aws-sdk-secretsmanager 1.51.0 → 1.55.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-secretsmanager/client.rb +509 -1055
- data/lib/aws-sdk-secretsmanager/types.rb +468 -632
- data/lib/aws-sdk-secretsmanager.rb +1 -1
- metadata +4 -4
|
@@ -18,9 +18,7 @@ module Aws::SecretsManager
|
|
|
18
18
|
# }
|
|
19
19
|
#
|
|
20
20
|
# @!attribute [rw] secret_id
|
|
21
|
-
#
|
|
22
|
-
# either the Amazon Resource Name (ARN) or the friendly name of the
|
|
23
|
-
# secret.
|
|
21
|
+
# The ARN or name of the secret.
|
|
24
22
|
#
|
|
25
23
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
26
24
|
# a partial ARN.
|
|
@@ -35,20 +33,20 @@ module Aws::SecretsManager
|
|
|
35
33
|
end
|
|
36
34
|
|
|
37
35
|
# @!attribute [rw] arn
|
|
38
|
-
# The ARN of the secret
|
|
36
|
+
# The ARN of the secret.
|
|
39
37
|
# @return [String]
|
|
40
38
|
#
|
|
41
39
|
# @!attribute [rw] name
|
|
42
|
-
# The
|
|
40
|
+
# The name of the secret.
|
|
43
41
|
# @return [String]
|
|
44
42
|
#
|
|
45
43
|
# @!attribute [rw] version_id
|
|
46
44
|
# The unique identifier of the version of the secret created during
|
|
47
45
|
# the rotation. This version might not be complete, and should be
|
|
48
|
-
# evaluated for possible deletion.
|
|
49
|
-
#
|
|
50
|
-
#
|
|
51
|
-
# you from
|
|
46
|
+
# evaluated for possible deletion. We recommend that you remove the
|
|
47
|
+
# `VersionStage` value `AWSPENDING` from this version so that Secrets
|
|
48
|
+
# Manager can delete it. Failing to clean up a cancelled rotation can
|
|
49
|
+
# block you from starting future rotations.
|
|
52
50
|
# @return [String]
|
|
53
51
|
#
|
|
54
52
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecretResponse AWS API Documentation
