aws-sdk-secretsmanager 1.46.0 → 1.50.0

data/lib/aws-sdk-secretsmanager/types.rb

@@ -22,27 +22,8 @@ module Aws::SecretsManager
     #   either the Amazon Resource Name (ARN) or the friendly name of the
     #   secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecretRequest AWS API Documentation
@@ -125,13 +106,14 @@ module Aws::SecretsManager
     #   initial version is created as part of the secret, and this parameter
     #   specifies a unique identifier for the new version.
     #
-    #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes it as the value for this parameter
-    #   in the request. If you don't use the SDK and instead generate a raw
-    #   HTTP request to the Secrets Manager service endpoint, then you must
-    #   generate a `ClientRequestToken` yourself for the new version and
-    #   include the value in the request.
+    #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes it as the value for this parameter in the request. If you
+    #   don't use the SDK and instead generate a raw HTTP request to the
+    #   Secrets Manager service endpoint, then you must generate a
+    #   `ClientRequestToken` yourself for the new version and include the
+    #   value in the request.
     #
     #    </note>
     #
@@ -169,20 +151,21 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS
-    #   customer master key (CMK) to be used to encrypt the `SecretString`
-    #   or `SecretBinary` values in the versions stored in this secret.
+    #   (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web
+    #   Services KMS customer master key (CMK) to be used to encrypt the
+    #   `SecretString` or `SecretBinary` values in the versions stored in
+    #   this secret.
     #
-    #   You can specify any of the supported ways to identify a AWS KMS key
-    #   ID. If you need to reference a CMK in a different account, you can
-    #   use only the key ARN or the alias ARN.
+    #   You can specify any of the supported ways to identify a Amazon Web
+    #   Services KMS key ID. If you need to reference a CMK in a different
+    #   account, you can use only the key ARN or the alias ARN.
     #
     #   If you don't specify this value, then Secrets Manager defaults to
-    #   using the AWS account's default CMK (the one named
-    #   `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't yet
-    #   exist, then Secrets Manager creates it for you automatically the
-    #   first time it needs to encrypt a version's `SecretString` or
-    #   `SecretBinary` fields.
+    #   using the Amazon Web Services account's default CMK (the one named
+    #   `aws/secretsmanager`). If a Amazon Web Services KMS CMK with that
+    #   name doesn't yet exist, then Secrets Manager creates it for you
+    #   automatically the first time it needs to encrypt a version's
+    #   `SecretString` or `SecretBinary` fields.
     #
     #   You can use the account default CMK to encrypt and decrypt only if
     #   you call this operation using credentials from the same account that
@@ -201,7 +184,8 @@ module Aws::SecretsManager
     #   both. They cannot both be empty.
     #
     #   This parameter is not available using the Secrets Manager console.
-    #   It can be accessed only by using the AWS CLI or one of the AWS SDKs.
+    #   It can be accessed only by using the Amazon Web Services CLI or one
+    #   of the Amazon Web Services SDKs.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -218,20 +202,13 @@ module Aws::SecretsManager
     #   rotation function knows how to parse.
     #
     #   For storing multiple values, we recommend that you use a JSON text
-    #   string argument and specify key/value pairs. For information on how
-    #   to format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI
-    #   User Guide*. For example:
-    #
-    #   `\{"username":"bob","password":"abc123xyz456"\}`
-    #
-    #   If your command-line tool or SDK requires quotation marks around the
-    #   parameter, you should use single quotes to avoid confusion with the
-    #   double quotes required in the JSON text.
+    #   string argument and specify key/value pairs. For more information,
+    #   see [Specifying parameter values for the Amazon Web Services CLI][1]
+    #   in the Amazon Web Services CLI User Guide.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -251,8 +228,8 @@ module Aws::SecretsManager
     #
     #   This parameter requires a JSON text string argument. For information
     #   on how to format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI
-    #   User Guide*. For example:
+    #   environments, see [Using JSON for Parameters][1] in the *CLI User
+    #   Guide*. For example:
     #
     #   `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
     #
@@ -271,9 +248,9 @@ module Aws::SecretsManager
     #   * Tag keys and values are case sensitive.
     #
     #   * Do not use the `aws:` prefix in your tag names or values because
-    #     AWS reserves it for AWS use. You can't edit or delete tag names
-    #     or values with this prefix. Tags with this prefix do not count
-    #     against your tags per secret limit.
