_date,
613
652
  :tags,
614
653
  :version_ids_to_stages,
615
- :owning_service)
654
+ :owning_service,
655
+ :created_date)
656
+ SENSITIVE = []
616
657
  include Aws::Structure
617
658
  end
618
659
 
@@ -632,6 +673,34 @@ module Aws::SecretsManager
632
673
  #
633
674
  class EncryptionFailure < Struct.new(
634
675
  :message)
676
+ SENSITIVE = []
677
+ include Aws::Structure
678
+ end
679
+
680
+ # Allows you to filter your list of secrets.
681
+ #
682
+ # @note When making an API call, you may pass Filter
683
+ # data as a hash:
684
+ #
685
+ # {
686
+ # key: "description", # accepts description, name, tag-key, tag-value, all
687
+ # values: ["FilterValueStringType"],
688
+ # }
689
+ #
690
+ # @!attribute [rw] key
691
+ # Filters your list of secrets by a specific key.
692
+ # @return [String]
693
+ #
694
+ # @!attribute [rw] values
695
+ # Filters your list of secrets by a specific value.
696
+ # @return [Array<String>]
697
+ #
698
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Filter AWS API Documentation
699
+ #
700
+ class Filter < Struct.new(
701
+ :key,
702
+ :values)
703
+ SENSITIVE = []
635
704
  include Aws::Structure
636
705
  end
637
706
 
@@ -715,6 +784,7 @@ module Aws::SecretsManager
715
784
  :exclude_lowercase,
716
785
  :include_space,
717
786
  :require_each_included_type)
787
+ SENSITIVE = []
718
788
  include Aws::Structure
719
789
  end
720
790
 
@@ -726,6 +796,7 @@ module Aws::SecretsManager
726
796
  #
727
797
  class GetRandomPasswordResponse < Struct.new(
728
798
  :random_password)
799
+ SENSITIVE = [:random_password]
729
800
  include Aws::Structure
730
801
  end
731
802
 
@@ -752,9 +823,15 @@ module Aws::SecretsManager
752
823
  # partial ARN, then those characters cause Secrets Manager to assume
753
824
  # that you’re specifying a complete ARN. This confusion can cause
754
825
  # unexpected results. To avoid this situation, we recommend that you
755
- # don’t create secret names that end with a hyphen followed by six
826
+ # don’t create secret names ending with a hyphen followed by six
756
827
  # characters.
757
828
  #
829
+ # If you specify an incomplete ARN without the random suffix, and
830
+ # instead provide the 'friendly name', you *must* not include the
831
+ # random suffix. If you do include the random suffix added by Secrets
832
+ # Manager, you receive either a *ResourceNotFoundException* or an
833
+ # *AccessDeniedException* error, depending on your permissions.
834
+ #
758
835
  # </note>
759
836
  # @return [String]
760
837
  #
@@ -762,6 +839,7 @@ module Aws::SecretsManager
762
839
  #
763
840
  class GetResourcePolicyRequest < Struct.new(
764
841
  :secret_id)
842
+ SENSITIVE = []
765
843
  include Aws::Structure
766
844
  end
767
845
 
@@ -795,6 +873,7 @@ module Aws::SecretsManager
795
873
  :arn,
796
874
  :name,
797
875
  :resource_policy)
876
+ SENSITIVE = []
798
877
  include Aws::Structure
799
878
  end
800
879
 
@@ -823,9 +902,15 @@ module Aws::SecretsManager
823
902
  # partial ARN, then those characters cause Secrets Manager to assume
824
903
  # that you’re specifying a complete ARN. This confusion can cause
825
904
  # unexpected results. To avoid this situation, we recommend that you
826
- # don’t create secret names that end with a hyphen followed by six
905
+ # don’t create secret names ending with a hyphen followed by six
827
906
  # characters.
828
907
  #
908
+ # If you specify an incomplete ARN without the random suffix, and
909
+ # instead provide the 'friendly name', you *must* not include the
910
+ # random suffix. If you do include the random suffix added by Secrets
911
+ # Manager, you receive either a *ResourceNotFoundException* or an
912
+ # *AccessDeniedException* error, depending on your permissions.
913
+ #
829
914
  # </note>
830
915
  # @return [String]
831
916
  #
@@ -862,6 +947,7 @@ module Aws::SecretsManager
862
947
  :secret_id,
863
948
  :version_id,
864
949
  :version_stage)
950
+ SENSITIVE = []
865
951
  include Aws::Structure
866
952
  end
867
953
 
@@ -930,6 +1016,7 @@ module Aws::SecretsManager
930
1016
  :secret_string,
931
1017
  :version_stages,
932
1018
  :created_date)
1019
+ SENSITIVE = [:secret_binary, :secret_string]
933
1020
  include Aws::Structure
934
1021
  end
935
1022
 
@@ -942,6 +1029,7 @@ module Aws::SecretsManager
942
1029
  #
943
1030
  class InternalServiceError < Struct.new(
944
1031
  :message)
1032
+ SENSITIVE = []
945
1033
  include Aws::Structure
946
1034
  end
947
1035
 
