RubyGems - aws-sdk-secretsmanager - Versions diffs - 1.46.0 → 1.50.0 - Mend

aws-sdk-secretsmanager 1.46.0 → 1.50.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +20 -0
data/VERSION +1 -1
data/lib/aws-sdk-secretsmanager/client.rb +267 -541
data/lib/aws-sdk-secretsmanager/client_api.rb +7 -0
data/lib/aws-sdk-secretsmanager/types.rb +160 -468
data/lib/aws-sdk-secretsmanager.rb +1 -1
metadata +8 -9

data/lib/aws-sdk-secretsmanager/client.rb CHANGED Viewed

@@ -392,26 +392,8 @@ module Aws::SecretsManager
     #   either the Amazon Resource Name (ARN) or the friendly name of the
     #   secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @return [Types::CancelRotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -479,25 +461,27 @@ module Aws::SecretsManager
     #
     # <note markdown="1"> * If you call an operation to encrypt or decrypt the `SecretString` or
     #   `SecretBinary` for a secret in the same account as the calling user
-    #   and that secret doesn't specify a AWS KMS encryption key, Secrets
-    #   Manager uses the account's default AWS managed customer master key
-    #   (CMK) with the alias `aws/secretsmanager`. If this key doesn't
-    #   already exist in your account then Secrets Manager creates it for
-    #   you automatically. All users and roles in the same AWS account
+    #   and that secret doesn't specify a Amazon Web Services KMS
+    #   encryption key, Secrets Manager uses the account's default Amazon
+    #   Web Services managed customer master key (CMK) with the alias
+    #   `aws/secretsmanager`. If this key doesn't already exist in your
+    #   account then Secrets Manager creates it for you automatically. All
+    #   users and roles in the same Amazon Web Services account
     #   automatically have access to use the default CMK. Note that if an
-    #   Secrets Manager API call results in AWS creating the account's
-    #   AWS-managed CMK, it can result in a one-time significant delay in
-    #   returning the result.
-    #
-    # * If the secret resides in a different AWS account from the
-    #   credentials calling an API that requires encryption or decryption of
-    #   the secret value then you must create and use a custom AWS KMS CMK
-    #   because you can't access the default CMK for the account using
-    #   credentials from a different AWS account. Store the ARN of the CMK
-    #   in the secret when you create the secret or when you update it by
-    #   including it in the `KMSKeyId`. If you call an API that must encrypt
-    #   or decrypt `SecretString` or `SecretBinary` using credentials from a
-    #   different account then the AWS KMS key policy must grant
+    #   Secrets Manager API call results in Amazon Web Services creating the
+    #   account's Amazon Web Services-managed CMK, it can result in a
+    #   one-time significant delay in returning the result.
+    #
+    # * If the secret resides in a different Amazon Web Services account
+    #   from the credentials calling an API that requires encryption or
+    #   decryption of the secret value then you must create and use a custom
+    #   Amazon Web Services KMS CMK because you can't access the default
+    #   CMK for the account using credentials from a different Amazon Web
+    #   Services account. Store the ARN of the CMK in the secret when you
+    #   create the secret or when you update it by including it in the
+    #   `KMSKeyId`. If you call an API that must encrypt or decrypt
+    #   `SecretString` or `SecretBinary` using credentials from a different
+    #   account then the Amazon Web Services KMS key policy must grant
     #   cross-account access to that other account's user or role for both
     #   the kms:GenerateDataKey and kms:Decrypt operations.
     #
@@ -511,13 +495,15 @@ module Aws::SecretsManager
     #
     # * secretsmanager:CreateSecret
     #
-    # * kms:GenerateDataKey - needed only if you use a customer-managed AWS
-    #   KMS key to encrypt the secret. You do not need this permission to
-    #   use the account default AWS managed CMK for Secrets Manager.
+    # * kms:GenerateDataKey - needed only if you use a customer-managed
+    #   Amazon Web Services KMS key to encrypt the secret. You do not need
+    #   this permission to use the account default Amazon Web Services
+    #   managed CMK for Secrets Manager.
     #
-    # * kms:Decrypt - needed only if you use a customer-managed AWS KMS key
-    #   to encrypt the secret. You do not need this permission to use the
-    #   account default AWS managed CMK for Secrets Manager.
+    # * kms:Decrypt - needed only if you use a customer-managed Amazon Web
+    #   Services KMS key to encrypt the secret. You do not need this
+    #   permission to use the account default Amazon Web Services managed
+    #   CMK for Secrets Manager.
