aws-sdk-secretsmanager 1.47.0 → 1.48.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eebcb34b9aa10d70aab5fd42ce14619f3358e6d7499ee8741b9bc81e158a37bc
4
- data.tar.gz: 84e5ac8885aa899d0c1f948c8dea09cd1203a6b83c9d166014af1747ae68e986
3
+ metadata.gz: 1885485676ba49cec662dac121e5d4bba6ed5d7eabec6756113cf1f38f199598
4
+ data.tar.gz: 2190a96a9ceebbe04f83bfa6df7fec2e14468cd0137c07686b1fac0e1dcc091e
5
5
  SHA512:
6
- metadata.gz: 53c18453ae8c24c1c5c7d1dd5e4508e8e2886edc7f69015d28bfecb6c8841380d837ccbd4871aff216b711f7f82efa6b040541524334c3cbd7a60430c5d799aa
7
- data.tar.gz: b56c717b975f609a2d7685d24d296dae887056aa45bdc2389626adf533a9a59dc913665b7a95b139f504292e1ed75fe4d22e26002338f2a62b7e9b49544dc3b0
6
+ metadata.gz: 741e24f945a89a4551c4cda16b7b79a0616d3ae9d6befe86bc7240bd3c762e94d9e3f8525c170d346c6b133eae5d8ceec045c5fec5ae676dee1f60908a9d91a1
7
+ data.tar.gz: 150a0e0c83091719f5fd317b6b2ec191efb058e72838695080fc4bf8fbc174f7054a03df76883261313f44780b13c2af26292e0377a315ff3d7ae73ec210126c
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.48.0 (2021-07-30)
5
+ ------------------
6
+
7
+ * Feature - Add support for KmsKeyIds in the ListSecretVersionIds API response
8
+
4
9
  1.47.0 (2021-07-28)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.47.0
1
+ 1.48.0
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
48
48
  # @!group service
49
49
  module Aws::SecretsManager
50
50
 
51
- GEM_VERSION = '1.47.0'
51
+ GEM_VERSION = '1.48.0'
52
52
 
53
53
  end
@@ -479,25 +479,27 @@ module Aws::SecretsManager
479
479
  #
480
480
  # <note markdown="1"> * If you call an operation to encrypt or decrypt the `SecretString` or
481
481
  # `SecretBinary` for a secret in the same account as the calling user
482
- # and that secret doesn't specify a AWS KMS encryption key, Secrets
483
- # Manager uses the account's default AWS managed customer master key
484
- # (CMK) with the alias `aws/secretsmanager`. If this key doesn't
485
- # already exist in your account then Secrets Manager creates it for
486
- # you automatically. All users and roles in the same AWS account
482
+ # and that secret doesn't specify a Amazon Web Services KMS
483
+ # encryption key, Secrets Manager uses the account's default Amazon
484
+ # Web Services managed customer master key (CMK) with the alias
485
+ # `aws/secretsmanager`. If this key doesn't already exist in your
486
+ # account then Secrets Manager creates it for you automatically. All
487
+ # users and roles in the same Amazon Web Services account
487
488
  # automatically have access to use the default CMK. Note that if an
488
- # Secrets Manager API call results in AWS creating the account's
489
- # AWS-managed CMK, it can result in a one-time significant delay in
490
- # returning the result.
491
- #
492
- # * If the secret resides in a different AWS account from the
493
- # credentials calling an API that requires encryption or decryption of
494
- # the secret value then you must create and use a custom AWS KMS CMK
495
- # because you can't access the default CMK for the account using
496
- # credentials from a different AWS account. Store the ARN of the CMK
497
- # in the secret when you create the secret or when you update it by
498
- # including it in the `KMSKeyId`. If you call an API that must encrypt
499
- # or decrypt `SecretString` or `SecretBinary` using credentials from a
500
- # different account then the AWS KMS key policy must grant
489
+ # Secrets Manager API call results in Amazon Web Services creating the
490
+ # account's Amazon Web Services-managed CMK, it can result in a
491
+ # one-time significant delay in returning the result.
492
+ #
493
+ # * If the secret resides in a different Amazon Web Services account
494
+ # from the credentials calling an API that requires encryption or
495
+ # decryption of the secret value then you must create and use a custom
496
+ # Amazon Web Services KMS CMK because you can't access the default
497
+ # CMK for the account using credentials from a different Amazon Web
498
+ # Services account. Store the ARN of the CMK in the secret when you
499
+ # create the secret or when you update it by including it in the
500
+ # `KMSKeyId`. If you call an API that must encrypt or decrypt
501
+ # `SecretString` or `SecretBinary` using credentials from a different
502
+ # account then the Amazon Web Services KMS key policy must grant
501
503
  # cross-account access to that other account's user or role for both
502
504
  # the kms:GenerateDataKey and kms:Decrypt operations.
503
505
  #
@@ -511,13 +513,15 @@ module Aws::SecretsManager
511
513
  #
512
514
  # * secretsmanager:CreateSecret
513
515
  #
514
- # * kms:GenerateDataKey - needed only if you use a customer-managed AWS
515
- # KMS key to encrypt the secret. You do not need this permission to
516
- # use the account default AWS managed CMK for Secrets Manager.
516
+ # * kms:GenerateDataKey - needed only if you use a customer-managed
517
+ # Amazon Web Services KMS key to encrypt the secret. You do not need
518
+ # this permission to use the account default Amazon Web Services
519
+ # managed CMK for Secrets Manager.
517
520
  #
518
- # * kms:Decrypt - needed only if you use a customer-managed AWS KMS key
519
- # to encrypt the secret. You do not need this permission to use the
520
- # account default AWS managed CMK for Secrets Manager.
521
+ # * kms:Decrypt - needed only if you use a customer-managed Amazon Web
522
+ # Services KMS key to encrypt the secret. You do not need this
523
+ # permission to use the account default Amazon Web Services managed
524
+ # CMK for Secrets Manager.
521
525
  #
522
526
  # * secretsmanager:TagResource - needed only if you include the `Tags`
523
527
  # parameter.
@@ -559,13 +563,13 @@ module Aws::SecretsManager
559
563
  # initial version is created as part of the secret, and this parameter
560
564
  # specifies a unique identifier for the new version.
561
565
  #
562
- # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
563
- # then you can leave this parameter empty. The CLI or SDK generates a
564
- # random UUID for you and includes it as the value for this parameter in
565
- # the request. If you don't use the SDK and instead generate a raw HTTP
566
- # request to the Secrets Manager service endpoint, then you must
567
- # generate a `ClientRequestToken` yourself for the new version and
568
- # include the value in the request.
566
+ # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
567
+ # Services SDK to call this operation, then you can leave this parameter
568
+ # empty. The CLI or SDK generates a random UUID for you and includes it
569
+ # as the value for this parameter in the request. If you don't use the
570
+ # SDK and instead generate a raw HTTP request to the Secrets Manager
571
+ # service endpoint, then you must generate a `ClientRequestToken`
572
+ # yourself for the new version and include the value in the request.
569
573
  #
570
574
  # </note>
571
575
  #
@@ -601,20 +605,21 @@ module Aws::SecretsManager
601
605
  # (Optional) Specifies a user-provided description of the secret.
602
606
  #
603
607
  # @option params [String] :kms_key_id
604
- # (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer
605
- # master key (CMK) to be used to encrypt the `SecretString` or
606
- # `SecretBinary` values in the versions stored in this secret.