|
|
@@ -87,27 +85,25 @@ module Aws::SecretsManager
|
|
|
87
85
|
# }
|
|
88
86
|
#
|
|
89
87
|
# @!attribute [rw] name
|
|
90
|
-
#
|
|
88
|
+
# The name of the new secret.
|
|
91
89
|
#
|
|
92
|
-
# The secret name
|
|
93
|
-
# characters
|
|
90
|
+
# The secret name can contain ASCII letters, numbers, and the
|
|
91
|
+
# following characters: /\_+=.@-
|
|
94
92
|
#
|
|
95
|
-
#
|
|
93
|
+
# Do not end your secret name with a hyphen followed by six
|
|
96
94
|
# characters. If you do so, you risk confusion and unexpected results
|
|
97
95
|
# when searching for a secret by partial ARN. Secrets Manager
|
|
98
|
-
# automatically adds a hyphen and six random characters
|
|
99
|
-
# the ARN.
|
|
100
|
-
#
|
|
101
|
-
# </note>
|
|
96
|
+
# automatically adds a hyphen and six random characters after the
|
|
97
|
+
# secret name at the end of the ARN.
|
|
102
98
|
# @return [String]
|
|
103
99
|
#
|
|
104
100
|
# @!attribute [rw] client_request_token
|
|
105
|
-
#
|
|
106
|
-
#
|
|
107
|
-
# specifies
|
|
101
|
+
# If you include `SecretString` or `SecretBinary`, then Secrets
|
|
102
|
+
# Manager creates an initial version for the secret, and this
|
|
103
|
+
# parameter specifies the unique identifier for the new version.
|
|
108
104
|
#
|
|
109
105
|
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
|
110
|
-
# Services
|
|
106
|
+
# Services SDKs to call this operation, then you can leave this
|
|
111
107
|
# parameter empty. The CLI or SDK generates a random UUID for you and
|
|
112
108
|
# includes it as the value for this parameter in the request. If you
|
|
113
109
|
# don't use the SDK and instead generate a raw HTTP request to the
|
|
@@ -147,103 +143,83 @@ module Aws::SecretsManager
|
|
|
147
143
|
# @return [String]
|
|
148
144
|
#
|
|
149
145
|
# @!attribute [rw] description
|
|
150
|
-
#
|
|
146
|
+
# The description of the secret.
|
|
151
147
|
# @return [String]
|
|
152
148
|
#
|
|
153
149
|
# @!attribute [rw] kms_key_id
|
|
154
|
-
#
|
|
155
|
-
#
|
|
156
|
-
# `SecretString` or `SecretBinary` values in the versions stored in
|
|
157
|
-
# this secret.
|
|
150
|
+
# The ARN, key ID, or alias of the KMS key that Secrets Manager uses
|
|
151
|
+
# to encrypt the secret value in the secret.
|
|
158
152
|
#
|
|
159
|
-
#
|
|
160
|
-
#
|
|
161
|
-
# account, you can use only the key ARN or the alias ARN.
|
|
153
|
+
# To use a KMS key in a different account, use the key ARN or the
|
|
154
|
+
# alias ARN.
|
|
162
155
|
#
|
|
163
|
-
# If you don't specify this value, then Secrets Manager
|
|
164
|
-
#
|
|
165
|
-
#
|
|
166
|
-
#
|
|
167
|
-
# automatically the first time it needs to encrypt a version's
|
|
168
|
-
# `SecretString` or `SecretBinary` fields.
|
|
156
|
+
# If you don't specify this value, then Secrets Manager uses the key
|
|
157
|
+
# `aws/secretsmanager`. If that key doesn't yet exist, then Secrets
|
|
158
|
+
# Manager creates it for you automatically the first time it encrypts
|
|
159
|
+
# the secret value.
|
|
169
160
|
#
|
|
170
|
-
#
|
|
171
|
-
#
|
|
172
|
-
#
|
|
173
|
-
#
|
|
161
|
+
# If the secret is in a different Amazon Web Services account from the
|
|
162
|
+
# credentials calling the API, then you can't use
|
|
163
|
+
# `aws/secretsmanager` to encrypt the secret, and you must create and
|
|
164
|
+
# use a customer managed KMS key.
|
|
174
165
|
# @return [String]
|
|
175
166
|
#
|
|
176
167
|
# @!attribute [rw] secret_binary
|
|
177
|
-
#
|
|
178
|
-
#
|
|
179
|
-
#
|
|
180
|
-
# a file and then use the appropriate technique for your tool to pass
|
|
181
|
-
# the contents of the file as a parameter.
|
|
168
|
+
# The binary data to encrypt and store in the new version of the
|
|
169
|
+
# secret. We recommend that you store your binary data in a file and
|
|
170
|
+
# then pass the contents of the file as a parameter.
|
|
182
171
|
#
|
|
183
172
|
# Either `SecretString` or `SecretBinary` must have a value, but not
|
|
184
|
-
# both.
|
|
173
|
+
# both.
|
|
185
174
|
#
|
|
186
|
-
# This parameter is not available
|
|
187
|
-
# It can be accessed only by using the Amazon Web Services CLI or one
|
|
188
|
-
# of the Amazon Web Services SDKs.
|
|
175
|
+
# This parameter is not available in the Secrets Manager console.
|
|
189
176
|
# @return [String]
|
|
190
177
|
#
|
|
191
178
|
# @!attribute [rw] secret_string
|
|
192
|
-
#
|
|
193
|
-
#
|
|
179
|
+
# The text data to encrypt and store in this new version of the
|
|
180
|
+
# secret. We recommend you use a JSON structure of key/value pairs for
|
|
181
|
+
# your secret value.
|
|
194
182
|
#
|
|
195
183
|
# Either `SecretString` or `SecretBinary` must have a value, but not
|
|
196
|
-
# both.
|
|
184
|
+
# both.
|
|
197
185
|
#
|
|
198
186
|
# If you create a secret by using the Secrets Manager console then
|
|
199
187
|
# Secrets Manager puts the protected secret text in only the
|
|
200
188
|
# `SecretString` parameter. The Secrets Manager console stores the
|
|
201
|
-
# information as a JSON structure of key/value pairs that
|
|
202
|
-
# rotation function
|
|
203
|
-
#
|
|
204
|
-
# For storing multiple values, we recommend that you use a JSON text
|
|
205
|
-
# string argument and specify key/value pairs. For more information,
|
|
206
|
-
# see [Specifying parameter values for the Amazon Web Services CLI][1]
|
|
207
|
-
# in the Amazon Web Services CLI User Guide.
|
|
208
|
-
#
|
|
209
|
-
#
|
|
210
|
-
#
|
|
211
|
-
# [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
|
|
189
|
+
# information as a JSON structure of key/value pairs that a Lambda
|
|
190
|
+
# rotation function can parse.
|
|
212
191
|
# @return [String]
|
|
213
192
|
#
|
|
214
193
|
# @!attribute [rw] tags
|
|
215
|
-
#
|
|
216
|
-
#
|
|
217
|
-
# This operation only appends tags to the existing list of tags. To
|
|
218
|
-
# remove tags, you must use UntagResource.
|
|
194
|
+
# A list of tags to attach to the secret. Each tag is a key and value
|
|
195
|
+
# pair of strings in a JSON text string, for example:
|
|
219
196
|
#
|
|
220
|
-
#
|
|
221
|
-
# key "ABC" is a different tag from one with key "abc".
|
|
197
|
+
# `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
|
|
222
198
|
#
|
|
223
|
-
#
|
|
224
|
-
#
|
|
225
|
-
# permissions. If the successful completion of this operation would
|
|
226
|
-
# result in you losing your permissions for this secret, then this
|
|
227
|
-
# operation is blocked and returns an `Access Denied` error.
|
|
199
|
+
# Secrets Manager tag key names are case sensitive. A tag with the key
|
|
200
|
+
# "ABC" is a different tag from one with key "abc".
|
|
228
201
|
#
|
|
229
|
-
#
|
|
230
|
-
#
|
|
231
|
-
#
|
|
232
|
-
#
|
|
233
|
-
#
|
|
234
|
-
#
|
|
202
|
+
# If you check tags in permissions policies as part of your security
|
|
203
|
+
# strategy, then adding or removing a tag can change permissions. If
|
|
204
|
+
# the completion of this operation would result in you losing your
|
|
205
|
+
# permissions for this secret, then Secrets Manager blocks the
|
|
206
|
+
# operation and returns an `Access Denied` error. For more
|
|
207
|
+
# information, see [Control access to secrets using tags][1] and
|
|
208
|
+
# [Limit access to identities with tags that match secrets' tags][2].
|
|
235
209
|
#
|
|
210
|
+
# For information about how to format a JSON parameter for the various
|
|
211
|
+
# command line tool environments, see [Using JSON for Parameters][3].
|
|
236
212
|
# If your command-line tool or SDK requires quotation marks around the
|
|
237
213
|
# parameter, you should use single quotes to avoid confusion with the
|
|
238
214
|
# double quotes required in the JSON text.
|
|
239
215
|
#
|
|
240
|
-
# The following
|
|
216
|
+
# The following restrictions apply to tags:
|
|
241
217
|
#
|
|
242
|
-
# * Maximum number of tags per secret
|
|
218
|
+
# * Maximum number of tags per secret: 50
|
|
243
219
|
#
|
|
244
|
-
# * Maximum key length
|
|
220
|
+
# * Maximum key length: 127 Unicode characters in UTF-8
|
|
245
221
|
#
|
|
246
|
-
# * Maximum value length
|
|
222
|
+
# * Maximum value length: 255 Unicode characters in UTF-8
|
|
247
223
|
#
|
|
248
224
|
# * Tag keys and values are case sensitive.
|
|
249
225
|
#
|
|
@@ -253,25 +229,25 @@ module Aws::SecretsManager
|
|
|
253
229
|
# with this prefix do not count against your tags per secret limit.
|
|
254
230
|
#
|
|
255
231
|
# * If you use your tagging schema across multiple services and
|
|
256
|
-
# resources,
|
|
257
|
-
#
|
|
258
|
-
#
|
|
232
|
+
# resources, other services might have restrictions on allowed
|
|
233
|
+
# characters. Generally allowed characters: letters, spaces, and
|
|
234
|
+
# numbers representable in UTF-8, plus the following special
|
|
259
235
|
# characters: + - = . \_ : / @.
|
|
260
236
|
#
|
|
261
237
|
#
|
|
262
238
|
#
|
|
263
|
-
# [1]: https://docs.aws.amazon.com/
|
|
239
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac
|
|
240
|
+
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2
|
|
241
|
+
# [3]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
|
|
264
242
|
# @return [Array<Types::Tag>]
|
|
265
243
|
#
|
|
266
244
|
# @!attribute [rw] add_replica_regions
|
|
267
|
-
#
|
|
268
|
-
# Manager replicates the KMSKeyID objects to the list of regions
|
|
269
|
-
# specified in the parameter.
|
|
245
|
+
# A list of Regions and KMS keys to replicate secrets.
|
|
270
246
|
# @return [Array<Types::ReplicaRegionType>]
|
|
271
247
|
#
|
|
272
248
|
# @!attribute [rw] force_overwrite_replica_secret
|
|
273
|
-
#
|
|
274
|
-
#
|
|
249
|
+
# Specifies whether to overwrite a secret with the same name in the
|
|
250
|
+
# destination Region.
|
|
275
251
|
# @return [Boolean]
|
|
276
252
|
#
|
|
277
253
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretRequest AWS API Documentation
|
|
@@ -291,31 +267,30 @@ module Aws::SecretsManager
|
|
|
291
267
|
end
|
|
292
268
|
|
|
293
269
|
# @!attribute [rw] arn
|
|
294
|
-
# The
|
|
295
|
-
#
|
|
296
|
-
#
|
|
297
|
-
#
|
|
298
|
-
# affects only the ARN and not the actual friendly name. This ensures
|
|
299
|
-
# that if you create a new secret with the same name as an old secret
|
|
300
|
-
# that you previously deleted, then users with access to the old
|
|
301
|
-
# secret *don't* automatically get access to the new secret because
|
|
270
|
+
# The ARN of the new secret. The ARN includes the name of the secret
|
|
271
|
+
# followed by six random characters. This ensures that if you create a
|
|
272
|
+
# new secret with the same name as a deleted secret, then users with
|
|
273
|
+
# access to the old secret don't get access to the new secret because
|
|
302
274
|
# the ARNs are different.
|
|
303
|
-
#
|
|
304
|
-
# </note>
|
|
305
275
|
# @return [String]
|
|
306
276
|
#
|
|
307
277
|
# @!attribute [rw] name
|
|
308
|
-
# The
|
|
278
|
+
# The name of the new secret.
|
|
309
279
|
# @return [String]
|
|
310
280
|
#
|
|
311
281
|
# @!attribute [rw] version_id
|
|
312
|
-
# The unique identifier associated with the version of the secret
|
|
313
|
-
# just created.
|
|
282
|
+
# The unique identifier associated with the version of the new secret.
|
|
314
283
|
# @return [String]
|
|
315
284
|
#
|
|
316
285
|
# @!attribute [rw] replication_status
|
|
317
|
-
#
|
|
318
|
-
#
|
|
286
|
+
# A list of the replicas of this secret and their status:
|
|
287
|
+
#
|
|
288
|
+
# * `Failed`, which indicates that the replica was not created.
|
|
289
|
+
#
|
|
290
|
+
# * `InProgress`, which indicates that Secrets Manager is in the
|
|
291
|
+
# process of creating the replica.
|
|
292
|
+
#
|
|
293
|
+
# * `InSync`, which indicates that the replica was created.
|
|
319
294
|
# @return [Array<Types::ReplicationStatusType>]
|
|
320
295
|
#
|
|
321
296
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretResponse AWS API Documentation
|
|
@@ -351,9 +326,8 @@ module Aws::SecretsManager
|
|
|
351
326
|
# }
|
|
352
327
|
#
|
|
353
328
|
# @!attribute [rw] secret_id
|
|
354
|
-
#
|
|
355
|
-
#
|
|
356
|
-
# Resource Name (ARN) or the friendly name of the secret.
|
|
329
|
+
# The ARN or name of the secret to delete the attached resource-based
|
|
330
|
+
# policy for.
|
|
357
331
|
#
|
|
358
332
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
359
333
|
# a partial ARN.
|
|
@@ -373,8 +347,8 @@ module Aws::SecretsManager
|
|
|
373
347
|
# @return [String]
|
|
374
348
|
#
|
|
375
349
|
# @!attribute [rw] name
|
|
376
|
-
# The
|
|
377
|
-
#
|
|
350
|
+
# The name of the secret that the resource-based policy was deleted
|
|
351
|
+
# for.
|
|
378
352
|
# @return [String]
|
|
379
353
|
#
|
|
380
354
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicyResponse AWS API Documentation
|
|
@@ -396,43 +370,37 @@ module Aws::SecretsManager
|
|
|
396
370
|
# }
|
|
397
371
|
#
|
|
398
372
|
# @!attribute [rw] secret_id
|
|
399
|
-
#
|
|
400
|
-
# Resource Name (ARN) or the friendly name of the secret.
|
|
373
|
+
# The ARN or name of the secret to delete.
|
|
401
374
|
#
|
|
402
375
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
403
376
|
# a partial ARN.
|
|
404
377
|
# @return [String]
|
|
405
378
|
#
|
|
406
379
|
# @!attribute [rw] recovery_window_in_days
|
|
407
|
-
#
|
|
408
|
-
#
|
|
409
|
-
#
|
|
410
|
-
#
|
|
411
|
-
#
|
|
412
|
-
# This value can range from 7 to 30 days with a default value of 30.
|
|
380
|
+
# The number of days from 7 to 30 that Secrets Manager waits before
|
|
381
|
+
# permanently deleting the secret. You can't use both this parameter
|
|
382
|
+
# and `ForceDeleteWithoutRecovery` in the same call. If you don't use
|
|
383
|
+
# either, then Secrets Manager defaults to a 30 day recovery window.
|
|
413
384
|
# @return [Integer]
|
|
414
385
|
#
|
|
415
386
|
# @!attribute [rw] force_delete_without_recovery
|
|
416
|
-
#
|
|
417
|
-
#
|
|
418
|
-
#
|
|
387
|
+
# Specifies whether to delete the secret without any recovery window.
|
|
388
|
+
# You can't use both this parameter and `RecoveryWindowInDays` in the
|
|
389
|
+
# same call. If you don't use either, then Secrets Manager defaults
|
|
390
|
+
# to a 30 day recovery window.
|
|
419
391
|
#
|
|
420
|
-
#
|
|
421
|
-
# there
|
|
422
|
-
#
|
|
423
|
-
#
|
|
424
|
-
# retry logic.
|
|
392
|
+
# Secrets Manager performs the actual deletion with an asynchronous
|
|
393
|
+
# background process, so there might be a short delay before the
|
|
394
|
+
# secret is permanently deleted. If you delete a secret and then
|
|
395
|
+
# immediately create a secret with the same name, use appropriate back
|
|
396
|
+
# off and retry logic.
|
|
425
397
|
#
|
|
426
398
|
# Use this parameter with caution. This parameter causes the operation
|
|
427
|
-
# to skip the normal
|
|
428
|
-
#
|
|
399
|
+
# to skip the normal recovery window before the permanent deletion
|
|
400
|
+
# that Secrets Manager would normally impose with the
|
|
429
401
|
# `RecoveryWindowInDays` parameter. If you delete a secret with the
|
|
430
402
|
# `ForceDeleteWithouRecovery` parameter, then you have no opportunity
|
|
431
403
|
# to recover the secret. You lose the secret permanently.
|
|
432
|
-
#
|
|
433
|
-
# If you use this parameter and include a previously deleted or
|
|
434
|
-
# nonexistent secret, the operation does not return the error
|
|
435
|
-
# `ResourceNotFoundException` in order to correctly handle retries.
|
|
436
404
|
# @return [Boolean]
|
|
437
405
|
#
|
|
438
406
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretRequest AWS API Documentation
|
|
@@ -446,18 +414,18 @@ module Aws::SecretsManager
|
|
|
446
414
|
end
|
|
447
415
|
|
|
448
416
|
# @!attribute [rw] arn
|
|
449
|
-
# The ARN of the secret
|
|
417
|
+
# The ARN of the secret.
|
|
450
418
|
# @return [String]
|
|
451
419
|
#
|
|
452
420
|
# @!attribute [rw] name
|
|
453
|
-
# The
|
|
421
|
+
# The name of the secret.
|
|
454
422
|
# @return [String]
|
|
455
423
|
#
|
|
456
424
|
# @!attribute [rw] deletion_date
|
|
457
|
-
# The date and time after which this secret
|
|
458
|
-
#
|
|
459
|
-
# time of the delete request plus the
|
|
460
|
-
# `RecoveryWindowInDays`.
|
|
425
|
+
# The date and time after which this secret Secrets Manager can
|
|
426
|
+
# permanently delete this secret, and it can no longer be restored.
|
|
427
|
+
# This value is the date and time of the delete request plus the
|
|
428
|
+
# number of days in `RecoveryWindowInDays`.
|
|
461
429
|
# @return [Time]
|
|
462
430
|
#
|
|
463
431
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretResponse AWS API Documentation
