aws-sdk-secretsmanager 1.46.0 → 1.50.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -22,27 +22,8 @@ module Aws::SecretsManager
22
22
  # either the Amazon Resource Name (ARN) or the friendly name of the
23
23
  # secret.
24
24
  #
25
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
26
- # complete ARN. You can specify a partial ARN too—for example, if you
27
- # don’t include the final hyphen and six random characters that
28
- # Secrets Manager adds at the end of the ARN when you created the
29
- # secret. A partial ARN match can work as long as it uniquely matches
30
- # only one secret. However, if your secret has a name that ends in a
31
- # hyphen followed by six characters (before Secrets Manager adds the
32
- # hyphen and six characters to the ARN) and you try to use that as a
33
- # partial ARN, then those characters cause Secrets Manager to assume
34
- # that you’re specifying a complete ARN. This confusion can cause
35
- # unexpected results. To avoid this situation, we recommend that you
36
- # don’t create secret names ending with a hyphen followed by six
37
- # characters.
38
- #
39
- # If you specify an incomplete ARN without the random suffix, and
40
- # instead provide the 'friendly name', you *must* not include the
41
- # random suffix. If you do include the random suffix added by Secrets
42
- # Manager, you receive either a *ResourceNotFoundException* or an
43
- # *AccessDeniedException* error, depending on your permissions.
44
- #
45
- # </note>
25
+ # For an ARN, we recommend that you specify a complete ARN rather than
26
+ # a partial ARN.
46
27
  # @return [String]
47
28
  #
48
29
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecretRequest AWS API Documentation
@@ -125,13 +106,14 @@ module Aws::SecretsManager
125
106
  # initial version is created as part of the secret, and this parameter
126
107
  # specifies a unique identifier for the new version.
127
108
  #
128
- # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
129
- # then you can leave this parameter empty. The CLI or SDK generates a
130
- # random UUID for you and includes it as the value for this parameter
131
- # in the request. If you don't use the SDK and instead generate a raw
132
- # HTTP request to the Secrets Manager service endpoint, then you must
133
- # generate a `ClientRequestToken` yourself for the new version and
134
- # include the value in the request.
109
+ # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
110
+ # Services SDK to call this operation, then you can leave this
111
+ # parameter empty. The CLI or SDK generates a random UUID for you and
112
+ # includes it as the value for this parameter in the request. If you
113
+ # don't use the SDK and instead generate a raw HTTP request to the
114
+ # Secrets Manager service endpoint, then you must generate a
115
+ # `ClientRequestToken` yourself for the new version and include the
116
+ # value in the request.
135
117
  #
136
118
  # </note>
137
119
  #
@@ -169,20 +151,21 @@ module Aws::SecretsManager
169
151
  # @return [String]
170
152
  #
171
153
  # @!attribute [rw] kms_key_id
172
- # (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS
173
- # customer master key (CMK) to be used to encrypt the `SecretString`
174
- # or `SecretBinary` values in the versions stored in this secret.
154
+ # (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web
155
+ # Services KMS customer master key (CMK) to be used to encrypt the
156
+ # `SecretString` or `SecretBinary` values in the versions stored in
157
+ # this secret.
175
158
  #
176
- # You can specify any of the supported ways to identify a AWS KMS key
177
- # ID. If you need to reference a CMK in a different account, you can
178
- # use only the key ARN or the alias ARN.
159
+ # You can specify any of the supported ways to identify a Amazon Web
160
+ # Services KMS key ID. If you need to reference a CMK in a different
161
+ # account, you can use only the key ARN or the alias ARN.
179
162
  #
180
163
  # If you don't specify this value, then Secrets Manager defaults to
181
- # using the AWS account's default CMK (the one named
182
- # `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't yet
183
- # exist, then Secrets Manager creates it for you automatically the
184
- # first time it needs to encrypt a version's `SecretString` or
185
- # `SecretBinary` fields.
164
+ # using the Amazon Web Services account's default CMK (the one named
165
+ # `aws/secretsmanager`). If a Amazon Web Services KMS CMK with that
166
+ # name doesn't yet exist, then Secrets Manager creates it for you
167
+ # automatically the first time it needs to encrypt a version's
168
+ # `SecretString` or `SecretBinary` fields.
186
169
  #
187
170
  # You can use the account default CMK to encrypt and decrypt only if
188
171
  # you call this operation using credentials from the same account that
@@ -201,7 +184,8 @@ module Aws::SecretsManager
201
184
  # both. They cannot both be empty.
202
185
  #
203
186
  # This parameter is not available using the Secrets Manager console.
204
- # It can be accessed only by using the AWS CLI or one of the AWS SDKs.
187
+ # It can be accessed only by using the Amazon Web Services CLI or one
188
+ # of the Amazon Web Services SDKs.
205
189
  # @return [String]
206
190
  #
207
191
  # @!attribute [rw] secret_string
@@ -218,20 +202,13 @@ module Aws::SecretsManager
218
202
  # rotation function knows how to parse.
219
203
  #
220
204
  # For storing multiple values, we recommend that you use a JSON text
221
- # string argument and specify key/value pairs. For information on how
222
- # to format a JSON parameter for the various command line tool
223
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI
224
- # User Guide*. For example:
225
- #
226
- # `\{"username":"bob","password":"abc123xyz456"\}`
227
- #
228
- # If your command-line tool or SDK requires quotation marks around the
229
- # parameter, you should use single quotes to avoid confusion with the
230
- # double quotes required in the JSON text.
205
+ # string argument and specify key/value pairs. For more information,
206
+ # see [Specifying parameter values for the Amazon Web Services CLI][1]
207
+ # in the Amazon Web Services CLI User Guide.