608
+ # (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web
609
+ # Services KMS customer master key (CMK) to be used to encrypt the
610
+ # `SecretString` or `SecretBinary` values in the versions stored in this
611
+ # secret.
607
612
  #
608
- # You can specify any of the supported ways to identify a AWS KMS key
609
- # ID. If you need to reference a CMK in a different account, you can use
610
- # only the key ARN or the alias ARN.
613
+ # You can specify any of the supported ways to identify a Amazon Web
614
+ # Services KMS key ID. If you need to reference a CMK in a different
615
+ # account, you can use only the key ARN or the alias ARN.
611
616
  #
612
617
  # If you don't specify this value, then Secrets Manager defaults to
613
- # using the AWS account's default CMK (the one named
614
- # `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't yet
615
- # exist, then Secrets Manager creates it for you automatically the first
616
- # time it needs to encrypt a version's `SecretString` or `SecretBinary`
617
- # fields.
618
+ # using the Amazon Web Services account's default CMK (the one named
619
+ # `aws/secretsmanager`). If a Amazon Web Services KMS CMK with that name
620
+ # doesn't yet exist, then Secrets Manager creates it for you
621
+ # automatically the first time it needs to encrypt a version's
622
+ # `SecretString` or `SecretBinary` fields.
618
623
  #
619
624
  # You can use the account default CMK to encrypt and decrypt only if you
620
625
  # call this operation using credentials from the same account that owns
@@ -632,7 +637,8 @@ module Aws::SecretsManager
632
637
  # both. They cannot both be empty.
633
638
  #
634
639
  # This parameter is not available using the Secrets Manager console. It
635
- # can be accessed only by using the AWS CLI or one of the AWS SDKs.
640
+ # can be accessed only by using the Amazon Web Services CLI or one of
641
+ # the Amazon Web Services SDKs.
636
642
  #
637
643
  # @option params [String] :secret_string
638
644
  # (Optional) Specifies text data that you want to encrypt and store in
@@ -650,7 +656,7 @@ module Aws::SecretsManager
650
656
  # For storing multiple values, we recommend that you use a JSON text
651
657
  # string argument and specify key/value pairs. For information on how to
652
658
  # format a JSON parameter for the various command line tool
653
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI User
659
+ # environments, see [Using JSON for Parameters][1] in the *CLI User
654
660
  # Guide*. For example:
655
661
  #
656
662
  # `\{"username":"bob","password":"abc123xyz456"\}`
@@ -680,7 +686,7 @@ module Aws::SecretsManager
680
686
  #
681
687
  # This parameter requires a JSON text string argument. For information
682
688
  # on how to format a JSON parameter for the various command line tool
683
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI User
689
+ # environments, see [Using JSON for Parameters][1] in the *CLI User
684
690
  # Guide*. For example:
685
691
  #
686
692
  # `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
@@ -699,10 +705,10 @@ module Aws::SecretsManager
699
705
  #
700
706
  # * Tag keys and values are case sensitive.
701
707
  #
702
- # * Do not use the `aws:` prefix in your tag names or values because AWS
703
- # reserves it for AWS use. You can't edit or delete tag names or
704
- # values with this prefix. Tags with this prefix do not count against
705
- # your tags per secret limit.
708
+ # * Do not use the `aws:` prefix in your tag names or values because
709
+ # Amazon Web Services reserves it for Amazon Web Services use. You
710
+ # can't edit or delete tag names or values with this prefix. Tags
711
+ # with this prefix do not count against your tags per secret limit.
706
712
  #
707
713
  # * If you use your tagging schema across multiple services and
708
714
  # resources, remember other services might have restrictions on
@@ -970,10 +976,10 @@ module Aws::SecretsManager
970
976
  #
971
977
  # Use this parameter with caution. This parameter causes the operation
972
978
  # to skip the normal waiting period before the permanent deletion that
973
- # AWS would normally impose with the `RecoveryWindowInDays` parameter.
974
- # If you delete a secret with the `ForceDeleteWithouRecovery` parameter,
975
- # then you have no opportunity to recover the secret. You lose the
976
- # secret permanently.
979
+ # Amazon Web Services would normally impose with the
980
+ # `RecoveryWindowInDays` parameter. If you delete a secret with the
981
+ # `ForceDeleteWithouRecovery` parameter, then you have no opportunity to
982
+ # recover the secret. You lose the secret permanently.
977
983
  #
978
984
  # If you use this parameter and include a previously deleted or
979
985
  # nonexistent secret, the operation does not return the error
@@ -1048,7 +1054,8 @@ module Aws::SecretsManager
1048
1054
  # * To retrieve the encrypted secret information in a version of the
1049
1055
  # secret, use GetSecretValue.
1050
1056
  #
1051
- # * To list all of the secrets in the AWS account, use ListSecrets.
1057
+ # * To list all of the secrets in the Amazon Web Services account, use
1058
+ # ListSecrets.
1052
1059
  #
1053
1060
  # @option params [required, String] :secret_id
1054
1061
  # The identifier of the secret whose details you want to retrieve. You
@@ -1392,9 +1399,10 @@ module Aws::SecretsManager
1392
1399
  #
1393
1400
  # * secretsmanager:GetSecretValue
1394
1401
  #
1395
- # * kms:Decrypt - required only if you use a customer-managed AWS KMS
1396
- # key to encrypt the secret. You do not need this permission to use
1397
- # the account's default AWS managed CMK for Secrets Manager.
1402
+ # * kms:Decrypt - required only if you use a customer-managed Amazon Web
1403
+ # Services KMS key to encrypt the secret. You do not need this
1404
+ # permission to use the account's default Amazon Web Services managed
1405
+ # CMK for Secrets Manager.
1398
1406
  #
1399
1407
  # **Related operations**
1400
1408
  #
@@ -1660,6 +1668,8 @@ module Aws::SecretsManager
1660
1668
  # resp.versions[0].version_stages[0] #=> String
1661
1669
  # resp.versions[0].last_accessed_date #=> Time
1662
1670
  # resp.versions[0].created_date #=> Time
1671
+ # resp.versions[0].kms_key_ids #=> Array
1672
+ # resp.versions[0].kms_key_ids[0] #=> String
1663
1673
  # resp.next_token #=> String
1664
1674
  # resp.arn #=> String
1665
1675
  # resp.name #=> String
@@ -1673,11 +1683,11 @@ module Aws::SecretsManager
1673
1683
  req.send_request(options)
1674
1684
  end
1675
1685
 
1676
- # Lists all of the secrets that are stored by Secrets Manager in the AWS
1677
- # account. To list the versions currently stored for a specific secret,
1678
- # use ListSecretVersionIds. The encrypted fields `SecretString` and
1679
- # `SecretBinary` are not included in the output. To get that
1680
- # information, call the GetSecretValue operation.
1686
+ # Lists all of the secrets that are stored by Secrets Manager in the
1687
+ # Amazon Web Services account. To list the versions currently stored for
1688
+ # a specific secret, use ListSecretVersionIds. The encrypted fields
1689
+ # `SecretString` and `SecretBinary` are not included in the output. To
1690
+ # get that information, call the GetSecretValue operation.
