aws-sdk-secretsmanager 1.44.0 → 1.48.0

data/lib/aws-sdk-secretsmanager/client_api.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -13,6 +13,7 @@ module Aws::SecretsManager
 
     include Seahorse::Model
 
+    AddReplicaRegionListType = Shapes::ListShape.new(name: 'AddReplicaRegionListType')
     AutomaticallyRotateAfterDaysType = Shapes::IntegerShape.new(name: 'AutomaticallyRotateAfterDaysType')
     BooleanType = Shapes::BooleanShape.new(name: 'BooleanType')
     CancelRotateSecretRequest = Shapes::StructureShape.new(name: 'CancelRotateSecretRequest')
@@ -54,6 +55,7 @@ module Aws::SecretsManager
     InvalidNextTokenException = Shapes::StructureShape.new(name: 'InvalidNextTokenException')
     InvalidParameterException = Shapes::StructureShape.new(name: 'InvalidParameterException')
     InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
+    KmsKeyIdListType = Shapes::ListShape.new(name: 'KmsKeyIdListType')
     KmsKeyIdType = Shapes::StringShape.new(name: 'KmsKeyIdType')
     LastAccessedDateType = Shapes::TimestampShape.new(name: 'LastAccessedDateType')
     LastChangedDateType = Shapes::TimestampShape.new(name: 'LastChangedDateType')
@@ -78,6 +80,15 @@ module Aws::SecretsManager
     PutSecretValueResponse = Shapes::StructureShape.new(name: 'PutSecretValueResponse')
     RandomPasswordType = Shapes::StringShape.new(name: 'RandomPasswordType')
     RecoveryWindowInDaysType = Shapes::IntegerShape.new(name: 'RecoveryWindowInDaysType')
+    RegionType = Shapes::StringShape.new(name: 'RegionType')
+    RemoveRegionsFromReplicationRequest = Shapes::StructureShape.new(name: 'RemoveRegionsFromReplicationRequest')
+    RemoveRegionsFromReplicationResponse = Shapes::StructureShape.new(name: 'RemoveRegionsFromReplicationResponse')
+    RemoveReplicaRegionListType = Shapes::ListShape.new(name: 'RemoveReplicaRegionListType')
+    ReplicaRegionType = Shapes::StructureShape.new(name: 'ReplicaRegionType')
+    ReplicateSecretToRegionsRequest = Shapes::StructureShape.new(name: 'ReplicateSecretToRegionsRequest')
+    ReplicateSecretToRegionsResponse = Shapes::StructureShape.new(name: 'ReplicateSecretToRegionsResponse')
+    ReplicationStatusListType = Shapes::ListShape.new(name: 'ReplicationStatusListType')
+    ReplicationStatusType = Shapes::StructureShape.new(name: 'ReplicationStatusType')
     RequireEachIncludedTypeType = Shapes::BooleanShape.new(name: 'RequireEachIncludedTypeType')
     ResourceExistsException = Shapes::StructureShape.new(name: 'ResourceExistsException')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
@@ -102,6 +113,10 @@ module Aws::SecretsManager
     SecretVersionsListType = Shapes::ListShape.new(name: 'SecretVersionsListType')
     SecretVersionsToStagesMapType = Shapes::MapShape.new(name: 'SecretVersionsToStagesMapType')
     SortOrderType = Shapes::StringShape.new(name: 'SortOrderType')
+    StatusMessageType = Shapes::StringShape.new(name: 'StatusMessageType')
+    StatusType = Shapes::StringShape.new(name: 'StatusType')
+    StopReplicationToReplicaRequest = Shapes::StructureShape.new(name: 'StopReplicationToReplicaRequest')
+    StopReplicationToReplicaResponse = Shapes::StructureShape.new(name: 'StopReplicationToReplicaResponse')
     Tag = Shapes::StructureShape.new(name: 'Tag')
     TagKeyListType = Shapes::ListShape.new(name: 'TagKeyListType')
     TagKeyType = Shapes::StringShape.new(name: 'TagKeyType')
@@ -119,6 +134,8 @@ module Aws::SecretsManager
     ValidationErrorsEntry = Shapes::StructureShape.new(name: 'ValidationErrorsEntry')
     ValidationErrorsType = Shapes::ListShape.new(name: 'ValidationErrorsType')
 
+    AddReplicaRegionListType.member = Shapes::ShapeRef.new(shape: ReplicaRegionType)
+
     CancelRotateSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
     CancelRotateSecretRequest.struct_class = Types::CancelRotateSecretRequest
 
@@ -134,11 +151,14 @@ module Aws::SecretsManager
     CreateSecretRequest.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
     CreateSecretRequest.add_member(:secret_string, Shapes::ShapeRef.new(shape: SecretStringType, location_name: "SecretString"))
     CreateSecretRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagListType, location_name: "Tags"))
+    CreateSecretRequest.add_member(:add_replica_regions, Shapes::ShapeRef.new(shape: AddReplicaRegionListType, location_name: "AddReplicaRegions"))
+    CreateSecretRequest.add_member(:force_overwrite_replica_secret, Shapes::ShapeRef.new(shape: BooleanType, location_name: "ForceOverwriteReplicaSecret"))
     CreateSecretRequest.struct_class = Types::CreateSecretRequest
 
     CreateSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
     CreateSecretResponse.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
     CreateSecretResponse.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
+    CreateSecretResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
     CreateSecretResponse.struct_class = Types::CreateSecretResponse
 
     DecryptionFailure.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
@@ -179,6 +199,8 @@ module Aws::SecretsManager
     DescribeSecretResponse.add_member(:version_ids_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "VersionIdsToStages"))
     DescribeSecretResponse.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
     DescribeSecretResponse.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
+    DescribeSecretResponse.add_member(:primary_region, Shapes::ShapeRef.new(shape: RegionType, location_name: "PrimaryRegion"))
+    DescribeSecretResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
     DescribeSecretResponse.struct_class = Types::DescribeSecretResponse
 
     EncryptionFailure.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
@@ -239,6 +261,8 @@ module Aws::SecretsManager
     InvalidRequestException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     InvalidRequestException.struct_class = Types::InvalidRequestException
 
+    KmsKeyIdListType.member = Shapes::ShapeRef.new(shape: KmsKeyIdType)
+
     LimitExceededException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     LimitExceededException.struct_class = Types::LimitExceededException
 
@@ -295,6 +319,38 @@ module Aws::SecretsManager
     PutSecretValueResponse.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
     PutSecretValueResponse.struct_class = Types::PutSecretValueResponse
 
+    RemoveRegionsFromReplicationRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
+    RemoveRegionsFromReplicationRequest.add_member(:remove_replica_regions, Shapes::ShapeRef.new(shape: RemoveReplicaRegionListType, required: true, location_name: "RemoveReplicaRegions"))
+    RemoveRegionsFromReplicationRequest.struct_class = Types::RemoveRegionsFromReplicationRequest
+
+    RemoveRegionsFromReplicationResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    RemoveRegionsFromReplicationResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
+    RemoveRegionsFromReplicationResponse.struct_class = Types::RemoveRegionsFromReplicationResponse
+
+    RemoveReplicaRegionListType.member = Shapes::ShapeRef.new(shape: RegionType)
+
+    ReplicaRegionType.add_member(:region, Shapes::ShapeRef.new(shape: RegionType, location_name: "Region"))
+    ReplicaRegionType.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyIdType, location_name: "KmsKeyId"))
+    ReplicaRegionType.struct_class = Types::ReplicaRegionType
+
+    ReplicateSecretToRegionsRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
+    ReplicateSecretToRegionsRequest.add_member(:add_replica_regions, Shapes::ShapeRef.new(shape: AddReplicaRegionListType, required: true, location_name: "AddReplicaRegions"))
+    ReplicateSecretToRegionsRequest.add_member(:force_overwrite_replica_secret, Shapes::ShapeRef.new(shape: BooleanType, location_name: "ForceOverwriteReplicaSecret"))
+    ReplicateSecretToRegionsRequest.struct_class = Types::ReplicateSecretToRegionsRequest
+
+    ReplicateSecretToRegionsResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    ReplicateSecretToRegionsResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
+    ReplicateSecretToRegionsResponse.struct_class = Types::ReplicateSecretToRegionsResponse
+
+    ReplicationStatusListType.member = Shapes::ShapeRef.new(shape: ReplicationStatusType)
+
+    ReplicationStatusType.add_member(:region, Shapes::ShapeRef.new(shape: RegionType, location_name: "Region"))
+    ReplicationStatusType.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyIdType, location_name: "KmsKeyId"))
+    ReplicationStatusType.add_member(:status, Shapes::ShapeRef.new(shape: StatusType, location_name: "Status"))
+    ReplicationStatusType.add_member(:status_message, Shapes::ShapeRef.new(shape: StatusMessageType, location_name: "StatusMessage"))
+    ReplicationStatusType.add_member(:last_accessed_date, Shapes::ShapeRef.new(shape: LastAccessedDateType, location_name: "LastAccessedDate"))
+    ReplicationStatusType.struct_class = Types::ReplicationStatusType
+
     ResourceExistsException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     ResourceExistsException.struct_class = Types::ResourceExistsException
 
@@ -337,6 +393,7 @@ module Aws::SecretsManager
     SecretListEntry.add_member(:secret_versions_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "SecretVersionsToStages"))
     SecretListEntry.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
     SecretListEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
+    SecretListEntry.add_member(:primary_region, Shapes::ShapeRef.new(shape: RegionType, location_name: "PrimaryRegion"))
     SecretListEntry.struct_class = Types::SecretListEntry
 
     SecretListType.member = Shapes::ShapeRef.new(shape: SecretListEntry)
@@ -347,6 +404,7 @@ module Aws::SecretsManager
     SecretVersionsListEntry.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
     SecretVersionsListEntry.add_member(:last_accessed_date, Shapes::ShapeRef.new(shape: LastAccessedDateType, location_name: "LastAccessedDate", metadata: {"box"=>true}))
     SecretVersionsListEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: CreatedDateType, location_name: "CreatedDate", metadata: {"box"=>true}))
+    SecretVersionsListEntry.add_member(:kms_key_ids, Shapes::ShapeRef.new(shape: KmsKeyIdListType, location_name: "KmsKeyIds"))
     SecretVersionsListEntry.struct_class = Types::SecretVersionsListEntry
 