     #
     # * secretsmanager:TagResource - needed only if you include the `Tags`
     #   parameter.
@@ -559,13 +545,13 @@ module Aws::SecretsManager
     #   initial version is created as part of the secret, and this parameter
     #   specifies a unique identifier for the new version.
     #
-    #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes it as the value for this parameter in
-    #   the request. If you don't use the SDK and instead generate a raw HTTP
-    #   request to the Secrets Manager service endpoint, then you must
-    #   generate a `ClientRequestToken` yourself for the new version and
-    #   include the value in the request.
+    #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this parameter
+    #   empty. The CLI or SDK generates a random UUID for you and includes it
+    #   as the value for this parameter in the request. If you don't use the
+    #   SDK and instead generate a raw HTTP request to the Secrets Manager
+    #   service endpoint, then you must generate a `ClientRequestToken`
+    #   yourself for the new version and include the value in the request.
     #
     #    </note>
     #
@@ -601,20 +587,21 @@ module Aws::SecretsManager
     #   (Optional) Specifies a user-provided description of the secret.
     #
     # @option params [String] :kms_key_id
-    #   (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer
-    #   master key (CMK) to be used to encrypt the `SecretString` or
-    #   `SecretBinary` values in the versions stored in this secret.
+    #   (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web
+    #   Services KMS customer master key (CMK) to be used to encrypt the
+    #   `SecretString` or `SecretBinary` values in the versions stored in this
+    #   secret.
     #
-    #   You can specify any of the supported ways to identify a AWS KMS key
-    #   ID. If you need to reference a CMK in a different account, you can use
-    #   only the key ARN or the alias ARN.
+    #   You can specify any of the supported ways to identify a Amazon Web
+    #   Services KMS key ID. If you need to reference a CMK in a different
+    #   account, you can use only the key ARN or the alias ARN.
     #
     #   If you don't specify this value, then Secrets Manager defaults to
-    #   using the AWS account's default CMK (the one named
-    #   `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't yet
-    #   exist, then Secrets Manager creates it for you automatically the first
-    #   time it needs to encrypt a version's `SecretString` or `SecretBinary`
-    #   fields.
+    #   using the Amazon Web Services account's default CMK (the one named
+    #   `aws/secretsmanager`). If a Amazon Web Services KMS CMK with that name
+    #   doesn't yet exist, then Secrets Manager creates it for you
+    #   automatically the first time it needs to encrypt a version's
+    #   `SecretString` or `SecretBinary` fields.
     #
     #   You can use the account default CMK to encrypt and decrypt only if you
     #   call this operation using credentials from the same account that owns
@@ -632,7 +619,8 @@ module Aws::SecretsManager
     #   both. They cannot both be empty.
     #
     #   This parameter is not available using the Secrets Manager console. It
-    #   can be accessed only by using the AWS CLI or one of the AWS SDKs.
+    #   can be accessed only by using the Amazon Web Services CLI or one of
+    #   the Amazon Web Services SDKs.
     #
     # @option params [String] :secret_string
     #   (Optional) Specifies text data that you want to encrypt and store in
@@ -648,20 +636,13 @@ module Aws::SecretsManager
     #   rotation function knows how to parse.
     #
     #   For storing multiple values, we recommend that you use a JSON text
-    #   string argument and specify key/value pairs. For information on how to
-    #   format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI User
-    #   Guide*. For example:
-    #
-    #   `\{"username":"bob","password":"abc123xyz456"\}`
-    #
-    #   If your command-line tool or SDK requires quotation marks around the
-    #   parameter, you should use single quotes to avoid confusion with the
-    #   double quotes required in the JSON text.
+    #   string argument and specify key/value pairs. For more information, see
+    #   [Specifying parameter values for the Amazon Web Services CLI][1] in
+    #   the Amazon Web Services CLI User Guide.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #
     # @option params [Array<Types::Tag>] :tags
     #   (Optional) Specifies a list of user-defined tags that are attached to
@@ -680,7 +661,7 @@ module Aws::SecretsManager
     #
     #   This parameter requires a JSON text string argument. For information
     #   on how to format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI User
+    #   environments, see [Using JSON for Parameters][1] in the *CLI User
     #   Guide*. For example:
     #
     #   `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
@@ -699,10 +680,10 @@ module Aws::SecretsManager
     #
     #   * Tag keys and values are case sensitive.
     #
-    #   * Do not use the `aws:` prefix in your tag names or values because AWS
-    #     reserves it for AWS use. You can't edit or delete tag names or
-    #     values with this prefix. Tags with this prefix do not count against
-    #     your tags per secret limit.
+    #   * Do not use the `aws:` prefix in your tag names or values because
+    #     Amazon Web Services reserves it for Amazon Web Services use. You
+    #     can't edit or delete tag names or values with this prefix. Tags
+    #     with this prefix do not count against your tags per secret limit.
