aws-sdk-secretsmanager 1.40.0 → 1.45.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 61ef4c50b000fe9d14348c4d5fd862da00afa0d5f34b7ff0c446c042e7c72bff
4
- data.tar.gz: 0ecaa3135f14b021f022c78b49b00e0564027420becab1f5e15833f220234db1
3
+ metadata.gz: d846c13bffe56b68cf541256000b48cc80ae134843af7263c7742e7bdfbaf2b7
4
+ data.tar.gz: 3d8dfc8bfb52906c7af56b69e3f6f71908db55658b68c01c17ce3a0c08744f2b
5
5
  SHA512:
6
- metadata.gz: f85dc1d338e74aaed0e878188b1ac85748ca2435734e765bfd678f06c1f87a420aece7b1b47f8c4daf57822df2ecf29ab807b6d84e3c7b4b5fbbfd9eb907251a
7
- data.tar.gz: 1028a196ae320a94a84ef4c9db1d14c9fd0ac65533bb4f5961595da8439a593e68742640c82802bb0d27fc6b5136ec2aff8f1f4ad4cac62ac66b1d430a050302
6
+ metadata.gz: fc9fb09b8111bab8e4a69f57dd24213feadee71f931ce288ccfae967383125995ef3977855603e659238d671d9b3cc7407ae47fe3547369afbba5bef511aa63f
7
+ data.tar.gz: c2abdb72a7948aa4fee2f32821c1da57debe4e824cf6e613ec786da6aff60500c650fa8a5e4081cefc637a7d7d1de213a3b65a15bce7e82b99c4a78962b4d9bc
@@ -7,6 +7,7 @@
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-secretsmanager/customizations'
44
45
  #
45
46
  # See {Errors} for more information.
46
47
  #
47
- # @service
48
+ # @!group service
48
49
  module Aws::SecretsManager
49
50
 
50
- GEM_VERSION = '1.40.0'
51
+ GEM_VERSION = '1.45.0'
51
52
 
52
53
  end
@@ -85,13 +85,28 @@ module Aws::SecretsManager
85
85
  # * `Aws::Credentials` - Used for configuring static, non-refreshing
86
86
  # credentials.
87
87
  #
88
+ # * `Aws::SharedCredentials` - Used for loading static credentials from a
89
+ # shared file, such as `~/.aws/config`.
90
+ #
91
+ # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
92
+ #
93
+ # * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
94
+ # assume a role after providing credentials via the web.
95
+ #
96
+ # * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
97
+ # access token generated from `aws login`.
98
+ #
99
+ # * `Aws::ProcessCredentials` - Used for loading credentials from a
100
+ # process that outputs to stdout.
101
+ #
88
102
  # * `Aws::InstanceProfileCredentials` - Used for loading credentials
89
103
  # from an EC2 IMDS on an EC2 instance.
90
104
  #
91
- # * `Aws::SharedCredentials` - Used for loading credentials from a
92
- # shared file, such as `~/.aws/config`.
105
+ # * `Aws::ECSCredentials` - Used for loading credentials from
106
+ # instances running in ECS.
93
107
  #
94
- # * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
108
+ # * `Aws::CognitoIdentityCredentials` - Used for loading credentials
109
+ # from the Cognito Identity service.
95
110
  #
96
111
  # When `:credentials` are not configured directly, the following
97
112
  # locations will be searched for credentials:
@@ -101,10 +116,10 @@ module Aws::SecretsManager
101
116
  # * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
102
117
  # * `~/.aws/credentials`
103
118
  # * `~/.aws/config`
104
- # * EC2 IMDS instance profile - When used by default, the timeouts are
105
- # very aggressive. Construct and pass an instance of
106
- # `Aws::InstanceProfileCredentails` to enable retries and extended
107
- # timeouts.
119
+ # * EC2/ECS IMDS instance profile - When used by default, the timeouts
120
+ # are very aggressive. Construct and pass an instance of
121
+ # `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
122
+ # enable retries and extended timeouts.