     SecretVersionsListType.member = Shapes::ShapeRef.new(shape: SecretVersionsListEntry)
@@ -354,6 +412,12 @@ module Aws::SecretsManager
     SecretVersionsToStagesMapType.key = Shapes::ShapeRef.new(shape: SecretVersionIdType)
     SecretVersionsToStagesMapType.value = Shapes::ShapeRef.new(shape: SecretVersionStagesType)
 
+    StopReplicationToReplicaRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
+    StopReplicationToReplicaRequest.struct_class = Types::StopReplicationToReplicaRequest
+
+    StopReplicationToReplicaResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    StopReplicationToReplicaResponse.struct_class = Types::StopReplicationToReplicaResponse
+
     Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKeyType, location_name: "Key"))
     Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValueType, location_name: "Value"))
     Tag.struct_class = Types::Tag
@@ -464,6 +528,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
       end)
 
       api.add_operation(:delete_secret, Seahorse::Model::Operation.new.tap do |o|
@@ -486,6 +551,7 @@ module Aws::SecretsManager
         o.output = Shapes::ShapeRef.new(shape: DescribeSecretResponse)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
       end)
 
       api.add_operation(:get_random_password, Seahorse::Model::Operation.new.tap do |o|
@@ -508,6 +574,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
       end)
 
       api.add_operation(:get_secret_value, Seahorse::Model::Operation.new.tap do |o|
@@ -532,6 +599,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
         o[:pager] = Aws::Pager.new(
           limit_key: "max_results",
           tokens: {
@@ -586,6 +654,30 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
       end)
 
+      api.add_operation(:remove_regions_from_replication, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "RemoveRegionsFromReplication"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: RemoveRegionsFromReplicationRequest)
+        o.output = Shapes::ShapeRef.new(shape: RemoveRegionsFromReplicationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+      end)
+
+      api.add_operation(:replicate_secret_to_regions, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ReplicateSecretToRegions"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ReplicateSecretToRegionsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ReplicateSecretToRegionsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+      end)
+
       api.add_operation(:restore_secret, Seahorse::Model::Operation.new.tap do |o|
         o.name = "RestoreSecret"
         o.http_method = "POST"
@@ -610,6 +702,18 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
       end)
 
+      api.add_operation(:stop_replication_to_replica, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "StopReplicationToReplica"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: StopReplicationToReplicaRequest)
+        o.output = Shapes::ShapeRef.new(shape: StopReplicationToReplicaResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+      end)
+
       api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
         o.name = "TagResource"
         o.http_method = "POST"