+    #     Amazon Web Services reserves it for Amazon Web Services use. You
+    #     can't edit or delete tag names or values with this prefix. Tags
+    #     with this prefix do not count against your tags per secret limit.
     #
     #   * If you use your tagging schema across multiple services and
     #     resources, remember other services might have restrictions on
@@ -378,27 +355,8 @@ module Aws::SecretsManager
     #   resource-based policy for. You can specify either the Amazon
     #   Resource Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicyRequest AWS API Documentation
@@ -441,27 +399,8 @@ module Aws::SecretsManager
     #   Specifies the secret to delete. You can specify either the Amazon
     #   Resource Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] recovery_window_in_days
@@ -486,10 +425,10 @@ module Aws::SecretsManager
     #
     #   Use this parameter with caution. This parameter causes the operation
     #   to skip the normal waiting period before the permanent deletion that
-    #   AWS would normally impose with the `RecoveryWindowInDays` parameter.
-    #   If you delete a secret with the `ForceDeleteWithouRecovery`
-    #   parameter, then you have no opportunity to recover the secret. You
-    #   lose the secret permanently.
+    #   Amazon Web Services would normally impose with the
+    #   `RecoveryWindowInDays` parameter. If you delete a secret with the
+    #   `ForceDeleteWithouRecovery` parameter, then you have no opportunity
+    #   to recover the secret. You lose the secret permanently.
     #
     #   If you use this parameter and include a previously deleted or
     #   nonexistent secret, the operation does not return the error
@@ -543,27 +482,8 @@ module Aws::SecretsManager
     #   can specify either the Amazon Resource Name (ARN) or the friendly
     #   name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretRequest AWS API Documentation
@@ -587,11 +507,12 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The ARN or alias of the AWS KMS customer master key (CMK) that's
-    #   used to encrypt the `SecretString` or `SecretBinary` fields in each
-    #   version of the secret. If you don't provide a key, then Secrets
-    #   Manager defaults to encrypting the secret fields with the default
-    #   AWS KMS CMK (the one named `awssecretsmanager`) for this account.
+    #   The ARN or alias of the Amazon Web Services KMS customer master key
+    #   (CMK) that's used to encrypt the `SecretString` or `SecretBinary`
+    #   fields in each version of the secret. If you don't provide a key,
+    #   then Secrets Manager defaults to encrypting the secret fields with
+    #   the default Amazon Web Services KMS CMK (the one named
+    #   `awssecretsmanager`) for this account.
     #   @return [String]
     #
     # @!attribute [rw] rotation_enabled
@@ -609,7 +530,8 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] rotation_rules
-    #   A structure with the rotation configuration for this secret.
+    #   A structure with the rotation configuration for this secret. This
+    #   field is only populated if rotation is configured.
     #   @return [Types::RotationRulesType]
     #
     # @!attribute [rw] last_rotated_date
@@ -860,27 +782,8 @@ module Aws::SecretsManager
     #   resource-based policy for. You can specify either the Amazon
     #   Resource Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicyRequest AWS API Documentation
@@ -907,8 +810,9 @@ module Aws::SecretsManager
     #   with any permissions that are associated with the user or role that
     #   attempts to access this secret. The combined permissions specify who
     #   can access the secret and what actions they can perform. For more
-    #   information, see [Authentication and Access Control for AWS Secrets
-    #   Manager][1] in the *AWS Secrets Manager User Guide*.
+    #   information, see [Authentication and Access Control for Amazon Web
+    #   Services Secrets Manager][1] in the *Amazon Web Services Secrets
+    #   Manager User Guide*.
     #
     #
     #
@@ -939,27 +843,8 @@ module Aws::SecretsManager
     #   retrieve. You can specify either the Amazon Resource Name (ARN) or
     #   the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] version_id
@@ -1160,27 +1045,8 @@ module Aws::SecretsManager
     #   list. You can specify either the Amazon Resource Name (ARN) or the
     #   friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] max_results
@@ -1401,36 +1267,17 @@ module Aws::SecretsManager
     #   policy. You can specify either the ARN or the friendly name of the
     #   secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] resource_policy
     #   A JSON-formatted string constructed according to the grammar and
-    #   syntax for an AWS resource-based policy. The policy in the string
-    #   identifies who can access or manage this secret and its versions.