108
123
  #
109
124
  # @option options [required, String] :region
110
125
  # The AWS region to connect to. The configured `:region` is
@@ -569,7 +584,7 @@ module Aws::SecretsManager
569
584
  #
570
585
  # * If a version with this value already exists and that version's
571
586
  # `SecretString` and `SecretBinary` values are different from those in
572
- # the request then the request fails because you cannot modify an
587
+ # the request, then the request fails because you cannot modify an
573
588
  # existing version. Instead, use PutSecretValue to create a new
574
589
  # version.
575
590
  #
@@ -606,7 +621,7 @@ module Aws::SecretsManager
606
621
  # the secret. If the secret resides in a different account, then you
607
622
  # must create a custom CMK and specify the ARN in this field.
608
623
  #
609
- # @option params [String, IO] :secret_binary
624
+ # @option params [String, StringIO, File] :secret_binary
610
625
  # (Optional) Specifies binary data that you want to encrypt and store in
611
626
  # the new version of the secret. To use this parameter in the
612
627
  # command-line tools, we recommend that you store your binary data in a
@@ -699,11 +714,21 @@ module Aws::SecretsManager
699
714
  #
700
715
  # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
701
716
  #
717
+ # @option params [Array<Types::ReplicaRegionType>] :add_replica_regions
718
+ # (Optional) Add a list of regions to replicate secrets. Secrets Manager
719
+ # replicates the KMSKeyID objects to the list of regions specified in
720
+ # the parameter.
721
+ #
722
+ # @option params [Boolean] :force_overwrite_replica_secret
723
+ # (Optional) If set, the replication overwrites a secret with the same
724
+ # name in the destination region.
725
+ #
702
726
  # @return [Types::CreateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
703
727
  #
704
728
  # * {Types::CreateSecretResponse#arn #arn} => String
705
729
  # * {Types::CreateSecretResponse#name #name} => String
706
730
  # * {Types::CreateSecretResponse#version_id #version_id} => String
731
+ # * {Types::CreateSecretResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
707
732
  #
708
733
  #
709
734
  # @example Example: To create a basic secret
@@ -740,6 +765,13 @@ module Aws::SecretsManager
740
765
  # value: "TagValueType",
741
766
  # },
742
767
  # ],
768
+ # add_replica_regions: [
769
+ # {
770
+ # region: "RegionType",
771
+ # kms_key_id: "KmsKeyIdType",
772
+ # },
773
+ # ],
774
+ # force_overwrite_replica_secret: false,
743
775
  # })
744
776
  #
745
777
  # @example Response structure
@@ -747,6 +779,12 @@ module Aws::SecretsManager
747
779
  # resp.arn #=> String
748
780
  # resp.name #=> String
749
781
  # resp.version_id #=> String
782
+ # resp.replication_status #=> Array
783
+ # resp.replication_status[0].region #=> String
784
+ # resp.replication_status[0].kms_key_id #=> String
785
+ # resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
786
+ # resp.replication_status[0].status_message #=> String
787
+ # resp.replication_status[0].last_accessed_date #=> Time
750
788
  #
751
789
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret AWS API Documentation
752
790
  #
@@ -771,8 +809,8 @@ module Aws::SecretsManager
771
809
  #
772
810
  # * To attach a resource policy to a secret, use PutResourcePolicy.
773
811
  #
774
- # * To retrieve the current resource-based policy that's attached to a
775
- # secret, use GetResourcePolicy.
812
+ # * To retrieve the current resource-based policy attached to a secret,
813
+ # use GetResourcePolicy.
776
814
  #
777
815
  # * To list all of the currently available secrets, use ListSecrets.
778
816
  #
@@ -842,7 +880,7 @@ module Aws::SecretsManager
842
880
  req.send_request(options)
843
881
  end
844
882
 
845
- # Deletes an entire secret and all of its versions. You can optionally
883
+ # Deletes an entire secret and all of the versions. You can optionally
846
884
  # include a recovery window during which you can restore the secret. If
847
885
  # you don't specify a recovery window value, the operation defaults to
848
886
  # 30 days. Secrets Manager attaches a `DeletionDate` stamp to the secret
@@ -852,17 +890,17 @@ module Aws::SecretsManager
852
890
  # At any time before recovery window ends, you can use RestoreSecret to
853
891
  # remove the `DeletionDate` and cancel the deletion of the secret.
854
892
  #
855
- # You cannot access the encrypted secret information in any secret that
856
- # is scheduled for deletion. If you need to access that information, you
893
+ # You cannot access the encrypted secret information in any secret
894
+ # scheduled for deletion. If you need to access that information, you
857
895
  # must cancel the deletion with RestoreSecret and then retrieve the
858
896
  # information.
859
897
  #
860
898
  # <note markdown="1"> * There is no explicit operation to delete a version of a secret.
861
899
  # Instead, remove all staging labels from the `VersionStage` field of
862
900
  # a version. That marks the version as deprecated and allows Secrets
863
- # Manager to delete it as needed. Versions that do not have any
864
- # staging labels do not show up in ListSecretVersionIds unless you
865
- # specify `IncludeDeprecated`.