|
|
@@ -478,9 +446,7 @@ module Aws::SecretsManager
|
|
|
478
446
|
# }
|
|
479
447
|
#
|
|
480
448
|
# @!attribute [rw] secret_id
|
|
481
|
-
# The
|
|
482
|
-
# can specify either the Amazon Resource Name (ARN) or the friendly
|
|
483
|
-
# name of the secret.
|
|
449
|
+
# The ARN or name of the secret.
|
|
484
450
|
#
|
|
485
451
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
486
452
|
# a partial ARN.
|
|
@@ -499,48 +465,43 @@ module Aws::SecretsManager
|
|
|
499
465
|
# @return [String]
|
|
500
466
|
#
|
|
501
467
|
# @!attribute [rw] name
|
|
502
|
-
# The
|
|
468
|
+
# The name of the secret.
|
|
503
469
|
# @return [String]
|
|
504
470
|
#
|
|
505
471
|
# @!attribute [rw] description
|
|
506
|
-
# The
|
|
472
|
+
# The description of the secret.
|
|
507
473
|
# @return [String]
|
|
508
474
|
#
|
|
509
475
|
# @!attribute [rw] kms_key_id
|
|
510
|
-
# The ARN
|
|
511
|
-
#
|
|
512
|
-
#
|
|
513
|
-
# then Secrets Manager defaults to encrypting the secret fields with
|
|
514
|
-
# the default Amazon Web Services KMS CMK (the one named
|
|
515
|
-
# `awssecretsmanager`) for this account.
|
|
476
|
+
# The ARN of the KMS key that Secrets Manager uses to encrypt the
|
|
477
|
+
# secret value. If the secret is encrypted with the Amazon Web
|
|
478
|
+
# Services managed key `aws/secretsmanager`, this field is omitted.
|
|
516
479
|
# @return [String]
|
|
517
480
|
#
|
|
518
481
|
# @!attribute [rw] rotation_enabled
|
|
519
|
-
# Specifies whether automatic rotation is
|
|
482
|
+
# Specifies whether automatic rotation is turned on for this secret.
|
|
520
483
|
#
|
|
521
|
-
# To
|
|
522
|
-
#
|
|
523
|
-
# disable rotation, use CancelRotateSecret.
|
|
484
|
+
# To turn on rotation, use RotateSecret. To turn off rotation, use
|
|
485
|
+
# CancelRotateSecret.
|
|
524
486
|
# @return [Boolean]
|
|
525
487
|
#
|
|
526
488
|
# @!attribute [rw] rotation_lambda_arn
|
|
527
|
-
# The ARN of
|
|
528
|
-
# rotate the secret
|
|
529
|
-
# by a call to `RotateSecret`.
|
|
489
|
+
# The ARN of the Lambda function that Secrets Manager invokes to
|
|
490
|
+
# rotate the secret.
|
|
530
491
|
# @return [String]
|
|
531
492
|
#
|
|
532
493
|
# @!attribute [rw] rotation_rules
|
|
533
|
-
#
|
|
534
|
-
#
|
|
494
|
+
# The rotation schedule and Lambda function for this secret. If the
|
|
495
|
+
# secret previously had rotation turned on, but it is now turned off,
|
|
496
|
+
# this field shows the previous rotation schedule and rotation
|
|
497
|
+
# function. If the secret never had rotation turned on, this field is
|
|
498
|
+
# omitted.
|
|
535
499
|
# @return [Types::RotationRulesType]
|
|
536
500
|
#
|
|
537
501
|
# @!attribute [rw] last_rotated_date
|
|
538
|
-
# The last date and time that
|
|
539
|
-
#
|
|
540
|
-
#
|
|
541
|
-
# The most recent date and time that the Secrets Manager rotation
|
|
542
|
-
# process successfully completed. If the secret doesn't rotate,
|
|
543
|
-
# Secrets Manager returns a null value.
|
|
502
|
+
# The last date and time that Secrets Manager rotated the secret. If
|
|
503
|
+
# the secret isn't configured for rotation, Secrets Manager returns
|
|
504
|
+
# null.
|
|
544
505
|
# @return [Time]
|
|
545
506
|
#
|
|
546
507
|
# @!attribute [rw] last_changed_date
|
|
@@ -548,55 +509,80 @@ module Aws::SecretsManager
|
|
|
548
509
|
# @return [Time]
|
|
549
510
|
#
|
|
550
511
|
# @!attribute [rw] last_accessed_date
|
|
551
|
-
# The last date that
|
|
552
|
-
#
|
|
553
|
-
#
|
|
512
|
+
# The last date that the secret value was retrieved. This value does
|
|
513
|
+
# not include the time. This field is omitted if the secret has never
|
|
514
|
+
# been retrieved.
|
|
554
515
|
# @return [Time]
|
|
555
516
|
#
|
|
556
517
|
# @!attribute [rw] deleted_date
|
|
557
|
-
#
|
|
558
|
-
#
|
|
559
|
-
# secret
|
|
518
|
+
# The date the secret is scheduled for deletion. If it is not
|
|
519
|
+
# scheduled for deletion, this field is omitted. When you delete a
|
|
520
|
+
# secret, Secrets Manager requires a recovery window of at least 7
|
|
521
|
+
# days before deleting the secret. Some time after the deleted date,
|
|
522
|
+
# Secrets Manager deletes the secret, including all of its versions.
|
|
560
523
|
#
|
|
561
524
|
# If a secret is scheduled for deletion, then its details, including
|
|
562
|
-
# the encrypted secret
|
|
563
|
-
#
|
|
525
|
+
# the encrypted secret value, is not accessible. To cancel a scheduled
|
|
526
|
+
# deletion and restore access to the secret, use RestoreSecret.
|
|
564
527
|
# @return [Time]
|
|
565
528
|
#
|
|
566
529
|
# @!attribute [rw] tags
|
|
567
|
-
# The list of
|
|
568
|
-
#
|
|
569
|
-
# UntagResource.
|
|
530
|
+
# The list of tags attached to the secret. To add tags to a secret,
|
|
531
|
+
# use TagResource. To remove tags, use UntagResource.
|
|
570
532
|
# @return [Array<Types::Tag>]
|
|
571
533
|
#
|
|
572
534
|
# @!attribute [rw] version_ids_to_stages
|
|
573
|
-
# A list of
|
|
574
|
-
#
|
|
575
|
-
#
|
|
576
|
-
# process.
|
|
535
|
+
# A list of the versions of the secret that have staging labels
|
|
536
|
+
# attached. Versions that don't have staging labels are considered
|
|
537
|
+
# deprecated and Secrets Manager can delete them.
|
|
577
538
|
#
|
|
578
|
-
#
|
|
579
|
-
#
|
|
580
|
-
#
|
|
539
|
+
# Secrets Manager uses staging labels to indicate the status of a
|
|
540
|
+
# secret version during rotation. The three staging labels for
|
|
541
|
+
# rotation are:
|
|
581
542
|
#
|
|
582
|
-
#
|
|
543
|
+
# * `AWSCURRENT`, which indicates the current version of the secret.
|
|
544
|
+
#
|
|
545
|
+
# * `AWSPENDING`, which indicates the version of the secret that
|
|
546
|
+
# contains new secret information that will become the next current
|
|
547
|
+
# version when rotation finishes.
|
|
548
|
+
#
|
|
549
|
+
# During rotation, Secrets Manager creates an `AWSPENDING` version
|
|
550
|
+
# ID before creating the new secret version. To check if a secret
|
|
551
|
+
# version exists, call GetSecretValue.
|
|
552
|
+
#
|
|
553
|
+
# * `AWSPREVIOUS`, which indicates the previous current version of the
|
|
554
|
+
# secret. You can use this as the *last known good* version.
|
|
555
|
+
#
|
|
556
|
+
# For more information about rotation and staging labels, see [How
|
|
557
|
+
# rotation works][1].
|
|
558
|
+
#
|
|
559
|
+
#
|
|
560
|
+
#
|
|
561
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
|
|
583
562
|
# @return [Hash<String,Array<String>>]
|
|
584
563
|
#
|
|
585
564
|
# @!attribute [rw] owning_service
|
|
586
|
-
#
|
|
565
|
+
# The name of the service that created this secret.
|
|
587
566
|
# @return [String]
|
|
588
567
|
#
|
|
589
568
|
# @!attribute [rw] created_date
|
|
590
|
-
# The date
|
|
569
|
+
# The date the secret was created.
|
|
591
570
|
# @return [Time]
|
|
592
571
|
#
|
|
593
572
|
# @!attribute [rw] primary_region
|
|
594
|
-
#
|
|
573
|
+
# The Region the secret is in. If a secret is replicated to other
|
|
574
|
+
# Regions, the replicas are listed in `ReplicationStatus`.
|
|
595
575
|
# @return [String]
|
|
596
576
|
#
|
|
597
577
|
# @!attribute [rw] replication_status
|
|
598
|
-
#
|
|
599
|
-
#
|
|
578
|
+
# A list of the replicas of this secret and their status:
|
|
579
|
+
#
|
|
580
|
+
# * `Failed`, which indicates that the replica was not created.
|
|
581
|
+
#
|
|
582
|
+
# * `InProgress`, which indicates that Secrets Manager is in the
|
|
583
|
+
# process of creating the replica.
|
|
584
|
+
#
|
|
585
|
+
# * `InSync`, which indicates that the replica was created.
|
|
600
586
|
# @return [Array<Types::ReplicationStatusType>]
|
|
601
587
|
#
|
|
602
588
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretResponse AWS API Documentation
|
|
@@ -624,13 +610,13 @@ module Aws::SecretsManager
|
|
|
624
610
|
end
|
|
625
611
|
|
|
626
612
|
# Secrets Manager can't encrypt the protected secret text using the
|
|
627
|
-
# provided KMS key. Check that the
|
|
628
|
-
#
|
|
629
|
-
#
|
|
613
|
+
# provided KMS key. Check that the KMS key is available, enabled, and
|
|
614
|
+
# not in an invalid state. For more information, see [Key state: Effect
|
|
615
|
+
# on your KMS key][1].
|
|
630
616
|
#
|
|
631
617
|
#
|
|
632
618
|
#
|
|
633
|
-
# [1]:
|
|
619
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
|
634
620
|
#
|
|
635
621
|
# @!attribute [rw] message
|
|
636
622
|
# @return [String]
|
|
@@ -644,7 +630,12 @@ module Aws::SecretsManager
|
|
|
644
630
|
end
|
|
645
631
|
|
|
646
632
|
# Allows you to add filters when you use the search function in Secrets
|
|
647
|
-
# Manager.
|
|
633
|
+
# Manager. For more information, see [Find secrets in Secrets
|
|
634
|
+
# Manager][1].
|
|
635
|
+
#
|
|
636
|
+
#
|
|
637
|
+
#
|
|
638
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html
|
|
648
639
|
#
|
|
649
640
|
# @note When making an API call, you may pass Filter
|
|
650
641
|
# data as a hash:
|
|
@@ -655,11 +646,24 @@ module Aws::SecretsManager
|
|
|
655
646
|
# }
|
|
656
647
|
#
|
|
657
648
|
# @!attribute [rw] key
|
|
658
|
-
#
|
|
649
|
+
# The following are keys you can use:
|
|
650
|
+
#
|
|
651
|
+
# * **description**\: Prefix match, not case-sensitive.
|
|
652
|
+
#
|
|
653
|
+
# * **name**\: Prefix match, case-sensitive.
|
|
654
|
+
#
|
|
655
|
+
# * **tag-key**\: Prefix match, case-sensitive.
|
|
656
|
+
#
|
|
657
|
+
# * **tag-value**\: Prefix match, case-sensitive.
|
|
658
|
+
#
|
|
659
|
+
# * **primary-region**\: Prefix match, case-sensitive.
|
|
660
|
+
#
|
|
661
|
+
# * **all**\: Breaks the filter value string into words and then
|
|
662
|
+
# searches all attributes for matches. Not case-sensitive.
|
|
659
663
|
# @return [String]
|
|
660
664
|
#
|
|
661
665
|
# @!attribute [rw] values
|
|
662
|
-
#
|
|
666
|
+
# The keyword to filter for.
|
|
663
667
|
#
|
|
664
668
|
# You can prefix your search value with an exclamation mark (`!`) in
|
|
665
669
|
# order to perform negation filters.
|
|
@@ -689,58 +693,47 @@ module Aws::SecretsManager
|
|
|
689
693
|
# }
|
|
690
694
|
#
|
|
691
695
|
# @!attribute [rw] password_length
|
|
692
|
-
# The
|
|
693
|
-
#
|
|
696
|
+
# The length of the password. If you don't include this parameter,
|
|
697
|
+
# the default length is 32 characters.
|
|
694
698
|
# @return [Integer]
|
|
695
699
|
#
|
|
696
700
|
# @!attribute [rw] exclude_characters
|
|
697
|
-
# A string
|
|
698
|
-
# generated password. The default is that all characters from the
|
|
699
|
-
# included sets can be used.
|
|
701
|
+
# A string of the characters that you don't want in the password.
|
|
700
702
|
# @return [String]
|
|
701
703
|
#
|
|
702
704
|
# @!attribute [rw] exclude_numbers
|
|
703
|
-
# Specifies
|
|
704
|
-
#
|
|
705
|
-
# can be included.
|
|
705
|
+
# Specifies whether to exclude numbers from the password. If you
|
|
706
|
+
# don't include this switch, the password can contain numbers.
|
|
706
707
|
# @return [Boolean]
|
|
707
708
|
#
|
|
708
709
|
# @!attribute [rw] exclude_punctuation
|
|
709
|
-
# Specifies
|
|
710
|
-
#
|
|
711
|
-
#
|
|
712
|
-
#
|
|
713
|
-
# The following are the punctuation characters that *can* be included
|
|
714
|
-
# in the generated password if you don't explicitly exclude them with
|
|
715
|
-
# `ExcludeCharacters` or `ExcludePunctuation`\:
|
|
716
|
-
#
|
|
717
|
-
# `` ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` \{ | \} ~
|
|
718
|
-
# ``
|
|
710
|
+
# Specifies whether to exclude the following punctuation characters
|
|
711
|
+
# from the password: `` ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [
|
|
712
|
+
# \ ] ^ _ ` \{ | \} ~ ``. If you don't include this switch, the
|
|
713
|
+
# password can contain punctuation.
|
|
719
714
|
# @return [Boolean]
|
|
720
715
|
#
|
|
721
716
|
# @!attribute [rw] exclude_uppercase
|
|
722
|
-
# Specifies
|
|
723
|
-
#
|
|
724
|
-
#
|
|
717
|
+
# Specifies whether to exclude uppercase letters from the password. If
|
|
718
|
+
# you don't include this switch, the password can contain uppercase
|
|
719
|
+
# letters.
|
|
725
720
|
# @return [Boolean]
|
|
726
721
|
#
|
|
727
722
|
# @!attribute [rw] exclude_lowercase
|
|
728
|
-
# Specifies
|
|
729
|
-
#
|
|
730
|
-
#
|
|
723
|
+
# Specifies whether to exclude lowercase letters from the password. If
|
|
724
|
+
# you don't include this switch, the password can contain lowercase
|
|
725
|
+
# letters.
|
|
731
726
|
# @return [Boolean]
|
|
732
727
|
#
|
|
733
728
|
# @!attribute [rw] include_space
|
|
734
|
-
# Specifies
|
|
735
|
-
#
|
|
736
|
-
# is that the space character is not included.
|
|
729
|
+
# Specifies whether to include the space character. If you include
|
|
730
|
+
# this switch, the password can contain space characters.
|
|
737
731
|
# @return [Boolean]
|
|
738
732
|
#
|
|
739
733
|
# @!attribute [rw] require_each_included_type
|
|
740
|
-
#
|
|
741
|
-
#
|
|
742
|
-
#
|
|
743
|
-
# character type.
|
|
734
|
+
# Specifies whether to include at least one upper and lowercase
|
|
735
|
+
# letter, one number, and one punctuation. If you don't include this
|
|
736
|
+
# switch, the password contains at least one of every character type.
|
|
744
737
|
# @return [Boolean]
|
|
745
738
|
#
|
|
746
739
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPasswordRequest AWS API Documentation