     #
     #   * If you use your tagging schema across multiple services and
     #     resources, remember other services might have restrictions on
@@ -819,26 +800,8 @@ module Aws::SecretsManager
     #   resource-based policy for. You can specify either the Amazon Resource
     #   Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @return [Types::DeleteResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -928,26 +891,8 @@ module Aws::SecretsManager
     #   Specifies the secret to delete. You can specify either the Amazon
     #   Resource Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [Integer] :recovery_window_in_days
     #   (Optional) Specifies the number of days that Secrets Manager waits
@@ -970,10 +915,10 @@ module Aws::SecretsManager
     #
     #   Use this parameter with caution. This parameter causes the operation
     #   to skip the normal waiting period before the permanent deletion that
-    #   AWS would normally impose with the `RecoveryWindowInDays` parameter.
-    #   If you delete a secret with the `ForceDeleteWithouRecovery` parameter,
-    #   then you have no opportunity to recover the secret. You lose the
-    #   secret permanently.
+    #   Amazon Web Services would normally impose with the
+    #   `RecoveryWindowInDays` parameter. If you delete a secret with the
+    #   `ForceDeleteWithouRecovery` parameter, then you have no opportunity to
+    #   recover the secret. You lose the secret permanently.
     #
     #   If you use this parameter and include a previously deleted or
     #   nonexistent secret, the operation does not return the error
@@ -1048,33 +993,16 @@ module Aws::SecretsManager
     # * To retrieve the encrypted secret information in a version of the
     #   secret, use GetSecretValue.
     #
-    # * To list all of the secrets in the AWS account, use ListSecrets.
+    # * To list all of the secrets in the Amazon Web Services account, use
+    #   ListSecrets.
     #
     # @option params [required, String] :secret_id
     #   The identifier of the secret whose details you want to retrieve. You
     #   can specify either the Amazon Resource Name (ARN) or the friendly name
     #   of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @return [Types::DescribeSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1318,26 +1246,8 @@ module Aws::SecretsManager
     #   resource-based policy for. You can specify either the Amazon Resource
     #   Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @return [Types::GetResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1392,9 +1302,10 @@ module Aws::SecretsManager
     #
     # * secretsmanager:GetSecretValue
     #
-    # * kms:Decrypt - required only if you use a customer-managed AWS KMS
-    #   key to encrypt the secret. You do not need this permission to use
-    #   the account's default AWS managed CMK for Secrets Manager.
+    # * kms:Decrypt - required only if you use a customer-managed Amazon Web
+    #   Services KMS key to encrypt the secret. You do not need this
+    #   permission to use the account's default Amazon Web Services managed
+    #   CMK for Secrets Manager.
     #
     # **Related operations**
     #
@@ -1409,26 +1320,8 @@ module Aws::SecretsManager
     #   You can specify either the Amazon Resource Name (ARN) or the friendly
     #   name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [String] :version_id
     #   Specifies the unique identifier of the version of the secret that you
@@ -1551,26 +1444,8 @@ module Aws::SecretsManager
     #   list. You can specify either the Amazon Resource Name (ARN) or the
     #   friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [Integer] :max_results
     #   (Optional) Limits the number of results you want to include in the
@@ -1660,6 +1535,8 @@ module Aws::SecretsManager
     #   resp.versions[0].version_stages[0] #=> String
     #   resp.versions[0].last_accessed_date #=> Time
     #   resp.versions[0].created_date #=> Time
+    #   resp.versions[0].kms_key_ids #=> Array
+    #   resp.versions[0].kms_key_ids[0] #=> String
     #   resp.next_token #=> String
     #   resp.arn #=> String
     #   resp.name #=> String
@@ -1673,11 +1550,11 @@ module Aws::SecretsManager
       req.send_request(options)
     end
-    # Lists all of the secrets that are stored by Secrets Manager in the AWS
-    # account. To list the versions currently stored for a specific secret,
-    # use ListSecretVersionIds. The encrypted fields `SecretString` and
-    # `SecretBinary` are not included in the output. To get that
-    # information, call the GetSecretValue operation.
+    # Lists all of the secrets that are stored by Secrets Manager in the
+    # Amazon Web Services account. To list the versions currently stored for
+    # a specific secret, use ListSecretVersionIds. The encrypted fields
+    # `SecretString` and `SecretBinary` are not included in the output. To
+    # get that information, call the GetSecretValue operation.