@@ -954,6 +1042,7 @@ module Aws::SecretsManager
954
1042
  #
955
1043
  class InvalidNextTokenException < Struct.new(
956
1044
  :message)
1045
+ SENSITIVE = []
957
1046
  include Aws::Structure
958
1047
  end
959
1048
 
@@ -966,6 +1055,7 @@ module Aws::SecretsManager
966
1055
  #
967
1056
  class InvalidParameterException < Struct.new(
968
1057
  :message)
1058
+ SENSITIVE = []
969
1059
  include Aws::Structure
970
1060
  end
971
1061
 
@@ -988,6 +1078,7 @@ module Aws::SecretsManager
988
1078
  #
989
1079
  class InvalidRequestException < Struct.new(
990
1080
  :message)
1081
+ SENSITIVE = []
991
1082
  include Aws::Structure
992
1083
  end
993
1084
 
@@ -1001,6 +1092,7 @@ module Aws::SecretsManager
1001
1092
  #
1002
1093
  class LimitExceededException < Struct.new(
1003
1094
  :message)
1095
+ SENSITIVE = []
1004
1096
  include Aws::Structure
1005
1097
  end
1006
1098
 
@@ -1030,15 +1122,21 @@ module Aws::SecretsManager
1030
1122
  # partial ARN, then those characters cause Secrets Manager to assume
1031
1123
  # that you’re specifying a complete ARN. This confusion can cause
1032
1124
  # unexpected results. To avoid this situation, we recommend that you
1033
- # don’t create secret names that end with a hyphen followed by six
1125
+ # don’t create secret names ending with a hyphen followed by six
1034
1126
  # characters.
1035
1127
  #
1128
+ # If you specify an incomplete ARN without the random suffix, and
1129
+ # instead provide the 'friendly name', you *must* not include the
1130
+ # random suffix. If you do include the random suffix added by Secrets
1131
+ # Manager, you receive either a *ResourceNotFoundException* or an
1132
+ # *AccessDeniedException* error, depending on your permissions.
1133
+ #
1036
1134
  # </note>
1037
1135
  # @return [String]
1038
1136
  #
1039
1137
  # @!attribute [rw] max_results
1040
- # (Optional) Limits the number of results that you want to include in
1041
- # the response. If you don't include this parameter, it defaults to a
1138
+ # (Optional) Limits the number of results you want to include in the
1139
+ # response. If you don't include this parameter, it defaults to a
1042
1140
  # value that's specific to the operation. If additional items exist
1043
1141
  # beyond the maximum you specify, the `NextToken` response element is
1044
1142
  # present and has a value (isn't null). Include that value as the
@@ -1051,10 +1149,10 @@ module Aws::SecretsManager
1051
1149
  #
1052
1150
  # @!attribute [rw] next_token
1053
1151
  # (Optional) Use this parameter in a request if you receive a
1054
- # `NextToken` response in a previous request that indicates that
1055
- # there's more output available. In a subsequent call, set it to the
1056
- # value of the previous call's `NextToken` response to indicate where
1057
- # the output should continue from.
1152
+ # `NextToken` response in a previous request indicating there's more
1153
+ # output available. In a subsequent call, set it to the value of the
1154
+ # previous call `NextToken` response to indicate where the output
1155
+ # should continue from.
1058
1156
  # @return [String]
1059
1157
  #
1060
1158
  # @!attribute [rw] include_deprecated
@@ -1071,6 +1169,7 @@ module Aws::SecretsManager
1071
1169
  :max_results,
1072
1170
  :next_token,
1073
1171
  :include_deprecated)
1172
+ SENSITIVE = []
1074
1173
  include Aws::Structure
1075
1174
  end
1076
1175
 
@@ -1081,10 +1180,10 @@ module Aws::SecretsManager
1081
1180
  #
1082
1181
  # @!attribute [rw] next_token
1083
1182
  # If present in the response, this value indicates that there's more
1084
- # output available than what's included in the current response. This
1085
- # can occur even when the response includes no values at all, such as
1086
- # when you ask for a filtered view of a very long list. Use this value
1087
- # in the `NextToken` request parameter in a subsequent call to the
1183
+ # output available than included in the current response. This can
1184
+ # occur even when the response includes no values at all, such as when
1185
+ # you ask for a filtered view of a very long list. Use this value in
1186
+ # the `NextToken` request parameter in a subsequent call to the
1088
1187
  # operation to continue processing and get the next part of the
1089
1188
  # output. You should repeat this until the `NextToken` response
1090
1189
  # element comes back empty (as `null`).
@@ -1115,6 +1214,7 @@ module Aws::SecretsManager
1115
1214
  :next_token,
1116
1215
  :arn,
1117
1216
  :name)
1217
+ SENSITIVE = []
1118
1218
  include Aws::Structure
1119
1219
  end
1120
1220
 