|
|
@@ -759,7 +752,7 @@ module Aws::SecretsManager
|
|
|
759
752
|
end
|
|
760
753
|
|
|
761
754
|
# @!attribute [rw] random_password
|
|
762
|
-
# A string with the
|
|
755
|
+
# A string with the password.
|
|
763
756
|
# @return [String]
|
|
764
757
|
#
|
|
765
758
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPasswordResponse AWS API Documentation
|
|
@@ -778,9 +771,8 @@ module Aws::SecretsManager
|
|
|
778
771
|
# }
|
|
779
772
|
#
|
|
780
773
|
# @!attribute [rw] secret_id
|
|
781
|
-
#
|
|
782
|
-
# resource-based policy for.
|
|
783
|
-
# Resource Name (ARN) or the friendly name of the secret.
|
|
774
|
+
# The ARN or name of the secret to retrieve the attached
|
|
775
|
+
# resource-based policy for.
|
|
784
776
|
#
|
|
785
777
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
786
778
|
# a partial ARN.
|
|
@@ -800,23 +792,19 @@ module Aws::SecretsManager
|
|
|
800
792
|
# @return [String]
|
|
801
793
|
#
|
|
802
794
|
# @!attribute [rw] name
|
|
803
|
-
# The
|
|
804
|
-
#
|
|
795
|
+
# The name of the secret that the resource-based policy was retrieved
|
|
796
|
+
# for.
|
|
805
797
|
# @return [String]
|
|
806
798
|
#
|
|
807
799
|
# @!attribute [rw] resource_policy
|
|
808
|
-
# A JSON-formatted string that
|
|
809
|
-
#
|
|
810
|
-
#
|
|
811
|
-
#
|
|
812
|
-
# can access the secret and what actions they can perform. For more
|
|
813
|
-
# information, see [Authentication and Access Control for Amazon Web
|
|
814
|
-
# Services Secrets Manager][1] in the *Amazon Web Services Secrets
|
|
815
|
-
# Manager User Guide*.
|
|
800
|
+
# A JSON-formatted string that contains the permissions policy
|
|
801
|
+
# attached to the secret. For more information about permissions
|
|
802
|
+
# policies, see [Authentication and access control for Secrets
|
|
803
|
+
# Manager][1].
|
|
816
804
|
#
|
|
817
805
|
#
|
|
818
806
|
#
|
|
819
|
-
# [1]:
|
|
807
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
|
|
820
808
|
# @return [String]
|
|
821
809
|
#
|
|
822
810
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicyResponse AWS API Documentation
|
|
@@ -839,21 +827,18 @@ module Aws::SecretsManager
|
|
|
839
827
|
# }
|
|
840
828
|
#
|
|
841
829
|
# @!attribute [rw] secret_id
|
|
842
|
-
#
|
|
843
|
-
# retrieve. You can specify either the Amazon Resource Name (ARN) or
|
|
844
|
-
# the friendly name of the secret.
|
|
830
|
+
# The ARN or name of the secret to retrieve.
|
|
845
831
|
#
|
|
846
832
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
847
833
|
# a partial ARN.
|
|
848
834
|
# @return [String]
|
|
849
835
|
#
|
|
850
836
|
# @!attribute [rw] version_id
|
|
851
|
-
#
|
|
852
|
-
# you
|
|
853
|
-
#
|
|
854
|
-
#
|
|
855
|
-
#
|
|
856
|
-
# version with the `VersionStage` value of `AWSCURRENT`.
|
|
837
|
+
# The unique identifier of the version of the secret to retrieve. If
|
|
838
|
+
# you include both this parameter and `VersionStage`, the two
|
|
839
|
+
# parameters must refer to the same secret version. If you don't
|
|
840
|
+
# specify either a `VersionStage` or `VersionId`, then Secrets Manager
|
|
841
|
+
# returns the `AWSCURRENT` version.
|
|
857
842
|
#
|
|
858
843
|
# This value is typically a [UUID-type][1] value with 32 hexadecimal
|
|
859
844
|
# digits.
|
|
@@ -864,15 +849,13 @@ module Aws::SecretsManager
|
|
|
864
849
|
# @return [String]
|
|
865
850
|
#
|
|
866
851
|
# @!attribute [rw] version_stage
|
|
867
|
-
#
|
|
868
|
-
# staging label attached to the version.
|
|
852
|
+
# The staging label of the version of the secret to retrieve.
|
|
869
853
|
#
|
|
870
|
-
#
|
|
871
|
-
# the rotation process. If you
|
|
872
|
-
# `VersionId`, the two parameters must refer to the same
|
|
873
|
-
# version
|
|
874
|
-
# `VersionId`,
|
|
875
|
-
# version with the `VersionStage` value of `AWSCURRENT`.
|
|
854
|
+
# Secrets Manager uses staging labels to keep track of different
|
|
855
|
+
# versions during the rotation process. If you include both this
|
|
856
|
+
# parameter and `VersionId`, the two parameters must refer to the same
|
|
857
|
+
# secret version. If you don't specify either a `VersionStage` or
|
|
858
|
+
# `VersionId`, Secrets Manager returns the `AWSCURRENT` version.
|
|
876
859
|
# @return [String]
|
|
877
860
|
#
|
|
878
861
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValueRequest AWS API Documentation
|
|
@@ -898,17 +881,15 @@ module Aws::SecretsManager
|
|
|
898
881
|
# @return [String]
|
|
899
882
|
#
|
|
900
883
|
# @!attribute [rw] secret_binary
|
|
901
|
-
# The decrypted
|
|
902
|
-
#
|
|
903
|
-
#
|
|
904
|
-
#
|
|
884
|
+
# The decrypted secret value, if the secret value was originally
|
|
885
|
+
# provided as binary data in the form of a byte array. The response
|
|
886
|
+
# parameter represents the binary data as a [base64-encoded][1]
|
|
887
|
+
# string.
|
|
905
888
|
#
|
|
906
|
-
#
|
|
907
|
-
#
|
|
908
|
-
#
|
|
909
|
-
#
|
|
910
|
-
# you must code your Lambda rotation function to parse and interpret
|
|
911
|
-
# whatever you store in the `SecretString` or `SecretBinary` fields.
|
|
889
|
+
# If the secret was created by using the Secrets Manager console, or
|
|
890
|
+
# if the secret value was originally provided as a string, then this
|
|
891
|
+
# field is omitted. The secret value appears in `SecretString`
|
|
892
|
+
# instead.
|
|
912
893
|
#
|
|
913
894
|
#
|
|
914
895
|
#
|
|
@@ -916,19 +897,12 @@ module Aws::SecretsManager
|
|
|
916
897
|
# @return [String]
|
|
917
898
|
#
|
|
918
899
|
# @!attribute [rw] secret_string
|
|
919
|
-
# The decrypted
|
|
920
|
-
#
|
|
921
|
-
#
|
|
922
|
-
# If you create this secret by using the Secrets Manager console then
|
|
923
|
-
# only the `SecretString` parameter contains data. Secrets Manager
|
|
924
|
-
# stores the information as a JSON structure of key/value pairs that
|
|
925
|
-
# the Lambda rotation function knows how to parse.
|
|
900
|
+
# The decrypted secret value, if the secret value was originally
|
|
901
|
+
# provided as a string or through the Secrets Manager console.
|
|
926
902
|
#
|
|
927
|
-
# If
|
|
928
|
-
#
|
|
929
|
-
#
|
|
930
|
-
# type** in the console, then you must code your Lambda rotation
|
|
931
|
-
# function to parse and interpret those values.
|
|
903
|
+
# If this secret was created by using the console, then Secrets
|
|
904
|
+
# Manager stores the information as a JSON structure of key/value
|
|
905
|
+
# pairs.
|
|
932
906
|
# @return [String]
|
|
933
907
|
#
|
|
934
908
|
# @!attribute [rw] version_stages
|
|
@@ -937,7 +911,9 @@ module Aws::SecretsManager
|
|
|
937
911
|
# @return [Array<String>]
|
|
938
912
|
#
|
|
939
913
|
# @!attribute [rw] created_date
|
|
940
|
-
# The date and time that this version of the secret was created.
|
|
914
|
+
# The date and time that this version of the secret was created. If
|
|
915
|
+
# you don't specify which version in `VersionId` or `VersionStage`,
|
|
916
|
+
# then Secrets Manager uses the `AWSCURRENT` version.
|
|
941
917
|
# @return [Time]
|
|
942
918
|
#
|
|
943
919
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValueResponse AWS API Documentation