     #
     # <note markdown="1"> Always check the `NextToken` response parameter when calling any of
     # the `List*` operations. These operations can occasionally return an
@@ -1826,9 +1703,9 @@ module Aws::SecretsManager
     # identity-based and resource-based policies. The affected users and
     # roles receive the permissions that are permitted by all of the
     # relevant policies. For more information, see [Using Resource-Based
-    # Policies for AWS Secrets Manager][1]. For the complete description of
-    # the AWS policy syntax and grammar, see [IAM JSON Policy Reference][2]
-    # in the *IAM User Guide*.
+    # Policies for Amazon Web Services Secrets Manager][1]. For the complete
+    # description of the Amazon Web Services policy syntax and grammar, see
+    # [IAM JSON Policy Reference][2] in the *IAM User Guide*.
     #
     # **Minimum permissions**
     #
@@ -1858,34 +1735,16 @@ module Aws::SecretsManager
     #   policy. You can specify either the ARN or the friendly name of the
     #   secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [required, String] :resource_policy
     #   A JSON-formatted string constructed according to the grammar and
-    #   syntax for an AWS resource-based policy. The policy in the string
-    #   identifies who can access or manage this secret and its versions. For
-    #   information on how to format a JSON parameter for the various command
-    #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
-    #   CLI User Guide*.
+    #   syntax for an Amazon Web Services resource-based policy. The policy in
+    #   the string identifies who can access or manage this secret and its
+    #   versions. For information on how to format a JSON parameter for the
+    #   various command line tool environments, see [Using JSON for
+    #   Parameters][1] in the *CLI User Guide*.
     #
     #
     #
@@ -1945,11 +1804,14 @@ module Aws::SecretsManager
     # `SecretBinary` value. You can also specify the staging labels that are
     # initially attached to the new version.
     #
-    # <note markdown="1"> The Secrets Manager console uses only the `SecretString` field. To add
-    # binary data to a secret with the `SecretBinary` field you must use the
-    # AWS CLI or one of the AWS SDKs.
-    #
-    #  </note>
+    # We recommend you avoid calling `PutSecretValue` at a sustained rate of
+    # more than once every 10 minutes. When you update the secret value,
+    # Secrets Manager creates a new version of the secret. Secrets Manager
+    # removes outdated versions when there are more than 100, but it does
+    # not remove versions created less than 24 hours ago. If you call
+    # `PutSecretValue` more than once every 10 minutes, you create more
+    # versions than Secrets Manager removes, and you will reach the quota
+    # for secret versions.
     #
     # * If this operation creates the first version for the secret then
     #   Secrets Manager automatically attaches the staging label
@@ -1973,25 +1835,27 @@ module Aws::SecretsManager
     #
     # <note markdown="1"> * If you call an operation to encrypt or decrypt the `SecretString` or
     #   `SecretBinary` for a secret in the same account as the calling user
-    #   and that secret doesn't specify a AWS KMS encryption key, Secrets
-    #   Manager uses the account's default AWS managed customer master key
-    #   (CMK) with the alias `aws/secretsmanager`. If this key doesn't
-    #   already exist in your account then Secrets Manager creates it for
-    #   you automatically. All users and roles in the same AWS account
+    #   and that secret doesn't specify a Amazon Web Services KMS
+    #   encryption key, Secrets Manager uses the account's default Amazon
+    #   Web Services managed customer master key (CMK) with the alias
+    #   `aws/secretsmanager`. If this key doesn't already exist in your
+    #   account then Secrets Manager creates it for you automatically. All
+    #   users and roles in the same Amazon Web Services account
     #   automatically have access to use the default CMK. Note that if an
-    #   Secrets Manager API call results in AWS creating the account's
-    #   AWS-managed CMK, it can result in a one-time significant delay in
-    #   returning the result.
-    #
-    # * If the secret resides in a different AWS account from the
-    #   credentials calling an API that requires encryption or decryption of
-    #   the secret value then you must create and use a custom AWS KMS CMK
-    #   because you can't access the default CMK for the account using
-    #   credentials from a different AWS account. Store the ARN of the CMK
-    #   in the secret when you create the secret or when you update it by
-    #   including it in the `KMSKeyId`. If you call an API that must encrypt
-    #   or decrypt `SecretString` or `SecretBinary` using credentials from a
-    #   different account then the AWS KMS key policy must grant
+    #   Secrets Manager API call results in Amazon Web Services creating the
+    #   account's Amazon Web Services-managed CMK, it can result in a
+    #   one-time significant delay in returning the result.