data/lib/aws-sdk-secretsmanager/errors.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-secretsmanager/resource.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-secretsmanager/types.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -96,6 +96,13 @@ module Aws::SecretsManager
     #             value: "TagValueType",
     #           },
     #         ],
+    #         add_replica_regions: [
+    #           {
+    #             region: "RegionType",
+    #             kms_key_id: "KmsKeyIdType",
+    #           },
+    #         ],
+    #         force_overwrite_replica_secret: false,
     #       }
     #
     # @!attribute [rw] name
@@ -118,13 +125,14 @@ module Aws::SecretsManager
     #   initial version is created as part of the secret, and this parameter
     #   specifies a unique identifier for the new version.
     #
-    #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes it as the value for this parameter
-    #   in the request. If you don't use the SDK and instead generate a raw
-    #   HTTP request to the Secrets Manager service endpoint, then you must
-    #   generate a `ClientRequestToken` yourself for the new version and
-    #   include the value in the request.
+    #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes it as the value for this parameter in the request. If you
+    #   don't use the SDK and instead generate a raw HTTP request to the
+    #   Secrets Manager service endpoint, then you must generate a
+    #   `ClientRequestToken` yourself for the new version and include the
+    #   value in the request.
     #
     #    </note>
     #
@@ -143,8 +151,8 @@ module Aws::SecretsManager
     #
     #   * If a version with this value already exists and that version's
     #     `SecretString` and `SecretBinary` values are different from those
-    #     in the request then the request fails because you cannot modify an
-    #     existing version. Instead, use PutSecretValue to create a new
+    #     in the request, then the request fails because you cannot modify
+    #     an existing version. Instead, use PutSecretValue to create a new
     #     version.
     #
     #   This value becomes the `VersionId` of the new version.
@@ -162,20 +170,21 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS
-    #   customer master key (CMK) to be used to encrypt the `SecretString`
-    #   or `SecretBinary` values in the versions stored in this secret.
+    #   (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web
+    #   Services KMS customer master key (CMK) to be used to encrypt the
+    #   `SecretString` or `SecretBinary` values in the versions stored in
+    #   this secret.
     #
-    #   You can specify any of the supported ways to identify a AWS KMS key
-    #   ID. If you need to reference a CMK in a different account, you can
-    #   use only the key ARN or the alias ARN.
+    #   You can specify any of the supported ways to identify a Amazon Web
+    #   Services KMS key ID. If you need to reference a CMK in a different
+    #   account, you can use only the key ARN or the alias ARN.
     #
     #   If you don't specify this value, then Secrets Manager defaults to
-    #   using the AWS account's default CMK (the one named
-    #   `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't yet
-    #   exist, then Secrets Manager creates it for you automatically the
-    #   first time it needs to encrypt a version's `SecretString` or
-    #   `SecretBinary` fields.
+    #   using the Amazon Web Services account's default CMK (the one named
+    #   `aws/secretsmanager`). If a Amazon Web Services KMS CMK with that
+    #   name doesn't yet exist, then Secrets Manager creates it for you
+    #   automatically the first time it needs to encrypt a version's
+    #   `SecretString` or `SecretBinary` fields.
     #
     #   You can use the account default CMK to encrypt and decrypt only if
     #   you call this operation using credentials from the same account that
@@ -194,7 +203,8 @@ module Aws::SecretsManager
     #   both. They cannot both be empty.
     #
     #   This parameter is not available using the Secrets Manager console.
-    #   It can be accessed only by using the AWS CLI or one of the AWS SDKs.
+    #   It can be accessed only by using the Amazon Web Services CLI or one
+    #   of the Amazon Web Services SDKs.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -213,8 +223,8 @@ module Aws::SecretsManager
     #   For storing multiple values, we recommend that you use a JSON text
     #   string argument and specify key/value pairs. For information on how
     #   to format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI
-    #   User Guide*. For example:
+    #   environments, see [Using JSON for Parameters][1] in the *CLI User
+    #   Guide*. For example:
     #
     #   `\{"username":"bob","password":"abc123xyz456"\}`
     #
@@ -244,8 +254,8 @@ module Aws::SecretsManager
     #
     #   This parameter requires a JSON text string argument. For information
     #   on how to format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI
-    #   User Guide*. For example:
+    #   environments, see [Using JSON for Parameters][1] in the *CLI User
+    #   Guide*. For example:
     #
     #   `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
     #
@@ -264,9 +274,9 @@ module Aws::SecretsManager
     #   * Tag keys and values are case sensitive.
     #
     #   * Do not use the `aws:` prefix in your tag names or values because
-    #     AWS reserves it for AWS use. You can't edit or delete tag names
-    #     or values with this prefix. Tags with this prefix do not count
-    #     against your tags per secret limit.
+    #     Amazon Web Services reserves it for Amazon Web Services use. You
+    #     can't edit or delete tag names or values with this prefix. Tags
+    #     with this prefix do not count against your tags per secret limit.
     #
     #   * If you use your tagging schema across multiple services and
     #     resources, remember other services might have restrictions on
@@ -279,6 +289,17 @@ module Aws::SecretsManager
     #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] add_replica_regions
+    #   (Optional) Add a list of regions to replicate secrets. Secrets
+    #   Manager replicates the KMSKeyID objects to the list of regions
+    #   specified in the parameter.
+    #   @return [Array<Types::ReplicaRegionType>]
+    #
+    # @!attribute [rw] force_overwrite_replica_secret
+    #   (Optional) If set, the replication overwrites a secret with the same
+    #   name in the destination region.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretRequest AWS API Documentation
     #
     class CreateSecretRequest < Struct.new(
@@ -288,7 +309,9 @@ module Aws::SecretsManager
       :kms_key_id,
       :secret_binary,
       :secret_string,
-      :tags)
+      :tags,
+      :add_replica_regions,
+      :force_overwrite_replica_secret)
       SENSITIVE = [:secret_binary, :secret_string]
