aws-sdk-secretsmanager 1.6.0 → 1.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1dca478393211fc8fc1ac2282d25a0c7b54631da
-  data.tar.gz: f2390aba6aa5fc2a9f9b02ed3efba4f978d36368
+  metadata.gz: 622a4b933adcac112482ac40c67c19d5dc880240
+  data.tar.gz: 5e68268c7f5ec33da5bec1b207ed86afcfb0d76f
 SHA512:
-  metadata.gz: 5dfcf8ded0b5613b6ca5ca19e96fe0e0142f2e5a420e7a9a618037edd65bce609ef4045ee3cc5ad85e7a7099469de8648a882d316a47f713827be6a40dc8f786
-  data.tar.gz: 69203ecf50bd1d635d2737c06ce86ef8f5060319fb4221578e1e606bab346e2d883ed7b3794c2325290694ce471f7199e26f6f7934d6a71650e0874c5abb99b8
+  metadata.gz: 317e66b5a68e22e8ee5449f53d82004cabad3adc07db0587e2d1e09885637c37d964ab272f535540ecb31e9b2024d3b96bbe9766e4097a92080c8dffb9e6c1e2
+  data.tar.gz: ea4e38d3663470d49e321e6a6d122bfb6ea1bc914dda18e70b1871ee2d5bc78d7c5903ef97d5695bb34fb2a7ccf5bf1b127a502340558b257025dd1cb371a9ea

data/lib/aws-sdk-secretsmanager.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @service
 module Aws::SecretsManager
 
-  GEM_VERSION = '1.6.0'
+  GEM_VERSION = '1.7.0'
 