231
208
  #
232
209
  #
233
210
  #
234
- # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
211
+ # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
235
212
  # @return [String]
236
213
  #
237
214
  # @!attribute [rw] tags
@@ -251,8 +228,8 @@ module Aws::SecretsManager
251
228
  #
252
229
  # This parameter requires a JSON text string argument. For information
253
230
  # on how to format a JSON parameter for the various command line tool
254
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI
255
- # User Guide*. For example:
231
+ # environments, see [Using JSON for Parameters][1] in the *CLI User
232
+ # Guide*. For example:
256
233
  #
257
234
  # `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
258
235
  #
@@ -271,9 +248,9 @@ module Aws::SecretsManager
271
248
  # * Tag keys and values are case sensitive.
272
249
  #
273
250
  # * Do not use the `aws:` prefix in your tag names or values because
274
- # AWS reserves it for AWS use. You can't edit or delete tag names
275
- # or values with this prefix. Tags with this prefix do not count
276
- # against your tags per secret limit.
251
+ # Amazon Web Services reserves it for Amazon Web Services use. You
252
+ # can't edit or delete tag names or values with this prefix. Tags
253
+ # with this prefix do not count against your tags per secret limit.
277
254
  #
278
255
  # * If you use your tagging schema across multiple services and
279
256
  # resources, remember other services might have restrictions on
@@ -378,27 +355,8 @@ module Aws::SecretsManager
378
355
  # resource-based policy for. You can specify either the Amazon
379
356
  # Resource Name (ARN) or the friendly name of the secret.
380
357
  #
381
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
382
- # complete ARN. You can specify a partial ARN too—for example, if you
383
- # don’t include the final hyphen and six random characters that
384
- # Secrets Manager adds at the end of the ARN when you created the
385
- # secret. A partial ARN match can work as long as it uniquely matches
386
- # only one secret. However, if your secret has a name that ends in a
387
- # hyphen followed by six characters (before Secrets Manager adds the
388
- # hyphen and six characters to the ARN) and you try to use that as a
389
- # partial ARN, then those characters cause Secrets Manager to assume
390
- # that you’re specifying a complete ARN. This confusion can cause
391
- # unexpected results. To avoid this situation, we recommend that you
392
- # don’t create secret names ending with a hyphen followed by six
393
- # characters.
394
- #
395
- # If you specify an incomplete ARN without the random suffix, and
396
- # instead provide the 'friendly name', you *must* not include the
397
- # random suffix. If you do include the random suffix added by Secrets
398
- # Manager, you receive either a *ResourceNotFoundException* or an
399
- # *AccessDeniedException* error, depending on your permissions.
400
- #
401
- # </note>
358
+ # For an ARN, we recommend that you specify a complete ARN rather than
359
+ # a partial ARN.
402
360
  # @return [String]
403
361
  #
404
362
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicyRequest AWS API Documentation
@@ -441,27 +399,8 @@ module Aws::SecretsManager
441
399
  # Specifies the secret to delete. You can specify either the Amazon
442
400
  # Resource Name (ARN) or the friendly name of the secret.
443
401
  #
444
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
445
- # complete ARN. You can specify a partial ARN too—for example, if you
446
- # don’t include the final hyphen and six random characters that
447
- # Secrets Manager adds at the end of the ARN when you created the
448
- # secret. A partial ARN match can work as long as it uniquely matches
449
- # only one secret. However, if your secret has a name that ends in a
450
- # hyphen followed by six characters (before Secrets Manager adds the
451
- # hyphen and six characters to the ARN) and you try to use that as a
452
- # partial ARN, then those characters cause Secrets Manager to assume
453
- # that you’re specifying a complete ARN. This confusion can cause
454
- # unexpected results. To avoid this situation, we recommend that you
455
- # don’t create secret names ending with a hyphen followed by six
456
- # characters.
457
- #
458
- # If you specify an incomplete ARN without the random suffix, and
459
- # instead provide the 'friendly name', you *must* not include the
460
- # random suffix. If you do include the random suffix added by Secrets
461
- # Manager, you receive either a *ResourceNotFoundException* or an
462
- # *AccessDeniedException* error, depending on your permissions.
463
- #
464
- # </note>
402
+ # For an ARN, we recommend that you specify a complete ARN rather than
403
+ # a partial ARN.
465
404
  # @return [String]
466
405
  #
467
406
  # @!attribute [rw] recovery_window_in_days
@@ -486,10 +425,10 @@ module Aws::SecretsManager
486
425
  #
487
426
  # Use this parameter with caution. This parameter causes the operation
488
427
  # to skip the normal waiting period before the permanent deletion that
489
- # AWS would normally impose with the `RecoveryWindowInDays` parameter.
490
- # If you delete a secret with the `ForceDeleteWithouRecovery`
491
- # parameter, then you have no opportunity to recover the secret. You
492
- # lose the secret permanently.
428
+ # Amazon Web Services would normally impose with the
429
+ # `RecoveryWindowInDays` parameter. If you delete a secret with the
430
+ # `ForceDeleteWithouRecovery` parameter, then you have no opportunity
431
+ # to recover the secret. You lose the secret permanently.
493
432
  #
494
433
  # If you use this parameter and include a previously deleted or
495
434
  # nonexistent secret, the operation does not return the error
@@ -543,27 +482,8 @@ module Aws::SecretsManager
543
482
  # can specify either the Amazon Resource Name (ARN) or the friendly
544
483
  # name of the secret.
545
484
  #
546
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
547
- # complete ARN. You can specify a partial ARN too—for example, if you
548
- # don’t include the final hyphen and six random characters that
549
- # Secrets Manager adds at the end of the ARN when you created the
550
- # secret. A partial ARN match can work as long as it uniquely matches
551
- # only one secret. However, if your secret has a name that ends in a
552
- # hyphen followed by six characters (before Secrets Manager adds the
553
- # hyphen and six characters to the ARN) and you try to use that as a
554
- # partial ARN, then those characters cause Secrets Manager to assume
555
- # that you’re specifying a complete ARN. This confusion can cause
556
- # unexpected results. To avoid this situation, we recommend that you
557
- # don’t create secret names ending with a hyphen followed by six
558
- # characters.