1681
1691
  #
1682
1692
  # <note markdown="1"> Always check the `NextToken` response parameter when calling any of
1683
1693
  # the `List*` operations. These operations can occasionally return an
@@ -1826,9 +1836,9 @@ module Aws::SecretsManager
1826
1836
  # identity-based and resource-based policies. The affected users and
1827
1837
  # roles receive the permissions that are permitted by all of the
1828
1838
  # relevant policies. For more information, see [Using Resource-Based
1829
- # Policies for AWS Secrets Manager][1]. For the complete description of
1830
- # the AWS policy syntax and grammar, see [IAM JSON Policy Reference][2]
1831
- # in the *IAM User Guide*.
1839
+ # Policies for Amazon Web Services Secrets Manager][1]. For the complete
1840
+ # description of the Amazon Web Services policy syntax and grammar, see
1841
+ # [IAM JSON Policy Reference][2] in the *IAM User Guide*.
1832
1842
  #
1833
1843
  # **Minimum permissions**
1834
1844
  #
@@ -1881,11 +1891,11 @@ module Aws::SecretsManager
1881
1891
  #
1882
1892
  # @option params [required, String] :resource_policy
1883
1893
  # A JSON-formatted string constructed according to the grammar and
1884
- # syntax for an AWS resource-based policy. The policy in the string
1885
- # identifies who can access or manage this secret and its versions. For
1886
- # information on how to format a JSON parameter for the various command
1887
- # line tool environments, see [Using JSON for Parameters][1] in the *AWS
1888
- # CLI User Guide*.
1894
+ # syntax for an Amazon Web Services resource-based policy. The policy in
1895
+ # the string identifies who can access or manage this secret and its
1896
+ # versions. For information on how to format a JSON parameter for the
1897
+ # various command line tool environments, see [Using JSON for
1898
+ # Parameters][1] in the *CLI User Guide*.
1889
1899
  #
1890
1900
  #
1891
1901
  #
@@ -1947,7 +1957,7 @@ module Aws::SecretsManager
1947
1957
  #
1948
1958
  # <note markdown="1"> The Secrets Manager console uses only the `SecretString` field. To add
1949
1959
  # binary data to a secret with the `SecretBinary` field you must use the
1950
- # AWS CLI or one of the AWS SDKs.
1960
+ # Amazon Web Services CLI or one of the Amazon Web Services SDKs.
1951
1961
  #
1952
1962
  # </note>
1953
1963
  #
@@ -1973,25 +1983,27 @@ module Aws::SecretsManager
1973
1983
  #
1974
1984
  # <note markdown="1"> * If you call an operation to encrypt or decrypt the `SecretString` or
1975
1985
  # `SecretBinary` for a secret in the same account as the calling user
1976
- # and that secret doesn't specify a AWS KMS encryption key, Secrets
1977
- # Manager uses the account's default AWS managed customer master key
1978
- # (CMK) with the alias `aws/secretsmanager`. If this key doesn't
1979
- # already exist in your account then Secrets Manager creates it for
1980
- # you automatically. All users and roles in the same AWS account
1986
+ # and that secret doesn't specify a Amazon Web Services KMS
1987
+ # encryption key, Secrets Manager uses the account's default Amazon
1988
+ # Web Services managed customer master key (CMK) with the alias
1989
+ # `aws/secretsmanager`. If this key doesn't already exist in your
1990
+ # account then Secrets Manager creates it for you automatically. All
1991
+ # users and roles in the same Amazon Web Services account
1981
1992
  # automatically have access to use the default CMK. Note that if an
1982
- # Secrets Manager API call results in AWS creating the account's
1983
- # AWS-managed CMK, it can result in a one-time significant delay in
1984
- # returning the result.
1985
- #
1986
- # * If the secret resides in a different AWS account from the
1987
- # credentials calling an API that requires encryption or decryption of
1988
- # the secret value then you must create and use a custom AWS KMS CMK
1989
- # because you can't access the default CMK for the account using
1990
- # credentials from a different AWS account. Store the ARN of the CMK
1991
- # in the secret when you create the secret or when you update it by
1992
- # including it in the `KMSKeyId`. If you call an API that must encrypt
1993
- # or decrypt `SecretString` or `SecretBinary` using credentials from a
1994
- # different account then the AWS KMS key policy must grant
1993
+ # Secrets Manager API call results in Amazon Web Services creating the
1994
+ # account's Amazon Web Services-managed CMK, it can result in a
1995
+ # one-time significant delay in returning the result.
1996
+ #
1997
+ # * If the secret resides in a different Amazon Web Services account
1998
+ # from the credentials calling an API that requires encryption or
1999
+ # decryption of the secret value then you must create and use a custom
2000
+ # Amazon Web Services KMS CMK because you can't access the default
2001
+ # CMK for the account using credentials from a different Amazon Web
2002
+ # Services account. Store the ARN of the CMK in the secret when you
2003
+ # create the secret or when you update it by including it in the
2004
+ # `KMSKeyId`. If you call an API that must encrypt or decrypt
2005
+ # `SecretString` or `SecretBinary` using credentials from a different
2006
+ # account then the Amazon Web Services KMS key policy must grant
1995
2007
  # cross-account access to that other account's user or role for both
1996
2008
  # the kms:GenerateDataKey and kms:Decrypt operations.
1997
2009
  #
@@ -2003,9 +2015,10 @@ module Aws::SecretsManager
2003
2015
  #
2004
2016
  # * secretsmanager:PutSecretValue
2005
2017
  #
2006
- # * kms:GenerateDataKey - needed only if you use a customer-managed AWS
2007
- # KMS key to encrypt the secret. You do not need this permission to
2008
- # use the account's default AWS managed CMK for Secrets Manager.
2018
+ # * kms:GenerateDataKey - needed only if you use a customer-managed
2019
+ # Amazon Web Services KMS key to encrypt the secret. You do not need
2020
+ # this permission to use the account's default Amazon Web Services
2021
+ # managed CMK for Secrets Manager.
2009
2022
  #
2010
2023
  # **Related operations**
2011
2024
  #
@@ -2048,13 +2061,13 @@ module Aws::SecretsManager
2048
2061
  # (Optional) Specifies a unique identifier for the new version of the
2049
2062
  # secret.
2050
2063
  #
2051
- # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
2052
- # then you can leave this parameter empty. The CLI or SDK generates a
2053
- # random UUID for you and includes that in the request. If you don't
2054
- # use the SDK and instead generate a raw HTTP request to the Secrets
2055
- # Manager service endpoint, then you must generate a
2056
- # `ClientRequestToken` yourself for new versions and include that value
2057
- # in the request.
2064
+ # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
2065
+ # Services SDK to call this operation, then you can leave this parameter
2066
+ # empty. The CLI or SDK generates a random UUID for you and includes
2067
+ # that in the request. If you don't use the SDK and instead generate a
2068
+ # raw HTTP request to the Secrets Manager service endpoint, then you
2069
+ # must generate a `ClientRequestToken` yourself for new versions and
2070
+ # include that value in the request.