 end

data/lib/aws-sdk-secretsmanager/client.rb

@@ -276,27 +276,27 @@ module Aws::SecretsManager
     #
     # <note markdown="1"> * If you call an operation that needs to encrypt or decrypt the
     #   `SecretString` or `SecretBinary` for a secret in the same account as
-    #   the calling user and that secret doesn't specify a KMS encryption
-    #   key, Secrets Manager uses the account's default AWS managed
-    #   customer master key (CMK) with the alias `aws/secretsmanager`. If
-    #   this key doesn't already exist in your account then Secrets Manager
-    #   creates it for you automatically. All users in the same AWS account
-    #   automatically have access to use the default CMK. Note that if an
-    #   Secrets Manager API call results in AWS having to create the
-    #   account's AWS-managed CMK, it can result in a one-time significant
-    #   delay in returning the result.
+    #   the calling user and that secret doesn't specify a AWS KMS
+    #   encryption key, Secrets Manager uses the account's default AWS
+    #   managed customer master key (CMK) with the alias
+    #   `aws/secretsmanager`. If this key doesn't already exist in your
+    #   account then Secrets Manager creates it for you automatically. All
+    #   users in the same AWS account automatically have access to use the
+    #   default CMK. Note that if an Secrets Manager API call results in AWS
+    #   having to create the account's AWS-managed CMK, it can result in a
+    #   one-time significant delay in returning the result.
     #
     # * If the secret is in a different AWS account from the credentials
     #   calling an API that requires encryption or decryption of the secret
-    #   value then you must create and use a custom KMS CMK because you
+    #   value then you must create and use a custom AWS KMS CMK because you
     #   can't access the default CMK for the account using credentials from
     #   a different AWS account. Store the ARN of the CMK in the secret when
     #   you create the secret or when you update it by including it in the
     #   `KMSKeyId`. If you call an API that must encrypt or decrypt
     #   `SecretString` or `SecretBinary` using credentials from a different
-    #   account then the KMS key policy must grant cross-account access to
-    #   that other account's user or role for both the kms:GenerateDataKey
-    #   and kms:Decrypt operations.
+    #   account then the AWS KMS key policy must grant cross-account access
+    #   to that other account's user or role for both the
+    #   kms:GenerateDataKey and kms:Decrypt operations.
     #
     #  </note>
     #
@@ -308,12 +308,12 @@ module Aws::SecretsManager
     #
     # * secretsmanager:CreateSecret
     #
-    # * kms:GenerateDataKey - needed only if you use a customer-created KMS
-    #   key to encrypt the secret. You do not need this permission to use
-    #   the account's default AWS managed CMK for Secrets Manager.
+    # * kms:GenerateDataKey - needed only if you use a customer-managed AWS
+    #   KMS key to encrypt the secret. You do not need this permission to
+    #   use the account's default AWS managed CMK for Secrets Manager.
     #
-    # * kms:Decrypt - needed only if you use a customer-created KMS key to
-    #   encrypt the secret. You do not need this permission to use the
+    # * kms:Decrypt - needed only if you use a customer-managed AWS KMS key
+    #   to encrypt the secret. You do not need this permission to use the
     #   account's default AWS managed CMK for Secrets Manager.
     #
     # **Related operations**
@@ -348,7 +348,7 @@ module Aws::SecretsManager
     #
     #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
     #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes as the value for this parameter in
+    #   random UUID for you and includes it as the value for this parameter in
     #   the request. If you don't use the SDK and instead generate a raw HTTP
     #   request to the Secrets Manager service endpoint, then you must
     #   generate a `ClientRequestToken` yourself for the new version and
@@ -389,15 +389,19 @@ module Aws::SecretsManager
     #   (Optional) Specifies a user-provided description of the secret.
     #
     # @option params [String] :kms_key_id
-    #   (Optional) Specifies the ARN or alias of the AWS KMS customer master
-    #   key (CMK) to be used to encrypt the `SecretString` or `SecretBinary`
-    #   values in the versions stored in this secret.
+    #   (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer
+    #   master key (CMK) to be used to encrypt the `SecretString` or
+    #   `SecretBinary` values in the versions stored in this secret.
+    #
+    #   You can specify any of the supported ways to identify a AWS KMS key
+    #   ID. If you need to reference a CMK in a different account, you can use
+    #   only the key ARN or the alias ARN.
     #
     #   If you don't specify this value, then Secrets Manager defaults to
     #   using the AWS account's default CMK (the one named
-    #   `aws/secretsmanager`). If a KMS CMK with that name doesn't yet exist,
-    #   then Secrets Manager creates it for you automatically the first time
-    #   it needs to encrypt a version's `SecretString` or `SecretBinary`
+    #   `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't yet
+    #   exist, then Secrets Manager creates it for you automatically the first
+    #   time it needs to encrypt a version's `SecretString` or `SecretBinary`
     #   fields.
     #
     #   You can use the account's default CMK to encrypt and decrypt only if
@@ -890,9 +894,9 @@ module Aws::SecretsManager
     #
     # * secretsmanager:GetSecretValue
     #
-    # * kms:Decrypt - required only if you use a customer-created KMS key to
-    #   encrypt the secret. You do not need this permission to use the
-    #   account's default AWS managed CMK for Secrets Manager.
+    # * kms:Decrypt - required only if you use a customer-managed AWS KMS
+    #   key to encrypt the secret. You do not need this permission to use
+    #   the account's default AWS managed CMK for Secrets Manager.
     #
     # **Related operations**
     #
@@ -1287,27 +1291,27 @@ module Aws::SecretsManager
     #
     # <note markdown="1"> * If you call an operation that needs to encrypt or decrypt the
     #   `SecretString` or `SecretBinary` for a secret in the same account as
-    #   the calling user and that secret doesn't specify a KMS encryption
-    #   key, Secrets Manager uses the account's default AWS managed
-    #   customer master key (CMK) with the alias `aws/secretsmanager`. If
-    #   this key doesn't already exist in your account then Secrets Manager
-    #   creates it for you automatically. All users in the same AWS account
-    #   automatically have access to use the default CMK. Note that if an
-    #   Secrets Manager API call results in AWS having to create the
-    #   account's AWS-managed CMK, it can result in a one-time significant
-    #   delay in returning the result.
+    #   the calling user and that secret doesn't specify a AWS KMS