|
|
@@ -967,7 +943,7 @@ module Aws::SecretsManager
|
|
|
967
943
|
include Aws::Structure
|
|
968
944
|
end
|
|
969
945
|
|
|
970
|
-
#
|
|
946
|
+
# The `NextToken` value is invalid.
|
|
971
947
|
#
|
|
972
948
|
# @!attribute [rw] message
|
|
973
949
|
# @return [String]
|
|
@@ -980,7 +956,7 @@ module Aws::SecretsManager
|
|
|
980
956
|
include Aws::Structure
|
|
981
957
|
end
|
|
982
958
|
|
|
983
|
-
#
|
|
959
|
+
# The parameter name is invalid value.
|
|
984
960
|
#
|
|
985
961
|
# @!attribute [rw] message
|
|
986
962
|
# @return [String]
|
|
@@ -993,13 +969,11 @@ module Aws::SecretsManager
|
|
|
993
969
|
include Aws::Structure
|
|
994
970
|
end
|
|
995
971
|
|
|
996
|
-
#
|
|
997
|
-
# of the resource.
|
|
972
|
+
# A parameter value is not valid for the current state of the resource.
|
|
998
973
|
#
|
|
999
974
|
# Possible causes:
|
|
1000
975
|
#
|
|
1001
|
-
# *
|
|
1002
|
-
# marked deleted.
|
|
976
|
+
# * The secret is scheduled for deletion.
|
|
1003
977
|
#
|
|
1004
978
|
# * You tried to enable rotation on a secret that doesn't already have
|
|
1005
979
|
# a Lambda function ARN configured and you didn't include such an ARN
|
|
@@ -1017,7 +991,7 @@ module Aws::SecretsManager
|
|
|
1017
991
|
end
|
|
1018
992
|
|
|
1019
993
|
# The request failed because it would exceed one of the Secrets Manager
|
|
1020
|
-
#
|
|
994
|
+
# quotas.
|
|
1021
995
|
#
|
|
1022
996
|
# @!attribute [rw] message
|
|
1023
997
|
# @return [String]
|
|
@@ -1041,40 +1015,31 @@ module Aws::SecretsManager
|
|
|
1041
1015
|
# }
|
|
1042
1016
|
#
|
|
1043
1017
|
# @!attribute [rw] secret_id
|
|
1044
|
-
# The
|
|
1045
|
-
# list. You can specify either the Amazon Resource Name (ARN) or the
|
|
1046
|
-
# friendly name of the secret.
|
|
1018
|
+
# The ARN or name of the secret whose versions you want to list.
|
|
1047
1019
|
#
|
|
1048
1020
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
1049
1021
|
# a partial ARN.
|
|
1050
1022
|
# @return [String]
|
|
1051
1023
|
#
|
|
1052
1024
|
# @!attribute [rw] max_results
|
|
1053
|
-
#
|
|
1054
|
-
#
|
|
1055
|
-
#
|
|
1056
|
-
#
|
|
1057
|
-
#
|
|
1058
|
-
# `NextToken` request parameter in the next call to the operation to
|
|
1059
|
-
# get the next part of the results. Note that Secrets Manager might
|
|
1060
|
-
# return fewer results than the maximum even when there are more
|
|
1061
|
-
# results available. You should check `NextToken` after every
|
|
1062
|
-
# operation to ensure that you receive all of the results.
|
|
1025
|
+
# The number of results to include in the response.
|
|
1026
|
+
#
|
|
1027
|
+
# If there are more results available, in the response, Secrets
|
|
1028
|
+
# Manager includes `NextToken`. To get the next results, call
|
|
1029
|
+
# `ListSecretVersionIds` again with the value from `NextToken`.
|
|
1063
1030
|
# @return [Integer]
|
|
1064
1031
|
#
|
|
1065
1032
|
# @!attribute [rw] next_token
|
|
1066
|
-
#
|
|
1067
|
-
#
|
|
1068
|
-
#
|
|
1069
|
-
# previous call `NextToken` response to indicate where the output
|
|
1070
|
-
# should continue from.
|
|
1033
|
+
# A token that indicates where the output should continue from, if a
|
|
1034
|
+
# previous call did not show all results. To get the next results,
|
|
1035
|
+
# call `ListSecretVersionIds` again with this value.
|
|
1071
1036
|
# @return [String]
|
|
1072
1037
|
#
|
|
1073
1038
|
# @!attribute [rw] include_deprecated
|
|
1074
|
-
#
|
|
1075
|
-
#
|
|
1039
|
+
# Specifies whether to include versions of secrets that don't have
|
|
1040
|
+
# any staging labels attached to them. Versions without staging labels
|
|
1076
1041
|
# are considered deprecated and are subject to deletion by Secrets
|
|
1077
|
-
# Manager
|
|
1042
|
+
# Manager.
|
|
1078
1043
|
# @return [Boolean]
|
|
1079
1044
|
#
|
|
1080
1045
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIdsRequest AWS API Documentation
|
|
@@ -1089,37 +1054,23 @@ module Aws::SecretsManager
|
|
|
1089
1054
|
end
|
|
1090
1055
|
|
|
1091
1056
|
# @!attribute [rw] versions
|
|
1092
|
-
#
|
|
1093
|
-
# secret.
|
|
1057
|
+
# A list of the versions of the secret.
|
|
1094
1058
|
# @return [Array<Types::SecretVersionsListEntry>]
|
|
1095
1059
|
#
|
|
1096
1060
|
# @!attribute [rw] next_token
|
|
1097
|
-
#
|
|
1098
|
-
#
|
|
1061
|
+
# Secrets Manager includes this value if there's more output
|
|
1062
|
+
# available than what is included in the current response. This can
|
|
1099
1063
|
# occur even when the response includes no values at all, such as when
|
|
1100
|
-
# you ask for a filtered view of a
|
|
1101
|
-
#
|
|
1102
|
-
# operation to continue processing and get the next part of the
|
|
1103
|
-
# output. You should repeat this until the `NextToken` response
|
|
1104
|
-
# element comes back empty (as `null`).
|
|
1064
|
+
# you ask for a filtered view of a long list. To get the next results,
|
|
1065
|
+
# call `ListSecretVersionIds` again with this value.
|
|
1105
1066
|
# @return [String]
|
|
1106
1067
|
#
|
|
1107
1068
|
# @!attribute [rw] arn
|
|
1108
|
-
# The
|
|
1109
|
-
#
|
|
1110
|
-
# <note markdown="1"> Secrets Manager automatically adds several random characters to the
|
|
1111
|
-
# name at the end of the ARN when you initially create a secret. This
|
|
1112
|
-
# affects only the ARN and not the actual friendly name. This ensures
|
|
1113
|
-
# that if you create a new secret with the same name as an old secret
|
|
1114
|
-
# that you previously deleted, then users with access to the old
|
|
1115
|
-
# secret *don't* automatically get access to the new secret because
|
|
1116
|
-
# the ARNs are different.
|
|
1117
|
-
#
|
|
1118
|
-
# </note>
|
|
1069
|
+
# The ARN of the secret.
|
|
1119
1070
|
# @return [String]
|
|
1120
1071
|
#
|
|
1121
1072
|
# @!attribute [rw] name
|
|
1122
|
-
# The
|
|
1073
|
+
# The name of the secret.
|
|
1123
1074
|
# @return [String]
|
|
1124
1075
|
#
|
|
1125
1076
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIdsResponse AWS API Documentation
|
|
@@ -1149,28 +1100,21 @@ module Aws::SecretsManager
|
|
|
1149
1100
|
# }
|
|
1150
1101
|
#
|
|
1151
1102
|
# @!attribute [rw] max_results
|
|
1152
|
-
#
|
|
1153
|
-
#
|
|
1154
|
-
#
|
|
1155
|
-
#
|
|
1156
|
-
#
|
|
1157
|
-
# `NextToken` request parameter in the next call to the operation to
|
|
1158
|
-
# get the next part of the results. Note that Secrets Manager might
|
|
1159
|
-
# return fewer results than the maximum even when there are more
|
|
1160
|
-
# results available. You should check `NextToken` after every
|
|
1161
|
-
# operation to ensure that you receive all of the results.
|
|
1103
|
+
# The number of results to include in the response.
|
|
1104
|
+
#
|
|
1105
|
+
# If there are more results available, in the response, Secrets
|
|
1106
|
+
# Manager includes `NextToken`. To get the next results, call
|
|
1107
|
+
# `ListSecrets` again with the value from `NextToken`.
|
|
1162
1108
|
# @return [Integer]
|
|
1163
1109
|
#
|
|
1164
1110
|
# @!attribute [rw] next_token
|
|
1165
|
-
#
|
|
1166
|
-
#
|
|
1167
|
-
#
|
|
1168
|
-
# previous call `NextToken` response to indicate where the output
|
|
1169
|
-
# should continue from.
|
|
1111
|
+
# A token that indicates where the output should continue from, if a
|
|
1112
|
+
# previous call did not show all results. To get the next results,
|
|
1113
|
+
# call `ListSecrets` again with this value.
|
|
1170
1114
|
# @return [String]
|
|
1171
1115
|
#
|
|
1172
1116
|
# @!attribute [rw] filters
|
|
1173
|
-
#
|
|
1117
|
+
# The filters to apply to the list of secrets.
|
|
1174
1118
|
# @return [Array<Types::Filter>]
|
|
1175
1119
|
#
|
|
1176
1120
|
# @!attribute [rw] sort_order
|
|
@@ -1193,14 +1137,11 @@ module Aws::SecretsManager
|
|
|
1193
1137
|
# @return [Array<Types::SecretListEntry>]
|
|
1194
1138
|
#
|
|
1195
1139
|
# @!attribute [rw] next_token
|
|
1196
|
-
#
|
|
1197
|
-
#
|
|
1140
|
+
# Secrets Manager includes this value if there's more output
|
|
1141
|
+
# available than what is included in the current response. This can
|
|
1198
1142
|
# occur even when the response includes no values at all, such as when
|
|
1199
|
-
# you ask for a filtered view of a
|
|
1200
|
-
#
|
|
1201
|
-
# operation to continue processing and get the next part of the
|
|
1202
|
-
# output. You should repeat this until the `NextToken` response
|
|
1203
|
-
# element comes back empty (as `null`).
|
|
1143
|
+
# you ask for a filtered view of a long list. To get the next results,
|
|
1144
|
+
# call `ListSecrets` again with this value.
|
|
1204
1145
|
# @return [String]
|
|
1205
1146
|
#
|
|
1206
1147
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretsResponse AWS API Documentation
|
|
@@ -1212,7 +1153,7 @@ module Aws::SecretsManager
|
|
|
1212
1153
|
include Aws::Structure
|
|
1213
1154
|
end
|
|
1214
1155
|
|
|
1215
|
-
#
|
|
1156
|
+
# The resource policy has syntax errors.
|
|
1216
1157
|
#
|
|
1217
1158
|
# @!attribute [rw] message
|
|
1218
1159
|
# @return [String]
|
|
@@ -1239,8 +1180,8 @@ module Aws::SecretsManager
|
|
|
1239
1180
|
include Aws::Structure
|
|
1240
1181
|
end
|
|
1241
1182
|
|
|
1242
|
-
# The BlockPublicPolicy parameter is set to true and the resource
|
|
1243
|
-
# did not prevent broad access to the secret.
|
|
1183
|
+
# The `BlockPublicPolicy` parameter is set to true, and the resource
|
|
1184
|
+
# policy did not prevent broad access to the secret.
|
|
1244
1185
|
#
|
|
1245
1186
|
# @!attribute [rw] message
|
|
1246
1187
|
# @return [String]
|
|
@@ -1263,31 +1204,26 @@ module Aws::SecretsManager
|
|
|
1263
1204
|
# }
|
|
1264
1205
|
#
|
|
1265
1206
|
# @!attribute [rw] secret_id
|
|
1266
|
-
#
|
|
1267
|
-
# policy. You can specify either the ARN or the friendly name of the
|
|
1268
|
-
# secret.
|
|
1207
|
+
# The ARN or name of the secret to attach the resource-based policy.
|
|
1269
1208
|
#
|
|
1270
1209
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
1271
1210
|
# a partial ARN.
|
|
1272
1211
|
# @return [String]
|
|
1273
1212
|
#
|
|
1274
1213
|
# @!attribute [rw] resource_policy
|
|
1275
|
-
# A JSON-formatted string
|
|
1276
|
-
#
|
|
1277
|
-
# in the string identifies who can access or manage this secret and
|
|
1278
|
-
# its versions. For information on how to format a JSON parameter for
|
|
1279
|
-
# the various command line tool environments, see [Using JSON for
|
|
1280
|
-
# Parameters][1] in the *CLI User Guide*.
|
|
1214
|
+
# A JSON-formatted string for an Amazon Web Services resource-based
|
|
1215
|
+
# policy. For example policies, see [Permissions policy examples][1].
|
|
1281
1216
|
#
|
|
1282
1217
|
#
|
|
1283
1218
|
#
|
|
1284
|
-
# [1]:
|
|
1219
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html
|
|
1285
1220
|
# @return [String]
|
|
1286
1221
|
#
|
|
1287
1222
|
# @!attribute [rw] block_public_policy
|
|
1288
|
-
#
|
|
1289
|
-
#
|
|
1290
|
-
#
|
|
1223
|
+
# Specifies whether to block resource-based policies that allow broad
|
|
1224
|
+
# access to the secret. By default, Secrets Manager blocks policies
|
|
1225
|
+
# that allow broad access, for example those that use a wildcard for
|
|
1226
|
+
# the principal.
|
|
1291
1227
|
# @return [Boolean]
|
|
1292
1228
|
#
|
|
1293
1229
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyRequest AWS API Documentation
|
|
@@ -1301,12 +1237,11 @@ module Aws::SecretsManager
|
|
|
1301
1237
|
end
|
|
1302
1238
|
|
|
1303
1239
|
# @!attribute [rw] arn
|
|
1304
|
-
# The ARN of the secret
|
|
1240
|
+
# The ARN of the secret.
|
|
1305
1241
|
# @return [String]
|
|
1306
1242
|
#
|
|
1307
1243
|
# @!attribute [rw] name
|
|
1308
|
-
# The
|
|
1309
|
-
# policy.
|
|
1244
|
+
# The name of the secret.
|
|
1310
1245
|
# @return [String]
|
|
1311
1246
|
#
|
|
1312
1247
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyResponse AWS API Documentation