2058
2071
  #
2059
2072
  # </note>
2060
2073
  #
@@ -2113,7 +2126,7 @@ module Aws::SecretsManager
2113
2126
  # For storing multiple values, we recommend that you use a JSON text
2114
2127
  # string argument and specify key/value pairs. For information on how to
2115
2128
  # format a JSON parameter for the various command line tool
2116
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI User
2129
+ # environments, see [Using JSON for Parameters][1] in the *CLI User
2117
2130
  # Guide*.
2118
2131
  #
2119
2132
  # For example:
@@ -2380,16 +2393,17 @@ module Aws::SecretsManager
2380
2393
  # secret. After the rotation completes, the protected service and its
2381
2394
  # clients all use the new version of the secret.
2382
2395
  #
2383
- # This required configuration information includes the ARN of an AWS
2384
- # Lambda function and the time between scheduled rotations. The Lambda
2385
- # rotation function creates a new version of the secret and creates or
2386
- # updates the credentials on the protected service to match. After
2387
- # testing the new credentials, the function marks the new secret with
2388
- # the staging label `AWSCURRENT` so that your clients all immediately
2389
- # begin to use the new version. For more information about rotating
2390
- # secrets and how to configure a Lambda function to rotate the secrets
2391
- # for your protected service, see [Rotating Secrets in AWS Secrets
2392
- # Manager][1] in the *AWS Secrets Manager User Guide*.
2396
+ # This required configuration information includes the ARN of an Amazon
2397
+ # Web Services Lambda function and optionally, the time between
2398
+ # scheduled rotations. The Lambda rotation function creates a new
2399
+ # version of the secret and creates or updates the credentials on the
2400
+ # protected service to match. After testing the new credentials, the
2401
+ # function marks the new secret with the staging label `AWSCURRENT` so
2402
+ # that your clients all immediately begin to use the new version. For
2403
+ # more information about rotating secrets and how to configure a Lambda
2404
+ # function to rotate the secrets for your protected service, see
2405
+ # [Rotating Secrets in Amazon Web Services Secrets Manager][1] in the
2406
+ # *Amazon Web Services Secrets Manager User Guide*.
2393
2407
  #
2394
2408
  # Secrets Manager schedules the next rotation when the previous one
2395
2409
  # completes. Secrets Manager schedules the date by adding the rotation
@@ -2466,13 +2480,13 @@ module Aws::SecretsManager
2466
2480
  # (Optional) Specifies a unique identifier for the new version of the
2467
2481
  # secret that helps ensure idempotency.
2468
2482
  #
2469
- # If you use the AWS CLI or one of the AWS SDK to call this operation,
2470
- # then you can leave this parameter empty. The CLI or SDK generates a
2471
- # random UUID for you and includes that in the request for this
2472
- # parameter. If you don't use the SDK and instead generate a raw HTTP
2473
- # request to the Secrets Manager service endpoint, then you must
2474
- # generate a `ClientRequestToken` yourself for new versions and include
2475
- # that value in the request.
2483
+ # If you use the Amazon Web Services CLI or one of the Amazon Web
2484
+ # Services SDK to call this operation, then you can leave this parameter
2485
+ # empty. The CLI or SDK generates a random UUID for you and includes
2486
+ # that in the request for this parameter. If you don't use the SDK and
2487
+ # instead generate a raw HTTP request to the Secrets Manager service
2488
+ # endpoint, then you must generate a `ClientRequestToken` yourself for
2489
+ # new versions and include that value in the request.
2476
2490
  #
2477
2491
  # You only need to specify your own value if you implement your own
2478
2492
  # retry logic and want to ensure that a given secret is not created
@@ -2576,10 +2590,10 @@ module Aws::SecretsManager
2576
2590
  #
2577
2591
  # * Tag keys and values are case sensitive.
2578
2592
  #
2579
- # * Do not use the `aws:` prefix in your tag names or values because AWS
2580
- # reserves it for AWS use. You can't edit or delete tag names or
2581
- # values with this prefix. Tags with this prefix do not count against
2582
- # your tags per secret limit.
2593
+ # * Do not use the `aws:` prefix in your tag names or values because
2594
+ # Amazon Web Services reserves it for Amazon Web Services use. You
2595
+ # can't edit or delete tag names or values with this prefix. Tags
2596
+ # with this prefix do not count against your tags per secret limit.
2583
2597
  #
2584
2598
  # * If you use your tagging schema across multiple services and
2585
2599
  # resources, remember other services might have restrictions on
@@ -2639,8 +2653,8 @@ module Aws::SecretsManager
2639
2653
  #
2640
2654
  # This parameter to the API requires a JSON text string argument. For
2641
2655
  # information on how to format a JSON parameter for the various command
2642
- # line tool environments, see [Using JSON for Parameters][1] in the *AWS
2643
- # CLI User Guide*. For the AWS CLI, you can also use the syntax: `--Tags
2656
+ # line tool environments, see [Using JSON for Parameters][1] in the *CLI
2657
+ # User Guide*. For the CLI, you can also use the syntax: `--Tags
2644
2658
  # Key="Key1",Value="Value1" Key="Key2",Value="Value2"[,…]`
2645
2659
  #
2646
2660
  #
@@ -2747,8 +2761,8 @@ module Aws::SecretsManager
2747
2761
  #
2748
2762
  # This parameter to the API requires a JSON text string argument. For
2749
2763
  # information on how to format a JSON parameter for the various command
2750
- # line tool environments, see [Using JSON for Parameters][1] in the *AWS
2751
- # CLI User Guide*.
2764
+ # line tool environments, see [Using JSON for Parameters][1] in the *CLI
2765
+ # User Guide*.
2752
2766
  #
2753
2767
  #
2754
2768
  #
@@ -2796,7 +2810,8 @@ module Aws::SecretsManager
2796
2810
  # <note markdown="1"> The Secrets Manager console uses only the `SecretString` parameter and
2797
2811
  # therefore limits you to encrypting and storing only a text string. To
2798
2812
  # encrypt and store binary data as part of the version of a secret, you
2799
- # must use either the AWS CLI or one of the AWS SDKs.
2813
+ # must use either the Amazon Web Services CLI or one of the Amazon Web
2814
+ # Services SDKs.
2800
2815
  #
2801
2816
  # </note>
2802
2817
  #
@@ -2811,25 +2826,27 @@ module Aws::SecretsManager
2811
2826
  #
2812
2827
  # <note markdown="1"> * If you call an operation to encrypt or decrypt the `SecretString` or
2813
2828
  # `SecretBinary` for a secret in the same account as the calling user
2814
- # and that secret doesn't specify a AWS KMS encryption key, Secrets
2815
- # Manager uses the account's default AWS managed customer master key
2816
- # (CMK) with the alias `aws/secretsmanager`. If this key doesn't
2817
- # already exist in your account then Secrets Manager creates it for
2818
- # you automatically. All users and roles in the same AWS account
2829
+ # and that secret doesn't specify a Amazon Web Services KMS
2830
+ # encryption key, Secrets Manager uses the account's default Amazon
2831
+ # Web Services managed customer master key (CMK) with the alias
2832
+ # `aws/secretsmanager`. If this key doesn't already exist in your
2833
+ # account then Secrets Manager creates it for you automatically. All
2834
+ # users and roles in the same Amazon Web Services account
2819
2835
  # automatically have access to use the default CMK. Note that if an
2820
- # Secrets Manager API call results in AWS creating the account's
2821
- # AWS-managed CMK, it can result in a one-time significant delay in
2822
- # returning the result.