901
+ # Manager to delete it as needed. Versions without any staging labels
902
+ # do not show up in ListSecretVersionIds unless you specify
903
+ # `IncludeDeprecated`.
866
904
  #
867
905
  # * The permanent secret deletion at the end of the waiting period is
868
906
  # performed as a background task with low priority. There is no
@@ -887,8 +925,8 @@ module Aws::SecretsManager
887
925
  # window has expired, use RestoreSecret.
888
926
  #
889
927
  # @option params [required, String] :secret_id
890
- # Specifies the secret that you want to delete. You can specify either
891
- # the Amazon Resource Name (ARN) or the friendly name of the secret.
928
+ # Specifies the secret to delete. You can specify either the Amazon
929
+ # Resource Name (ARN) or the friendly name of the secret.
892
930
  #
893
931
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
894
932
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -913,10 +951,11 @@ module Aws::SecretsManager
913
951
  #
914
952
  # @option params [Integer] :recovery_window_in_days
915
953
  # (Optional) Specifies the number of days that Secrets Manager waits
916
- # before it can delete the secret. You can't use both this parameter
917
- # and the `ForceDeleteWithoutRecovery` parameter in the same API call.
954
+ # before Secrets Manager can delete the secret. You can't use both this
955
+ # parameter and the `ForceDeleteWithoutRecovery` parameter in the same
956
+ # API call.
918
957
  #
919
- # This value can range from 7 to 30 days. The default value is 30.
958
+ # This value can range from 7 to 30 days with a default value of 30.
920
959
  #
921
960
  # @option params [Boolean] :force_delete_without_recovery
922
961
  # (Optional) Specifies that the secret is to be deleted without any
@@ -933,8 +972,12 @@ module Aws::SecretsManager
933
972
  # to skip the normal waiting period before the permanent deletion that
934
973
  # AWS would normally impose with the `RecoveryWindowInDays` parameter.
935
974
  # If you delete a secret with the `ForceDeleteWithouRecovery` parameter,
936
- # then you have no opportunity to recover the secret. It is permanently
937
- # lost.
975
+ # then you have no opportunity to recover the secret. You lose the
976
+ # secret permanently.
977
+ #
978
+ # If you use this parameter and include a previously deleted or
979
+ # nonexistent secret, the operation does not return the error
980
+ # `ResourceNotFoundException` in order to correctly handle retries.
938
981
  #
939
982
  # @return [Types::DeleteSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
940
983
  #
@@ -1050,6 +1093,8 @@ module Aws::SecretsManager
1050
1093
  # * {Types::DescribeSecretResponse#version_ids_to_stages #version_ids_to_stages} => Hash&lt;String,Array&lt;String&gt;&gt;
1051
1094
  # * {Types::DescribeSecretResponse#owning_service #owning_service} => String
1052
1095
  # * {Types::DescribeSecretResponse#created_date #created_date} => Time
1096
+ # * {Types::DescribeSecretResponse#primary_region #primary_region} => String
1097
+ # * {Types::DescribeSecretResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
1053
1098
  #
1054
1099
  #
1055
1100
  # @example Example: To retrieve the details of a secret
@@ -1121,6 +1166,13 @@ module Aws::SecretsManager
1121
1166
  # resp.version_ids_to_stages["SecretVersionIdType"][0] #=> String
1122
1167
  # resp.owning_service #=> String
1123
1168
  # resp.created_date #=> Time
1169
+ # resp.primary_region #=> String
1170
+ # resp.replication_status #=> Array
1171
+ # resp.replication_status[0].region #=> String
1172
+ # resp.replication_status[0].kms_key_id #=> String
1173
+ # resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
1174
+ # resp.replication_status[0].status_message #=> String
1175
+ # resp.replication_status[0].last_accessed_date #=> Time
1124
1176
  #
1125
1177
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret AWS API Documentation
1126
1178
  #
@@ -1380,10 +1432,11 @@ module Aws::SecretsManager
1380
1432
  #
1381
1433
  # @option params [String] :version_id
1382
1434
  # Specifies the unique identifier of the version of the secret that you
1383
- # want to retrieve. If you specify this parameter then don't specify
1384
- # `VersionStage`. If you don't specify either a `VersionStage` or
1385
- # `VersionId` then the default is to perform the operation on the
1386
- # version with the `VersionStage` value of `AWSCURRENT`.