559
- #
560
- # If you specify an incomplete ARN without the random suffix, and
561
- # instead provide the 'friendly name', you *must* not include the
562
- # random suffix. If you do include the random suffix added by Secrets
563
- # Manager, you receive either a *ResourceNotFoundException* or an
564
- # *AccessDeniedException* error, depending on your permissions.
565
- #
566
- # </note>
485
+ # For an ARN, we recommend that you specify a complete ARN rather than
486
+ # a partial ARN.
567
487
  # @return [String]
568
488
  #
569
489
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretRequest AWS API Documentation
@@ -587,11 +507,12 @@ module Aws::SecretsManager
587
507
  # @return [String]
588
508
  #
589
509
  # @!attribute [rw] kms_key_id
590
- # The ARN or alias of the AWS KMS customer master key (CMK) that's
591
- # used to encrypt the `SecretString` or `SecretBinary` fields in each
592
- # version of the secret. If you don't provide a key, then Secrets
593
- # Manager defaults to encrypting the secret fields with the default
594
- # AWS KMS CMK (the one named `awssecretsmanager`) for this account.
510
+ # The ARN or alias of the Amazon Web Services KMS customer master key
511
+ # (CMK) that's used to encrypt the `SecretString` or `SecretBinary`
512
+ # fields in each version of the secret. If you don't provide a key,
513
+ # then Secrets Manager defaults to encrypting the secret fields with
514
+ # the default Amazon Web Services KMS CMK (the one named
515
+ # `awssecretsmanager`) for this account.
595
516
  # @return [String]
596
517
  #
597
518
  # @!attribute [rw] rotation_enabled
@@ -609,7 +530,8 @@ module Aws::SecretsManager
609
530
  # @return [String]
610
531
  #
611
532
  # @!attribute [rw] rotation_rules
612
- # A structure with the rotation configuration for this secret.
533
+ # A structure with the rotation configuration for this secret. This
534
+ # field is only populated if rotation is configured.
613
535
  # @return [Types::RotationRulesType]
614
536
  #
615
537
  # @!attribute [rw] last_rotated_date
@@ -860,27 +782,8 @@ module Aws::SecretsManager
860
782
  # resource-based policy for. You can specify either the Amazon
861
783
  # Resource Name (ARN) or the friendly name of the secret.
862
784
  #
863
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
864
- # complete ARN. You can specify a partial ARN too—for example, if you
865
- # don’t include the final hyphen and six random characters that
866
- # Secrets Manager adds at the end of the ARN when you created the
867
- # secret. A partial ARN match can work as long as it uniquely matches
868
- # only one secret. However, if your secret has a name that ends in a
869
- # hyphen followed by six characters (before Secrets Manager adds the
870
- # hyphen and six characters to the ARN) and you try to use that as a
871
- # partial ARN, then those characters cause Secrets Manager to assume
872
- # that you’re specifying a complete ARN. This confusion can cause
873
- # unexpected results. To avoid this situation, we recommend that you
874
- # don’t create secret names ending with a hyphen followed by six
875
- # characters.
876
- #
877
- # If you specify an incomplete ARN without the random suffix, and
878
- # instead provide the 'friendly name', you *must* not include the
879
- # random suffix. If you do include the random suffix added by Secrets
880
- # Manager, you receive either a *ResourceNotFoundException* or an
881
- # *AccessDeniedException* error, depending on your permissions.
882
- #
883
- # </note>
785
+ # For an ARN, we recommend that you specify a complete ARN rather than
786
+ # a partial ARN.
884
787
  # @return [String]
885
788
  #
886
789
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicyRequest AWS API Documentation
@@ -907,8 +810,9 @@ module Aws::SecretsManager
907
810
  # with any permissions that are associated with the user or role that
908
811
  # attempts to access this secret. The combined permissions specify who
909
812
  # can access the secret and what actions they can perform. For more
910
- # information, see [Authentication and Access Control for AWS Secrets
911
- # Manager][1] in the *AWS Secrets Manager User Guide*.
813
+ # information, see [Authentication and Access Control for Amazon Web
814
+ # Services Secrets Manager][1] in the *Amazon Web Services Secrets
815
+ # Manager User Guide*.
912
816
  #
913
817
  #
914
818
  #
@@ -939,27 +843,8 @@ module Aws::SecretsManager
939
843
  # retrieve. You can specify either the Amazon Resource Name (ARN) or
940
844
  # the friendly name of the secret.
941
845
  #
942
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
943
- # complete ARN. You can specify a partial ARN too—for example, if you
944
- # don’t include the final hyphen and six random characters that
945
- # Secrets Manager adds at the end of the ARN when you created the
946
- # secret. A partial ARN match can work as long as it uniquely matches
947
- # only one secret. However, if your secret has a name that ends in a
948
- # hyphen followed by six characters (before Secrets Manager adds the
949
- # hyphen and six characters to the ARN) and you try to use that as a
950
- # partial ARN, then those characters cause Secrets Manager to assume
951
- # that you’re specifying a complete ARN. This confusion can cause
952
- # unexpected results. To avoid this situation, we recommend that you
953
- # don’t create secret names ending with a hyphen followed by six
954
- # characters.
955
- #
956
- # If you specify an incomplete ARN without the random suffix, and
957
- # instead provide the 'friendly name', you *must* not include the
958
- # random suffix. If you do include the random suffix added by Secrets
959
- # Manager, you receive either a *ResourceNotFoundException* or an
960
- # *AccessDeniedException* error, depending on your permissions.
961
- #
962
- # </note>
846
+ # For an ARN, we recommend that you specify a complete ARN rather than
847
+ # a partial ARN.