@@ -1124,11 +1224,18 @@ module Aws::SecretsManager
1124
1224
  # {
1125
1225
  # max_results: 1,
1126
1226
  # next_token: "NextTokenType",
1227
+ # filters: [
1228
+ # {
1229
+ # key: "description", # accepts description, name, tag-key, tag-value, all
1230
+ # values: ["FilterValueStringType"],
1231
+ # },
1232
+ # ],
1233
+ # sort_order: "asc", # accepts asc, desc
1127
1234
  # }
1128
1235
  #
1129
1236
  # @!attribute [rw] max_results
1130
- # (Optional) Limits the number of results that you want to include in
1131
- # the response. If you don't include this parameter, it defaults to a
1237
+ # (Optional) Limits the number of results you want to include in the
1238
+ # response. If you don't include this parameter, it defaults to a
1132
1239
  # value that's specific to the operation. If additional items exist
1133
1240
  # beyond the maximum you specify, the `NextToken` response element is
1134
1241
  # present and has a value (isn't null). Include that value as the
@@ -1141,17 +1248,28 @@ module Aws::SecretsManager
1141
1248
  #
1142
1249
  # @!attribute [rw] next_token
1143
1250
  # (Optional) Use this parameter in a request if you receive a
1144
- # `NextToken` response in a previous request that indicates that
1145
- # there's more output available. In a subsequent call, set it to the
1146
- # value of the previous call's `NextToken` response to indicate where
1147
- # the output should continue from.
1251
+ # `NextToken` response in a previous request indicating there's more
1252
+ # output available. In a subsequent call, set it to the value of the
1253
+ # previous call `NextToken` response to indicate where the output
1254
+ # should continue from.
1255
+ # @return [String]
1256
+ #
1257
+ # @!attribute [rw] filters
1258
+ # Lists the secret request filters.
1259
+ # @return [Array<Types::Filter>]
1260
+ #
1261
+ # @!attribute [rw] sort_order
1262
+ # Lists secrets in the requested order.
1148
1263
  # @return [String]
1149
1264
  #
1150
1265
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretsRequest AWS API Documentation
1151
1266
  #
1152
1267
  class ListSecretsRequest < Struct.new(
1153
1268
  :max_results,
1154
- :next_token)
1269
+ :next_token,
1270
+ :filters,
1271
+ :sort_order)
1272
+ SENSITIVE = []
1155
1273
  include Aws::Structure
1156
1274
  end
1157
1275
 
@@ -1161,10 +1279,10 @@ module Aws::SecretsManager
1161
1279
  #
1162
1280
  # @!attribute [rw] next_token
1163
1281
  # If present in the response, this value indicates that there's more
1164
- # output available than what's included in the current response. This
1165
- # can occur even when the response includes no values at all, such as
1166
- # when you ask for a filtered view of a very long list. Use this value
1167
- # in the `NextToken` request parameter in a subsequent call to the
1282
+ # output available than included in the current response. This can
1283
+ # occur even when the response includes no values at all, such as when
1284
+ # you ask for a filtered view of a very long list. Use this value in
1285
+ # the `NextToken` request parameter in a subsequent call to the
1168
1286
  # operation to continue processing and get the next part of the
1169
1287
  # output. You should repeat this until the `NextToken` response
1170
1288
  # element comes back empty (as `null`).
@@ -1175,6 +1293,7 @@ module Aws::SecretsManager
1175
1293
  class ListSecretsResponse < Struct.new(
1176
1294
  :secret_list,
1177
1295
  :next_token)
1296
+ SENSITIVE = []
1178
1297
  include Aws::Structure
1179
1298
  end
1180
1299
 
@@ -1187,6 +1306,7 @@ module Aws::SecretsManager
1187
1306
  #
1188
1307
  class MalformedPolicyDocumentException < Struct.new(
1189
1308
  :message)
1309
+ SENSITIVE = []
1190
1310
  include Aws::Structure
1191
1311
  end
1192
1312
 
@@ -1200,6 +1320,20 @@ module Aws::SecretsManager
1200
1320
  #
1201
1321
  class PreconditionNotMetException < Struct.new(
1202
1322
  :message)
1323
+ SENSITIVE = []
1324
+ include Aws::Structure
1325
+ end
1326
+
1327
+ # The resource policy did not prevent broad access to the secret.
1328
+ #
1329
+ # @!attribute [rw] message
1330
+ # @return [String]
1331
+ #
1332
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PublicPolicyException AWS API Documentation
1333
+ #
1334
+ class PublicPolicyException < Struct.new(
1335
+ :message)
1336
+ SENSITIVE = []
1203
1337
  include Aws::Structure
1204
1338
  end
1205
1339
 