|
|
@@ -1330,31 +1265,30 @@ module Aws::SecretsManager
|
|
|
1330
1265
|
# }
|
|
1331
1266
|
#
|
|
1332
1267
|
# @!attribute [rw] secret_id
|
|
1333
|
-
#
|
|
1334
|
-
# specify either the Amazon Resource Name (ARN) or the friendly name
|
|
1335
|
-
# of the secret. The secret must already exist.
|
|
1268
|
+
# The ARN or name of the secret to add a new version to.
|
|
1336
1269
|
#
|
|
1337
1270
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
1338
1271
|
# a partial ARN.
|
|
1272
|
+
#
|
|
1273
|
+
# If the secret doesn't already exist, use `CreateSecret` instead.
|
|
1339
1274
|
# @return [String]
|
|
1340
1275
|
#
|
|
1341
1276
|
# @!attribute [rw] client_request_token
|
|
1342
|
-
#
|
|
1343
|
-
# secret.
|
|
1277
|
+
# A unique identifier for the new version of the secret.
|
|
1344
1278
|
#
|
|
1345
1279
|
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
|
1346
|
-
# Services
|
|
1347
|
-
# parameter empty
|
|
1348
|
-
#
|
|
1349
|
-
#
|
|
1350
|
-
#
|
|
1351
|
-
#
|
|
1280
|
+
# Services SDKs to call this operation, then you can leave this
|
|
1281
|
+
# parameter empty because they generate a random UUID for you. If you
|
|
1282
|
+
# don't use the SDK and instead generate a raw HTTP request to the
|
|
1283
|
+
# Secrets Manager service endpoint, then you must generate a
|
|
1284
|
+
# `ClientRequestToken` yourself for new versions and include that
|
|
1285
|
+
# value in the request.
|
|
1352
1286
|
#
|
|
1353
1287
|
# </note>
|
|
1354
1288
|
#
|
|
1355
1289
|
# This value helps ensure idempotency. Secrets Manager uses this value
|
|
1356
1290
|
# to prevent the accidental creation of duplicate versions if there
|
|
1357
|
-
# are failures and retries during the Lambda rotation function
|
|
1291
|
+
# are failures and retries during the Lambda rotation function
|
|
1358
1292
|
# processing. We recommend that you generate a [UUID-type][1] value to
|
|
1359
1293
|
# ensure uniqueness within the specified secret.
|
|
1360
1294
|
#
|
|
@@ -1363,14 +1297,14 @@ module Aws::SecretsManager
|
|
|
1363
1297
|
#
|
|
1364
1298
|
# * If a version with this value already exists and that version's
|
|
1365
1299
|
# `SecretString` or `SecretBinary` values are the same as those in
|
|
1366
|
-
# the request then the request is ignored
|
|
1367
|
-
# idempotent
|
|
1300
|
+
# the request then the request is ignored. The operation is
|
|
1301
|
+
# idempotent.
|
|
1368
1302
|
#
|
|
1369
1303
|
# * If a version with this value already exists and the version of the
|
|
1370
1304
|
# `SecretString` and `SecretBinary` values are different from those
|
|
1371
|
-
# in the request then the request fails because you
|
|
1372
|
-
#
|
|
1373
|
-
#
|
|
1305
|
+
# in the request, then the request fails because you can't modify a
|
|
1306
|
+
# secret version. You can only create new versions to store new
|
|
1307
|
+
# secret values.
|
|
1374
1308
|
#
|
|
1375
1309
|
# This value becomes the `VersionId` of the new version.
|
|
1376
1310
|
#
|
|
@@ -1383,55 +1317,39 @@ module Aws::SecretsManager
|
|
|
1383
1317
|
# @return [String]
|
|
1384
1318
|
#
|
|
1385
1319
|
# @!attribute [rw] secret_binary
|
|
1386
|
-
#
|
|
1387
|
-
#
|
|
1388
|
-
#
|
|
1389
|
-
#
|
|
1390
|
-
#
|
|
1391
|
-
#
|
|
1392
|
-
# empty.
|
|
1320
|
+
# The binary data to encrypt and store in the new version of the
|
|
1321
|
+
# secret. To use this parameter in the command-line tools, we
|
|
1322
|
+
# recommend that you store your binary data in a file and then pass
|
|
1323
|
+
# the contents of the file as a parameter.
|
|
1324
|
+
#
|
|
1325
|
+
# You must include `SecretBinary` or `SecretString`, but not both.
|
|
1393
1326
|
#
|
|
1394
|
-
#
|
|
1395
|
-
# Manager console.
|
|
1327
|
+
# You can't access this value from the Secrets Manager console.
|
|
1396
1328
|
# @return [String]
|
|
1397
1329
|
#
|
|
1398
1330
|
# @!attribute [rw] secret_string
|
|
1399
|
-
#
|
|
1400
|
-
# this new version of the secret. Either `SecretString` or
|
|
1401
|
-
# `SecretBinary` must have a value, but not both. They cannot both be
|
|
1402
|
-
# empty.
|
|
1403
|
-
#
|
|
1404
|
-
# If you create this secret by using the Secrets Manager console then
|
|
1405
|
-
# Secrets Manager puts the protected secret text in only the
|
|
1406
|
-
# `SecretString` parameter. The Secrets Manager console stores the
|
|
1407
|
-
# information as a JSON structure of key/value pairs that the default
|
|
1408
|
-
# Lambda rotation function knows how to parse.
|
|
1331
|
+
# The text to encrypt and store in the new version of the secret.
|
|
1409
1332
|
#
|
|
1410
|
-
#
|
|
1411
|
-
# string argument and specify key/value pairs. For more information,
|
|
1412
|
-
# see [Specifying parameter values for the Amazon Web Services CLI][1]
|
|
1413
|
-
# in the Amazon Web Services CLI User Guide.
|
|
1333
|
+
# You must include `SecretBinary` or `SecretString`, but not both.
|
|
1414
1334
|
#
|
|
1415
|
-
#
|
|
1416
|
-
#
|
|
1417
|
-
# [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html
|
|
1335
|
+
# We recommend you create the secret string as JSON key/value pairs,
|
|
1336
|
+
# as shown in the example.
|
|
1418
1337
|
# @return [String]
|
|
1419
1338
|
#
|
|
1420
1339
|
# @!attribute [rw] version_stages
|
|
1421
|
-
#
|
|
1422
|
-
#
|
|
1423
|
-
#
|
|
1424
|
-
#
|
|
1425
|
-
#
|
|
1426
|
-
#
|
|
1427
|
-
#
|
|
1428
|
-
#
|
|
1429
|
-
#
|
|
1430
|
-
# version.
|
|
1431
|
-
#
|
|
1432
|
-
# If you
|
|
1433
|
-
#
|
|
1434
|
-
# new version.
|
|
1340
|
+
# A list of staging labels to attach to this version of the secret.
|
|
1341
|
+
# Secrets Manager uses staging labels to track versions of a secret
|
|
1342
|
+
# through the rotation process.
|
|
1343
|
+
#
|
|
1344
|
+
# If you specify a staging label that's already associated with a
|
|
1345
|
+
# different version of the same secret, then Secrets Manager removes
|
|
1346
|
+
# the label from the other version and attaches it to this version. If
|
|
1347
|
+
# you specify `AWSCURRENT`, and it is already attached to another
|
|
1348
|
+
# version, then Secrets Manager also moves the staging label
|
|
1349
|
+
# `AWSPREVIOUS` to the version that `AWSCURRENT` was removed from.
|
|
1350
|
+
#
|
|
1351
|
+
# If you don't include `VersionStages`, then Secrets Manager
|
|
1352
|
+
# automatically moves the staging label `AWSCURRENT` to this version.
|
|
1435
1353
|
# @return [Array<String>]
|
|
1436
1354
|
#
|
|
1437
1355
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueRequest AWS API Documentation
|
|
@@ -1447,24 +1365,21 @@ module Aws::SecretsManager
|
|
|
1447
1365
|
end
|
|
1448
1366
|
|
|
1449
1367
|
# @!attribute [rw] arn
|
|
1450
|
-
# The
|
|
1451
|
-
# created a version.
|
|
1368
|
+
# The ARN of the secret.
|
|
1452
1369
|
# @return [String]
|
|
1453
1370
|
#
|
|
1454
1371
|
# @!attribute [rw] name
|
|
1455
|
-
# The
|
|
1456
|
-
# updated a version.
|
|
1372
|
+
# The name of the secret.
|
|
1457
1373
|
# @return [String]
|
|
1458
1374
|
#
|
|
1459
1375
|
# @!attribute [rw] version_id
|
|
1460
|
-
# The unique identifier of the version of the secret
|
|
1461
|
-
# or updated.
|
|
1376
|
+
# The unique identifier of the version of the secret.
|
|
1462
1377
|
# @return [String]
|
|
1463
1378
|
#
|
|
1464
1379
|
# @!attribute [rw] version_stages
|
|
1465
1380
|
# The list of staging labels that are currently attached to this
|
|
1466
|
-
# version of the secret.
|
|
1467
|
-
# it progresses through the secret rotation process.
|
|
1381
|
+
# version of the secret. Secrets Manager uses staging labels to track
|
|
1382
|
+
# a version as it progresses through the secret rotation process.
|
|
1468
1383
|
# @return [Array<String>]
|
|
1469
1384
|
#
|
|
1470
1385
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueResponse AWS API Documentation
|
|
@@ -1487,11 +1402,11 @@ module Aws::SecretsManager
|
|
|
1487
1402
|
# }
|
|
1488
1403
|
#
|
|
1489
1404
|
# @!attribute [rw] secret_id
|
|
1490
|
-
#
|
|
1405
|
+
# The ARN or name of the secret.
|
|
1491
1406
|
# @return [String]
|
|
1492
1407
|
#
|
|
1493
1408
|
# @!attribute [rw] remove_replica_regions
|
|
1494
|
-
#
|
|
1409
|
+
# The Regions of the replicas to remove.
|
|
1495
1410
|
# @return [Array<String>]
|
|
1496
1411
|
#
|
|
1497
1412
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplicationRequest AWS API Documentation
|
|
@@ -1504,12 +1419,11 @@ module Aws::SecretsManager
|
|
|
1504
1419
|
end
|
|
1505
1420
|
|
|
1506
1421
|
# @!attribute [rw] arn
|
|
1507
|
-
# The
|
|
1422
|
+
# The ARN of the primary secret.
|
|
1508
1423
|
# @return [String]
|
|
1509
1424
|
#
|
|
1510
1425
|
# @!attribute [rw] replication_status
|
|
1511
|
-
#
|
|
1512
|
-
# from the replication list.
|
|
1426
|
+
# The status of replicas for this secret after you remove Regions.
|
|
1513
1427
|
# @return [Array<Types::ReplicationStatusType>]
|
|
1514
1428
|
#
|
|
1515
1429
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplicationResponse AWS API Documentation
|
|
@@ -1521,8 +1435,8 @@ module Aws::SecretsManager
|
|
|
1521
1435
|
include Aws::Structure
|
|
1522
1436
|
end
|
|
1523
1437
|
|
|
1524
|
-
#
|
|
1525
|
-
#
|
|
1438
|
+
# A custom type that specifies a `Region` and the `KmsKeyId` for a
|
|
1439
|
+
# replica secret.
|
|
1526
1440
|
#
|
|
1527
1441
|
# @note When making an API call, you may pass ReplicaRegionType
|
|
1528
1442
|
# data as a hash:
|
|
@@ -1533,11 +1447,18 @@ module Aws::SecretsManager
|
|
|
1533
1447
|
# }
|
|
1534
1448
|
#
|
|
1535
1449
|
# @!attribute [rw] region
|
|
1536
|
-
#
|
|
1450
|
+
# A Region code. For a list of Region codes, see [Name and code of
|
|
1451
|
+
# Regions][1].
|
|
1452
|
+
#
|
|
1453
|
+
#
|
|
1454
|
+
#
|
|
1455
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints
|
|
1537
1456
|
# @return [String]
|
|
1538
1457
|
#
|
|
1539
1458
|
# @!attribute [rw] kms_key_id
|
|
1540
|
-
#
|
|
1459
|
+
# The ARN, key ID, or alias of the KMS key to encrypt the secret. If
|
|
1460
|
+
# you don't include this field, Secrets Manager uses
|
|
1461
|
+
# `aws/secretsmanager`.
|
|
1541
1462
|
# @return [String]
|
|
1542
1463
|
#
|
|
1543
1464
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicaRegionType AWS API Documentation
|
|
@@ -1564,16 +1485,16 @@ module Aws::SecretsManager
|
|
|
1564
1485
|
# }
|
|
1565
1486
|
#
|
|
1566
1487
|
# @!attribute [rw] secret_id
|
|
1567
|
-
#
|
|
1488
|
+
# The ARN or name of the secret to replicate.
|
|
1568
1489
|
# @return [String]
|
|
1569
1490
|
#
|
|
1570
1491
|
# @!attribute [rw] add_replica_regions
|
|
1571
|
-
#
|
|
1492
|
+
# A list of Regions in which to replicate the secret.
|
|
1572
1493
|
# @return [Array<Types::ReplicaRegionType>]
|
|
1573
1494
|
#
|
|
1574
1495
|
# @!attribute [rw] force_overwrite_replica_secret
|
|
1575
|
-
#
|
|
1576
|
-
#
|
|
1496
|
+
# Specifies whether to overwrite a secret with the same name in the
|
|
1497
|
+
# destination Region.
|
|
1577
1498
|
# @return [Boolean]
|
|
1578
1499
|
#
|
|
1579
1500
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegionsRequest AWS API Documentation
|
|
@@ -1587,14 +1508,11 @@ module Aws::SecretsManager
|
|
|
1587
1508
|
end
|
|
1588
1509
|
|
|
1589
1510
|
# @!attribute [rw] arn
|
|
1590
|
-
#
|
|
1591
|
-
# of a Region(required) and a KMSKeyId (optional) which can be the
|
|
1592
|
-
# ARN, KeyID, or Alias.
|
|
1511
|
+
# The ARN of the primary secret.
|
|
1593
1512
|
# @return [String]
|
|
1594
1513
|
#
|
|
1595
1514
|
# @!attribute [rw] replication_status
|
|
1596
|
-
#
|
|
1597
|
-
# `FAIL`.
|
|
1515
|
+
# The status of replication.
|
|
1598
1516
|
# @return [Array<Types::ReplicationStatusType>]
|
|
1599
1517
|
#
|
|
1600
1518
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegionsResponse AWS API Documentation