1435
+ # want to retrieve. If you specify both this parameter and
1436
+ # `VersionStage`, the two parameters must refer to the same secret
1437
+ # version. If you don't specify either a `VersionStage` or `VersionId`
1438
+ # then the default is to perform the operation on the version with the
1439
+ # `VersionStage` value of `AWSCURRENT`.
1387
1440
  #
1388
1441
  # This value is typically a [UUID-type][1] value with 32 hexadecimal
1389
1442
  # digits.
@@ -1397,10 +1450,11 @@ module Aws::SecretsManager
1397
1450
  # label attached to the version.
1398
1451
  #
1399
1452
  # Staging labels are used to keep track of different versions during the
1400
- # rotation process. If you use this parameter then don't specify
1401
- # `VersionId`. If you don't specify either a `VersionStage` or
1402
- # `VersionId`, then the default is to perform the operation on the
1403
- # version with the `VersionStage` value of `AWSCURRENT`.
1453
+ # rotation process. If you specify both this parameter and `VersionId`,
1454
+ # the two parameters must refer to the same secret version . If you
1455
+ # don't specify either a `VersionStage` or `VersionId`, then the
1456
+ # default is to perform the operation on the version with the
1457
+ # `VersionStage` value of `AWSCURRENT`.
1404
1458
  #
1405
1459
  # @return [Types::GetSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1406
1460
  #
@@ -1723,7 +1777,7 @@ module Aws::SecretsManager
1723
1777
  # next_token: "NextTokenType",
1724
1778
  # filters: [
1725
1779
  # {
1726
- # key: "description", # accepts description, name, tag-key, tag-value, all
1780
+ # key: "description", # accepts description, name, tag-key, tag-value, primary-region, all
1727
1781
  # values: ["FilterValueStringType"],
1728
1782
  # },
1729
1783
  # ],
@@ -1752,6 +1806,7 @@ module Aws::SecretsManager
1752
1806
  # resp.secret_list[0].secret_versions_to_stages["SecretVersionIdType"][0] #=> String
1753
1807
  # resp.secret_list[0].owning_service #=> String
1754
1808
  # resp.secret_list[0].created_date #=> Time
1809
+ # resp.secret_list[0].primary_region #=> String
1755
1810
  # resp.next_token #=> String
1756
1811
  #
1757
1812
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets AWS API Documentation
@@ -1788,8 +1843,8 @@ module Aws::SecretsManager
1788
1843
  # * To retrieve the resource policy attached to a secret, use
1789
1844
  # GetResourcePolicy.
1790
1845
  #
1791
- # * To delete the resource-based policy that's attached to a secret,
1792
- # use DeleteResourcePolicy.
1846
+ # * To delete the resource-based policy attached to a secret, use
1847
+ # DeleteResourcePolicy.
1793
1848
  #
1794
1849
  # * To list all of the currently available secrets, use ListSecrets.
1795
1850
  #
@@ -1799,8 +1854,9 @@ module Aws::SecretsManager
1799
1854
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
1800
1855
  #
1801
1856
  # @option params [required, String] :secret_id
1802
- # Specifies the secret that you want to attach the resource-based policy
1803
- # to. You can specify either the ARN or the friendly name of the secret.
1857
+ # Specifies the secret that you want to attach the resource-based
1858
+ # policy. You can specify either the ARN or the friendly name of the
1859
+ # secret.