       include Aws::Structure
     end
@@ -316,12 +339,18 @@ module Aws::SecretsManager
     #   just created.
     #   @return [String]
     #
+    # @!attribute [rw] replication_status
+    #   Describes a list of replication status objects as `InProgress`,
+    #   `Failed` or `InSync`.
+    #   @return [Array<Types::ReplicationStatusType>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretResponse AWS API Documentation
     #
     class CreateSecretResponse < Struct.new(
       :arn,
       :name,
-      :version_id)
+      :version_id,
+      :replication_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -412,8 +441,8 @@ module Aws::SecretsManager
     #       }
     #
     # @!attribute [rw] secret_id
-    #   Specifies the secret that you want to delete. You can specify either
-    #   the Amazon Resource Name (ARN) or the friendly name of the secret.
+    #   Specifies the secret to delete. You can specify either the Amazon
+    #   Resource Name (ARN) or the friendly name of the secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -440,10 +469,11 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] recovery_window_in_days
     #   (Optional) Specifies the number of days that Secrets Manager waits
-    #   before it can delete the secret. You can't use both this parameter
-    #   and the `ForceDeleteWithoutRecovery` parameter in the same API call.
+    #   before Secrets Manager can delete the secret. You can't use both
+    #   this parameter and the `ForceDeleteWithoutRecovery` parameter in the
+    #   same API call.
     #
-    #   This value can range from 7 to 30 days. The default value is 30.
+    #   This value can range from 7 to 30 days with a default value of 30.
     #   @return [Integer]
     #
     # @!attribute [rw] force_delete_without_recovery
@@ -459,10 +489,14 @@ module Aws::SecretsManager
     #
     #   Use this parameter with caution. This parameter causes the operation
     #   to skip the normal waiting period before the permanent deletion that
-    #   AWS would normally impose with the `RecoveryWindowInDays` parameter.
-    #   If you delete a secret with the `ForceDeleteWithouRecovery`
-    #   parameter, then you have no opportunity to recover the secret. It is
-    #   permanently lost.
+    #   Amazon Web Services would normally impose with the
+    #   `RecoveryWindowInDays` parameter. If you delete a secret with the
+    #   `ForceDeleteWithouRecovery` parameter, then you have no opportunity
+    #   to recover the secret. You lose the secret permanently.
+    #
+    #   If you use this parameter and include a previously deleted or
+    #   nonexistent secret, the operation does not return the error
+    #   `ResourceNotFoundException` in order to correctly handle retries.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretRequest AWS API Documentation
@@ -480,7 +514,7 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The friendly name of the secret that is now scheduled for deletion.
+    #   The friendly name of the secret currently scheduled for deletion.
     #   @return [String]
     #
     # @!attribute [rw] deletion_date
@@ -556,11 +590,12 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The ARN or alias of the AWS KMS customer master key (CMK) that's
-    #   used to encrypt the `SecretString` or `SecretBinary` fields in each
-    #   version of the secret. If you don't provide a key, then Secrets
-    #   Manager defaults to encrypting the secret fields with the default
-    #   AWS KMS CMK (the one named `awssecretsmanager`) for this account.
+    #   The ARN or alias of the Amazon Web Services KMS customer master key
+    #   (CMK) that's used to encrypt the `SecretString` or `SecretBinary`
+    #   fields in each version of the secret. If you don't provide a key,
+    #   then Secrets Manager defaults to encrypting the secret fields with
+    #   the default Amazon Web Services KMS CMK (the one named
+    #   `awssecretsmanager`) for this account.
     #   @return [String]
     #
     # @!attribute [rw] rotation_enabled
@@ -578,14 +613,16 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] rotation_rules
-    #   A structure that contains the rotation configuration for this
-    #   secret.
+    #   A structure with the rotation configuration for this secret.
     #   @return [Types::RotationRulesType]
     #
     # @!attribute [rw] last_rotated_date
+    #   The last date and time that the rotation process for this secret was
+    #   invoked.
+    #
     #   The most recent date and time that the Secrets Manager rotation
-    #   process was successfully completed. This value is null if the secret
-    #   has never rotated.
+    #   process successfully completed. If the secret doesn't rotate,
+    #   Secrets Manager returns a null value.
     #   @return [Time]
     #
     # @!attribute [rw] last_changed_date
@@ -632,9 +669,18 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] created_date
-    #   The date that the secret was created.
+    #   The date you created the secret.
     #   @return [Time]
     #
+    # @!attribute [rw] primary_region
+    #   Specifies the primary region for secret replication.
+    #   @return [String]
+    #
+    # @!attribute [rw] replication_status
+    #   Describes a list of replication status objects as `InProgress`,
+    #   `Failed` or `InSync`.`P`
+    #   @return [Array<Types::ReplicationStatusType>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretResponse AWS API Documentation
     #
     class DescribeSecretResponse < Struct.new(
@@ -652,7 +698,9 @@ module Aws::SecretsManager
       :tags,
       :version_ids_to_stages,
       :owning_service,
-      :created_date)
+      :created_date,
+      :primary_region,
+      :replication_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -677,13 +725,14 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
-    # Allows you to filter your list of secrets.
+    # Allows you to add filters when you use the search function in Secrets
+    # Manager.
     #
     # @note When making an API call, you may pass Filter
     #   data as a hash:
     #
     #       {
-    #         key: "description", # accepts description, name, tag-key, tag-value, all
+    #         key: "description", # accepts description, name, tag-key, tag-value, primary-region, all
     #         values: ["FilterValueStringType"],
     #       }
     #
@@ -693,6 +742,9 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] values
     #   Filters your list of secrets by a specific value.
+    #
+    #   You can prefix your search value with an exclamation mark (`!`) in
+    #   order to perform negation filters.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Filter AWS API Documentation
@@ -859,8 +911,9 @@ module Aws::SecretsManager
     #   with any permissions that are associated with the user or role that
     #   attempts to access this secret. The combined permissions specify who
     #   can access the secret and what actions they can perform. For more