+    #
+    # * If the secret resides in a different Amazon Web Services account
+    #   from the credentials calling an API that requires encryption or
+    #   decryption of the secret value then you must create and use a custom
+    #   Amazon Web Services KMS CMK because you can't access the default
+    #   CMK for the account using credentials from a different Amazon Web
+    #   Services account. Store the ARN of the CMK in the secret when you
+    #   create the secret or when you update it by including it in the
+    #   `KMSKeyId`. If you call an API that must encrypt or decrypt
+    #   `SecretString` or `SecretBinary` using credentials from a different
+    #   account then the Amazon Web Services KMS key policy must grant
     #   cross-account access to that other account's user or role for both
     #   the kms:GenerateDataKey and kms:Decrypt operations.
     #
@@ -2003,9 +1867,10 @@ module Aws::SecretsManager
     #
     # * secretsmanager:PutSecretValue
     #
-    # * kms:GenerateDataKey - needed only if you use a customer-managed AWS
-    #   KMS key to encrypt the secret. You do not need this permission to
-    #   use the account's default AWS managed CMK for Secrets Manager.
+    # * kms:GenerateDataKey - needed only if you use a customer-managed
+    #   Amazon Web Services KMS key to encrypt the secret. You do not need
+    #   this permission to use the account's default Amazon Web Services
+    #   managed CMK for Secrets Manager.
     #
     # **Related operations**
     #
@@ -2023,38 +1888,20 @@ module Aws::SecretsManager
     #   specify either the Amazon Resource Name (ARN) or the friendly name of
     #   the secret. The secret must already exist.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [String] :client_request_token
     #   (Optional) Specifies a unique identifier for the new version of the
     #   secret.
     #
-    #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes that in the request. If you don't
-    #   use the SDK and instead generate a raw HTTP request to the Secrets
-    #   Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for new versions and include that value
-    #   in the request.
+    #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this parameter
+    #   empty. The CLI or SDK generates a random UUID for you and includes
+    #   that in the request. If you don't use the SDK and instead generate a
+    #   raw HTTP request to the Secrets Manager service endpoint, then you
+    #   must generate a `ClientRequestToken` yourself for new versions and
+    #   include that value in the request.
     #
     #    </note>
     #
@@ -2111,22 +1958,13 @@ module Aws::SecretsManager
     #   Lambda rotation function knows how to parse.
     #
     #   For storing multiple values, we recommend that you use a JSON text
-    #   string argument and specify key/value pairs. For information on how to
-    #   format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI User
-    #   Guide*.
-    #
-    #   For example:
-    #
-    #   `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
-    #
-    #   If your command-line tool or SDK requires quotation marks around the
-    #   parameter, you should use single quotes to avoid confusion with the
-    #   double quotes required in the JSON text.
+    #   string argument and specify key/value pairs. For more information, see
+    #   [Specifying parameter values for the Amazon Web Services CLI][1] in
+    #   the Amazon Web Services CLI User Guide.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #
     # @option params [Array<String>] :version_stages
     #   (Optional) Specifies a list of staging labels that are attached to
@@ -2311,26 +2149,8 @@ module Aws::SecretsManager
     #   scheduled deletion. You can specify either the Amazon Resource Name
     #   (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @return [Types::RestoreSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2380,16 +2200,17 @@ module Aws::SecretsManager
     # secret. After the rotation completes, the protected service and its
     # clients all use the new version of the secret.
     #
-    # This required configuration information includes the ARN of an AWS
-    # Lambda function and the time between scheduled rotations. The Lambda
-    # rotation function creates a new version of the secret and creates or
-    # updates the credentials on the protected service to match. After
-    # testing the new credentials, the function marks the new secret with
-    # the staging label `AWSCURRENT` so that your clients all immediately
-    # begin to use the new version. For more information about rotating
-    # secrets and how to configure a Lambda function to rotate the secrets
-    # for your protected service, see [Rotating Secrets in AWS Secrets
-    # Manager][1] in the *AWS Secrets Manager User Guide*.
+    # This required configuration information includes the ARN of an Amazon
+    # Web Services Lambda function and optionally, the time between
+    # scheduled rotations. The Lambda rotation function creates a new
+    # version of the secret and creates or updates the credentials on the
+    # protected service to match. After testing the new credentials, the
+    # function marks the new secret with the staging label `AWSCURRENT` so
+    # that your clients all immediately begin to use the new version. For
+    # more information about rotating secrets and how to configure a Lambda
+    # function to rotate the secrets for your protected service, see
+    # [Rotating Secrets in Amazon Web Services Secrets Manager][1] in the
+    # *Amazon Web Services Secrets Manager User Guide*.
     #
     # Secrets Manager schedules the next rotation when the previous one
     # completes. Secrets Manager schedules the date by adding the rotation
@@ -2441,38 +2262,20 @@ module Aws::SecretsManager
     #   Specifies the secret that you want to rotate. You can specify either
     #   the Amazon Resource Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [String] :client_request_token
     #   (Optional) Specifies a unique identifier for the new version of the
     #   secret that helps ensure idempotency.
     #
-    #   If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes that in the request for this
-    #   parameter. If you don't use the SDK and instead generate a raw HTTP
-    #   request to the Secrets Manager service endpoint, then you must
-    #   generate a `ClientRequestToken` yourself for new versions and include
-    #   that value in the request.