1804
1860
  #
1805
1861
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
1806
1862
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -1824,8 +1880,8 @@ module Aws::SecretsManager
1824
1880
  # </note>
1825
1881
  #
1826
1882
  # @option params [required, String] :resource_policy
1827
- # A JSON-formatted string that's constructed according to the grammar
1828
- # and syntax for an AWS resource-based policy. The policy in the string
1883
+ # A JSON-formatted string constructed according to the grammar and
1884
+ # syntax for an AWS resource-based policy. The policy in the string
1829
1885
  # identifies who can access or manage this secret and its versions. For
1830
1886
  # information on how to format a JSON parameter for the various command
1831
1887
  # line tool environments, see [Using JSON for Parameters][1] in the *AWS
@@ -1836,8 +1892,9 @@ module Aws::SecretsManager
1836
1892
  # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
1837
1893
  #
1838
1894
  # @option params [Boolean] :block_public_policy
1839
- # Makes an optional API call to Zelkova to validate the Resource Policy
1840
- # to prevent broad access to your secret.
1895
+ # (Optional) If you set the parameter, `BlockPublicPolicy` to true, then
1896
+ # you block resource-based policies that allow broad access to the
1897
+ # secret.
1841
1898
  #
1842
1899
  # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1843
1900
  #
@@ -1898,13 +1955,12 @@ module Aws::SecretsManager
1898
1955
  # Secrets Manager automatically attaches the staging label
1899
1956
  # `AWSCURRENT` to the new version.
1900
1957
  #
1901
- # * If another version of this secret already exists, then this
1902
- # operation does not automatically move any staging labels other than
1903
- # those that you explicitly specify in the `VersionStages` parameter.
1958
+ # * If you do not specify a value for VersionStages then Secrets Manager
1959
+ # automatically moves the staging label `AWSCURRENT` to this new
1960
+ # version.
1904
1961
  #
1905
1962
  # * If this operation moves the staging label `AWSCURRENT` from another
1906
- # version to this version (because you included it in the
1907
- # `StagingLabels` parameter) then Secrets Manager also automatically
1963
+ # version to this version, then Secrets Manager also automatically
1908
1964
  # moves the staging label `AWSPREVIOUS` to the version that
1909
1965
  # `AWSCURRENT` was removed from.
1910
1966
  #
@@ -2030,7 +2086,7 @@ module Aws::SecretsManager
2030
2086
  #
2031
2087
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
2032
2088
  #
2033
- # @option params [String, IO] :secret_binary
2089
+ # @option params [String, StringIO, File] :secret_binary
2034
2090
  # (Optional) Specifies binary data that you want to encrypt and store in
2035
2091
  # the new version of the secret. To use this parameter in the
2036
2092
  # command-line tools, we recommend that you store your binary data in a
@@ -2143,6 +2199,95 @@ module Aws::SecretsManager
2143
2199
  req.send_request(options)
2144
2200
  end
2145
2201
 
2202
+ # Remove regions from replication.
2203
+ #
2204
+ # @option params [required, String] :secret_id
2205
+ # Remove a secret by `SecretId` from replica Regions.
2206
+ #
2207
+ # @option params [required, Array<String>] :remove_replica_regions
2208
+ # Remove replication from specific Regions.
2209
+ #
2210
+ # @return [Types::RemoveRegionsFromReplicationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2211
+ #
2212
+ # * {Types::RemoveRegionsFromReplicationResponse#arn #arn} => String
2213
+ # * {Types::RemoveRegionsFromReplicationResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
2214
+ #
2215
+ # @example Request syntax with placeholder values
2216
+ #
2217
+ # resp = client.remove_regions_from_replication({
2218
+ # secret_id: "SecretIdType", # required
2219
+ # remove_replica_regions: ["RegionType"], # required
2220
+ # })
2221
+ #
2222
+ # @example Response structure
2223
+ #
2224
+ # resp.arn #=> String
2225
+ # resp.replication_status #=> Array
2226
+ # resp.replication_status[0].region #=> String
2227
+ # resp.replication_status[0].kms_key_id #=> String
2228
+ # resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
2229
+ # resp.replication_status[0].status_message #=> String
2230
+ # resp.replication_status[0].last_accessed_date #=> Time
2231
+ #
2232
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication AWS API Documentation
2233
+ #
2234
+ # @overload remove_regions_from_replication(params = {})
2235
+ # @param [Hash] params ({})
2236
+ def remove_regions_from_replication(params = {}, options = {})
2237
+ req = build_request(:remove_regions_from_replication, params)
2238
+ req.send_request(options)
2239
+ end
2240
+
2241
+ # Converts an existing secret to a multi-Region secret and begins
2242
+ # replication the secret to a list of new regions.