-    #   For information on how to format a JSON parameter for the various
-    #   command line tool environments, see [Using JSON for Parameters][1]
-    #   in the *AWS CLI User Guide*.
+    #   syntax for an Amazon Web Services resource-based policy. The policy
+    #   in the string identifies who can access or manage this secret and
+    #   its versions. For information on how to format a JSON parameter for
+    #   the various command line tool environments, see [Using JSON for
+    #   Parameters][1] in the *CLI User Guide*.
     #
     #
     #
@@ -1487,40 +1334,21 @@ module Aws::SecretsManager
     #   specify either the Amazon Resource Name (ARN) or the friendly name
     #   of the secret. The secret must already exist.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] client_request_token
     #   (Optional) Specifies a unique identifier for the new version of the
     #   secret.
     #
-    #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes that in the request. If you don't
-    #   use the SDK and instead generate a raw HTTP request to the Secrets
-    #   Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for new versions and include that
-    #   value in the request.
+    #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes that in the request. If you don't use the SDK and instead
+    #   generate a raw HTTP request to the Secrets Manager service endpoint,
+    #   then you must generate a `ClientRequestToken` yourself for new
+    #   versions and include that value in the request.
     #
     #    </note>
     #
@@ -1580,22 +1408,13 @@ module Aws::SecretsManager
     #   Lambda rotation function knows how to parse.
     #
     #   For storing multiple values, we recommend that you use a JSON text
-    #   string argument and specify key/value pairs. For information on how
-    #   to format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI
-    #   User Guide*.
+    #   string argument and specify key/value pairs. For more information,
+    #   see [Specifying parameter values for the Amazon Web Services CLI][1]
+    #   in the Amazon Web Services CLI User Guide.
     #
-    #   For example:
     #
-    #   `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
     #
-    #   If your command-line tool or SDK requires quotation marks around the
-    #   parameter, you should use single quotes to avoid confusion with the
-    #   double quotes required in the JSON text.
-    #
-    #
-    #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #   @return [String]
     #
     # @!attribute [rw] version_stages
@@ -1861,27 +1680,8 @@ module Aws::SecretsManager
     #   scheduled deletion. You can specify either the Amazon Resource Name
     #   (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecretRequest AWS API Documentation
@@ -1925,40 +1725,22 @@ module Aws::SecretsManager
     #   Specifies the secret that you want to rotate. You can specify either
     #   the Amazon Resource Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] client_request_token
     #   (Optional) Specifies a unique identifier for the new version of the
     #   secret that helps ensure idempotency.
     #
-    #   If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes that in the request for this
-    #   parameter. If you don't use the SDK and instead generate a raw HTTP
-    #   request to the Secrets Manager service endpoint, then you must
-    #   generate a `ClientRequestToken` yourself for new versions and
-    #   include that value in the request.
+    #   If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes that in the request for this parameter. If you don't use
+    #   the SDK and instead generate a raw HTTP request to the Secrets
+    #   Manager service endpoint, then you must generate a
+    #   `ClientRequestToken` yourself for new versions and include that
+    #   value in the request.
     #
     #   You only need to specify your own value if you implement your own
     #   retry logic and want to ensure that a given secret is not created
@@ -2059,7 +1841,8 @@ module Aws::SecretsManager
     #   The Amazon Resource Name (ARN) of the secret.
     #
     #   For more information about ARNs in Secrets Manager, see [Policy
-    #   Resources][1] in the *AWS Secrets Manager User Guide*.
+    #   Resources][1] in the *Amazon Web Services Secrets Manager User
+    #   Guide*.
     #
     #
     #
@@ -2078,11 +1861,12 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   The ARN or alias of the AWS KMS customer master key (CMK) used to
-    #   encrypt the `SecretString` and `SecretBinary` fields in each version
-    #   of the secret. If you don't provide a key, then Secrets Manager
-    #   defaults to encrypting the secret fields with the default KMS CMK,
-    #   the key named `awssecretsmanager`, for this account.
+    #   The ARN or alias of the Amazon Web Services KMS customer master key
+    #   (CMK) used to encrypt the `SecretString` and `SecretBinary` fields
+    #   in each version of the secret. If you don't provide a key, then
+    #   Secrets Manager defaults to encrypting the secret fields with the
+    #   default KMS CMK, the key named `awssecretsmanager`, for this
+    #   account.