+    #   If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this parameter
+    #   empty. The CLI or SDK generates a random UUID for you and includes
+    #   that in the request for this parameter. If you don't use the SDK and
+    #   instead generate a raw HTTP request to the Secrets Manager service
+    #   endpoint, then you must generate a `ClientRequestToken` yourself for
+    #   new versions and include that value in the request.
     #
     #   You only need to specify your own value if you implement your own
     #   retry logic and want to ensure that a given secret is not created
@@ -2576,10 +2379,10 @@ module Aws::SecretsManager
     #
     # * Tag keys and values are case sensitive.
     #
-    # * Do not use the `aws:` prefix in your tag names or values because AWS
-    #   reserves it for AWS use. You can't edit or delete tag names or
-    #   values with this prefix. Tags with this prefix do not count against
-    #   your tags per secret limit.
+    # * Do not use the `aws:` prefix in your tag names or values because
+    #   Amazon Web Services reserves it for Amazon Web Services use. You
+    #   can't edit or delete tag names or values with this prefix. Tags
+    #   with this prefix do not count against your tags per secret limit.
     #
     # * If you use your tagging schema across multiple services and
     #   resources, remember other services might have restrictions on
@@ -2612,40 +2415,23 @@ module Aws::SecretsManager
     #   specify either the Amazon Resource Name (ARN) or the friendly name of
     #   the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [required, Array<Types::Tag>] :tags
     #   The tags to attach to the secret. Each element in the list consists of
     #   a `Key` and a `Value`.
     #
-    #   This parameter to the API requires a JSON text string argument. For
-    #   information on how to format a JSON parameter for the various command
-    #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
-    #   CLI User Guide*. For the AWS CLI, you can also use the syntax: `--Tags
-    #   Key="Key1",Value="Value1" Key="Key2",Value="Value2"[,…]`
+    #   This parameter to the API requires a JSON text string argument.
+    #
+    #   For storing multiple values, we recommend that you use a JSON text
+    #   string argument and specify key/value pairs. For more information, see
+    #   [Specifying parameter values for the Amazon Web Services CLI][1] in
+    #   the Amazon Web Services CLI User Guide.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -2720,39 +2506,23 @@ module Aws::SecretsManager
     #   can specify either the Amazon Resource Name (ARN) or the friendly name
     #   of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [required, Array<String>] :tag_keys
     #   A list of tag key names to remove from the secret. You don't specify
     #   the value. Both the key and its associated value are removed.
     #
-    #   This parameter to the API requires a JSON text string argument. For
-    #   information on how to format a JSON parameter for the various command
-    #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
-    #   CLI User Guide*.
+    #   This parameter to the API requires a JSON text string argument.
     #
+    #   For storing multiple values, we recommend that you use a JSON text
+    #   string argument and specify key/value pairs. For more information, see
+    #   [Specifying parameter values for the Amazon Web Services CLI][1] in
+    #   the Amazon Web Services CLI User Guide.
     #
     #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -2786,17 +2556,27 @@ module Aws::SecretsManager
       req.send_request(options)
     end
-    # Modifies many of the details of the specified secret. If you include a
-    # `ClientRequestToken` and *either* `SecretString` or `SecretBinary`
-    # then it also creates a new version attached to the secret.
+    # Modifies many of the details of the specified secret.
     #
-    # To modify the rotation configuration of a secret, use RotateSecret
+    # To change the secret value, you can also use PutSecretValue.
+    #
+    # To change the rotation configuration of a secret, use RotateSecret
     # instead.
     #
+    # We recommend you avoid calling `UpdateSecret` at a sustained rate of
+    # more than once every 10 minutes. When you call `UpdateSecret` to
+    # update the secret value, Secrets Manager creates a new version of the
+    # secret. Secrets Manager removes outdated versions when there are more
+    # than 100, but it does not remove versions created less than 24 hours
+    # ago. If you update the secret value more than once every 10 minutes,
+    # you create more versions than Secrets Manager removes, and you will
+    # reach the quota for secret versions.
+    #
     # <note markdown="1"> The Secrets Manager console uses only the `SecretString` parameter and
     # therefore limits you to encrypting and storing only a text string. To
     # encrypt and store binary data as part of the version of a secret, you
-    # must use either the AWS CLI or one of the AWS SDKs.
+    # must use either the Amazon Web Services CLI or one of the Amazon Web
+    # Services SDKs.