963
848
  # @return [String]
964
849
  #
965
850
  # @!attribute [rw] version_id
@@ -1160,27 +1045,8 @@ module Aws::SecretsManager
1160
1045
  # list. You can specify either the Amazon Resource Name (ARN) or the
1161
1046
  # friendly name of the secret.
1162
1047
  #
1163
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
1164
- # complete ARN. You can specify a partial ARN too—for example, if you
1165
- # don’t include the final hyphen and six random characters that
1166
- # Secrets Manager adds at the end of the ARN when you created the
1167
- # secret. A partial ARN match can work as long as it uniquely matches
1168
- # only one secret. However, if your secret has a name that ends in a
1169
- # hyphen followed by six characters (before Secrets Manager adds the
1170
- # hyphen and six characters to the ARN) and you try to use that as a
1171
- # partial ARN, then those characters cause Secrets Manager to assume
1172
- # that you’re specifying a complete ARN. This confusion can cause
1173
- # unexpected results. To avoid this situation, we recommend that you
1174
- # don’t create secret names ending with a hyphen followed by six
1175
- # characters.
1176
- #
1177
- # If you specify an incomplete ARN without the random suffix, and
1178
- # instead provide the 'friendly name', you *must* not include the
1179
- # random suffix. If you do include the random suffix added by Secrets
1180
- # Manager, you receive either a *ResourceNotFoundException* or an
1181
- # *AccessDeniedException* error, depending on your permissions.
1182
- #
1183
- # </note>
1048
+ # For an ARN, we recommend that you specify a complete ARN rather than
1049
+ # a partial ARN.
1184
1050
  # @return [String]
1185
1051
  #
1186
1052
  # @!attribute [rw] max_results
@@ -1401,36 +1267,17 @@ module Aws::SecretsManager
1401
1267
  # policy. You can specify either the ARN or the friendly name of the
1402
1268
  # secret.
1403
1269
  #
1404
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
1405
- # complete ARN. You can specify a partial ARN too—for example, if you
1406
- # don’t include the final hyphen and six random characters that
1407
- # Secrets Manager adds at the end of the ARN when you created the
1408
- # secret. A partial ARN match can work as long as it uniquely matches
1409
- # only one secret. However, if your secret has a name that ends in a
1410
- # hyphen followed by six characters (before Secrets Manager adds the
1411
- # hyphen and six characters to the ARN) and you try to use that as a
1412
- # partial ARN, then those characters cause Secrets Manager to assume
1413
- # that you’re specifying a complete ARN. This confusion can cause
1414
- # unexpected results. To avoid this situation, we recommend that you
1415
- # don’t create secret names ending with a hyphen followed by six
1416
- # characters.
1417
- #
1418
- # If you specify an incomplete ARN without the random suffix, and
1419
- # instead provide the 'friendly name', you *must* not include the
1420
- # random suffix. If you do include the random suffix added by Secrets
1421
- # Manager, you receive either a *ResourceNotFoundException* or an
1422
- # *AccessDeniedException* error, depending on your permissions.
1423
- #
1424
- # </note>
1270
+ # For an ARN, we recommend that you specify a complete ARN rather than
1271
+ # a partial ARN.
1425
1272
  # @return [String]
1426
1273
  #
1427
1274
  # @!attribute [rw] resource_policy
1428
1275
  # A JSON-formatted string constructed according to the grammar and
1429
- # syntax for an AWS resource-based policy. The policy in the string
1430
- # identifies who can access or manage this secret and its versions.
1431
- # For information on how to format a JSON parameter for the various
1432
- # command line tool environments, see [Using JSON for Parameters][1]
1433
- # in the *AWS CLI User Guide*.
1276
+ # syntax for an Amazon Web Services resource-based policy. The policy
1277
+ # in the string identifies who can access or manage this secret and
1278
+ # its versions. For information on how to format a JSON parameter for
1279
+ # the various command line tool environments, see [Using JSON for
1280
+ # Parameters][1] in the *CLI User Guide*.
1434
1281
  #
1435
1282
  #
1436
1283
  #
@@ -1487,40 +1334,21 @@ module Aws::SecretsManager
1487
1334
  # specify either the Amazon Resource Name (ARN) or the friendly name
1488
1335
  # of the secret. The secret must already exist.
1489
1336
  #
1490
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
1491
- # complete ARN. You can specify a partial ARN too—for example, if you
1492
- # don’t include the final hyphen and six random characters that
1493
- # Secrets Manager adds at the end of the ARN when you created the
1494
- # secret. A partial ARN match can work as long as it uniquely matches
1495
- # only one secret. However, if your secret has a name that ends in a
1496
- # hyphen followed by six characters (before Secrets Manager adds the
1497
- # hyphen and six characters to the ARN) and you try to use that as a
1498
- # partial ARN, then those characters cause Secrets Manager to assume
1499
- # that you’re specifying a complete ARN. This confusion can cause
1500
- # unexpected results. To avoid this situation, we recommend that you
1501
- # don’t create secret names ending with a hyphen followed by six
1502
- # characters.
1503
- #
1504
- # If you specify an incomplete ARN without the random suffix, and
1505
- # instead provide the 'friendly name', you *must* not include the
1506
- # random suffix. If you do include the random suffix added by Secrets
1507
- # Manager, you receive either a *ResourceNotFoundException* or an
1508
- # *AccessDeniedException* error, depending on your permissions.
1509
- #
1510
- # </note>
1337
+ # For an ARN, we recommend that you specify a complete ARN rather than
1338
+ # a partial ARN.
1511
1339
  # @return [String]
1512
1340
  #
1513
1341
  # @!attribute [rw] client_request_token
1514
1342
  # (Optional) Specifies a unique identifier for the new version of the
1515
1343
  # secret.
1516
1344
  #
1517
- # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
1518
- # then you can leave this parameter empty. The CLI or SDK generates a
1519
- # random UUID for you and includes that in the request. If you don't
1520
- # use the SDK and instead generate a raw HTTP request to the Secrets
1521
- # Manager service endpoint, then you must generate a
1522
- # `ClientRequestToken` yourself for new versions and include that
1523
- # value in the request.
1345
+ # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
1346
+ # Services SDK to call this operation, then you can leave this
1347
+ # parameter empty. The CLI or SDK generates a random UUID for you and
1348
+ # includes that in the request. If you don't use the SDK and instead
1349
+ # generate a raw HTTP request to the Secrets Manager service endpoint,
1350
+ # then you must generate a `ClientRequestToken` yourself for new
1351
+ # versions and include that value in the request.
