aws-sdk-secretsmanager 1.60.0 → 1.63.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8df4daf2d651916a1c2064939bcf1dc18cc30ef5ceef9fdda071f67f3d365632
-  data.tar.gz: 8913f355a291887628e8f3537e3f700dab0fd90c0cc5430c216d0310e7005421
+  metadata.gz: '044692586d1b8a9beb0da617e052a08ff463f0493a4645e756f7d84ee649d8f2'
+  data.tar.gz: f7c83670c68063d67e0f252cf0c8a7d219ec414d218b52f2a6478326f919cf16
 SHA512:
-  metadata.gz: 8068795275cfe892637f5e9635f01566a237fdca18b9388cd3372609d24fe011e011c8a2e59d4c75b0aac0c08078be335028539d6b363e09d0fd3a079fca116d
-  data.tar.gz: c68a142de2be5b6d86b0205d663a4fb289e94d8e6bef6f0d30a0744a7f0815339637662c4ed482ff29ee151ae6c6ef530f7bf9c998bbd2b51d1443e4286a6de3
+  metadata.gz: ed436c8c5bdc245594ef6be3ef4fcc5b0f7733ad54cd2612337e4354cc642e4db93a72fbc97dc8b844474bb5eff857e1e697dc0b613c3ee3bab600b5f6bcd5b7
+  data.tar.gz: f1e5b5decfe900008c8d45171bd45e1e19408b09b622639190a23645c7cde32d1bab8d125c4694f88d764b09f86665375e8c007e9478e6d5e23d48eda019143f

data/CHANGELOG.md

@@ -1,6 +1,21 @@
 Unreleased Changes
 ------------------
 
+1.63.0 (2022-06-16)
+------------------
+
+* Feature - Documentation updates for Secrets Manager
+
+1.62.0 (2022-05-25)
+------------------
+
+* Feature - Documentation updates for Secrets Manager
+
+1.61.0 (2022-05-11)
+------------------
+
+* Feature - Doc only update for Secrets Manager that fixes several customer-reported issues.
+
 1.60.0 (2022-04-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.60.0
+1.63.0

data/lib/aws-sdk-secretsmanager/client.rb

@@ -364,26 +364,27 @@ module Aws::SecretsManager
     # Turns off automatic rotation, and if a rotation is currently in
     # progress, cancels the rotation.
     #
-    # To turn on automatic rotation again, call RotateSecret.
-    #
-    # <note markdown="1"> If you cancel a rotation in progress, it can leave the `VersionStage`
-    # labels in an unexpected state. Depending on the step of the rotation
-    # in progress, you might need to remove the staging label `AWSPENDING`
-    # from the partially created version, specified by the `VersionId`
-    # response value. We recommend you also evaluate the partially rotated
-    # new version to see if it should be deleted. You can delete a version
-    # by removing all staging labels from it.
+    # If you cancel a rotation in progress, it can leave the `VersionStage`
+    # labels in an unexpected state. You might need to remove the staging
+    # label `AWSPENDING` from the partially created version. You also need
+    # to determine whether to roll back to the previous version of the
+    # secret by moving the staging label `AWSCURRENT` to the version that
+    # has `AWSPENDING`. To determine which version has a specific staging
+    # label, call ListSecretVersionIds. Then use UpdateSecretVersionStage to
+    # change staging labels. For more information, see [How rotation
+    # works][1].
     #
-    #  </note>
+    # To turn on automatic rotation again, call RotateSecret.
     #
     # <b>Required permissions: </b> `secretsmanager:CancelRotateSecret`. For
-    # more information, see [ IAM policy actions for Secrets Manager][1] and
-    # [Authentication and access control in Secrets Manager][2].
+    # more information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
@@ -790,8 +791,20 @@ module Aws::SecretsManager
     # the end of the recovery window. At the end of the recovery window,
     # Secrets Manager deletes the secret permanently.
     #
-    # For information about deleting a secret in the console, see
-    # [https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage\_delete-secret.html][1].
+    # You can't delete a primary secret that is replicated to other
+    # Regions. You must first delete the replicas using
+    # RemoveRegionsFromReplication, and then delete the primary secret. When
+    # you delete a replica, it is deleted immediately.
+    #
+    # You can't directly delete a version of a secret. Instead, you remove
+    # all staging labels from the version using UpdateSecretVersionStage.
+    # This marks the version as deprecated, and then Secrets Manager can
+    # automatically delete the version in the background.
+    #
+    # To determine whether an application still uses a secret, you can
+    # create an Amazon CloudWatch alarm to alert you to any attempts to
+    # access a secret during the recovery window. For more information, see
+    # [ Monitor secrets scheduled for deletion][1].
     #
     # Secrets Manager performs the permanent secret deletion at the end of
     # the waiting period as a background task with low priority. There is no
@@ -801,9 +814,9 @@ module Aws::SecretsManager
     # At any time before recovery window ends, you can use RestoreSecret to
     # remove the `DeletionDate` and cancel the deletion of the secret.
     #
-    # In a secret scheduled for deletion, you cannot access the encrypted
-    # secret value. To access that information, first cancel the deletion
-    # with RestoreSecret and then retrieve the information.
+    # When a secret is scheduled for deletion, you cannot retrieve the
+    # secret value. You must first cancel the deletion with RestoreSecret
+    # and then you can retrieve the secret.
     #
     # <b>Required permissions: </b> `secretsmanager:DeleteSecret`. For more
     # information, see [ IAM policy actions for Secrets Manager][2] and
@@ -811,7 +824,7 @@ module Aws::SecretsManager
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
     # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
@@ -1310,21 +1323,21 @@ module Aws::SecretsManager
       req.send_request(options)
     end
 