2243
+ #
2244
+ # @option params [required, String] :secret_id
2245
+ # Use the `Secret Id` to replicate a secret to regions.
2246
+ #
2247
+ # @option params [required, Array<Types::ReplicaRegionType>] :add_replica_regions
2248
+ # Add Regions to replicate the secret.
2249
+ #
2250
+ # @option params [Boolean] :force_overwrite_replica_secret
2251
+ # (Optional) If set, Secrets Manager replication overwrites a secret
2252
+ # with the same name in the destination region.
2253
+ #
2254
+ # @return [Types::ReplicateSecretToRegionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2255
+ #
2256
+ # * {Types::ReplicateSecretToRegionsResponse#arn #arn} => String
2257
+ # * {Types::ReplicateSecretToRegionsResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
2258
+ #
2259
+ # @example Request syntax with placeholder values
2260
+ #
2261
+ # resp = client.replicate_secret_to_regions({
2262
+ # secret_id: "SecretIdType", # required
2263
+ # add_replica_regions: [ # required
2264
+ # {
2265
+ # region: "RegionType",
2266
+ # kms_key_id: "KmsKeyIdType",
2267
+ # },
2268
+ # ],
2269
+ # force_overwrite_replica_secret: false,
2270
+ # })
2271
+ #
2272
+ # @example Response structure
2273
+ #
2274
+ # resp.arn #=> String
2275
+ # resp.replication_status #=> Array
2276
+ # resp.replication_status[0].region #=> String
2277
+ # resp.replication_status[0].kms_key_id #=> String
2278
+ # resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
2279
+ # resp.replication_status[0].status_message #=> String
2280
+ # resp.replication_status[0].last_accessed_date #=> Time
2281
+ #
2282
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions AWS API Documentation
2283
+ #
2284
+ # @overload replicate_secret_to_regions(params = {})
2285
+ # @param [Hash] params ({})
2286
+ def replicate_secret_to_regions(params = {}, options = {})
2287
+ req = build_request(:replicate_secret_to_regions, params)
2288
+ req.send_request(options)
2289
+ end
2290
+
2146
2291
  # Cancels the scheduled deletion of a secret by removing the
2147
2292
  # `DeletedDate` time stamp. This makes the secret accessible to query
2148
2293
  # once again.
@@ -2385,6 +2530,36 @@ module Aws::SecretsManager
2385
2530
  req.send_request(options)
2386
2531
  end
2387
2532
 
2533
+ # Removes the secret from replication and promotes the secret to a
2534
+ # regional secret in the replica Region.
2535
+ #
2536
+ # @option params [required, String] :secret_id
2537
+ # Response to `StopReplicationToReplica` of a secret, based on the
2538
+ # `SecretId`.
2539
+ #
2540
+ # @return [Types::StopReplicationToReplicaResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2541
+ #
2542
+ # * {Types::StopReplicationToReplicaResponse#arn #arn} => String
2543
+ #
2544
+ # @example Request syntax with placeholder values
2545
+ #
2546
+ # resp = client.stop_replication_to_replica({
2547
+ # secret_id: "SecretIdType", # required
2548
+ # })
2549
+ #
2550
+ # @example Response structure
2551
+ #
2552
+ # resp.arn #=> String
2553
+ #
2554
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica AWS API Documentation
2555
+ #
2556
+ # @overload stop_replication_to_replica(params = {})
2557
+ # @param [Hash] params ({})
2558
+ def stop_replication_to_replica(params = {}, options = {})
2559
+ req = build_request(:stop_replication_to_replica, params)
2560
+ req.send_request(options)
2561
+ end
2562
+
2388
2563
  # Attaches one or more tags, each consisting of a key name and a value,
2389
2564
  # to the specified secret. Tags are part of the secret's overall
2390
2565
  # metadata, and are not associated with any specific version of the
@@ -2466,7 +2641,7 @@ module Aws::SecretsManager
2466
2641
  # information on how to format a JSON parameter for the various command
2467
2642
  # line tool environments, see [Using JSON for Parameters][1] in the *AWS
2468
2643
  # CLI User Guide*. For the AWS CLI, you can also use the syntax: `--Tags
2469
- # Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]`
2644
+ # Key="Key1",Value="Value1" Key="Key2",Value="Value2"[,…]`
2470
2645
  #
2471
2646
  #
2472
2647
  #
@@ -2771,7 +2946,7 @@ module Aws::SecretsManager
2771
2946
  # field. The user making the call must have permissions to both the
2772
2947
  # secret and the CMK in their respective accounts.
2773
2948
  #
2774
- # @option params [String, IO] :secret_binary
2949
+ # @option params [String, StringIO, File] :secret_binary
2775
2950
  # (Optional) Specifies updated binary data that you want to encrypt and
2776
2951
  # store in the new version of the secret. To use this parameter in the
2777
2952
  # command-line tools, we recommend that you store your binary data in a
@@ -3073,16 +3248,38 @@ module Aws::SecretsManager
3073
3248
  req.send_request(options)
3074
3249
  end
3075
3250
 
3076
- # Validates the JSON text of the resource-based policy document attached
3077
- # to the specified secret. The JSON request string input and response
3078
- # output displays formatted code with white space and line breaks for
3079
- # better readability. Submit your input as a single line JSON string. A
3080
- # resource-based policy is optional.
3251
+ # Validates that the resource policy does not grant a wide range of IAM
3252
+ # principals access to your secret. The JSON request string input and
3253
+ # response output displays formatted code with white space and line
3254
+ # breaks for better readability. Submit your input as a single line JSON
3255
+ # string. A resource-based policy is optional for secrets.
3256
+ #
3257
+ # The API performs three checks when validating the secret:
3258
+ #
3259
+ # * Sends a call to [Zelkova][1], an automated reasoning engine, to
3260
+ # ensure your Resource Policy does not allow broad access to your
3261
+ # secret.
3262
+ #
3263
+ # * Checks for correct syntax in a policy.
3264
+ #
3265
+ # * Verifies the policy does not lock out a caller.
3266
+ #
3267
+ # **Minimum Permissions**
3268
+ #
3269
+ # You must have the permissions required to access the following APIs:
3270
+ #
3271
+ # * `secretsmanager:PutResourcePolicy`
3272
+ #
3273
+ # * `secretsmanager:ValidateResourcePolicy`
3274
+ #
3275
+ #
3276
+ #
3277
+ # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/
3081
3278
  #
3082
3279
  # @option params [String] :secret_id
3083
- # The identifier for the secret that you want to validate a resource
3084
- # policy. You can specify either the Amazon Resource Name (ARN) or the
3085
- # friendly name of the secret.
3280
+ # (Optional) The identifier of the secret with the resource-based policy
3281
+ # you want to validate. You can specify either the Amazon Resource Name
3282
+ # (ARN) or the friendly name of the secret.
3086
3283
  #
3087
3284
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
3088
3285
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -3106,7 +3303,16 @@ module Aws::SecretsManager
3106
3303
  # </note>
3107
3304
  #
3108
3305
  # @option params [required, String] :resource_policy
3109
- # Identifies the Resource Policy attached to the secret.
3306
+ # A JSON-formatted string constructed according to the grammar and
3307
+ # syntax for an AWS resource-based policy. The policy in the string
3308
+ # identifies who can access or manage this secret and its versions. For
3309
+ # information on how to format a JSON parameter for the various command
3310
+ # line tool environments, see [Using JSON for Parameters][1] in the *AWS
3311
+ # CLI User Guide*.publi
3312
+ #
3313
+ #
3314
+ #
3315
+ # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
3110
3316
  #
3111
3317
  # @return [Types::ValidateResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3112
3318
  #
@@ -3166,7 +3372,7 @@ module Aws::SecretsManager
3166
3372
  params: params,
3167
3373
  config: config)
3168
3374
  context[:gem_name] = 'aws-sdk-secretsmanager'
3169
- context[:gem_version] = '1.40.0'
3375
+ context[:gem_version] = '1.45.0'
3170
3376
  Seahorse::Client::Request.new(handlers, context)
3171
3377
  end
3172
3378