     #
     #  </note>
     #
@@ -2811,25 +2591,27 @@ module Aws::SecretsManager
     #
     # <note markdown="1"> * If you call an operation to encrypt or decrypt the `SecretString` or
     #   `SecretBinary` for a secret in the same account as the calling user
-    #   and that secret doesn't specify a AWS KMS encryption key, Secrets
-    #   Manager uses the account's default AWS managed customer master key
-    #   (CMK) with the alias `aws/secretsmanager`. If this key doesn't
-    #   already exist in your account then Secrets Manager creates it for
-    #   you automatically. All users and roles in the same AWS account
+    #   and that secret doesn't specify a Amazon Web Services KMS
+    #   encryption key, Secrets Manager uses the account's default Amazon
+    #   Web Services managed customer master key (CMK) with the alias
+    #   `aws/secretsmanager`. If this key doesn't already exist in your
+    #   account then Secrets Manager creates it for you automatically. All
+    #   users and roles in the same Amazon Web Services account
     #   automatically have access to use the default CMK. Note that if an
-    #   Secrets Manager API call results in AWS creating the account's
-    #   AWS-managed CMK, it can result in a one-time significant delay in
-    #   returning the result.
-    #
-    # * If the secret resides in a different AWS account from the
-    #   credentials calling an API that requires encryption or decryption of
-    #   the secret value then you must create and use a custom AWS KMS CMK
-    #   because you can't access the default CMK for the account using
-    #   credentials from a different AWS account. Store the ARN of the CMK
-    #   in the secret when you create the secret or when you update it by
-    #   including it in the `KMSKeyId`. If you call an API that must encrypt
-    #   or decrypt `SecretString` or `SecretBinary` using credentials from a
-    #   different account then the AWS KMS key policy must grant
+    #   Secrets Manager API call results in Amazon Web Services creating the
+    #   account's Amazon Web Services-managed CMK, it can result in a
+    #   one-time significant delay in returning the result.
+    #
+    # * If the secret resides in a different Amazon Web Services account
+    #   from the credentials calling an API that requires encryption or
+    #   decryption of the secret value then you must create and use a custom
+    #   Amazon Web Services KMS CMK because you can't access the default
+    #   CMK for the account using credentials from a different Amazon Web
+    #   Services account. Store the ARN of the CMK in the secret when you
+    #   create the secret or when you update it by including it in the
+    #   `KMSKeyId`. If you call an API that must encrypt or decrypt
+    #   `SecretString` or `SecretBinary` using credentials from a different
+    #   account then the Amazon Web Services KMS key policy must grant
     #   cross-account access to that other account's user or role for both
     #   the kms:GenerateDataKey and kms:Decrypt operations.
     #
@@ -2841,13 +2623,15 @@ module Aws::SecretsManager
     #
     # * secretsmanager:UpdateSecret
     #
-    # * kms:GenerateDataKey - needed only if you use a custom AWS KMS key to
-    #   encrypt the secret. You do not need this permission to use the
-    #   account's AWS managed CMK for Secrets Manager.
+    # * kms:GenerateDataKey - needed only if you use a custom Amazon Web
+    #   Services KMS key to encrypt the secret. You do not need this
+    #   permission to use the account's Amazon Web Services managed CMK for
+    #   Secrets Manager.
     #
-    # * kms:Decrypt - needed only if you use a custom AWS KMS key to encrypt
-    #   the secret. You do not need this permission to use the account's
-    #   AWS managed CMK for Secrets Manager.
+    # * kms:Decrypt - needed only if you use a custom Amazon Web Services
+    #   KMS key to encrypt the secret. You do not need this permission to
+    #   use the account's Amazon Web Services managed CMK for Secrets
+    #   Manager.
     #
     # **Related operations**
     #
@@ -2865,39 +2649,21 @@ module Aws::SecretsManager
     #   add a new version. You can specify either the Amazon Resource Name
     #   (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [String] :client_request_token
     #   (Optional) If you want to add a new version to the secret, this
     #   parameter specifies a unique identifier for the new version that helps
     #   ensure idempotency.
     #
-    #   If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes that in the request. If you don't
-    #   use the SDK and instead generate a raw HTTP request to the Secrets
-    #   Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for new versions and include that value
-    #   in the request.
+    #   If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this parameter
+    #   empty. The CLI or SDK generates a random UUID for you and includes
+    #   that in the request. If you don't use the SDK and instead generate a
+    #   raw HTTP request to the Secrets Manager service endpoint, then you
+    #   must generate a `ClientRequestToken` yourself for new versions and
+    #   include that value in the request.