|
|
@@ -1655,7 +1573,7 @@ module Aws::SecretsManager
|
|
|
1655
1573
|
include Aws::Structure
|
|
1656
1574
|
end
|
|
1657
1575
|
|
|
1658
|
-
#
|
|
1576
|
+
# Secrets Manager can't find the resource that you asked for.
|
|
1659
1577
|
#
|
|
1660
1578
|
# @!attribute [rw] message
|
|
1661
1579
|
# @return [String]
|
|
@@ -1676,9 +1594,7 @@ module Aws::SecretsManager
|
|
|
1676
1594
|
# }
|
|
1677
1595
|
#
|
|
1678
1596
|
# @!attribute [rw] secret_id
|
|
1679
|
-
#
|
|
1680
|
-
# scheduled deletion. You can specify either the Amazon Resource Name
|
|
1681
|
-
# (ARN) or the friendly name of the secret.
|
|
1597
|
+
# The ARN or name of the secret to restore.
|
|
1682
1598
|
#
|
|
1683
1599
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
1684
1600
|
# a partial ARN.
|
|
@@ -1697,7 +1613,7 @@ module Aws::SecretsManager
|
|
|
1697
1613
|
# @return [String]
|
|
1698
1614
|
#
|
|
1699
1615
|
# @!attribute [rw] name
|
|
1700
|
-
# The
|
|
1616
|
+
# The name of the secret that was restored.
|
|
1701
1617
|
# @return [String]
|
|
1702
1618
|
#
|
|
1703
1619
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecretResponse AWS API Documentation
|
|
@@ -1722,16 +1638,18 @@ module Aws::SecretsManager
|
|
|
1722
1638
|
# }
|
|
1723
1639
|
#
|
|
1724
1640
|
# @!attribute [rw] secret_id
|
|
1725
|
-
#
|
|
1726
|
-
# the Amazon Resource Name (ARN) or the friendly name of the secret.
|
|
1641
|
+
# The ARN or name of the secret to rotate.
|
|
1727
1642
|
#
|
|
1728
1643
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
1729
1644
|
# a partial ARN.
|
|
1730
1645
|
# @return [String]
|
|
1731
1646
|
#
|
|
1732
1647
|
# @!attribute [rw] client_request_token
|
|
1733
|
-
#
|
|
1734
|
-
#
|
|
1648
|
+
# A unique identifier for the new version of the secret that helps
|
|
1649
|
+
# ensure idempotency. Secrets Manager uses this value to prevent the
|
|
1650
|
+
# accidental creation of duplicate versions if there are failures and
|
|
1651
|
+
# retries during rotation. This value becomes the `VersionId` of the
|
|
1652
|
+
# new version.
|
|
1735
1653
|
#
|
|
1736
1654
|
# If you use the Amazon Web Services CLI or one of the Amazon Web
|
|
1737
1655
|
# Services SDK to call this operation, then you can leave this
|
|
@@ -1742,15 +1660,11 @@ module Aws::SecretsManager
|
|
|
1742
1660
|
# `ClientRequestToken` yourself for new versions and include that
|
|
1743
1661
|
# value in the request.
|
|
1744
1662
|
#
|
|
1745
|
-
# You only need to specify
|
|
1746
|
-
#
|
|
1747
|
-
# twice. We recommend that you generate a
|
|
1748
|
-
# ensure uniqueness within the specified
|
|
1749
|
-
#
|
|
1750
|
-
# Secrets Manager uses this value to prevent the accidental creation
|
|
1751
|
-
# of duplicate versions if there are failures and retries during the
|
|
1752
|
-
# function's processing. This value becomes the `VersionId` of the
|
|
1753
|
-
# new version.
|
|
1663
|
+
# You only need to specify this value if you implement your own retry
|
|
1664
|
+
# logic and you want to ensure that Secrets Manager doesn't attempt
|
|
1665
|
+
# to create a secret version twice. We recommend that you generate a
|
|
1666
|
+
# [UUID-type][1] value to ensure uniqueness within the specified
|
|
1667
|
+
# secret.
|
|
1754
1668
|
#
|
|
1755
1669
|
# **A suitable default value is auto-generated.** You should normally
|
|
1756
1670
|
# not need to pass this option.
|
|
@@ -1761,8 +1675,7 @@ module Aws::SecretsManager
|
|
|
1761
1675
|
# @return [String]
|
|
1762
1676
|
#
|
|
1763
1677
|
# @!attribute [rw] rotation_lambda_arn
|
|
1764
|
-
#
|
|
1765
|
-
# the secret.
|
|
1678
|
+
# The ARN of the Lambda rotation function that can rotate the secret.
|
|
1766
1679
|
# @return [String]
|
|
1767
1680
|
#
|
|
1768
1681
|
# @!attribute [rw] rotation_rules
|
|
@@ -1785,12 +1698,11 @@ module Aws::SecretsManager
|
|
|
1785
1698
|
# @return [String]
|
|
1786
1699
|
#
|
|
1787
1700
|
# @!attribute [rw] name
|
|
1788
|
-
# The
|
|
1701
|
+
# The name of the secret.
|
|
1789
1702
|
# @return [String]
|
|
1790
1703
|
#
|
|
1791
1704
|
# @!attribute [rw] version_id
|
|
1792
|
-
# The ID of the new version of the secret
|
|
1793
|
-
# started by this request.
|
|
1705
|
+
# The ID of the new version of the secret.
|
|
1794
1706
|
# @return [String]
|
|
1795
1707
|
#
|
|
1796
1708
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretResponse AWS API Documentation
|
|
@@ -1839,14 +1751,6 @@ module Aws::SecretsManager
|
|
|
1839
1751
|
#
|
|
1840
1752
|
# @!attribute [rw] arn
|
|
1841
1753
|
# The Amazon Resource Name (ARN) of the secret.
|
|
1842
|
-
#
|
|
1843
|
-
# For more information about ARNs in Secrets Manager, see [Policy
|
|
1844
|
-
# Resources][1] in the *Amazon Web Services Secrets Manager User
|
|
1845
|
-
# Guide*.
|
|
1846
|
-
#
|
|
1847
|
-
#
|
|
1848
|
-
#
|
|
1849
|
-
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources
|
|
1850
1754
|
# @return [String]
|
|
1851
1755
|
#
|
|
1852
1756
|
# @!attribute [rw] name
|
|
@@ -1861,12 +1765,9 @@ module Aws::SecretsManager
|
|
|
1861
1765
|
# @return [String]
|
|
1862
1766
|
#
|
|
1863
1767
|
# @!attribute [rw] kms_key_id
|
|
1864
|
-
# The ARN
|
|
1865
|
-
#
|
|
1866
|
-
#
|
|
1867
|
-
# Secrets Manager defaults to encrypting the secret fields with the
|
|
1868
|
-
# default KMS CMK, the key named `awssecretsmanager`, for this
|
|
1869
|
-
# account.
|
|
1768
|
+
# The ARN of the KMS key that Secrets Manager uses to encrypt the
|
|
1769
|
+
# secret value. If the secret is encrypted with the Amazon Web
|
|
1770
|
+
# Services managed key `aws/secretsmanager`, this field is omitted.
|
|
1870
1771
|
# @return [String]
|
|
1871
1772
|
#
|
|
1872
1773
|
# @!attribute [rw] rotation_enabled
|
|
@@ -2006,8 +1907,7 @@ module Aws::SecretsManager
|
|
|
2006
1907
|
# }
|
|
2007
1908
|
#
|
|
2008
1909
|
# @!attribute [rw] secret_id
|
|
2009
|
-
#
|
|
2010
|
-
# `SecretId`.
|
|
1910
|
+
# The ARN of the primary secret.
|
|
2011
1911
|
# @return [String]
|
|
2012
1912
|
#
|
|
2013
1913
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplicaRequest AWS API Documentation
|
|
@@ -2019,8 +1919,8 @@ module Aws::SecretsManager
|
|
|
2019
1919
|
end
|
|
2020
1920
|
|
|
2021
1921
|
# @!attribute [rw] arn
|
|
2022
|
-
#
|
|
2023
|
-
#
|
|
1922
|
+
# The ARN of the promoted secret. The ARN is the same as the original
|
|
1923
|
+
# primary secret except the Region is changed.
|
|
2024
1924
|
# @return [String]
|
|
2025
1925
|
#
|
|
2026
1926
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplicaResponse AWS API Documentation