-    #   information, see [Authentication and Access Control for AWS Secrets
-    #   Manager][1] in the *AWS Secrets Manager User Guide*.
+    #   information, see [Authentication and Access Control for Amazon Web
+    #   Services Secrets Manager][1] in the *Amazon Web Services Secrets
+    #   Manager User Guide*.
     #
     #
     #
@@ -916,11 +969,11 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] version_id
     #   Specifies the unique identifier of the version of the secret that
-    #   you want to retrieve. If you specify this parameter then don't
-    #   specify `VersionStage`. If you don't specify either a
-    #   `VersionStage` or `VersionId` then the default is to perform the
-    #   operation on the version with the `VersionStage` value of
-    #   `AWSCURRENT`.
+    #   you want to retrieve. If you specify both this parameter and
+    #   `VersionStage`, the two parameters must refer to the same secret
+    #   version. If you don't specify either a `VersionStage` or
+    #   `VersionId` then the default is to perform the operation on the
+    #   version with the `VersionStage` value of `AWSCURRENT`.
     #
     #   This value is typically a [UUID-type][1] value with 32 hexadecimal
     #   digits.
@@ -935,8 +988,9 @@ module Aws::SecretsManager
     #   staging label attached to the version.
     #
     #   Staging labels are used to keep track of different versions during
-    #   the rotation process. If you use this parameter then don't specify
-    #   `VersionId`. If you don't specify either a `VersionStage` or
+    #   the rotation process. If you specify both this parameter and
+    #   `VersionId`, the two parameters must refer to the same secret
+    #   version . If you don't specify either a `VersionStage` or
     #   `VersionId`, then the default is to perform the operation on the
     #   version with the `VersionStage` value of `AWSCURRENT`.
     #   @return [String]
@@ -1226,7 +1280,7 @@ module Aws::SecretsManager
     #         next_token: "NextTokenType",
     #         filters: [
     #           {
-    #             key: "description", # accepts description, name, tag-key, tag-value, all
+    #             key: "description", # accepts description, name, tag-key, tag-value, primary-region, all
     #             values: ["FilterValueStringType"],
     #           },
     #         ],
@@ -1297,7 +1351,7 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
-    # The policy document that you provided isn't valid.
+    # You provided a resource-based policy with syntax errors.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1324,7 +1378,8 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
-    # The resource policy did not prevent broad access to the secret.
+    # The BlockPublicPolicy parameter is set to true and the resource policy
+    # did not prevent broad access to the secret.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1348,8 +1403,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] secret_id
     #   Specifies the secret that you want to attach the resource-based
-    #   policy to. You can specify either the ARN or the friendly name of
-    #   the secret.
+    #   policy. You can specify either the ARN or the friendly name of the
+    #   secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -1375,12 +1430,12 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] resource_policy
-    #   A JSON-formatted string that's constructed according to the grammar
-    #   and syntax for an AWS resource-based policy. The policy in the
-    #   string identifies who can access or manage this secret and its
-    #   versions. For information on how to format a JSON parameter for the
-    #   various command line tool environments, see [Using JSON for
-    #   Parameters][1] in the *AWS CLI User Guide*.
+    #   A JSON-formatted string constructed according to the grammar and
+    #   syntax for an Amazon Web Services resource-based policy. The policy
+    #   in the string identifies who can access or manage this secret and
+    #   its versions. For information on how to format a JSON parameter for
+    #   the various command line tool environments, see [Using JSON for
+    #   Parameters][1] in the *CLI User Guide*.
     #
     #
     #
@@ -1388,8 +1443,9 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] block_public_policy
-    #   Makes an optional API call to Zelkova to validate the Resource
-    #   Policy to prevent broad access to your secret.
+    #   (Optional) If you set the parameter, `BlockPublicPolicy` to true,
+    #   then you block resource-based policies that allow broad access to
+    #   the secret.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyRequest AWS API Documentation
@@ -1407,8 +1463,8 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The friendly name of the secret that the retrieved by the
-    #   resource-based policy.
+    #   The friendly name of the secret retrieved by the resource-based
+    #   policy.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyResponse AWS API Documentation
@@ -1463,13 +1519,13 @@ module Aws::SecretsManager
     #   (Optional) Specifies a unique identifier for the new version of the
     #   secret.
     #
-    #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes that in the request. If you don't
-    #   use the SDK and instead generate a raw HTTP request to the Secrets
-    #   Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for new versions and include that
-    #   value in the request.
+    #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes that in the request. If you don't use the SDK and instead
+    #   generate a raw HTTP request to the Secrets Manager service endpoint,
+    #   then you must generate a `ClientRequestToken` yourself for new
+    #   versions and include that value in the request.
     #
     #    </note>
     #
@@ -1531,8 +1587,8 @@ module Aws::SecretsManager
     #   For storing multiple values, we recommend that you use a JSON text
     #   string argument and specify key/value pairs. For information on how
     #   to format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI
-    #   User Guide*.
+    #   environments, see [Using JSON for Parameters][1] in the *CLI User
+    #   Guide*.
     #
     #   For example:
     #
@@ -1608,6 +1664,170 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass RemoveRegionsFromReplicationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         secret_id: "SecretIdType", # required
+    #         remove_replica_regions: ["RegionType"], # required
+    #       }
+    #
+    # @!attribute [rw] secret_id
+    #   Remove a secret by `SecretId` from replica Regions.
+    #   @return [String]
+    #
+    # @!attribute [rw] remove_replica_regions
+    #   Remove replication from specific Regions.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplicationRequest AWS API Documentation
+    #
+    class RemoveRegionsFromReplicationRequest < Struct.new(