     #
     #   You typically only need to interact with this value if you implement
     #   your own retry logic and want to ensure that a given secret is not
@@ -2935,9 +2701,13 @@ module Aws::SecretsManager
     #   secret.
     #
     # @option params [String] :kms_key_id
-    #   (Optional) Specifies an updated ARN or alias of the AWS KMS customer
-    #   master key (CMK) to be used to encrypt the protected text in new
-    #   versions of this secret.
+    #   (Optional) Specifies an updated ARN or alias of the Amazon Web
+    #   Services KMS customer master key (CMK) that Secrets Manager uses to
+    #   encrypt the protected text in new versions of this secret as well as
+    #   any existing versions of this secret that have the staging labels
+    #   AWSCURRENT, AWSPENDING, or AWSPREVIOUS. For more information about
+    #   staging labels, see [Staging Labels][1] in the *Amazon Web Services
+    #   Secrets Manager User Guide*.
     #
     #   You can only use the account's default CMK to encrypt and decrypt if
     #   you call this operation using credentials from the same account that
@@ -2946,6 +2716,10 @@ module Aws::SecretsManager
     #   field. The user making the call must have permissions to both the
     #   secret and the CMK in their respective accounts.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label
+    #
     # @option params [String, StringIO, File] :secret_binary
     #   (Optional) Specifies updated binary data that you want to encrypt and
     #   store in the new version of the secret. To use this parameter in the
@@ -2970,25 +2744,13 @@ module Aws::SecretsManager
     #   Lambda rotation function knows how to parse.
     #
     #   For storing multiple values, we recommend that you use a JSON text
-    #   string argument and specify key/value pairs. For information on how to
-    #   format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI User
-    #   Guide*. For example:
+    #   string argument and specify key/value pairs. For more information, see
+    #   [Specifying parameter values for the Amazon Web Services CLI][1] in
+    #   the Amazon Web Services CLI User Guide.
     #
-    #   `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
     #
-    #   If your command-line tool or SDK requires quotation marks around the
-    #   parameter, you should use single quotes to avoid confusion with the
-    #   double quotes required in the JSON text. You can also 'escape' the
-    #   double quote character in the embedded JSON text by prefacing each
-    #   with a backslash. For example, the following string is surrounded by
-    #   double-quotes. All of the embedded double quotes are escaped:
     #
-    #   `"[\{"username":"bob"\},\{"password":"abc123xyz456"\}]"`
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #
     # @return [Types::UpdateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -3078,8 +2840,8 @@ module Aws::SecretsManager
     # of a secret at a time. If a staging label to be added is already
     # attached to another version, then it is moved--removed from the other
     # version first and then attached to this one. For more information
-    # about staging labels, see [Staging Labels][1] in the *AWS Secrets
-    # Manager User Guide*.
+    # about staging labels, see [Staging Labels][1] in the *Amazon Web
+    # Services Secrets Manager User Guide*.
     #
     # The staging labels that you specify in the `VersionStage` parameter
     # are added to the existing list of staging labels--they don't replace
@@ -3123,26 +2885,8 @@ module Aws::SecretsManager
     #   you want to modify. You can specify either the Amazon Resource Name
     #   (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [required, String] :version_stage
     #   The staging label to add to this version.
@@ -3281,34 +3025,16 @@ module Aws::SecretsManager
     #   you want to validate. You can specify either the Amazon Resource Name
     #   (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that Secrets
-    #   Manager adds at the end of the ARN when you created the secret. A
-    #   partial ARN match can work as long as it uniquely matches only one
-    #   secret. However, if your secret has a name that ends in a hyphen
-    #   followed by six characters (before Secrets Manager adds the hyphen and
-    #   six characters to the ARN) and you try to use that as a partial ARN,
-    #   then those characters cause Secrets Manager to assume that you’re
-    #   specifying a complete ARN. This confusion can cause unexpected
-    #   results. To avoid this situation, we recommend that you don’t create
-    #   secret names ending with a hyphen followed by six characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than a
+    #   partial ARN.
     #
     # @option params [required, String] :resource_policy
     #   A JSON-formatted string constructed according to the grammar and
-    #   syntax for an AWS resource-based policy. The policy in the string
-    #   identifies who can access or manage this secret and its versions. For
-    #   information on how to format a JSON parameter for the various command
-    #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
-    #   CLI User Guide*.publi
+    #   syntax for an Amazon Web Services resource-based policy. The policy in
+    #   the string identifies who can access or manage this secret and its
+    #   versions. For information on how to format a JSON parameter for the
+    #   various command line tool environments, see [Using JSON for
+    #   Parameters][1] in the *CLI User Guide*.publi
     #
     #
     #
@@ -3372,7 +3098,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.46.0'
+      context[:gem_version] = '1.50.0'
       Seahorse::Client::Request.new(handlers, context)
     end