1524
1352
  #
1525
1353
  # </note>
1526
1354
  #
@@ -1580,22 +1408,13 @@ module Aws::SecretsManager
1580
1408
  # Lambda rotation function knows how to parse.
1581
1409
  #
1582
1410
  # For storing multiple values, we recommend that you use a JSON text
1583
- # string argument and specify key/value pairs. For information on how
1584
- # to format a JSON parameter for the various command line tool
1585
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI
1586
- # User Guide*.
1411
+ # string argument and specify key/value pairs. For more information,
1412
+ # see [Specifying parameter values for the Amazon Web Services CLI][1]
1413
+ # in the Amazon Web Services CLI User Guide.
1587
1414
  #
1588
- # For example:
1589
1415
  #
1590
- # `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
1591
1416
  #
1592
- # If your command-line tool or SDK requires quotation marks around the
1593
- # parameter, you should use single quotes to avoid confusion with the
1594
- # double quotes required in the JSON text.
1595
- #
1596
- #
1597
- #
1598
- # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
1417
+ # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
1599
1418
  # @return [String]
1600
1419
  #
1601
1420
  # @!attribute [rw] version_stages
@@ -1861,27 +1680,8 @@ module Aws::SecretsManager
1861
1680
  # scheduled deletion. You can specify either the Amazon Resource Name
1862
1681
  # (ARN) or the friendly name of the secret.
1863
1682
  #
1864
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
1865
- # complete ARN. You can specify a partial ARN too—for example, if you
1866
- # don’t include the final hyphen and six random characters that
1867
- # Secrets Manager adds at the end of the ARN when you created the
1868
- # secret. A partial ARN match can work as long as it uniquely matches
1869
- # only one secret. However, if your secret has a name that ends in a
1870
- # hyphen followed by six characters (before Secrets Manager adds the
1871
- # hyphen and six characters to the ARN) and you try to use that as a
1872
- # partial ARN, then those characters cause Secrets Manager to assume
1873
- # that you’re specifying a complete ARN. This confusion can cause
1874
- # unexpected results. To avoid this situation, we recommend that you
1875
- # don’t create secret names ending with a hyphen followed by six
1876
- # characters.
1877
- #
1878
- # If you specify an incomplete ARN without the random suffix, and
1879
- # instead provide the 'friendly name', you *must* not include the
1880
- # random suffix. If you do include the random suffix added by Secrets
1881
- # Manager, you receive either a *ResourceNotFoundException* or an
1882
- # *AccessDeniedException* error, depending on your permissions.
1883
- #
1884
- # </note>
1683
+ # For an ARN, we recommend that you specify a complete ARN rather than
1684
+ # a partial ARN.
1885
1685
  # @return [String]
1886
1686
  #
1887
1687
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecretRequest AWS API Documentation
@@ -1925,40 +1725,22 @@ module Aws::SecretsManager
1925
1725
  # Specifies the secret that you want to rotate. You can specify either
1926
1726
  # the Amazon Resource Name (ARN) or the friendly name of the secret.
1927
1727
  #
1928
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
1929
- # complete ARN. You can specify a partial ARN too—for example, if you
1930
- # don’t include the final hyphen and six random characters that
1931
- # Secrets Manager adds at the end of the ARN when you created the
1932
- # secret. A partial ARN match can work as long as it uniquely matches
1933
- # only one secret. However, if your secret has a name that ends in a
1934
- # hyphen followed by six characters (before Secrets Manager adds the
1935
- # hyphen and six characters to the ARN) and you try to use that as a
1936
- # partial ARN, then those characters cause Secrets Manager to assume
1937
- # that you’re specifying a complete ARN. This confusion can cause
1938
- # unexpected results. To avoid this situation, we recommend that you
1939
- # don’t create secret names ending with a hyphen followed by six
1940
- # characters.
1941
- #
1942
- # If you specify an incomplete ARN without the random suffix, and
1943
- # instead provide the 'friendly name', you *must* not include the
1944
- # random suffix. If you do include the random suffix added by Secrets
1945
- # Manager, you receive either a *ResourceNotFoundException* or an
1946
- # *AccessDeniedException* error, depending on your permissions.
1947
- #
1948
- # </note>
1728
+ # For an ARN, we recommend that you specify a complete ARN rather than
1729
+ # a partial ARN.
1949
1730
  # @return [String]
1950
1731
  #
1951
1732
  # @!attribute [rw] client_request_token
1952
1733
  # (Optional) Specifies a unique identifier for the new version of the
1953
1734
  # secret that helps ensure idempotency.
1954
1735
  #
1955
- # If you use the AWS CLI or one of the AWS SDK to call this operation,
1956
- # then you can leave this parameter empty. The CLI or SDK generates a
1957
- # random UUID for you and includes that in the request for this
1958
- # parameter. If you don't use the SDK and instead generate a raw HTTP
1959
- # request to the Secrets Manager service endpoint, then you must
1960
- # generate a `ClientRequestToken` yourself for new versions and
1961
- # include that value in the request.
1736
+ # If you use the Amazon Web Services CLI or one of the Amazon Web
1737
+ # Services SDK to call this operation, then you can leave this
1738
+ # parameter empty. The CLI or SDK generates a random UUID for you and
1739
+ # includes that in the request for this parameter. If you don't use
1740
+ # the SDK and instead generate a raw HTTP request to the Secrets
1741
+ # Manager service endpoint, then you must generate a
1742
+ # `ClientRequestToken` yourself for new versions and include that
1743
+ # value in the request.
1962
1744
  #
1963
1745
  # You only need to specify your own value if you implement your own
1964
1746
  # retry logic and want to ensure that a given secret is not created
@@ -2059,7 +1841,8 @@ module Aws::SecretsManager
2059
1841
  # The Amazon Resource Name (ARN) of the secret.
2060
1842
  #
2061
1843
  # For more information about ARNs in Secrets Manager, see [Policy
2062
- # Resources][1] in the *AWS Secrets Manager User Guide*.