2823
- #
2824
- # * If the secret resides in a different AWS account from the
2825
- # credentials calling an API that requires encryption or decryption of
2826
- # the secret value then you must create and use a custom AWS KMS CMK
2827
- # because you can't access the default CMK for the account using
2828
- # credentials from a different AWS account. Store the ARN of the CMK
2829
- # in the secret when you create the secret or when you update it by
2830
- # including it in the `KMSKeyId`. If you call an API that must encrypt
2831
- # or decrypt `SecretString` or `SecretBinary` using credentials from a
2832
- # different account then the AWS KMS key policy must grant
2836
+ # Secrets Manager API call results in Amazon Web Services creating the
2837
+ # account's Amazon Web Services-managed CMK, it can result in a
2838
+ # one-time significant delay in returning the result.
2839
+ #
2840
+ # * If the secret resides in a different Amazon Web Services account
2841
+ # from the credentials calling an API that requires encryption or
2842
+ # decryption of the secret value then you must create and use a custom
2843
+ # Amazon Web Services KMS CMK because you can't access the default
2844
+ # CMK for the account using credentials from a different Amazon Web
2845
+ # Services account. Store the ARN of the CMK in the secret when you
2846
+ # create the secret or when you update it by including it in the
2847
+ # `KMSKeyId`. If you call an API that must encrypt or decrypt
2848
+ # `SecretString` or `SecretBinary` using credentials from a different
2849
+ # account then the Amazon Web Services KMS key policy must grant
2833
2850
  # cross-account access to that other account's user or role for both
2834
2851
  # the kms:GenerateDataKey and kms:Decrypt operations.
2835
2852
  #
@@ -2841,13 +2858,15 @@ module Aws::SecretsManager
2841
2858
  #
2842
2859
  # * secretsmanager:UpdateSecret
2843
2860
  #
2844
- # * kms:GenerateDataKey - needed only if you use a custom AWS KMS key to
2845
- # encrypt the secret. You do not need this permission to use the
2846
- # account's AWS managed CMK for Secrets Manager.
2861
+ # * kms:GenerateDataKey - needed only if you use a custom Amazon Web
2862
+ # Services KMS key to encrypt the secret. You do not need this
2863
+ # permission to use the account's Amazon Web Services managed CMK for
2864
+ # Secrets Manager.
2847
2865
  #
2848
- # * kms:Decrypt - needed only if you use a custom AWS KMS key to encrypt
2849
- # the secret. You do not need this permission to use the account's
2850
- # AWS managed CMK for Secrets Manager.
2866
+ # * kms:Decrypt - needed only if you use a custom Amazon Web Services
2867
+ # KMS key to encrypt the secret. You do not need this permission to
2868
+ # use the account's Amazon Web Services managed CMK for Secrets
2869
+ # Manager.
2851
2870
  #
2852
2871
  # **Related operations**
2853
2872
  #
@@ -2891,13 +2910,13 @@ module Aws::SecretsManager
2891
2910
  # parameter specifies a unique identifier for the new version that helps
2892
2911
  # ensure idempotency.
2893
2912
  #
2894
- # If you use the AWS CLI or one of the AWS SDK to call this operation,
2895
- # then you can leave this parameter empty. The CLI or SDK generates a
2896
- # random UUID for you and includes that in the request. If you don't
2897
- # use the SDK and instead generate a raw HTTP request to the Secrets
2898
- # Manager service endpoint, then you must generate a
2899
- # `ClientRequestToken` yourself for new versions and include that value
2900
- # in the request.
2913
+ # If you use the Amazon Web Services CLI or one of the Amazon Web
2914
+ # Services SDK to call this operation, then you can leave this parameter
2915
+ # empty. The CLI or SDK generates a random UUID for you and includes
2916
+ # that in the request. If you don't use the SDK and instead generate a
2917
+ # raw HTTP request to the Secrets Manager service endpoint, then you
2918
+ # must generate a `ClientRequestToken` yourself for new versions and
2919
+ # include that value in the request.
2901
2920
  #
2902
2921
  # You typically only need to interact with this value if you implement
2903
2922
  # your own retry logic and want to ensure that a given secret is not
@@ -2935,9 +2954,9 @@ module Aws::SecretsManager
2935
2954
  # secret.
2936
2955
  #
2937
2956
  # @option params [String] :kms_key_id
2938
- # (Optional) Specifies an updated ARN or alias of the AWS KMS customer
2939
- # master key (CMK) to be used to encrypt the protected text in new
2940
- # versions of this secret.
2957
+ # (Optional) Specifies an updated ARN or alias of the Amazon Web
2958
+ # Services KMS customer master key (CMK) to be used to encrypt the
2959
+ # protected text in new versions of this secret.
2941
2960
  #
2942
2961
  # You can only use the account's default CMK to encrypt and decrypt if
2943
2962
  # you call this operation using credentials from the same account that
@@ -2972,7 +2991,7 @@ module Aws::SecretsManager
2972
2991
  # For storing multiple values, we recommend that you use a JSON text
2973
2992
  # string argument and specify key/value pairs. For information on how to
2974
2993
  # format a JSON parameter for the various command line tool
2975
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI User
2994
+ # environments, see [Using JSON for Parameters][1] in the *CLI User
2976
2995
  # Guide*. For example:
2977
2996
  #
2978
2997
  # `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
@@ -3078,8 +3097,8 @@ module Aws::SecretsManager
3078
3097
  # of a secret at a time. If a staging label to be added is already
3079
3098
  # attached to another version, then it is moved--removed from the other
3080
3099
  # version first and then attached to this one. For more information
3081
- # about staging labels, see [Staging Labels][1] in the *AWS Secrets
3082
- # Manager User Guide*.
3100
+ # about staging labels, see [Staging Labels][1] in the *Amazon Web
3101
+ # Services Secrets Manager User Guide*.