     #   @return [String]
     #
     # @!attribute [rw] rotation_enabled
@@ -2091,9 +1875,9 @@ module Aws::SecretsManager
     #   @return [Boolean]
     #
     # @!attribute [rw] rotation_lambda_arn
-    #   The ARN of an AWS Lambda function invoked by Secrets Manager to
-    #   rotate and expire the secret either automatically per the schedule
-    #   or manually by a call to RotateSecret.
+    #   The ARN of an Amazon Web Services Lambda function invoked by Secrets
+    #   Manager to rotate and expire the secret either automatically per the
+    #   schedule or manually by a call to RotateSecret.
     #   @return [String]
     #
     # @!attribute [rw] rotation_rules
@@ -2198,13 +1982,18 @@ module Aws::SecretsManager
     #   The date and time this version of the secret was created.
     #   @return [Time]
     #
+    # @!attribute [rw] kms_key_ids
+    #   The KMS keys used to encrypt the secret version.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretVersionsListEntry AWS API Documentation
     #
     class SecretVersionsListEntry < Struct.new(
       :version_id,
       :version_stages,
       :last_accessed_date,
-      :created_date)
+      :created_date,
+      :kms_key_ids)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2287,43 +2076,24 @@ module Aws::SecretsManager
     #   can specify either the Amazon Resource Name (ARN) or the friendly
     #   name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] tags
     #   The tags to attach to the secret. Each element in the list consists
     #   of a `Key` and a `Value`.
     #
-    #   This parameter to the API requires a JSON text string argument. For
-    #   information on how to format a JSON parameter for the various
-    #   command line tool environments, see [Using JSON for Parameters][1]
-    #   in the *AWS CLI User Guide*. For the AWS CLI, you can also use the
-    #   syntax: `--Tags Key="Key1",Value="Value1"
-    #   Key="Key2",Value="Value2"[,…]`
+    #   This parameter to the API requires a JSON text string argument.
     #
+    #   For storing multiple values, we recommend that you use a JSON text
+    #   string argument and specify key/value pairs. For more information,
+    #   see [Specifying parameter values for the Amazon Web Services CLI][1]
+    #   in the Amazon Web Services CLI User Guide.
     #
     #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #   @return [Array<Types::Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResourceRequest AWS API Documentation
@@ -2348,27 +2118,8 @@ module Aws::SecretsManager
     #   can specify either the Amazon Resource Name (ARN) or the friendly
     #   name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
@@ -2376,14 +2127,16 @@ module Aws::SecretsManager
     #   specify the value. Both the key and its associated value are
     #   removed.
     #
-    #   This parameter to the API requires a JSON text string argument. For
-    #   information on how to format a JSON parameter for the various
-    #   command line tool environments, see [Using JSON for Parameters][1]
-    #   in the *AWS CLI User Guide*.
+    #   This parameter to the API requires a JSON text string argument.
+    #
+    #   For storing multiple values, we recommend that you use a JSON text
+    #   string argument and specify key/value pairs. For more information,
+    #   see [Specifying parameter values for the Amazon Web Services CLI][1]
+    #   in the Amazon Web Services CLI User Guide.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResourceRequest AWS API Documentation
@@ -2412,27 +2165,8 @@ module Aws::SecretsManager
     #   add a new version. You can specify either the Amazon Resource Name
     #   (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] client_request_token
@@ -2440,13 +2174,13 @@ module Aws::SecretsManager
     #   parameter specifies a unique identifier for the new version that
     #   helps ensure idempotency.
     #
-    #   If you use the AWS CLI or one of the AWS SDK to call this operation,
-    #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes that in the request. If you don't
-    #   use the SDK and instead generate a raw HTTP request to the Secrets
-    #   Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for new versions and include that
-    #   value in the request.
+    #   If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDK to call this operation, then you can leave this
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes that in the request. If you don't use the SDK and instead
+    #   generate a raw HTTP request to the Secrets Manager service endpoint,
+    #   then you must generate a `ClientRequestToken` yourself for new
+    #   versions and include that value in the request.
     #
     #   You typically only need to interact with this value if you implement
     #   your own retry logic and want to ensure that a given secret is not
@@ -2486,9 +2220,13 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   (Optional) Specifies an updated ARN or alias of the AWS KMS customer
-    #   master key (CMK) to be used to encrypt the protected text in new
-    #   versions of this secret.
+    #   (Optional) Specifies an updated ARN or alias of the Amazon Web
+    #   Services KMS customer master key (CMK) that Secrets Manager uses to
+    #   encrypt the protected text in new versions of this secret as well as
+    #   any existing versions of this secret that have the staging labels
+    #   AWSCURRENT, AWSPENDING, or AWSPREVIOUS. For more information about
+    #   staging labels, see [Staging Labels][1] in the *Amazon Web Services
+    #   Secrets Manager User Guide*.
     #
     #   You can only use the account's default CMK to encrypt and decrypt
     #   if you call this operation using credentials from the same account
@@ -2496,6 +2234,10 @@ module Aws::SecretsManager
     #   you must create a custom CMK and provide the ARN of that CMK in this
     #   field. The user making the call must have permissions to both the
     #   secret and the CMK in their respective accounts.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label
     #   @return [String]
     #
     # @!attribute [rw] secret_binary
@@ -2523,25 +2265,13 @@ module Aws::SecretsManager
     #   Lambda rotation function knows how to parse.
     #
     #   For storing multiple values, we recommend that you use a JSON text
-    #   string argument and specify key/value pairs. For information on how
-    #   to format a JSON parameter for the various command line tool
-    #   environments, see [Using JSON for Parameters][1] in the *AWS CLI
-    #   User Guide*. For example:
-    #
-    #   `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
+    #   string argument and specify key/value pairs. For more information,
+    #   see [Specifying parameter values for the Amazon Web Services CLI][1]
+    #   in the Amazon Web Services CLI User Guide.
     #
-    #   If your command-line tool or SDK requires quotation marks around the
-    #   parameter, you should use single quotes to avoid confusion with the
-    #   double quotes required in the JSON text. You can also 'escape' the
-    #   double quote character in the embedded JSON text by prefacing each
-    #   with a backslash. For example, the following string is surrounded by
-    #   double-quotes. All of the embedded double quotes are escaped:
-    #
-    #   `"[\{"username":"bob"\},\{"password":"abc123xyz456"\}]"`
     #
     #
-    #
-    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest AWS API Documentation
@@ -2605,27 +2335,8 @@ module Aws::SecretsManager
     #   labels you want to modify. You can specify either the Amazon
     #   Resource Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] version_stage
@@ -2693,36 +2404,17 @@ module Aws::SecretsManager
     #   policy you want to validate. You can specify either the Amazon
     #   Resource Name (ARN) or the friendly name of the secret.
     #
-    #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
-    #   complete ARN. You can specify a partial ARN too—for example, if you
-    #   don’t include the final hyphen and six random characters that
-    #   Secrets Manager adds at the end of the ARN when you created the
-    #   secret. A partial ARN match can work as long as it uniquely matches
-    #   only one secret. However, if your secret has a name that ends in a
-    #   hyphen followed by six characters (before Secrets Manager adds the
-    #   hyphen and six characters to the ARN) and you try to use that as a
-    #   partial ARN, then those characters cause Secrets Manager to assume
-    #   that you’re specifying a complete ARN. This confusion can cause
-    #   unexpected results. To avoid this situation, we recommend that you
-    #   don’t create secret names ending with a hyphen followed by six
-    #   characters.
-    #
-    #    If you specify an incomplete ARN without the random suffix, and
-    #   instead provide the 'friendly name', you *must* not include the
-    #   random suffix. If you do include the random suffix added by Secrets
-    #   Manager, you receive either a *ResourceNotFoundException* or an
-    #   *AccessDeniedException* error, depending on your permissions.
-    #
-    #    </note>
+    #   For an ARN, we recommend that you specify a complete ARN rather than
+    #   a partial ARN.
     #   @return [String]
     #
     # @!attribute [rw] resource_policy
     #   A JSON-formatted string constructed according to the grammar and
-    #   syntax for an AWS resource-based policy. The policy in the string
-    #   identifies who can access or manage this secret and its versions.
-    #   For information on how to format a JSON parameter for the various
-    #   command line tool environments, see [Using JSON for Parameters][1]
-    #   in the *AWS CLI User Guide*.publi
+    #   syntax for an Amazon Web Services resource-based policy. The policy
+    #   in the string identifies who can access or manage this secret and
+    #   its versions. For information on how to format a JSON parameter for
+    #   the various command line tool environments, see [Using JSON for
+    #   Parameters][1] in the *CLI User Guide*.publi
     #
     #
     #