+    #   encryption key, Secrets Manager uses the account's default AWS
+    #   managed customer master key (CMK) with the alias
+    #   `aws/secretsmanager`. If this key doesn't already exist in your
+    #   account then Secrets Manager creates it for you automatically. All
+    #   users in the same AWS account automatically have access to use the
+    #   default CMK. Note that if an Secrets Manager API call results in AWS
+    #   having to create the account's AWS-managed CMK, it can result in a
+    #   one-time significant delay in returning the result.
     #
     # * If the secret is in a different AWS account from the credentials
     #   calling an API that requires encryption or decryption of the secret
-    #   value then you must create and use a custom KMS CMK because you
+    #   value then you must create and use a custom AWS KMS CMK because you
     #   can't access the default CMK for the account using credentials from
     #   a different AWS account. Store the ARN of the CMK in the secret when
     #   you create the secret or when you update it by including it in the
     #   `KMSKeyId`. If you call an API that must encrypt or decrypt
     #   `SecretString` or `SecretBinary` using credentials from a different
-    #   account then the KMS key policy must grant cross-account access to
-    #   that other account's user or role for both the kms:GenerateDataKey
-    #   and kms:Decrypt operations.
+    #   account then the AWS KMS key policy must grant cross-account access
+    #   to that other account's user or role for both the
+    #   kms:GenerateDataKey and kms:Decrypt operations.
     #
     #  </note>
     #
@@ -1317,13 +1321,9 @@ module Aws::SecretsManager
     #
     # * secretsmanager:PutSecretValue
     #
-    # * kms:GenerateDataKey - needed only if you use a customer-created KMS
-    #   key to encrypt the secret. You do not need this permission to use
-    #   the account's AWS managed CMK for Secrets Manager.
-    #
-    # * kms:Encrypt - needed only if you use a customer-created KMS key to
-    #   encrypt the secret. You do not need this permission to use the
-    #   account's AWS managed CMK for Secrets Manager.
+    # * kms:GenerateDataKey - needed only if you use a customer-managed AWS
+    #   KMS key to encrypt the secret. You do not need this permission to
+    #   use the account's default AWS managed CMK for Secrets Manager.
     #
     # **Related operations**
     #
@@ -1910,27 +1910,27 @@ module Aws::SecretsManager
     #
     # <note markdown="1"> * If you call an operation that needs to encrypt or decrypt the
     #   `SecretString` or `SecretBinary` for a secret in the same account as
-    #   the calling user and that secret doesn't specify a KMS encryption
-    #   key, Secrets Manager uses the account's default AWS managed
-    #   customer master key (CMK) with the alias `aws/secretsmanager`. If
-    #   this key doesn't already exist in your account then Secrets Manager
-    #   creates it for you automatically. All users in the same AWS account
-    #   automatically have access to use the default CMK. Note that if an
-    #   Secrets Manager API call results in AWS having to create the
-    #   account's AWS-managed CMK, it can result in a one-time significant
-    #   delay in returning the result.
+    #   the calling user and that secret doesn't specify a AWS KMS
+    #   encryption key, Secrets Manager uses the account's default AWS
+    #   managed customer master key (CMK) with the alias
+    #   `aws/secretsmanager`. If this key doesn't already exist in your
+    #   account then Secrets Manager creates it for you automatically. All
+    #   users in the same AWS account automatically have access to use the
+    #   default CMK. Note that if an Secrets Manager API call results in AWS
+    #   having to create the account's AWS-managed CMK, it can result in a
+    #   one-time significant delay in returning the result.
     #
     # * If the secret is in a different AWS account from the credentials
     #   calling an API that requires encryption or decryption of the secret
-    #   value then you must create and use a custom KMS CMK because you
+    #   value then you must create and use a custom AWS KMS CMK because you
     #   can't access the default CMK for the account using credentials from
     #   a different AWS account. Store the ARN of the CMK in the secret when
     #   you create the secret or when you update it by including it in the
     #   `KMSKeyId`. If you call an API that must encrypt or decrypt
     #   `SecretString` or `SecretBinary` using credentials from a different
-    #   account then the KMS key policy must grant cross-account access to
-    #   that other account's user or role for both the kms:GenerateDataKey
-    #   and kms:Decrypt operations.
+    #   account then the AWS KMS key policy must grant cross-account access
+    #   to that other account's user or role for both the
+    #   kms:GenerateDataKey and kms:Decrypt operations.
     #
     #  </note>
     #
@@ -1940,13 +1940,13 @@ module Aws::SecretsManager
     #
     # * secretsmanager:UpdateSecret
     #
-    # * kms:GenerateDataKey - needed only if you use a custom KMS key to
+    # * kms:GenerateDataKey - needed only if you use a custom AWS KMS key to
     #   encrypt the secret. You do not need this permission to use the
     #   account's AWS managed CMK for Secrets Manager.
     #
-    # * kms:Decrypt - needed only if you use a custom KMS key to encrypt the
-    #   secret. You do not need this permission to use the account's AWS
-    #   managed CMK for Secrets Manager.
+    # * kms:Decrypt - needed only if you use a custom AWS KMS key to encrypt
+    #   the secret. You do not need this permission to use the account's
+    #   AWS managed CMK for Secrets Manager.
     #
     # **Related operations**
     #
@@ -2012,13 +2012,13 @@ module Aws::SecretsManager
     #   (Optional) Specifies a user-provided description of the secret.
     #
     # @option params [String] :kms_key_id
-    #   (Optional) Specifies the ARN or alias of the KMS customer master key
-    #   (CMK) to be used to encrypt the protected text in the versions of this
-    #   secret.
+    #   (Optional) Specifies the ARN or alias of the AWS KMS customer master
+    #   key (CMK) to be used to encrypt the protected text in the versions of
+    #   this secret.
     #
     #   If you don't specify this value, then Secrets Manager defaults to
     #   using the default CMK in the account (the one named
-    #   `aws/secretsmanager`). If a KMS CMK with that name doesn't exist,
+    #   `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't exist,
     #   then Secrets Manager creates it for you automatically the first time
     #   it needs to encrypt a version's `Plaintext` or `PlaintextString`
     #   fields.
@@ -2320,7 +2320,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.6.0'
+      context[:gem_version] = '1.7.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-secretsmanager/types.rb