3083
3102
  #
3084
3103
  # The staging labels that you specify in the `VersionStage` parameter
3085
3104
  # are added to the existing list of staging labels--they don't replace
@@ -3304,11 +3323,11 @@ module Aws::SecretsManager
3304
3323
  #
3305
3324
  # @option params [required, String] :resource_policy
3306
3325
  # A JSON-formatted string constructed according to the grammar and
3307
- # syntax for an AWS resource-based policy. The policy in the string
3308
- # identifies who can access or manage this secret and its versions. For
3309
- # information on how to format a JSON parameter for the various command
3310
- # line tool environments, see [Using JSON for Parameters][1] in the *AWS
3311
- # CLI User Guide*.publi
3326
+ # syntax for an Amazon Web Services resource-based policy. The policy in
3327
+ # the string identifies who can access or manage this secret and its
3328
+ # versions. For information on how to format a JSON parameter for the
3329
+ # various command line tool environments, see [Using JSON for
3330
+ # Parameters][1] in the *CLI User Guide*.publi
3312
3331
  #
3313
3332
  #
3314
3333
  #
@@ -3372,7 +3391,7 @@ module Aws::SecretsManager
3372
3391
  params: params,
3373
3392
  config: config)
3374
3393
  context[:gem_name] = 'aws-sdk-secretsmanager'
3375
- context[:gem_version] = '1.47.0'
3394
+ context[:gem_version] = '1.48.0'
3376
3395
  Seahorse::Client::Request.new(handlers, context)
3377
3396
  end
3378
3397
 
@@ -55,6 +55,7 @@ module Aws::SecretsManager
55
55
  InvalidNextTokenException = Shapes::StructureShape.new(name: 'InvalidNextTokenException')
56
56
  InvalidParameterException = Shapes::StructureShape.new(name: 'InvalidParameterException')
57
57
  InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
58
+ KmsKeyIdListType = Shapes::ListShape.new(name: 'KmsKeyIdListType')
58
59
  KmsKeyIdType = Shapes::StringShape.new(name: 'KmsKeyIdType')
59
60
  LastAccessedDateType = Shapes::TimestampShape.new(name: 'LastAccessedDateType')
60
61
  LastChangedDateType = Shapes::TimestampShape.new(name: 'LastChangedDateType')
@@ -260,6 +261,8 @@ module Aws::SecretsManager
260
261
  InvalidRequestException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
261
262
  InvalidRequestException.struct_class = Types::InvalidRequestException
262
263
 
264
+ KmsKeyIdListType.member = Shapes::ShapeRef.new(shape: KmsKeyIdType)
265
+
263
266
  LimitExceededException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
264
267
  LimitExceededException.struct_class = Types::LimitExceededException
265
268
 
@@ -401,6 +404,7 @@ module Aws::SecretsManager
401
404
  SecretVersionsListEntry.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
402
405
  SecretVersionsListEntry.add_member(:last_accessed_date, Shapes::ShapeRef.new(shape: LastAccessedDateType, location_name: "LastAccessedDate", metadata: {"box"=>true}))
403
406
  SecretVersionsListEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: CreatedDateType, location_name: "CreatedDate", metadata: {"box"=>true}))
407
+ SecretVersionsListEntry.add_member(:kms_key_ids, Shapes::ShapeRef.new(shape: KmsKeyIdListType, location_name: "KmsKeyIds"))
404
408
  SecretVersionsListEntry.struct_class = Types::SecretVersionsListEntry
405
409
 
406
410
  SecretVersionsListType.member = Shapes::ShapeRef.new(shape: SecretVersionsListEntry)
@@ -547,6 +551,7 @@ module Aws::SecretsManager
547
551
  o.output = Shapes::ShapeRef.new(shape: DescribeSecretResponse)
548
552
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
549
553
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
554
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
550
555
  end)
551
556
 
552
557
  api.add_operation(:get_random_password, Seahorse::Model::Operation.new.tap do |o|
@@ -569,6 +574,7 @@ module Aws::SecretsManager
569
574
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
570
575
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
571
576
  o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
577
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
572
578
  end)
573
579
 
574
580
  api.add_operation(:get_secret_value, Seahorse::Model::Operation.new.tap do |o|
@@ -593,6 +599,7 @@ module Aws::SecretsManager
593
599
  o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
594
600
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
595
601
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
602
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
596
603
  o[:pager] = Aws::Pager.new(
597
604
  limit_key: "max_results",
598
605
  tokens: {
@@ -125,13 +125,14 @@ module Aws::SecretsManager
125
125
  # initial version is created as part of the secret, and this parameter
126
126
  # specifies a unique identifier for the new version.
127
127
  #
128
- # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
129
- # then you can leave this parameter empty. The CLI or SDK generates a
130
- # random UUID for you and includes it as the value for this parameter
131
- # in the request. If you don't use the SDK and instead generate a raw
132
- # HTTP request to the Secrets Manager service endpoint, then you must
133
- # generate a `ClientRequestToken` yourself for the new version and
134
- # include the value in the request.
128
+ # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
129
+ # Services SDK to call this operation, then you can leave this
130
+ # parameter empty. The CLI or SDK generates a random UUID for you and
131
+ # includes it as the value for this parameter in the request. If you
132
+ # don't use the SDK and instead generate a raw HTTP request to the
133
+ # Secrets Manager service endpoint, then you must generate a
134
+ # `ClientRequestToken` yourself for the new version and include the
135
+ # value in the request.
135
136
  #
136
137
  # </note>
137
138
  #
@@ -169,20 +170,21 @@ module Aws::SecretsManager
169
170
  # @return [String]
170
171
  #
171
172
  # @!attribute [rw] kms_key_id
172
- # (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS
173
- # customer master key (CMK) to be used to encrypt the `SecretString`
174
- # or `SecretBinary` values in the versions stored in this secret.
173
+ # (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web
174
+ # Services KMS customer master key (CMK) to be used to encrypt the
175
+ # `SecretString` or `SecretBinary` values in the versions stored in
176
+ # this secret.
175
177
  #
176
- # You can specify any of the supported ways to identify a AWS KMS key
177
- # ID. If you need to reference a CMK in a different account, you can
178
- # use only the key ARN or the alias ARN.
178
+ # You can specify any of the supported ways to identify a Amazon Web
179
+ # Services KMS key ID. If you need to reference a CMK in a different
180
+ # account, you can use only the key ARN or the alias ARN.
179
181
  #
180
182
  # If you don't specify this value, then Secrets Manager defaults to
181
- # using the AWS account's default CMK (the one named
182
- # `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't yet
183
- # exist, then Secrets Manager creates it for you automatically the
184
- # first time it needs to encrypt a version's `SecretString` or
185
- # `SecretBinary` fields.
183
+ # using the Amazon Web Services account's default CMK (the one named
184
+ # `aws/secretsmanager`). If a Amazon Web Services KMS CMK with that
185
+ # name doesn't yet exist, then Secrets Manager creates it for you
186
+ # automatically the first time it needs to encrypt a version's
187
+ # `SecretString` or `SecretBinary` fields.
186
188
  #
187
189
  # You can use the account default CMK to encrypt and decrypt only if
188
190
  # you call this operation using credentials from the same account that
@@ -201,7 +203,8 @@ module Aws::SecretsManager
201
203
  # both. They cannot both be empty.
202
204
  #
203
205
  # This parameter is not available using the Secrets Manager console.
204
- # It can be accessed only by using the AWS CLI or one of the AWS SDKs.
206
+ # It can be accessed only by using the Amazon Web Services CLI or one
207
+ # of the Amazon Web Services SDKs.
205
208
  # @return [String]
206
209
  #
207
210
  # @!attribute [rw] secret_string
@@ -220,8 +223,8 @@ module Aws::SecretsManager
220
223
  # For storing multiple values, we recommend that you use a JSON text
221
224
  # string argument and specify key/value pairs. For information on how
222
225
  # to format a JSON parameter for the various command line tool
223
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI
224
- # User Guide*. For example:
226
+ # environments, see [Using JSON for Parameters][1] in the *CLI User
227
+ # Guide*. For example:
225
228
  #
226
229
  # `\{"username":"bob","password":"abc123xyz456"\}`
227
230
  #
@@ -251,8 +254,8 @@ module Aws::SecretsManager
251
254
  #
252
255
  # This parameter requires a JSON text string argument. For information
253
256
  # on how to format a JSON parameter for the various command line tool
254
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI
255
- # User Guide*. For example:
257
+ # environments, see [Using JSON for Parameters][1] in the *CLI User
258
+ # Guide*. For example:
256
259
  #
257
260
  # `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
258
261
  #
@@ -271,9 +274,9 @@ module Aws::SecretsManager
271
274
  # * Tag keys and values are case sensitive.
272
275
  #
273
276
  # * Do not use the `aws:` prefix in your tag names or values because
274
- # AWS reserves it for AWS use. You can't edit or delete tag names
275
- # or values with this prefix. Tags with this prefix do not count
276
- # against your tags per secret limit.