1844
+ # Resources][1] in the *Amazon Web Services Secrets Manager User
1845
+ # Guide*.
2063
1846
  #
2064
1847
  #
2065
1848
  #
@@ -2078,11 +1861,12 @@ module Aws::SecretsManager
2078
1861
  # @return [String]
2079
1862
  #
2080
1863
  # @!attribute [rw] kms_key_id
2081
- # The ARN or alias of the AWS KMS customer master key (CMK) used to
2082
- # encrypt the `SecretString` and `SecretBinary` fields in each version
2083
- # of the secret. If you don't provide a key, then Secrets Manager
2084
- # defaults to encrypting the secret fields with the default KMS CMK,
2085
- # the key named `awssecretsmanager`, for this account.
1864
+ # The ARN or alias of the Amazon Web Services KMS customer master key
1865
+ # (CMK) used to encrypt the `SecretString` and `SecretBinary` fields
1866
+ # in each version of the secret. If you don't provide a key, then
1867
+ # Secrets Manager defaults to encrypting the secret fields with the
1868
+ # default KMS CMK, the key named `awssecretsmanager`, for this
1869
+ # account.
2086
1870
  # @return [String]
2087
1871
  #
2088
1872
  # @!attribute [rw] rotation_enabled
@@ -2091,9 +1875,9 @@ module Aws::SecretsManager
2091
1875
  # @return [Boolean]
2092
1876
  #
2093
1877
  # @!attribute [rw] rotation_lambda_arn
2094
- # The ARN of an AWS Lambda function invoked by Secrets Manager to
2095
- # rotate and expire the secret either automatically per the schedule
2096
- # or manually by a call to RotateSecret.
1878
+ # The ARN of an Amazon Web Services Lambda function invoked by Secrets
1879
+ # Manager to rotate and expire the secret either automatically per the
1880
+ # schedule or manually by a call to RotateSecret.
2097
1881
  # @return [String]
2098
1882
  #
2099
1883
  # @!attribute [rw] rotation_rules
@@ -2198,13 +1982,18 @@ module Aws::SecretsManager
2198
1982
  # The date and time this version of the secret was created.
2199
1983
  # @return [Time]
2200
1984
  #
1985
+ # @!attribute [rw] kms_key_ids
1986
+ # The KMS keys used to encrypt the secret version.
1987
+ # @return [Array<String>]
1988
+ #
2201
1989
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretVersionsListEntry AWS API Documentation
2202
1990
  #
2203
1991
  class SecretVersionsListEntry < Struct.new(
2204
1992
  :version_id,
2205
1993
  :version_stages,
2206
1994
  :last_accessed_date,
2207
- :created_date)
1995
+ :created_date,
1996
+ :kms_key_ids)
2208
1997
  SENSITIVE = []
2209
1998
  include Aws::Structure
2210
1999
  end
@@ -2287,43 +2076,24 @@ module Aws::SecretsManager
2287
2076
  # can specify either the Amazon Resource Name (ARN) or the friendly
2288
2077
  # name of the secret.
2289
2078
  #
2290
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2291
- # complete ARN. You can specify a partial ARN too—for example, if you
2292
- # don’t include the final hyphen and six random characters that
2293
- # Secrets Manager adds at the end of the ARN when you created the
2294
- # secret. A partial ARN match can work as long as it uniquely matches
2295
- # only one secret. However, if your secret has a name that ends in a
2296
- # hyphen followed by six characters (before Secrets Manager adds the
2297
- # hyphen and six characters to the ARN) and you try to use that as a
2298
- # partial ARN, then those characters cause Secrets Manager to assume
2299
- # that you’re specifying a complete ARN. This confusion can cause
2300
- # unexpected results. To avoid this situation, we recommend that you
2301
- # don’t create secret names ending with a hyphen followed by six
2302
- # characters.
2303
- #
2304
- # If you specify an incomplete ARN without the random suffix, and
2305
- # instead provide the 'friendly name', you *must* not include the
2306
- # random suffix. If you do include the random suffix added by Secrets
2307
- # Manager, you receive either a *ResourceNotFoundException* or an
2308
- # *AccessDeniedException* error, depending on your permissions.
2309
- #
2310
- # </note>
2079
+ # For an ARN, we recommend that you specify a complete ARN rather than
2080
+ # a partial ARN.
2311
2081
  # @return [String]
2312
2082
  #
2313
2083
  # @!attribute [rw] tags
2314
2084
  # The tags to attach to the secret. Each element in the list consists
2315
2085
  # of a `Key` and a `Value`.
2316
2086
  #
2317
- # This parameter to the API requires a JSON text string argument. For
2318
- # information on how to format a JSON parameter for the various
2319
- # command line tool environments, see [Using JSON for Parameters][1]
2320
- # in the *AWS CLI User Guide*. For the AWS CLI, you can also use the
2321
- # syntax: `--Tags Key="Key1",Value="Value1"
2322
- # Key="Key2",Value="Value2"[,…]`
2087
+ # This parameter to the API requires a JSON text string argument.
2323
2088
  #
2089
+ # For storing multiple values, we recommend that you use a JSON text
2090
+ # string argument and specify key/value pairs. For more information,
2091
+ # see [Specifying parameter values for the Amazon Web Services CLI][1]
2092
+ # in the Amazon Web Services CLI User Guide.