+      :secret_id,
+      :remove_replica_regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] arn
+    #   The secret `ARN` removed from replication regions.
+    #   @return [String]
+    #
+    # @!attribute [rw] replication_status
+    #   Describes the remaining replication status after you remove regions
+    #   from the replication list.
+    #   @return [Array<Types::ReplicationStatusType>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplicationResponse AWS API Documentation
+    #
+    class RemoveRegionsFromReplicationResponse < Struct.new(
+      :arn,
+      :replication_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # (Optional) Custom type consisting of a `Region` (required) and the
+    # `KmsKeyId` which can be an `ARN`, `Key ID`, or `Alias`.
+    #
+    # @note When making an API call, you may pass ReplicaRegionType
+    #   data as a hash:
+    #
+    #       {
+    #         region: "RegionType",
+    #         kms_key_id: "KmsKeyIdType",
+    #       }
+    #
+    # @!attribute [rw] region
+    #   Describes a single instance of Region objects.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_id
+    #   Can be an `ARN`, `Key ID`, or `Alias`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicaRegionType AWS API Documentation
+    #
+    class ReplicaRegionType < Struct.new(
+      :region,
+      :kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ReplicateSecretToRegionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         secret_id: "SecretIdType", # required
+    #         add_replica_regions: [ # required
+    #           {
+    #             region: "RegionType",
+    #             kms_key_id: "KmsKeyIdType",
+    #           },
+    #         ],
+    #         force_overwrite_replica_secret: false,
+    #       }
+    #
+    # @!attribute [rw] secret_id
+    #   Use the `Secret Id` to replicate a secret to regions.
+    #   @return [String]
+    #
+    # @!attribute [rw] add_replica_regions
+    #   Add Regions to replicate the secret.
+    #   @return [Array<Types::ReplicaRegionType>]
+    #
+    # @!attribute [rw] force_overwrite_replica_secret
+    #   (Optional) If set, Secrets Manager replication overwrites a secret
+    #   with the same name in the destination region.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegionsRequest AWS API Documentation
+    #
+    class ReplicateSecretToRegionsRequest < Struct.new(
+      :secret_id,
+      :add_replica_regions,
+      :force_overwrite_replica_secret)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] arn
+    #   Replicate a secret based on the `ReplicaRegionType`&gt; consisting
+    #   of a Region(required) and a KMSKeyId (optional) which can be the
+    #   ARN, KeyID, or Alias.
+    #   @return [String]
+    #
+    # @!attribute [rw] replication_status
+    #   Describes the secret replication status as `PENDING`, `SUCCESS` or
+    #   `FAIL`.
+    #   @return [Array<Types::ReplicationStatusType>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegionsResponse AWS API Documentation
+    #
+    class ReplicateSecretToRegionsResponse < Struct.new(
+      :arn,
+      :replication_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A replication object consisting of a `RegionReplicationStatus` object
+    # and includes a Region, KMSKeyId, status, and status message.
+    #
+    # @!attribute [rw] region
+    #   The Region where replication occurs.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_id
+    #   Can be an `ARN`, `Key ID`, or `Alias`.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The status can be `InProgress`, `Failed`, or `InSync`.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_message
+    #   Status message such as "*Secret with this name already exists in
+    #   this region*".
+    #   @return [String]
+    #
+    # @!attribute [rw] last_accessed_date
+    #   The date that you last accessed the secret in the Region.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicationStatusType AWS API Documentation
+    #
+    class ReplicationStatusType < Struct.new(
+      :region,
+      :kms_key_id,
+      :status,
+      :status_message,
+      :last_accessed_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A resource with the ID you requested already exists.
     #
     # @!attribute [rw] message
@@ -1737,13 +1957,14 @@ module Aws::SecretsManager
     #   (Optional) Specifies a unique identifier for the new version of the
     #   secret that helps ensure idempotency.
     #
-    #   If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes that in the request for this
-    #   parameter. If you don't use the SDK and instead generate a raw HTTP
-    #   request to the Secrets Manager service endpoint, then you must
-    #   generate a `ClientRequestToken` yourself for new versions and
-    #   include that value in the request.
+    #   If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes that in the request for this parameter. If you don't use
+    #   the SDK and instead generate a raw HTTP request to the Secrets
+    #   Manager service endpoint, then you must generate a
+    #   `ClientRequestToken` yourself for new versions and include that
+    #   value in the request.
     #
     #   You only need to specify your own value if you implement your own
     #   retry logic and want to ensure that a given secret is not created
@@ -1844,7 +2065,8 @@ module Aws::SecretsManager
     #   The Amazon Resource Name (ARN) of the secret.
     #
     #   For more information about ARNs in Secrets Manager, see [Policy
-    #   Resources][1] in the *AWS Secrets Manager User Guide*.
+    #   Resources][1] in the *Amazon Web Services Secrets Manager User
+    #   Guide*.
     #
     #
     #
@@ -1863,11 +2085,12 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The ARN or alias of the AWS KMS customer master key (CMK) used to
-    #   encrypt the `SecretString` and `SecretBinary` fields in each version
-    #   of the secret. If you don't provide a key, then Secrets Manager
-    #   defaults to encrypting the secret fields with the default KMS CMK,
-    #   the key named `awssecretsmanager`, for this account.
+    #   The ARN or alias of the Amazon Web Services KMS customer master key
+    #   (CMK) used to encrypt the `SecretString` and `SecretBinary` fields
+    #   in each version of the secret. If you don't provide a key, then
+    #   Secrets Manager defaults to encrypting the secret fields with the
+    #   default KMS CMK, the key named `awssecretsmanager`, for this
+    #   account.
     #   @return [String]
     #
     # @!attribute [rw] rotation_enabled
@@ -1876,9 +2099,9 @@ module Aws::SecretsManager
     #   @return [Boolean]
     #
     # @!attribute [rw] rotation_lambda_arn
-    #   The ARN of an AWS Lambda function invoked by Secrets Manager to
-    #   rotate and expire the secret either automatically per the schedule
-    #   or manually by a call to RotateSecret.