@@ -1209,6 +1343,7 @@ module Aws::SecretsManager
1209
1343
  # {
1210
1344
  # secret_id: "SecretIdType", # required
1211
1345
  # resource_policy: "NonEmptyResourcePolicyType", # required
1346
+ # block_public_policy: false,
1212
1347
  # }
1213
1348
  #
1214
1349
  # @!attribute [rw] secret_id
@@ -1227,9 +1362,15 @@ module Aws::SecretsManager
1227
1362
  # partial ARN, then those characters cause Secrets Manager to assume
1228
1363
  # that you’re specifying a complete ARN. This confusion can cause
1229
1364
  # unexpected results. To avoid this situation, we recommend that you
1230
- # don’t create secret names that end with a hyphen followed by six
1365
+ # don’t create secret names ending with a hyphen followed by six
1231
1366
  # characters.
1232
1367
  #
1368
+ # If you specify an incomplete ARN without the random suffix, and
1369
+ # instead provide the 'friendly name', you *must* not include the
1370
+ # random suffix. If you do include the random suffix added by Secrets
1371
+ # Manager, you receive either a *ResourceNotFoundException* or an
1372
+ # *AccessDeniedException* error, depending on your permissions.
1373
+ #
1233
1374
  # </note>
1234
1375
  # @return [String]
1235
1376
  #
@@ -1246,22 +1387,28 @@ module Aws::SecretsManager
1246
1387
  # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
1247
1388
  # @return [String]
1248
1389
  #
1390
+ # @!attribute [rw] block_public_policy
1391
+ # Makes an optional API call to Zelkova to validate the Resource
1392
+ # Policy to prevent broad access to your secret.
1393
+ # @return [Boolean]
1394
+ #
1249
1395
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyRequest AWS API Documentation
1250
1396
  #
1251
1397
  class PutResourcePolicyRequest < Struct.new(
1252
1398
  :secret_id,
1253
- :resource_policy)
1399
+ :resource_policy,
1400
+ :block_public_policy)
1401
+ SENSITIVE = []
1254
1402
  include Aws::Structure
1255
1403
  end
1256
1404
 
1257
1405
  # @!attribute [rw] arn
1258
- # The ARN of the secret that the resource-based policy was retrieved
1259
- # for.
1406
+ # The ARN of the secret retrieved by the resource-based policy.
1260
1407
  # @return [String]
1261
1408
  #
1262
1409
  # @!attribute [rw] name
1263
- # The friendly name of the secret that the resource-based policy was
1264
- # retrieved for.
1410
+ # The friendly name of the secret that the retrieved by the
1411
+ # resource-based policy.
1265
1412
  # @return [String]
1266
1413
  #
1267
1414
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyResponse AWS API Documentation
@@ -1269,6 +1416,7 @@ module Aws::SecretsManager
1269
1416
  class PutResourcePolicyResponse < Struct.new(
1270
1417
  :arn,
1271
1418
  :name)
1419
+ SENSITIVE = []
1272
1420
  include Aws::Structure
1273
1421
  end
1274
1422
 
@@ -1299,9 +1447,15 @@ module Aws::SecretsManager
1299
1447
  # partial ARN, then those characters cause Secrets Manager to assume
1300
1448
  # that you’re specifying a complete ARN. This confusion can cause
1301
1449
  # unexpected results. To avoid this situation, we recommend that you
1302
- # don’t create secret names that end with a hyphen followed by six
1450
+ # don’t create secret names ending with a hyphen followed by six
1303
1451
  # characters.
1304
1452
  #
1453
+ # If you specify an incomplete ARN without the random suffix, and
1454
+ # instead provide the 'friendly name', you *must* not include the
1455
+ # random suffix. If you do include the random suffix added by Secrets
1456
+ # Manager, you receive either a *ResourceNotFoundException* or an
1457
+ # *AccessDeniedException* error, depending on your permissions.
1458
+ #
1305
1459
  # </note>
1306
1460
  # @return [String]
1307
1461
  #
@@ -1333,7 +1487,7 @@ module Aws::SecretsManager
1333
1487
  # the request then the request is ignored (the operation is
1334
1488
  # idempotent).
1335
1489
  #
1336
- # * If a version with this value already exists and that version's
1490
+ # * If a version with this value already exists and the version of the
1337
1491
  # `SecretString` and `SecretBinary` values are different from those
1338
1492
  # in the request then the request fails because you cannot modify an
1339
1493
  # existing secret version. You can only create new versions to store
@@ -1418,6 +1572,7 @@ module Aws::SecretsManager
1418
1572
  :secret_binary,
1419
1573
  :secret_string,
1420
1574
  :version_stages)
1575
+ SENSITIVE = [:secret_binary, :secret_string]
1421
1576
  include Aws::Structure
1422
1577
  end
1423
1578
 
@@ -1449,6 +1604,7 @@ module Aws::SecretsManager
1449
1604
  :name,
1450
1605
  :version_id,
1451
1606
  :version_stages)
1607
+ SENSITIVE = []
1452
1608
  include Aws::Structure
1453
1609
  end
1454
1610
 
@@ -1461,6 +1617,7 @@ module Aws::SecretsManager
1461
1617
  #
1462
1618
  class ResourceExistsException < Struct.new(
1463
1619
  :message)
1620
+ SENSITIVE = []
1464
1621
  include Aws::Structure
1465
1622
  end
1466
1623
 
@@ -1473,6 +1630,7 @@ module Aws::SecretsManager
1473
1630
  #
1474
1631
  class ResourceNotFoundException < Struct.new(
1475
1632
  :message)
1633
+ SENSITIVE = []
1476
1634
  include Aws::Structure
1477
1635
  end
1478
1636
 