2324
2093
  #
2325
2094
  #
2326
- # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
2095
+ #
2096
+ # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
2327
2097
  # @return [Array<Types::Tag>]
2328
2098
  #
2329
2099
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResourceRequest AWS API Documentation
@@ -2348,27 +2118,8 @@ module Aws::SecretsManager
2348
2118
  # can specify either the Amazon Resource Name (ARN) or the friendly
2349
2119
  # name of the secret.
2350
2120
  #
2351
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2352
- # complete ARN. You can specify a partial ARN too—for example, if you
2353
- # don’t include the final hyphen and six random characters that
2354
- # Secrets Manager adds at the end of the ARN when you created the
2355
- # secret. A partial ARN match can work as long as it uniquely matches
2356
- # only one secret. However, if your secret has a name that ends in a
2357
- # hyphen followed by six characters (before Secrets Manager adds the
2358
- # hyphen and six characters to the ARN) and you try to use that as a
2359
- # partial ARN, then those characters cause Secrets Manager to assume
2360
- # that you’re specifying a complete ARN. This confusion can cause
2361
- # unexpected results. To avoid this situation, we recommend that you
2362
- # don’t create secret names ending with a hyphen followed by six
2363
- # characters.
2364
- #
2365
- # If you specify an incomplete ARN without the random suffix, and
2366
- # instead provide the 'friendly name', you *must* not include the
2367
- # random suffix. If you do include the random suffix added by Secrets
2368
- # Manager, you receive either a *ResourceNotFoundException* or an
2369
- # *AccessDeniedException* error, depending on your permissions.
2370
- #
2371
- # </note>
2121
+ # For an ARN, we recommend that you specify a complete ARN rather than
2122
+ # a partial ARN.
2372
2123
  # @return [String]
2373
2124
  #
2374
2125
  # @!attribute [rw] tag_keys
@@ -2376,14 +2127,16 @@ module Aws::SecretsManager
2376
2127
  # specify the value. Both the key and its associated value are
2377
2128
  # removed.
2378
2129
  #
2379
- # This parameter to the API requires a JSON text string argument. For
2380
- # information on how to format a JSON parameter for the various
2381
- # command line tool environments, see [Using JSON for Parameters][1]
2382
- # in the *AWS CLI User Guide*.
2130
+ # This parameter to the API requires a JSON text string argument.
2131
+ #
2132
+ # For storing multiple values, we recommend that you use a JSON text
2133
+ # string argument and specify key/value pairs. For more information,
2134
+ # see [Specifying parameter values for the Amazon Web Services CLI][1]
2135
+ # in the Amazon Web Services CLI User Guide.
2383
2136
  #
2384
2137
  #
2385
2138
  #
2386
- # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
2139
+ # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
2387
2140
  # @return [Array<String>]
2388
2141
  #
2389
2142
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResourceRequest AWS API Documentation
@@ -2412,27 +2165,8 @@ module Aws::SecretsManager
2412
2165
  # add a new version. You can specify either the Amazon Resource Name
2413
2166
  # (ARN) or the friendly name of the secret.
2414
2167
  #
2415
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2416
- # complete ARN. You can specify a partial ARN too—for example, if you
2417
- # don’t include the final hyphen and six random characters that
2418
- # Secrets Manager adds at the end of the ARN when you created the
2419
- # secret. A partial ARN match can work as long as it uniquely matches
2420
- # only one secret. However, if your secret has a name that ends in a
2421
- # hyphen followed by six characters (before Secrets Manager adds the
2422
- # hyphen and six characters to the ARN) and you try to use that as a
2423
- # partial ARN, then those characters cause Secrets Manager to assume
2424
- # that you’re specifying a complete ARN. This confusion can cause
2425
- # unexpected results. To avoid this situation, we recommend that you
2426
- # don’t create secret names ending with a hyphen followed by six
2427
- # characters.
2428
- #
2429
- # If you specify an incomplete ARN without the random suffix, and
2430
- # instead provide the 'friendly name', you *must* not include the
2431
- # random suffix. If you do include the random suffix added by Secrets
2432
- # Manager, you receive either a *ResourceNotFoundException* or an
2433
- # *AccessDeniedException* error, depending on your permissions.
2434
- #
2435
- # </note>
2168
+ # For an ARN, we recommend that you specify a complete ARN rather than
2169
+ # a partial ARN.
2436
2170
  # @return [String]
2437
2171
  #
2438
2172
  # @!attribute [rw] client_request_token
@@ -2440,13 +2174,13 @@ module Aws::SecretsManager
2440
2174
  # parameter specifies a unique identifier for the new version that
2441
2175
  # helps ensure idempotency.
2442
2176
  #
2443
- # If you use the AWS CLI or one of the AWS SDK to call this operation,
2444
- # then you can leave this parameter empty. The CLI or SDK generates a
2445
- # random UUID for you and includes that in the request. If you don't
2446
- # use the SDK and instead generate a raw HTTP request to the Secrets
2447
- # Manager service endpoint, then you must generate a
2448
- # `ClientRequestToken` yourself for new versions and include that
2449
- # value in the request.
2177
+ # If you use the Amazon Web Services CLI or one of the Amazon Web
2178
+ # Services SDK to call this operation, then you can leave this
2179
+ # parameter empty. The CLI or SDK generates a random UUID for you and
2180
+ # includes that in the request. If you don't use the SDK and instead
2181
+ # generate a raw HTTP request to the Secrets Manager service endpoint,
2182
+ # then you must generate a `ClientRequestToken` yourself for new
2183
+ # versions and include that value in the request.
2450
2184
  #
2451
2185
  # You typically only need to interact with this value if you implement
2452
2186
  # your own retry logic and want to ensure that a given secret is not
@@ -2486,9 +2220,13 @@ module Aws::SecretsManager
2486
2220
  # @return [String]
2487
2221
  #
2488
2222
  # @!attribute [rw] kms_key_id
2489
- # (Optional) Specifies an updated ARN or alias of the AWS KMS customer
2490
- # master key (CMK) to be used to encrypt the protected text in new
2491
- # versions of this secret.
2223
+ # (Optional) Specifies an updated ARN or alias of the Amazon Web
2224
+ # Services KMS customer master key (CMK) that Secrets Manager uses to
2225
+ # encrypt the protected text in new versions of this secret as well as
2226
+ # any existing versions of this secret that have the staging labels
2227
+ # AWSCURRENT, AWSPENDING, or AWSPREVIOUS. For more information about
2228
+ # staging labels, see [Staging Labels][1] in the *Amazon Web Services
2229
+ # Secrets Manager User Guide*.