|
|
@@ -2072,19 +1972,17 @@ module Aws::SecretsManager
|
|
|
2072
1972
|
# }
|
|
2073
1973
|
#
|
|
2074
1974
|
# @!attribute [rw] secret_id
|
|
2075
|
-
# The identifier for the secret
|
|
2076
|
-
#
|
|
2077
|
-
#
|
|
1975
|
+
# The identifier for the secret to attach tags to. You can specify
|
|
1976
|
+
# either the Amazon Resource Name (ARN) or the friendly name of the
|
|
1977
|
+
# secret.
|
|
2078
1978
|
#
|
|
2079
1979
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
2080
1980
|
# a partial ARN.
|
|
2081
1981
|
# @return [String]
|
|
2082
1982
|
#
|
|
2083
1983
|
# @!attribute [rw] tags
|
|
2084
|
-
# The tags to attach to the secret
|
|
2085
|
-
# of a `Key` and a `Value`.
|
|
2086
|
-
#
|
|
2087
|
-
# This parameter to the API requires a JSON text string argument.
|
|
1984
|
+
# The tags to attach to the secret as a JSON text string argument.
|
|
1985
|
+
# Each element in the list consists of a `Key` and a `Value`.
|
|
2088
1986
|
#
|
|
2089
1987
|
# For storing multiple values, we recommend that you use a JSON text
|
|
2090
1988
|
# string argument and specify key/value pairs. For more information,
|
|
@@ -2114,9 +2012,7 @@ module Aws::SecretsManager
|
|
|
2114
2012
|
# }
|
|
2115
2013
|
#
|
|
2116
2014
|
# @!attribute [rw] secret_id
|
|
2117
|
-
# The
|
|
2118
|
-
# can specify either the Amazon Resource Name (ARN) or the friendly
|
|
2119
|
-
# name of the secret.
|
|
2015
|
+
# The ARN or name of the secret.
|
|
2120
2016
|
#
|
|
2121
2017
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
2122
2018
|
# a partial ARN.
|
|
@@ -2127,7 +2023,7 @@ module Aws::SecretsManager
|
|
|
2127
2023
|
# specify the value. Both the key and its associated value are
|
|
2128
2024
|
# removed.
|
|
2129
2025
|
#
|
|
2130
|
-
# This parameter
|
|
2026
|
+
# This parameter requires a JSON text string argument.
|
|
2131
2027
|
#
|
|
2132
2028
|
# For storing multiple values, we recommend that you use a JSON text
|
|
2133
2029
|
# string argument and specify key/value pairs. For more information,
|
|
@@ -2161,117 +2057,76 @@ module Aws::SecretsManager
|
|
|
2161
2057
|
# }
|
|
2162
2058
|
#
|
|
2163
2059
|
# @!attribute [rw] secret_id
|
|
2164
|
-
#
|
|
2165
|
-
# add a new version. You can specify either the Amazon Resource Name
|
|
2166
|
-
# (ARN) or the friendly name of the secret.
|
|
2060
|
+
# The ARN or name of the secret.
|
|
2167
2061
|
#
|
|
2168
2062
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
2169
2063
|
# a partial ARN.
|
|
2170
2064
|
# @return [String]
|
|
2171
2065
|
#
|
|
2172
2066
|
# @!attribute [rw] client_request_token
|
|
2173
|
-
#
|
|
2174
|
-
#
|
|
2175
|
-
#
|
|
2067
|
+
# If you include `SecretString` or `SecretBinary`, then Secrets
|
|
2068
|
+
# Manager creates a new version for the secret, and this parameter
|
|
2069
|
+
# specifies the unique identifier for the new version.
|
|
2176
2070
|
#
|
|
2177
|
-
# If you use the Amazon Web Services CLI or one of the Amazon Web
|
|
2178
|
-
# Services
|
|
2071
|
+
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
|
2072
|
+
# Services SDKs to call this operation, then you can leave this
|
|
2179
2073
|
# parameter empty. The CLI or SDK generates a random UUID for you and
|
|
2180
|
-
# includes
|
|
2181
|
-
# generate a raw HTTP request to the
|
|
2182
|
-
# then you must generate a
|
|
2183
|
-
#
|
|
2184
|
-
#
|
|
2185
|
-
# You typically only need to interact with this value if you implement
|
|
2186
|
-
# your own retry logic and want to ensure that a given secret is not
|
|
2187
|
-
# created twice. We recommend that you generate a [UUID-type][1] value
|
|
2188
|
-
# to ensure uniqueness within the specified secret.
|
|
2189
|
-
#
|
|
2190
|
-
# Secrets Manager uses this value to prevent the accidental creation
|
|
2191
|
-
# of duplicate versions if there are failures and retries during the
|
|
2192
|
-
# Lambda rotation function's processing.
|
|
2193
|
-
#
|
|
2194
|
-
# * If the `ClientRequestToken` value isn't already associated with a
|
|
2195
|
-
# version of the secret then a new version of the secret is created.
|
|
2196
|
-
#
|
|
2197
|
-
# * If a version with this value already exists and that version's
|
|
2198
|
-
# `SecretString` and `SecretBinary` values are the same as those in
|
|
2199
|
-
# the request then the request is ignored (the operation is
|
|
2200
|
-
# idempotent).
|
|
2074
|
+
# includes it as the value for this parameter in the request. If you
|
|
2075
|
+
# don't use the SDK and instead generate a raw HTTP request to the
|
|
2076
|
+
# Secrets Manager service endpoint, then you must generate a
|
|
2077
|
+
# `ClientRequestToken` yourself for the new version and include the
|
|
2078
|
+
# value in the request.
|
|
2201
2079
|
#
|
|
2202
|
-
#
|
|
2203
|
-
# `SecretString` and `SecretBinary` values are different from the
|
|
2204
|
-
# request then an error occurs because you cannot modify an existing
|
|
2205
|
-
# secret value.
|
|
2080
|
+
# </note>
|
|
2206
2081
|
#
|
|
2207
2082
|
# This value becomes the `VersionId` of the new version.
|
|
2208
2083
|
#
|
|
2209
2084
|
# **A suitable default value is auto-generated.** You should normally
|
|
2210
2085
|
# not need to pass this option.
|
|
2211
|
-
#
|
|
2212
|
-
#
|
|
2213
|
-
#
|
|
2214
|
-
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
|
2215
2086
|
# @return [String]
|
|
2216
2087
|
#
|
|
2217
2088
|
# @!attribute [rw] description
|
|
2218
|
-
#
|
|
2219
|
-
# secret.
|
|
2089
|
+
# The description of the secret.
|
|
2220
2090
|
# @return [String]
|
|
2221
2091
|
#
|
|
2222
2092
|
# @!attribute [rw] kms_key_id
|
|
2223
|
-
#
|
|
2224
|
-
#
|
|
2225
|
-
#
|
|
2226
|
-
#
|
|
2227
|
-
#
|
|
2228
|
-
# staging labels, see [Staging Labels][1] in the *Amazon Web Services
|
|
2229
|
-
# Secrets Manager User Guide*.
|
|
2093
|
+
# The ARN, key ID, or alias of the KMS key that Secrets Manager uses
|
|
2094
|
+
# to encrypt new secret versions as well as any existing versions the
|
|
2095
|
+
# staging labels `AWSCURRENT`, `AWSPENDING`, or `AWSPREVIOUS`. For
|
|
2096
|
+
# more information about versions and staging labels, see [Concepts:
|
|
2097
|
+
# Version][1].
|
|
2230
2098
|
#
|
|
2231
|
-
# You can only use the
|
|
2232
|
-
# if you call this operation using credentials
|
|
2233
|
-
#
|
|
2234
|
-
#
|
|
2235
|
-
#
|
|
2236
|
-
#
|
|
2099
|
+
# You can only use the Amazon Web Services managed key
|
|
2100
|
+
# `aws/secretsmanager` if you call this operation using credentials
|
|
2101
|
+
# from the same Amazon Web Services account that owns the secret. If
|
|
2102
|
+
# the secret is in a different account, then you must use a customer
|
|
2103
|
+
# managed key and provide the ARN of that KMS key in this field. The
|
|
2104
|
+
# user making the call must have permissions to both the secret and
|
|
2105
|
+
# the KMS key in their respective accounts.
|
|
2237
2106
|
#
|
|
2238
2107
|
#
|
|
2239
2108
|
#
|
|
2240
|
-
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
|
2109
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
|
|
2241
2110
|
# @return [String]
|
|
2242
2111
|
#
|
|
2243
2112
|
# @!attribute [rw] secret_binary
|
|
2244
|
-
#
|
|
2245
|
-
#
|
|
2246
|
-
#
|
|
2247
|
-
# in a file and then use the appropriate technique for your tool to
|
|
2248
|
-
# pass the contents of the file as a parameter. Either `SecretBinary`
|
|
2249
|
-
# or `SecretString` must have a value, but not both. They cannot both
|
|
2250
|
-
# be empty.
|
|
2113
|
+
# The binary data to encrypt and store in the new version of the
|
|
2114
|
+
# secret. We recommend that you store your binary data in a file and
|
|
2115
|
+
# then pass the contents of the file as a parameter.
|
|
2251
2116
|
#
|
|
2252
|
-
#
|
|
2117
|
+
# Either `SecretBinary` or `SecretString` must have a value, but not
|
|
2118
|
+
# both.
|
|
2119
|
+
#
|
|
2120
|
+
# You can't access this parameter in the Secrets Manager console.
|
|
2253
2121
|
# @return [String]
|
|
2254
2122
|
#
|
|
2255
2123
|
# @!attribute [rw] secret_string
|
|
2256
|
-
#
|
|
2257
|
-
#
|
|
2258
|
-
#
|
|
2259
|
-
# empty.
|
|
2260
|
-
#
|
|
2261
|
-
# If you create this secret by using the Secrets Manager console then
|
|
2262
|
-
# Secrets Manager puts the protected secret text in only the
|
|
2263
|
-
# `SecretString` parameter. The Secrets Manager console stores the
|
|
2264
|
-
# information as a JSON structure of key/value pairs that the default
|
|
2265
|
-
# Lambda rotation function knows how to parse.
|
|
2266
|
-
#
|
|
2267
|
-
# For storing multiple values, we recommend that you use a JSON text
|
|
2268
|
-
# string argument and specify key/value pairs. For more information,
|
|
2269
|
-
# see [Specifying parameter values for the Amazon Web Services CLI][1]
|
|
2270
|
-
# in the Amazon Web Services CLI User Guide.
|
|
2271
|
-
#
|
|
2124
|
+
# The text data to encrypt and store in the new version of the secret.
|
|
2125
|
+
# We recommend you use a JSON structure of key/value pairs for your
|
|
2126
|
+
# secret value.
|
|
2272
2127
|
#
|
|
2273
|
-
#
|
|
2274
|
-
#
|
|
2128
|
+
# Either `SecretBinary` or `SecretString` must have a value, but not
|
|
2129
|
+
# both.
|
|
2275
2130
|
# @return [String]
|
|
2276
2131
|
#
|
|
2277
2132
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest AWS API Documentation
|
|
@@ -2289,25 +2144,16 @@ module Aws::SecretsManager
|
|
|
2289
2144
|
|
|
2290
2145
|
# @!attribute [rw] arn
|
|
2291
2146
|
# The ARN of the secret that was updated.
|
|
2292
|
-
#
|
|
2293
|
-
# <note markdown="1"> Secrets Manager automatically adds several random characters to the
|
|
2294
|
-
# name at the end of the ARN when you initially create a secret. This
|
|
2295
|
-
# affects only the ARN and not the actual friendly name. This ensures
|
|
2296
|
-
# that if you create a new secret with the same name as an old secret
|
|
2297
|
-
# that you previously deleted, then users with access to the old
|
|
2298
|
-
# secret *don't* automatically get access to the new secret because
|
|
2299
|
-
# the ARNs are different.
|
|
2300
|
-
#
|
|
2301
|
-
# </note>
|
|
2302
2147
|
# @return [String]
|
|
2303
2148
|
#
|
|
2304
2149
|
# @!attribute [rw] name
|
|
2305
|
-
# The
|
|
2150
|
+
# The name of the secret that was updated.
|
|
2306
2151
|
# @return [String]
|
|
2307
2152
|
#
|
|
2308
2153
|
# @!attribute [rw] version_id
|
|
2309
|
-
# If a new version of the secret
|
|
2310
|
-
# `VersionId` contains the unique identifier of the
|
|
2154
|
+
# If Secrets Manager created a new version of the secret during this
|
|
2155
|
+
# operation, then `VersionId` contains the unique identifier of the
|
|
2156
|
+
# new version.
|
|
2311
2157
|
# @return [String]
|
|
2312
2158
|
#
|
|
2313
2159
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretResponse AWS API Documentation
|
|
@@ -2331,9 +2177,8 @@ module Aws::SecretsManager
|
|
|
2331
2177
|
# }
|
|
2332
2178
|
#
|
|
2333
2179
|
# @!attribute [rw] secret_id
|
|
2334
|
-
#
|
|
2335
|
-
#
|
|
2336
|
-
# Resource Name (ARN) or the friendly name of the secret.
|
|
2180
|
+
# The ARN or the name of the secret with the version and staging
|
|
2181
|
+
# labelsto modify.
|
|
2337
2182
|
#
|
|
2338
2183
|
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
2339
2184
|
# a partial ARN.
|
|
@@ -2344,19 +2189,18 @@ module Aws::SecretsManager
|
|
|
2344
2189
|
# @return [String]
|
|
2345
2190
|
#
|
|
2346
2191
|
# @!attribute [rw] remove_from_version_id
|
|
2347
|
-
#
|
|
2348
|
-
#
|
|
2349
|
-
#
|
|
2350
|
-
#
|
|
2351
|
-
#
|
|
2352
|
-
#
|
|
2353
|
-
#
|
|
2192
|
+
# The ID of the version that the staging label is to be removed from.
|
|
2193
|
+
# If the staging label you are trying to attach to one version is
|
|
2194
|
+
# already attached to a different version, then you must include this
|
|
2195
|
+
# parameter and specify the version that the label is to be removed
|
|
2196
|
+
# from. If the label is attached and you either do not specify this
|
|
2197
|
+
# parameter, or the version ID does not match, then the operation
|
|
2198
|
+
# fails.
|
|
2354
2199
|
# @return [String]
|
|
2355
2200
|
#
|
|
2356
2201
|
# @!attribute [rw] move_to_version_id
|
|
2357
|
-
#
|
|
2358
|
-
#
|
|
2359
|
-
# specify this parameter.
|
|
2202
|
+
# The ID of the version to add the staging label to. To remove a label
|
|
2203
|
+
# from a version, then do not specify this parameter.
|
|
2360
2204
|
#
|
|
2361
2205
|
# If the staging label is already attached to a different version of
|
|
2362
2206
|
# the secret, then you must also specify the `RemoveFromVersionId`
|
|
@@ -2375,11 +2219,11 @@ module Aws::SecretsManager
|
|
|
2375
2219
|
end
|
|
2376
2220
|
|
|
2377
2221
|
# @!attribute [rw] arn
|
|
2378
|
-
# The ARN of the secret
|
|
2222
|
+
# The ARN of the secret that was updated.
|
|
2379
2223
|
# @return [String]
|
|
2380
2224
|
#
|
|
2381
2225
|
# @!attribute [rw] name
|
|
2382
|
-
# The
|
|
2226
|
+
# The name of the secret that was updated.
|
|
2383
2227
|
# @return [String]
|
|
2384
2228
|
#
|
|
2385
2229
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageResponse AWS API Documentation
|
|
@@ -2400,25 +2244,18 @@ module Aws::SecretsManager
|
|
|
2400
2244
|
# }
|
|
2401
2245
|
#
|
|
2402
2246
|
# @!attribute [rw] secret_id
|
|
2403
|
-
#
|
|
2404
|
-
# policy you want to validate. You can specify either the Amazon
|
|
2405
|
-
# Resource Name (ARN) or the friendly name of the secret.
|
|
2406
|
-
#
|
|
2407
|
-
# For an ARN, we recommend that you specify a complete ARN rather than
|
|
2408
|
-
# a partial ARN.
|
|
2247
|
+
# This field is reserved for internal use.
|
|
2409
2248
|
# @return [String]
|
|
2410
2249
|
#
|
|
2411
2250
|
# @!attribute [rw] resource_policy
|
|
2412
|
-
# A JSON-formatted string
|
|
2413
|
-
#
|
|
2414
|
-
#
|
|
2415
|
-
#
|
|
2416
|
-
# the various command line tool environments, see [Using JSON for
|
|
2417
|
-
# Parameters][1] in the *CLI User Guide*.publi
|
|
2251
|
+
# A JSON-formatted string that contains an Amazon Web Services
|
|
2252
|
+
# resource-based policy. The policy in the string identifies who can
|
|
2253
|
+
# access or manage this secret and its versions. For example policies,
|
|
2254
|
+
# see [Permissions policy examples][1].
|
|
2418
2255
|
#
|
|
2419
2256
|
#
|
|
2420
2257
|
#
|
|
2421
|
-
# [1]:
|
|
2258
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html
|
|
2422
2259
|
# @return [String]
|
|
2423
2260
|
#
|
|
2424
2261
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicyRequest AWS API Documentation
|
|
@@ -2431,12 +2268,11 @@ module Aws::SecretsManager
|
|
|
2431
2268
|
end
|
|
2432
2269
|
|
|
2433
2270
|
# @!attribute [rw] policy_validation_passed
|
|
2434
|
-
#
|
|
2435
|
-
# validation.
|
|
2271
|
+
# True if your policy passes validation, otherwise false.
|
|
2436
2272
|
# @return [Boolean]
|
|
2437
2273
|
#
|
|
2438
2274
|
# @!attribute [rw] validation_errors
|
|
2439
|
-
#
|
|
2275
|
+
# Validation errors if your policy didn't pass validation.
|
|
2440
2276
|
# @return [Array<Types::ValidationErrorsEntry>]
|
|
2441
2277
|
#
|
|
2442
2278
|
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicyResponse AWS API Documentation
|