@@ -1499,9 +1657,15 @@ module Aws::SecretsManager
1499
1657
  # partial ARN, then those characters cause Secrets Manager to assume
1500
1658
  # that you’re specifying a complete ARN. This confusion can cause
1501
1659
  # unexpected results. To avoid this situation, we recommend that you
1502
- # don’t create secret names that end with a hyphen followed by six
1660
+ # don’t create secret names ending with a hyphen followed by six
1503
1661
  # characters.
1504
1662
  #
1663
+ # If you specify an incomplete ARN without the random suffix, and
1664
+ # instead provide the 'friendly name', you *must* not include the
1665
+ # random suffix. If you do include the random suffix added by Secrets
1666
+ # Manager, you receive either a *ResourceNotFoundException* or an
1667
+ # *AccessDeniedException* error, depending on your permissions.
1668
+ #
1505
1669
  # </note>
1506
1670
  # @return [String]
1507
1671
  #
@@ -1509,6 +1673,7 @@ module Aws::SecretsManager
1509
1673
  #
1510
1674
  class RestoreSecretRequest < Struct.new(
1511
1675
  :secret_id)
1676
+ SENSITIVE = []
1512
1677
  include Aws::Structure
1513
1678
  end
1514
1679
 
@@ -1525,6 +1690,7 @@ module Aws::SecretsManager
1525
1690
  class RestoreSecretResponse < Struct.new(
1526
1691
  :arn,
1527
1692
  :name)
1693
+ SENSITIVE = []
1528
1694
  include Aws::Structure
1529
1695
  end
1530
1696
 
@@ -1555,9 +1721,15 @@ module Aws::SecretsManager
1555
1721
  # partial ARN, then those characters cause Secrets Manager to assume
1556
1722
  # that you’re specifying a complete ARN. This confusion can cause
1557
1723
  # unexpected results. To avoid this situation, we recommend that you
1558
- # don’t create secret names that end with a hyphen followed by six
1724
+ # don’t create secret names ending with a hyphen followed by six
1559
1725
  # characters.
1560
1726
  #
1727
+ # If you specify an incomplete ARN without the random suffix, and
1728
+ # instead provide the 'friendly name', you *must* not include the
1729
+ # random suffix. If you do include the random suffix added by Secrets
1730
+ # Manager, you receive either a *ResourceNotFoundException* or an
1731
+ # *AccessDeniedException* error, depending on your permissions.
1732
+ #
1561
1733
  # </note>
1562
1734
  # @return [String]
1563
1735
  #
@@ -1573,10 +1745,10 @@ module Aws::SecretsManager
1573
1745
  # generate a `ClientRequestToken` yourself for new versions and
1574
1746
  # include that value in the request.
1575
1747
  #
1576
- # You only need to specify your own value if you are implementing your
1577
- # own retry logic and want to ensure that a given secret is not
1578
- # created twice. We recommend that you generate a [UUID-type][1] value
1579
- # to ensure uniqueness within the specified secret.
1748
+ # You only need to specify your own value if you implement your own
1749
+ # retry logic and want to ensure that a given secret is not created
1750
+ # twice. We recommend that you generate a [UUID-type][1] value to
1751
+ # ensure uniqueness within the specified secret.
1580
1752
  #
1581
1753
  # Secrets Manager uses this value to prevent the accidental creation
1582
1754
  # of duplicate versions if there are failures and retries during the
@@ -1607,6 +1779,7 @@ module Aws::SecretsManager
1607
1779
  :client_request_token,
1608
1780
  :rotation_lambda_arn,
1609
1781
  :rotation_rules)
1782
+ SENSITIVE = []
1610
1783
  include Aws::Structure
1611
1784
  end
1612
1785
 
@@ -1629,6 +1802,7 @@ module Aws::SecretsManager
1629
1802
  :arn,
1630
1803
  :name,
1631
1804
  :version_id)
1805
+ SENSITIVE = []
1632
1806
  include Aws::Structure
1633
1807
  end
1634
1808
 
@@ -1658,6 +1832,7 @@ module Aws::SecretsManager
1658
1832
  #
1659
1833
  class RotationRulesType < Struct.new(
1660
1834
  :automatically_after_days)
1835
+ SENSITIVE = []
1661
1836
  include Aws::Structure
1662
1837
  end
1663
1838
 