2492
2230
  #
2493
2231
  # You can only use the account's default CMK to encrypt and decrypt
2494
2232
  # if you call this operation using credentials from the same account
@@ -2496,6 +2234,10 @@ module Aws::SecretsManager
2496
2234
  # you must create a custom CMK and provide the ARN of that CMK in this
2497
2235
  # field. The user making the call must have permissions to both the
2498
2236
  # secret and the CMK in their respective accounts.
2237
+ #
2238
+ #
2239
+ #
2240
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label
2499
2241
  # @return [String]
2500
2242
  #
2501
2243
  # @!attribute [rw] secret_binary
@@ -2523,25 +2265,13 @@ module Aws::SecretsManager
2523
2265
  # Lambda rotation function knows how to parse.
2524
2266
  #
2525
2267
  # For storing multiple values, we recommend that you use a JSON text
2526
- # string argument and specify key/value pairs. For information on how
2527
- # to format a JSON parameter for the various command line tool
2528
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI
2529
- # User Guide*. For example:
2530
- #
2531
- # `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
2268
+ # string argument and specify key/value pairs. For more information,
2269
+ # see [Specifying parameter values for the Amazon Web Services CLI][1]
2270
+ # in the Amazon Web Services CLI User Guide.
2532
2271
  #
2533
- # If your command-line tool or SDK requires quotation marks around the
2534
- # parameter, you should use single quotes to avoid confusion with the
2535
- # double quotes required in the JSON text. You can also 'escape' the
2536
- # double quote character in the embedded JSON text by prefacing each
2537
- # with a backslash. For example, the following string is surrounded by
2538
- # double-quotes. All of the embedded double quotes are escaped:
2539
- #
2540
- # `"[\{"username":"bob"\},\{"password":"abc123xyz456"\}]"`
2541
2272
  #
2542
2273
  #
2543
- #
2544
- # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
2274
+ # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
2545
2275
  # @return [String]
2546
2276
  #
2547
2277
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest AWS API Documentation
@@ -2605,27 +2335,8 @@ module Aws::SecretsManager
2605
2335
  # labels you want to modify. You can specify either the Amazon
2606
2336
  # Resource Name (ARN) or the friendly name of the secret.
2607
2337
  #
2608
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2609
- # complete ARN. You can specify a partial ARN too—for example, if you
2610
- # don’t include the final hyphen and six random characters that
2611
- # Secrets Manager adds at the end of the ARN when you created the
2612
- # secret. A partial ARN match can work as long as it uniquely matches
2613
- # only one secret. However, if your secret has a name that ends in a
2614
- # hyphen followed by six characters (before Secrets Manager adds the
2615
- # hyphen and six characters to the ARN) and you try to use that as a
2616
- # partial ARN, then those characters cause Secrets Manager to assume
2617
- # that you’re specifying a complete ARN. This confusion can cause
2618
- # unexpected results. To avoid this situation, we recommend that you
2619
- # don’t create secret names ending with a hyphen followed by six
2620
- # characters.
2621
- #
2622
- # If you specify an incomplete ARN without the random suffix, and
2623
- # instead provide the 'friendly name', you *must* not include the
2624
- # random suffix. If you do include the random suffix added by Secrets
2625
- # Manager, you receive either a *ResourceNotFoundException* or an
2626
- # *AccessDeniedException* error, depending on your permissions.
2627
- #
2628
- # </note>
2338
+ # For an ARN, we recommend that you specify a complete ARN rather than
2339
+ # a partial ARN.
2629
2340
  # @return [String]
2630
2341
  #
2631
2342
  # @!attribute [rw] version_stage
@@ -2693,36 +2404,17 @@ module Aws::SecretsManager
2693
2404
  # policy you want to validate. You can specify either the Amazon
2694
2405
  # Resource Name (ARN) or the friendly name of the secret.
2695
2406
  #
2696
- # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2697
- # complete ARN. You can specify a partial ARN too—for example, if you
2698
- # don’t include the final hyphen and six random characters that
2699
- # Secrets Manager adds at the end of the ARN when you created the
2700
- # secret. A partial ARN match can work as long as it uniquely matches
2701
- # only one secret. However, if your secret has a name that ends in a
2702
- # hyphen followed by six characters (before Secrets Manager adds the
2703
- # hyphen and six characters to the ARN) and you try to use that as a
2704
- # partial ARN, then those characters cause Secrets Manager to assume
2705
- # that you’re specifying a complete ARN. This confusion can cause
2706
- # unexpected results. To avoid this situation, we recommend that you
2707
- # don’t create secret names ending with a hyphen followed by six
2708
- # characters.
2709
- #
2710
- # If you specify an incomplete ARN without the random suffix, and
2711
- # instead provide the 'friendly name', you *must* not include the
2712
- # random suffix. If you do include the random suffix added by Secrets
2713
- # Manager, you receive either a *ResourceNotFoundException* or an
2714
- # *AccessDeniedException* error, depending on your permissions.
2715
- #
2716
- # </note>
2407
+ # For an ARN, we recommend that you specify a complete ARN rather than
2408
+ # a partial ARN.
2717
2409
  # @return [String]
2718
2410
  #
2719
2411
  # @!attribute [rw] resource_policy
2720
2412
  # A JSON-formatted string constructed according to the grammar and
2721
- # syntax for an AWS resource-based policy. The policy in the string
2722
- # identifies who can access or manage this secret and its versions.
2723
- # For information on how to format a JSON parameter for the various
2724
- # command line tool environments, see [Using JSON for Parameters][1]
2725
- # in the *AWS CLI User Guide*.publi
2413
+ # syntax for an Amazon Web Services resource-based policy. The policy
2414
+ # in the string identifies who can access or manage this secret and
2415
+ # its versions. For information on how to format a JSON parameter for
2416
+ # the various command line tool environments, see [Using JSON for
2417
+ # Parameters][1] in the *CLI User Guide*.publi
2726
2418
  #
2727
2419
  #
2728
2420
  #