+    #   The ARN of an Amazon Web Services Lambda function invoked by Secrets
+    #   Manager to rotate and expire the secret either automatically per the
+    #   schedule or manually by a call to RotateSecret.
     #   @return [String]
     #
     # @!attribute [rw] rotation_rules
@@ -1886,8 +2109,9 @@ module Aws::SecretsManager
     #   @return [Types::RotationRulesType]
     #
     # @!attribute [rw] last_rotated_date
-    #   The last date and time that the rotation process for this secret was
-    #   invoked.
+    #   The most recent date and time that the Secrets Manager rotation
+    #   process was successfully completed. This value is null if the secret
+    #   hasn't ever rotated.
     #   @return [Time]
     #
     # @!attribute [rw] last_changed_date
@@ -1934,6 +2158,10 @@ module Aws::SecretsManager
     #   The date and time when a secret was created.
     #   @return [Time]
     #
+    # @!attribute [rw] primary_region
+    #   The Region where Secrets Manager originated the secret.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretListEntry AWS API Documentation
     #
     class SecretListEntry < Struct.new(
@@ -1951,7 +2179,8 @@ module Aws::SecretsManager
       :tags,
       :secret_versions_to_stages,
       :owning_service,
-      :created_date)
+      :created_date,
+      :primary_region)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1977,13 +2206,51 @@ module Aws::SecretsManager
     #   The date and time this version of the secret was created.
     #   @return [Time]
     #
+    # @!attribute [rw] kms_key_ids
+    #   The KMS keys used to encrypt the secret version.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretVersionsListEntry AWS API Documentation
     #
     class SecretVersionsListEntry < Struct.new(
       :version_id,
       :version_stages,
       :last_accessed_date,
-      :created_date)
+      :created_date,
+      :kms_key_ids)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass StopReplicationToReplicaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         secret_id: "SecretIdType", # required
+    #       }
+    #
+    # @!attribute [rw] secret_id
+    #   Response to `StopReplicationToReplica` of a secret, based on the
+    #   `SecretId`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplicaRequest AWS API Documentation
+    #
+    class StopReplicationToReplicaRequest < Struct.new(
+      :secret_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] arn
+    #   Response `StopReplicationToReplica` of a secret, based on the
+    #   `ARN,`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplicaResponse AWS API Documentation
+    #
+    class StopReplicationToReplicaResponse < Struct.new(
+      :arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2063,9 +2330,8 @@ module Aws::SecretsManager
     #   This parameter to the API requires a JSON text string argument. For
     #   information on how to format a JSON parameter for the various
     #   command line tool environments, see [Using JSON for Parameters][1]
-    #   in the *AWS CLI User Guide*. For the AWS CLI, you can also use the
-    #   syntax: `--Tags
-    #   Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]`
+    #   in the *CLI User Guide*. For the CLI, you can also use the syntax:
+    #   `--Tags Key="Key1",Value="Value1" Key="Key2",Value="Value2"[,…]`
     #
     #
     #
@@ -2125,7 +2391,7 @@ module Aws::SecretsManager
     #   This parameter to the API requires a JSON text string argument. For
     #   information on how to format a JSON parameter for the various
     #   command line tool environments, see [Using JSON for Parameters][1]
-    #   in the *AWS CLI User Guide*.
+    #   in the *CLI User Guide*.
     #
     #
     #
@@ -2186,13 +2452,13 @@ module Aws::SecretsManager
     #   parameter specifies a unique identifier for the new version that
     #   helps ensure idempotency.
     #
-    #   If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes that in the request. If you don't
-    #   use the SDK and instead generate a raw HTTP request to the Secrets
-    #   Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for new versions and include that
-    #   value in the request.
+    #   If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes that in the request. If you don't use the SDK and instead
+    #   generate a raw HTTP request to the Secrets Manager service endpoint,
+    #   then you must generate a `ClientRequestToken` yourself for new
+    #   versions and include that value in the request.
     #
     #   You typically only need to interact with this value if you implement
     #   your own retry logic and want to ensure that a given secret is not
@@ -2232,9 +2498,9 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   (Optional) Specifies an updated ARN or alias of the AWS KMS customer
-    #   master key (CMK) to be used to encrypt the protected text in new
-    #   versions of this secret.
+    #   (Optional) Specifies an updated ARN or alias of the Amazon Web
+    #   Services KMS customer master key (CMK) to be used to encrypt the
+    #   protected text in new versions of this secret.
     #
     #   You can only use the account's default CMK to encrypt and decrypt
     #   if you call this operation using credentials from the same account
@@ -2271,8 +2537,8 @@ module Aws::SecretsManager
     #   For storing multiple values, we recommend that you use a JSON text
     #   string argument and specify key/value pairs. For information on how
     #   to format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI
-    #   User Guide*. For example:
+    #   environments, see [Using JSON for Parameters][1] in the *CLI User
+    #   Guide*. For example:
     #
     #   `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
     #
@@ -2435,9 +2701,9 @@ module Aws::SecretsManager
     #       }
     #
     # @!attribute [rw] secret_id
-    #   The identifier for the secret that you want to validate a resource
-    #   policy. You can specify either the Amazon Resource Name (ARN) or the
-    #   friendly name of the secret.
+    #   (Optional) The identifier of the secret with the resource-based
+    #   policy you want to validate. You can specify either the Amazon
+    #   Resource Name (ARN) or the friendly name of the secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -2463,7 +2729,16 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] resource_policy
-    #   Identifies the Resource Policy attached to the secret.
+    #   A JSON-formatted string constructed according to the grammar and
+    #   syntax for an Amazon Web Services resource-based policy. The policy
+    #   in the string identifies who can access or manage this secret and
+    #   its versions. For information on how to format a JSON parameter for
+    #   the various command line tool environments, see [Using JSON for
+    #   Parameters][1] in the *CLI User Guide*.publi
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicyRequest AWS API Documentation