@@ -1688,11 +1863,11 @@ module Aws::SecretsManager
1688
1863
  # @return [String]
1689
1864
  #
1690
1865
  # @!attribute [rw] kms_key_id
1691
- # The ARN or alias of the AWS KMS customer master key (CMK) that's
1692
- # used to encrypt the `SecretString` and `SecretBinary` fields in each
1693
- # version of the secret. If you don't provide a key, then Secrets
1694
- # Manager defaults to encrypting the secret fields with the default
1695
- # KMS CMK (the one named `awssecretsmanager`) for this account.
1866
+ # The ARN or alias of the AWS KMS customer master key (CMK) used to
1867
+ # encrypt the `SecretString` and `SecretBinary` fields in each version
1868
+ # of the secret. If you don't provide a key, then Secrets Manager
1869
+ # defaults to encrypting the secret fields with the default KMS CMK,
1870
+ # the key named `awssecretsmanager`, for this account.
1696
1871
  # @return [String]
1697
1872
  #
1698
1873
  # @!attribute [rw] rotation_enabled
@@ -1701,9 +1876,9 @@ module Aws::SecretsManager
1701
1876
  # @return [Boolean]
1702
1877
  #
1703
1878
  # @!attribute [rw] rotation_lambda_arn
1704
- # The ARN of an AWS Lambda function that's invoked by Secrets Manager
1705
- # to rotate and expire the secret either automatically per the
1706
- # schedule or manually by a call to RotateSecret.
1879
+ # The ARN of an AWS Lambda function invoked by Secrets Manager to
1880
+ # rotate and expire the secret either automatically per the schedule
1881
+ # or manually by a call to RotateSecret.
1707
1882
  # @return [String]
1708
1883
  #
1709
1884
  # @!attribute [rw] rotation_rules
@@ -1726,21 +1901,21 @@ module Aws::SecretsManager
1726
1901
  # @return [Time]
1727
1902
  #
1728
1903
  # @!attribute [rw] deleted_date
1729
- # The date and time on which this secret was deleted. Not present on
1730
- # active secrets. The secret can be recovered until the number of days
1731
- # in the recovery window has passed, as specified in the
1904
+ # The date and time the deletion of the secret occurred. Not present
1905
+ # on active secrets. The secret can be recovered until the number of
1906
+ # days in the recovery window has passed, as specified in the
1732
1907
  # `RecoveryWindowInDays` parameter of the DeleteSecret operation.
1733
1908
  # @return [Time]
1734
1909
  #
1735
1910
  # @!attribute [rw] tags
1736
- # The list of user-defined tags that are associated with the secret.
1737
- # To add tags to a secret, use TagResource. To remove tags, use
1911
+ # The list of user-defined tags associated with the secret. To add
1912
+ # tags to a secret, use TagResource. To remove tags, use
1738
1913
  # UntagResource.
1739
1914
  # @return [Array<Types::Tag>]
1740
1915
  #
1741
1916
  # @!attribute [rw] secret_versions_to_stages
1742
1917
  # A list of all of the currently assigned `SecretVersionStage` staging
1743
- # labels and the `SecretVersionId` that each is attached to. Staging
1918
+ # labels and the `SecretVersionId` attached to each one. Staging
1744
1919
  # labels are used to keep track of the different versions during the
1745
1920
  # rotation process.
1746
1921
  #
@@ -1755,6 +1930,10 @@ module Aws::SecretsManager
1755
1930
  # Returns the name of the service that created the secret.
1756
1931
  # @return [String]
1757
1932
  #
1933
+ # @!attribute [rw] created_date
1934
+ # The date and time when a secret was created.
1935
+ # @return [Time]
1936
+ #
1758
1937
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretListEntry AWS API Documentation
1759
1938
  #
1760
1939
  class SecretListEntry < Struct.new(
@@ -1771,7 +1950,9 @@ module Aws::SecretsManager
1771
1950
  :deleted_date,
1772
1951
  :tags,
1773
1952
  :secret_versions_to_stages,
1774
- :owning_service)
1953
+ :owning_service,
1954
+ :created_date)
1955
+ SENSITIVE = []
1775
1956
  include Aws::Structure
1776
1957
  end
1777
1958
 
@@ -1803,6 +1984,7 @@ module Aws::SecretsManager
1803
1984
  :version_stages,
1804
1985
  :last_accessed_date,
1805
1986
  :created_date)
1987
+ SENSITIVE = []
1806
1988
  include Aws::Structure
1807
1989
  end
1808
1990
 
@@ -1821,7 +2003,7 @@ module Aws::SecretsManager
1821
2003
  # @return [String]
1822
2004
  #
1823
2005
  # @!attribute [rw] value
1824
- # The string value that's associated with the key of the tag.
2006
+ # The string value associated with the key of the tag.
1825
2007
  # @return [String]
1826
2008
  #
1827
2009
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Tag AWS API Documentation
@@ -1829,6 +2011,7 @@ module Aws::SecretsManager
1829
2011
  class Tag < Struct.new(
1830
2012
  :key,
1831
2013
  :value)
2014
+ SENSITIVE = []
1832
2015
  include Aws::Structure
1833
2016
  end
1834
2017
 
@@ -1861,9 +2044,15 @@ module Aws::SecretsManager
1861
2044
  # partial ARN, then those characters cause Secrets Manager to assume
1862
2045
  # that you’re specifying a complete ARN. This confusion can cause
1863
2046
  # unexpected results. To avoid this situation, we recommend that you
1864
- # don’t create secret names that end with a hyphen followed by six
2047
+ # don’t create secret names ending with a hyphen followed by six
1865
2048
  # characters.
1866
2049
  #
2050
+ # If you specify an incomplete ARN without the random suffix, and
2051
+ # instead provide the 'friendly name', you *must* not include the
2052
+ # random suffix. If you do include the random suffix added by Secrets
2053
+ # Manager, you receive either a *ResourceNotFoundException* or an
2054
+ # *AccessDeniedException* error, depending on your permissions.
2055
+ #
1867
2056
  # </note>
1868
2057
  # @return [String]
1869
2058
  #
@@ -1888,6 +2077,7 @@ module Aws::SecretsManager
1888
2077
  class TagResourceRequest < Struct.new(
1889
2078
  :secret_id,
1890
2079
  :tags)
2080
+ SENSITIVE = []
1891
2081
  include Aws::Structure
1892
2082
  end
1893
2083
 
@@ -1915,9 +2105,15 @@ module Aws::SecretsManager
1915
2105
  # partial ARN, then those characters cause Secrets Manager to assume
1916
2106
  # that you’re specifying a complete ARN. This confusion can cause
1917
2107
  # unexpected results. To avoid this situation, we recommend that you
1918
- # don’t create secret names that end with a hyphen followed by six
2108
+ # don’t create secret names ending with a hyphen followed by six
1919
2109
  # characters.
1920
2110
  #
2111
+ # If you specify an incomplete ARN without the random suffix, and
2112
+ # instead provide the 'friendly name', you *must* not include the
2113
+ # random suffix. If you do include the random suffix added by Secrets
2114
+ # Manager, you receive either a *ResourceNotFoundException* or an
2115
+ # *AccessDeniedException* error, depending on your permissions.
2116
+ #
1921
2117
  # </note>
1922
2118
  # @return [String]
1923
2119
  #
@@ -1941,6 +2137,7 @@ module Aws::SecretsManager
1941
2137
  class UntagResourceRequest < Struct.new(
1942
2138
  :secret_id,
1943
2139
  :tag_keys)
2140
+ SENSITIVE = []
1944
2141
  include Aws::Structure
1945
2142
  end
1946
2143
 
@@ -1972,9 +2169,15 @@ module Aws::SecretsManager
1972
2169
  # partial ARN, then those characters cause Secrets Manager to assume
1973
2170
  # that you’re specifying a complete ARN. This confusion can cause
1974
2171
  # unexpected results. To avoid this situation, we recommend that you
1975
- # don’t create secret names that end with a hyphen followed by six
2172
+ # don’t create secret names ending with a hyphen followed by six
1976
2173
  # characters.
1977
2174
  #
2175
+ # If you specify an incomplete ARN without the random suffix, and
2176
+ # instead provide the 'friendly name', you *must* not include the
2177
+ # random suffix. If you do include the random suffix added by Secrets
2178
+ # Manager, you receive either a *ResourceNotFoundException* or an
2179
+ # *AccessDeniedException* error, depending on your permissions.
2180
+ #
1978
2181
  # </note>
1979
2182
  # @return [String]
1980
2183
  #
@@ -2096,6 +2299,7 @@ module Aws::SecretsManager
2096
2299
  :kms_key_id,
2097
2300
  :secret_binary,
2098
2301
  :secret_string)
2302
+ SENSITIVE = [:secret_binary, :secret_string]
2099
2303
  include Aws::Structure
2100
2304
  end
2101
2305
 
@@ -2128,6 +2332,7 @@ module Aws::SecretsManager
2128
2332
  :arn,
2129
2333
  :name,
2130
2334
  :version_id)
2335
+ SENSITIVE = []
2131
2336
  include Aws::Structure
2132
2337
  end
2133
2338
 
@@ -2142,9 +2347,9 @@ module Aws::SecretsManager
2142
2347
  # }
2143
2348
  #
2144
2349
  # @!attribute [rw] secret_id
2145
- # Specifies the secret with the version whose list of staging labels
2146
- # you want to modify. You can specify either the Amazon Resource Name
2147
- # (ARN) or the friendly name of the secret.
2350
+ # Specifies the secret with the version with the list of staging
2351
+ # labels you want to modify. You can specify either the Amazon
2352
+ # Resource Name (ARN) or the friendly name of the secret.
2148
2353
  #
2149
2354
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2150
2355
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -2157,9 +2362,15 @@ module Aws::SecretsManager
2157
2362
  # partial ARN, then those characters cause Secrets Manager to assume
2158
2363
  # that you’re specifying a complete ARN. This confusion can cause
2159
2364
  # unexpected results. To avoid this situation, we recommend that you
2160
- # don’t create secret names that end with a hyphen followed by six
2365
+ # don’t create secret names ending with a hyphen followed by six
2161
2366
  # characters.
2162
2367
  #
2368
+ # If you specify an incomplete ARN without the random suffix, and
2369
+ # instead provide the 'friendly name', you *must* not include the
2370
+ # random suffix. If you do include the random suffix added by Secrets
2371
+ # Manager, you receive either a *ResourceNotFoundException* or an
2372
+ # *AccessDeniedException* error, depending on your permissions.
2373
+ #
2163
2374
  # </note>
2164
2375
  # @return [String]
2165
2376
  #
@@ -2179,7 +2390,7 @@ module Aws::SecretsManager
2179
2390
  #
2180
2391
  # @!attribute [rw] move_to_version_id
2181
2392
  # (Optional) The secret version ID that you want to add the staging
2182
- # label to. If you want to remove a label from a version, then do not
2393
+ # label. If you want to remove a label from a version, then do not
2183
2394
  # specify this parameter.
2184
2395
  #
2185
2396
  # If the staging label is already attached to a different version of
@@ -2194,16 +2405,16 @@ module Aws::SecretsManager
2194
2405
  :version_stage,
2195
2406
  :remove_from_version_id,
2196
2407
  :move_to_version_id)
2408
+ SENSITIVE = []
2197
2409
  include Aws::Structure
2198
2410
  end
2199
2411
 