@@ -86,8 +86,8 @@ module Aws::SecretsManager
     #
     #   <note markdown="1"> If you use the AWS CLI or one of the AWS SDK to call this operation,
     #   then you can leave this parameter empty. The CLI or SDK generates a
-    #   random UUID for you and includes as the value for this parameter in
-    #   the request. If you don't use the SDK and instead generate a raw
+    #   random UUID for you and includes it as the value for this parameter
+    #   in the request. If you don't use the SDK and instead generate a raw
     #   HTTP request to the Secrets Manager service endpoint, then you must
     #   generate a `ClientRequestToken` yourself for the new version and
     #   include that value in the request.
@@ -129,13 +129,17 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   (Optional) Specifies the ARN or alias of the AWS KMS customer master
-    #   key (CMK) to be used to encrypt the `SecretString` or `SecretBinary`
-    #   values in the versions stored in this secret.
+    #   (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS
+    #   customer master key (CMK) to be used to encrypt the `SecretString`
+    #   or `SecretBinary` values in the versions stored in this secret.
+    #
+    #   You can specify any of the supported ways to identify a AWS KMS key
+    #   ID. If you need to reference a CMK in a different account, you can
+    #   use only the key ARN or the alias ARN.
     #
     #   If you don't specify this value, then Secrets Manager defaults to
     #   using the AWS account's default CMK (the one named
-    #   `aws/secretsmanager`). If a KMS CMK with that name doesn't yet
+    #   `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't yet
     #   exist, then Secrets Manager creates it for you automatically the
     #   first time it needs to encrypt a version's `SecretString` or
     #   `SecretBinary` fields.
@@ -376,7 +380,7 @@ module Aws::SecretsManager
     #   used to encrypt the `SecretString` or `SecretBinary` fields in each
     #   version of the secret. If you don't provide a key, then Secrets
     #   Manager defaults to encrypting the secret fields with the default
-    #   KMS CMK (the one named `awssecretsmanager`) for this account.
+    #   AWS KMS CMK (the one named `awssecretsmanager`) for this account.
     #   @return [String]
     #
     # @!attribute [rw] rotation_enabled
@@ -1160,7 +1164,7 @@ module Aws::SecretsManager
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.com/http:/docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources
+    #   [1]: http://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources
     #   @return [String]
     #
     # @!attribute [rw] name
@@ -1462,16 +1466,16 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   (Optional) Specifies the ARN or alias of the KMS customer master key
-    #   (CMK) to be used to encrypt the protected text in the versions of
-    #   this secret.
+    #   (Optional) Specifies the ARN or alias of the AWS KMS customer master
+    #   key (CMK) to be used to encrypt the protected text in the versions
+    #   of this secret.
     #
     #   If you don't specify this value, then Secrets Manager defaults to
     #   using the default CMK in the account (the one named
-    #   `aws/secretsmanager`). If a KMS CMK with that name doesn't exist,
-    #   then Secrets Manager creates it for you automatically the first time
-    #   it needs to encrypt a version's `Plaintext` or `PlaintextString`
-    #   fields.
+    #   `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't
+    #   exist, then Secrets Manager creates it for you automatically the
+    #   first time it needs to encrypt a version's `Plaintext` or
+    #   `PlaintextString` fields.
     #
     #   You can only use the account's default CMK to encrypt and decrypt
     #   if you call this operation using credentials from the same account

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.7.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-24 00:00:00.000000000 Z
+date: 2018-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core