277
+ # Amazon Web Services reserves it for Amazon Web Services use. You
278
+ # can't edit or delete tag names or values with this prefix. Tags
279
+ # with this prefix do not count against your tags per secret limit.
277
280
  #
278
281
  # * If you use your tagging schema across multiple services and
279
282
  # resources, remember other services might have restrictions on
@@ -486,10 +489,10 @@ module Aws::SecretsManager
486
489
  #
487
490
  # Use this parameter with caution. This parameter causes the operation
488
491
  # to skip the normal waiting period before the permanent deletion that
489
- # AWS would normally impose with the `RecoveryWindowInDays` parameter.
490
- # If you delete a secret with the `ForceDeleteWithouRecovery`
491
- # parameter, then you have no opportunity to recover the secret. You
492
- # lose the secret permanently.
492
+ # Amazon Web Services would normally impose with the
493
+ # `RecoveryWindowInDays` parameter. If you delete a secret with the
494
+ # `ForceDeleteWithouRecovery` parameter, then you have no opportunity
495
+ # to recover the secret. You lose the secret permanently.
493
496
  #
494
497
  # If you use this parameter and include a previously deleted or
495
498
  # nonexistent secret, the operation does not return the error
@@ -587,11 +590,12 @@ module Aws::SecretsManager
587
590
  # @return [String]
588
591
  #
589
592
  # @!attribute [rw] kms_key_id
590
- # The ARN or alias of the AWS KMS customer master key (CMK) that's
591
- # used to encrypt the `SecretString` or `SecretBinary` fields in each
592
- # version of the secret. If you don't provide a key, then Secrets
593
- # Manager defaults to encrypting the secret fields with the default
594
- # AWS KMS CMK (the one named `awssecretsmanager`) for this account.
593
+ # The ARN or alias of the Amazon Web Services KMS customer master key
594
+ # (CMK) that's used to encrypt the `SecretString` or `SecretBinary`
595
+ # fields in each version of the secret. If you don't provide a key,
596
+ # then Secrets Manager defaults to encrypting the secret fields with
597
+ # the default Amazon Web Services KMS CMK (the one named
598
+ # `awssecretsmanager`) for this account.
595
599
  # @return [String]
596
600
  #
597
601
  # @!attribute [rw] rotation_enabled
@@ -907,8 +911,9 @@ module Aws::SecretsManager
907
911
  # with any permissions that are associated with the user or role that
908
912
  # attempts to access this secret. The combined permissions specify who
909
913
  # can access the secret and what actions they can perform. For more
910
- # information, see [Authentication and Access Control for AWS Secrets
911
- # Manager][1] in the *AWS Secrets Manager User Guide*.
914
+ # information, see [Authentication and Access Control for Amazon Web
915
+ # Services Secrets Manager][1] in the *Amazon Web Services Secrets
916
+ # Manager User Guide*.
912
917
  #
913
918
  #
914
919
  #
@@ -1426,11 +1431,11 @@ module Aws::SecretsManager
1426
1431
  #
1427
1432
  # @!attribute [rw] resource_policy
1428
1433
  # A JSON-formatted string constructed according to the grammar and
1429
- # syntax for an AWS resource-based policy. The policy in the string
1430
- # identifies who can access or manage this secret and its versions.
1431
- # For information on how to format a JSON parameter for the various
1432
- # command line tool environments, see [Using JSON for Parameters][1]
1433
- # in the *AWS CLI User Guide*.
1434
+ # syntax for an Amazon Web Services resource-based policy. The policy
1435
+ # in the string identifies who can access or manage this secret and
1436
+ # its versions. For information on how to format a JSON parameter for
1437
+ # the various command line tool environments, see [Using JSON for
1438
+ # Parameters][1] in the *CLI User Guide*.
1434
1439
  #
1435
1440
  #
1436
1441
  #
@@ -1514,13 +1519,13 @@ module Aws::SecretsManager
1514
1519
  # (Optional) Specifies a unique identifier for the new version of the
1515
1520
  # secret.
1516
1521
  #
1517
- # <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
1518
- # then you can leave this parameter empty. The CLI or SDK generates a
1519
- # random UUID for you and includes that in the request. If you don't
1520
- # use the SDK and instead generate a raw HTTP request to the Secrets
1521
- # Manager service endpoint, then you must generate a
1522
- # `ClientRequestToken` yourself for new versions and include that
1523
- # value in the request.
1522
+ # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
1523
+ # Services SDK to call this operation, then you can leave this
1524
+ # parameter empty. The CLI or SDK generates a random UUID for you and
1525
+ # includes that in the request. If you don't use the SDK and instead
1526
+ # generate a raw HTTP request to the Secrets Manager service endpoint,
1527
+ # then you must generate a `ClientRequestToken` yourself for new
1528
+ # versions and include that value in the request.
1524
1529
  #
1525
1530
  # </note>
1526
1531
  #
@@ -1582,8 +1587,8 @@ module Aws::SecretsManager
1582
1587
  # For storing multiple values, we recommend that you use a JSON text
1583
1588
  # string argument and specify key/value pairs. For information on how
1584
1589
  # to format a JSON parameter for the various command line tool
1585
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI
1586
- # User Guide*.
1590
+ # environments, see [Using JSON for Parameters][1] in the *CLI User
1591
+ # Guide*.
1587
1592
  #
1588
1593
  # For example:
1589
1594
  #
@@ -1952,13 +1957,14 @@ module Aws::SecretsManager
1952
1957
  # (Optional) Specifies a unique identifier for the new version of the
1953
1958
  # secret that helps ensure idempotency.
1954
1959
  #
1955
- # If you use the AWS CLI or one of the AWS SDK to call this operation,
1956
- # then you can leave this parameter empty. The CLI or SDK generates a
1957
- # random UUID for you and includes that in the request for this
1958
- # parameter. If you don't use the SDK and instead generate a raw HTTP
1959
- # request to the Secrets Manager service endpoint, then you must
1960
- # generate a `ClientRequestToken` yourself for new versions and
1961
- # include that value in the request.
1960
+ # If you use the Amazon Web Services CLI or one of the Amazon Web
1961
+ # Services SDK to call this operation, then you can leave this
1962
+ # parameter empty. The CLI or SDK generates a random UUID for you and
1963
+ # includes that in the request for this parameter. If you don't use
1964
+ # the SDK and instead generate a raw HTTP request to the Secrets
1965
+ # Manager service endpoint, then you must generate a
1966
+ # `ClientRequestToken` yourself for new versions and include that
1967
+ # value in the request.
1962
1968
  #
1963
1969
  # You only need to specify your own value if you implement your own
1964
1970
  # retry logic and want to ensure that a given secret is not created
@@ -2059,7 +2065,8 @@ module Aws::SecretsManager
2059
2065
  # The Amazon Resource Name (ARN) of the secret.
2060
2066
  #
2061
2067
  # For more information about ARNs in Secrets Manager, see [Policy
2062
- # Resources][1] in the *AWS Secrets Manager User Guide*.
2068
+ # Resources][1] in the *Amazon Web Services Secrets Manager User
2069
+ # Guide*.