-    # Lists the versions for a secret.
+    # Lists the versions of a secret. Secrets Manager uses staging labels to
+    # indicate the different versions of a secret. For more information, see
+    # [ Secrets Manager concepts: Versions][1].
     #
     # To list the secrets in the account, use ListSecrets.
     #
-    # To get the secret value from `SecretString` or `SecretBinary`, call
-    # GetSecretValue.
-    #
     # <b>Required permissions: </b> `secretsmanager:ListSecretVersionIds`.
-    # For more information, see [ IAM policy actions for Secrets Manager][1]
-    # and [Authentication and access control in Secrets Manager][2].
+    # For more information, see [ IAM policy actions for Secrets Manager][2]
+    # and [Authentication and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret whose versions you want to list.
@@ -1435,13 +1448,17 @@ module Aws::SecretsManager
     # Services account, not including secrets that are marked for deletion.
     # To see secrets marked for deletion, use the Secrets Manager console.
     #
+    # ListSecrets is eventually consistent, however it might not reflect
+    # changes from the last five minutes. To get the latest information for
+    # a specific secret, use DescribeSecret.
+    #
     # To list the versions of a secret, use ListSecretVersionIds.
     #
     # To get the secret value from `SecretString` or `SecretBinary`, call
     # GetSecretValue.
     #
-    # For information about finding secrets in the console, see [Enhanced
-    # search capabilities for secrets in Secrets Manager][1].
+    # For information about finding secrets in the console, see [Find
+    # secrets in Secrets Manager][1].
     #
     # <b>Required permissions: </b> `secretsmanager:ListSecrets`. For more
     # information, see [ IAM policy actions for Secrets Manager][2] and
@@ -1601,8 +1618,7 @@ module Aws::SecretsManager
     #
     # @option params [Boolean] :block_public_policy
     #   Specifies whether to block resource-based policies that allow broad
-    #   access to the secret. By default, Secrets Manager blocks policies that
-    #   allow broad access, for example those that use a wildcard for the
+    #   access to the secret, for example those that use a wildcard for the
     #   principal.
     #
     # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -1673,9 +1689,9 @@ module Aws::SecretsManager
     # the staging label `AWSPREVIOUS` to the version that `AWSCURRENT` was
     # removed from.
     #
-    # This operation is idempotent. If a version with a `VersionId` with the
-    # same value as the `ClientRequestToken` parameter already exists, and
-    # you specify the same secret data, the operation succeeds but does
+    # This operation is idempotent. If you call this operation with a
+    # `ClientRequestToken` that matches an existing version's VersionId,
+    # and you specify the same secret data, the operation succeeds but does
     # nothing. However, if the secret data is different, then the operation
     # fails because you can't modify an existing version; you can only
     # create new ones.
@@ -2121,6 +2137,45 @@ module Aws::SecretsManager
     #   * {Types::RotateSecretResponse#name #name} => String
     #   * {Types::RotateSecretResponse#version_id #version_id} => String
     #
+    #
+    # @example Example: To configure rotation for a secret
+    #
+    #   # The following example configures rotation for a secret using a cron expression. The first rotation happens immediately
+    #   # after the changes are stored in the secret. The rotation schedule is the first and 15th day of every month. The rotation
+    #   # window begins at 4:00 PM UTC and ends at 6:00 PM.
+    #
+    #   resp = client.rotate_secret({
+    #     rotation_lambda_arn: "arn:aws:lambda:us-west-2:123456789012:function:MyTestDatabaseRotationLambda", 
+    #     rotation_rules: {
+    #       duration: "2h", 
+    #       schedule_expression: "cron(0 16 1,15 * ? *)", 
+    #     }, 
+    #     secret_id: "MyTestDatabaseSecret", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", 
+    #     name: "MyTestDatabaseSecret", 
+    #     version_id: "EXAMPLE2-90ab-cdef-fedc-ba987SECRET2", 
+    #   }
+    #
+    # @example Example: To request an immediate rotation for a secret
+    #
+    #   # The following example requests an immediate invocation of the secret's Lambda rotation function. It assumes that the
+    #   # specified secret already has rotation configured. The rotation function runs asynchronously in the background.
+    #
+    #   resp = client.rotate_secret({
+    #     secret_id: "MyTestDatabaseSecret", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     arn: "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", 
+    #     name: "MyTestDatabaseSecret", 
+    #     version_id: "EXAMPLE2-90ab-cdef-fedc-ba987SECRET2", 
+    #   }
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.rotate_secret({
@@ -2395,8 +2450,8 @@ module Aws::SecretsManager
     # version, Secrets Manager automatically attaches the staging label
     # `AWSCURRENT` to the new version.
     #
-    # If you call this operation with a `VersionId` that matches an existing
-    # version's `ClientRequestToken`, the operation results in an error.
+    # If you call this operation with a `ClientRequestToken` that matches an
+    # existing version's `VersionId`, the operation results in an error.
     # You can't modify an existing version, you can only create a new
     # version. To remove a version, remove all staging labels from it. See
     # UpdateSecretVersionStage.
@@ -2824,7 +2879,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.60.0'
+      context[:gem_version] = '1.63.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-secretsmanager/types.rb

@@ -1253,9 +1253,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] block_public_policy
     #   Specifies whether to block resource-based policies that allow broad
-    #   access to the secret. By default, Secrets Manager blocks policies
-    #   that allow broad access, for example those that use a wildcard for
-    #   the principal.
+    #   access to the secret, for example those that use a wildcard for the
+    #   principal.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyRequest AWS API Documentation

data/lib/aws-sdk-secretsmanager.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @!group service
 module Aws::SecretsManager
 
-  GEM_VERSION = '1.60.0'
+  GEM_VERSION = '1.63.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.60.0
+  version: 1.63.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-21 00:00:00.000000000 Z
+date: 2022-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core