2200
2412
  # @!attribute [rw] arn
2201
- # The ARN of the secret with the staging label that was modified.
2413
+ # The ARN of the secret with the modified staging label.
2202
2414
  # @return [String]
2203
2415
  #
2204
2416
  # @!attribute [rw] name
2205
- # The friendly name of the secret with the staging label that was
2206
- # modified.
2417
+ # The friendly name of the secret with the modified staging label.
2207
2418
  # @return [String]
2208
2419
  #
2209
2420
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageResponse AWS API Documentation
@@ -2211,6 +2422,95 @@ module Aws::SecretsManager
2211
2422
  class UpdateSecretVersionStageResponse < Struct.new(
2212
2423
  :arn,
2213
2424
  :name)
2425
+ SENSITIVE = []
2426
+ include Aws::Structure
2427
+ end
2428
+
2429
+ # @note When making an API call, you may pass ValidateResourcePolicyRequest
2430
+ # data as a hash:
2431
+ #
2432
+ # {
2433
+ # secret_id: "SecretIdType",
2434
+ # resource_policy: "NonEmptyResourcePolicyType", # required
2435
+ # }
2436
+ #
2437
+ # @!attribute [rw] secret_id
2438
+ # The identifier for the secret that you want to validate a resource
2439
+ # policy. You can specify either the Amazon Resource Name (ARN) or the
2440
+ # friendly name of the secret.
2441
+ #
2442
+ # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2443
+ # complete ARN. You can specify a partial ARN too—for example, if you
2444
+ # don’t include the final hyphen and six random characters that
2445
+ # Secrets Manager adds at the end of the ARN when you created the
2446
+ # secret. A partial ARN match can work as long as it uniquely matches
2447
+ # only one secret. However, if your secret has a name that ends in a
2448
+ # hyphen followed by six characters (before Secrets Manager adds the
2449
+ # hyphen and six characters to the ARN) and you try to use that as a
2450
+ # partial ARN, then those characters cause Secrets Manager to assume
2451
+ # that you’re specifying a complete ARN. This confusion can cause
2452
+ # unexpected results. To avoid this situation, we recommend that you
2453
+ # don’t create secret names ending with a hyphen followed by six
2454
+ # characters.
2455
+ #
2456
+ # If you specify an incomplete ARN without the random suffix, and
2457
+ # instead provide the 'friendly name', you *must* not include the
2458
+ # random suffix. If you do include the random suffix added by Secrets
2459
+ # Manager, you receive either a *ResourceNotFoundException* or an
2460
+ # *AccessDeniedException* error, depending on your permissions.
2461
+ #
2462
+ # </note>
2463
+ # @return [String]
2464
+ #
2465
+ # @!attribute [rw] resource_policy
2466
+ # Identifies the Resource Policy attached to the secret.
2467
+ # @return [String]
2468
+ #
2469
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicyRequest AWS API Documentation
2470
+ #
2471
+ class ValidateResourcePolicyRequest < Struct.new(
2472
+ :secret_id,
2473
+ :resource_policy)
2474
+ SENSITIVE = []
2475
+ include Aws::Structure
2476
+ end
2477
+
2478
+ # @!attribute [rw] policy_validation_passed
2479
+ # Returns a message stating that your Reource Policy passed
2480
+ # validation.
2481
+ # @return [Boolean]
2482
+ #
2483
+ # @!attribute [rw] validation_errors
2484
+ # Returns an error message if your policy doesn't pass validatation.
2485
+ # @return [Array<Types::ValidationErrorsEntry>]
2486
+ #
2487
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicyResponse AWS API Documentation
2488
+ #
2489
+ class ValidateResourcePolicyResponse < Struct.new(
2490
+ :policy_validation_passed,
2491
+ :validation_errors)
2492
+ SENSITIVE = []
2493
+ include Aws::Structure
2494
+ end
2495
+
2496
+ # Displays errors that occurred during validation of the resource
2497
+ # policy.
2498
+ #
2499
+ # @!attribute [rw] check_name
2500
+ # Checks the name of the policy.
2501
+ # @return [String]
2502
+ #
2503
+ # @!attribute [rw] error_message
2504
+ # Displays error messages if validation encounters problems during
2505
+ # validation of the resource policy.
2506
+ # @return [String]
2507
+ #
2508
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidationErrorsEntry AWS API Documentation
2509
+ #
2510
+ class ValidationErrorsEntry < Struct.new(
2511
+ :check_name,
2512
+ :error_message)
2513
+ SENSITIVE = []
2214
2514
  include Aws::Structure
2215
2515
  end
2216
2516