2063
2070
  #
2064
2071
  #
2065
2072
  #
@@ -2078,11 +2085,12 @@ module Aws::SecretsManager
2078
2085
  # @return [String]
2079
2086
  #
2080
2087
  # @!attribute [rw] kms_key_id
2081
- # The ARN or alias of the AWS KMS customer master key (CMK) used to
2082
- # encrypt the `SecretString` and `SecretBinary` fields in each version
2083
- # of the secret. If you don't provide a key, then Secrets Manager
2084
- # defaults to encrypting the secret fields with the default KMS CMK,
2085
- # the key named `awssecretsmanager`, for this account.
2088
+ # The ARN or alias of the Amazon Web Services KMS customer master key
2089
+ # (CMK) used to encrypt the `SecretString` and `SecretBinary` fields
2090
+ # in each version of the secret. If you don't provide a key, then
2091
+ # Secrets Manager defaults to encrypting the secret fields with the
2092
+ # default KMS CMK, the key named `awssecretsmanager`, for this
2093
+ # account.
2086
2094
  # @return [String]
2087
2095
  #
2088
2096
  # @!attribute [rw] rotation_enabled
@@ -2091,9 +2099,9 @@ module Aws::SecretsManager
2091
2099
  # @return [Boolean]
2092
2100
  #
2093
2101
  # @!attribute [rw] rotation_lambda_arn
2094
- # The ARN of an AWS Lambda function invoked by Secrets Manager to
2095
- # rotate and expire the secret either automatically per the schedule
2096
- # or manually by a call to RotateSecret.
2102
+ # The ARN of an Amazon Web Services Lambda function invoked by Secrets
2103
+ # Manager to rotate and expire the secret either automatically per the
2104
+ # schedule or manually by a call to RotateSecret.
2097
2105
  # @return [String]
2098
2106
  #
2099
2107
  # @!attribute [rw] rotation_rules
@@ -2198,13 +2206,18 @@ module Aws::SecretsManager
2198
2206
  # The date and time this version of the secret was created.
2199
2207
  # @return [Time]
2200
2208
  #
2209
+ # @!attribute [rw] kms_key_ids
2210
+ # The KMS keys used to encrypt the secret version.
2211
+ # @return [Array<String>]
2212
+ #
2201
2213
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretVersionsListEntry AWS API Documentation
2202
2214
  #
2203
2215
  class SecretVersionsListEntry < Struct.new(
2204
2216
  :version_id,
2205
2217
  :version_stages,
2206
2218
  :last_accessed_date,
2207
- :created_date)
2219
+ :created_date,
2220
+ :kms_key_ids)
2208
2221
  SENSITIVE = []
2209
2222
  include Aws::Structure
2210
2223
  end
@@ -2317,9 +2330,8 @@ module Aws::SecretsManager
2317
2330
  # This parameter to the API requires a JSON text string argument. For
2318
2331
  # information on how to format a JSON parameter for the various
2319
2332
  # command line tool environments, see [Using JSON for Parameters][1]
2320
- # in the *AWS CLI User Guide*. For the AWS CLI, you can also use the
2321
- # syntax: `--Tags Key="Key1",Value="Value1"
2322
- # Key="Key2",Value="Value2"[,…]`
2333
+ # in the *CLI User Guide*. For the CLI, you can also use the syntax:
2334
+ # `--Tags Key="Key1",Value="Value1" Key="Key2",Value="Value2"[,…]`
2323
2335
  #
2324
2336
  #
2325
2337
  #
@@ -2379,7 +2391,7 @@ module Aws::SecretsManager
2379
2391
  # This parameter to the API requires a JSON text string argument. For
2380
2392
  # information on how to format a JSON parameter for the various
2381
2393
  # command line tool environments, see [Using JSON for Parameters][1]
2382
- # in the *AWS CLI User Guide*.
2394
+ # in the *CLI User Guide*.
2383
2395
  #
2384
2396
  #
2385
2397
  #
@@ -2440,13 +2452,13 @@ module Aws::SecretsManager
2440
2452
  # parameter specifies a unique identifier for the new version that
2441
2453
  # helps ensure idempotency.
2442
2454
  #
2443
- # If you use the AWS CLI or one of the AWS SDK to call this operation,
2444
- # then you can leave this parameter empty. The CLI or SDK generates a
2445
- # random UUID for you and includes that in the request. If you don't
2446
- # use the SDK and instead generate a raw HTTP request to the Secrets
2447
- # Manager service endpoint, then you must generate a
2448
- # `ClientRequestToken` yourself for new versions and include that
2449
- # value in the request.
2455
+ # If you use the Amazon Web Services CLI or one of the Amazon Web
2456
+ # Services SDK to call this operation, then you can leave this
2457
+ # parameter empty. The CLI or SDK generates a random UUID for you and
2458
+ # includes that in the request. If you don't use the SDK and instead
2459
+ # generate a raw HTTP request to the Secrets Manager service endpoint,
2460
+ # then you must generate a `ClientRequestToken` yourself for new
2461
+ # versions and include that value in the request.
2450
2462
  #
2451
2463
  # You typically only need to interact with this value if you implement
2452
2464
  # your own retry logic and want to ensure that a given secret is not
@@ -2486,9 +2498,9 @@ module Aws::SecretsManager
2486
2498
  # @return [String]
2487
2499
  #
2488
2500
  # @!attribute [rw] kms_key_id
2489
- # (Optional) Specifies an updated ARN or alias of the AWS KMS customer
2490
- # master key (CMK) to be used to encrypt the protected text in new
2491
- # versions of this secret.
2501
+ # (Optional) Specifies an updated ARN or alias of the Amazon Web
2502
+ # Services KMS customer master key (CMK) to be used to encrypt the
2503
+ # protected text in new versions of this secret.
2492
2504
  #
2493
2505
  # You can only use the account's default CMK to encrypt and decrypt
2494
2506
  # if you call this operation using credentials from the same account
@@ -2525,8 +2537,8 @@ module Aws::SecretsManager
2525
2537
  # For storing multiple values, we recommend that you use a JSON text
2526
2538
  # string argument and specify key/value pairs. For information on how
2527
2539
  # to format a JSON parameter for the various command line tool
2528
- # environments, see [Using JSON for Parameters][1] in the *AWS CLI
2529
- # User Guide*. For example:
2540
+ # environments, see [Using JSON for Parameters][1] in the *CLI User
2541
+ # Guide*. For example:
2530
2542
  #
2531
2543
  # `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]`
2532
2544
  #
@@ -2718,11 +2730,11 @@ module Aws::SecretsManager
2718
2730
  #
2719
2731
  # @!attribute [rw] resource_policy
2720
2732
  # A JSON-formatted string constructed according to the grammar and
2721
- # syntax for an AWS resource-based policy. The policy in the string
2722
- # identifies who can access or manage this secret and its versions.
2723
- # For information on how to format a JSON parameter for the various
2724
- # command line tool environments, see [Using JSON for Parameters][1]
2725
- # in the *AWS CLI User Guide*.publi
2733
+ # syntax for an Amazon Web Services resource-based policy. The policy
2734
+ # in the string identifies who can access or manage this secret and
2735
+ # its versions. For information on how to format a JSON parameter for
2736
+ # the various command line tool environments, see [Using JSON for
2737
+ # Parameters][1] in the *CLI User Guide*.publi
2726
2738
  #
2727
2739
  #
2728
2740
  #
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-secretsmanager
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.47.0
4
+ version: 1.48.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-28 00:00:00.000000000 Z
11
+ date: 2021-07-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.118.0
22
+ version: 3.119.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.118.0
32
+ version: 3.119.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement