aws-sdk-secretsmanager 1.64.0 → 1.66.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a081e16da4489126c551e2f8b647342e8a42cada9e289f64ee9a9e88eae9032a
4
- data.tar.gz: b461a4efae7078ad18f7f8cd30496f4cf449abc51957580ed0fa8343a940fa78
3
+ metadata.gz: be8a3646b585f20357ca5d121853825dacce1a927eccf8ebdf58100b5c016842
4
+ data.tar.gz: 5df2cb07d6789b0894c5fffed9126f6aa0fa7c5208439c0216c001d61f0382ce
5
5
  SHA512:
6
- metadata.gz: 51364fb8c866fc4bedf75aec4cae8632b50b19a860ebda15c303aa9e7ad7cd885d6c189bc96d862869e9fe7f4fe59129b931b42461e04cf2599f37615120e994
7
- data.tar.gz: 0bc6ca321ef12243b7d90fab0533f8d9f2c397a1c5a5ebed839436afccd21da066b27772a6861a73664e2b9a6d01b07df949f472659c63a43a7e230cee853eee
6
+ metadata.gz: e2beaeabaa877247d38ee3a11b5dc1cfebc4484da9ffd2f23867a83070d049c10910baec7ea1162d7fe7ac817c8d5e6208083015b2ed8c3a7e3f8d9ad269332f
7
+ data.tar.gz: 4ac3f03d379ecfe591c9edc4685f95862de4e44b49f8c315f85c9e20c07c28e76046c5ceeb48eb5b56b332202205db06dbf6afca5d2219e9fa6b969be8c58235
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.66.0 (2022-09-29)
5
+ ------------------
6
+
7
+ * Feature - Documentation updates for Secrets Manager
8
+
9
+ 1.65.0 (2022-08-17)
10
+ ------------------
11
+
12
+ * Feature - Documentation updates for Secrets Manager.
13
+
4
14
  1.64.0 (2022-06-16)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.64.0
1
+ 1.66.0
@@ -376,15 +376,21 @@ module Aws::SecretsManager
376
376
  #
377
377
  # To turn on automatic rotation again, call RotateSecret.
378
378
  #
379
+ # Secrets Manager generates a CloudTrail log entry when you call this
380
+ # action. Do not include sensitive information in request parameters
381
+ # because it might be logged. For more information, see [Logging Secrets
382
+ # Manager events with CloudTrail][2].
383
+ #
379
384
  # <b>Required permissions: </b> `secretsmanager:CancelRotateSecret`. For
380
- # more information, see [ IAM policy actions for Secrets Manager][2] and
381
- # [Authentication and access control in Secrets Manager][3].
385
+ # more information, see [ IAM policy actions for Secrets Manager][3] and
386
+ # [Authentication and access control in Secrets Manager][4].
382
387
  #
383
388
  #
384
389
  #
385
390
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
386
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
387
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
391
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
392
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
393
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
388
394
  #
389
395
  # @option params [required, String] :secret_id
390
396
  # The ARN or name of the secret.
@@ -475,11 +481,17 @@ module Aws::SecretsManager
475
481
  # to encrypt the secret, and you must create and use a customer managed
476
482
  # KMS key.
477
483
  #
484
+ # Secrets Manager generates a CloudTrail log entry when you call this
485
+ # action. Do not include sensitive information in request parameters
486
+ # except `SecretBinary` or `SecretString` because it might be logged.
487
+ # For more information, see [Logging Secrets Manager events with
488
+ # CloudTrail][3].
489
+ #
478
490
  # <b>Required permissions: </b> `secretsmanager:CreateSecret`. If you
479
491
  # include tags in the secret, you also need
480
492
  # `secretsmanager:TagResource`. For more information, see [ IAM policy
481
- # actions for Secrets Manager][3] and [Authentication and access control
482
- # in Secrets Manager][4].
493
+ # actions for Secrets Manager][4] and [Authentication and access control
494
+ # in Secrets Manager][5].
483
495
  #
484
496
  # To encrypt the secret with a KMS key other than `aws/secretsmanager`,
485
497
  # you need `kms:GenerateDataKey` and `kms:Decrypt` permission to the
@@ -489,8 +501,9 @@ module Aws::SecretsManager
489
501
  #
490
502
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html
491
503
  # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html
492
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
493
- # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
504
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
505
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
506
+ # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
494
507
  #
495
508
  # @option params [required, String] :name
496
509
  # The name of the new secret.
@@ -553,7 +566,9 @@ module Aws::SecretsManager
553
566
  #
554
567
  # @option params [String] :kms_key_id
555
568
  # The ARN, key ID, or alias of the KMS key that Secrets Manager uses to
556
- # encrypt the secret value in the secret.
569
+ # encrypt the secret value in the secret. An alias is always prefixed by
570
+ # `alias/`, for example `alias/aws/secretsmanager`. For more
571
+ # information, see [About aliases][1].
557
572
  #
558
573
  # To use a KMS key in a different account, use the key ARN or the alias
559
574
  # ARN.
@@ -568,6 +583,10 @@ module Aws::SecretsManager
568
583
  # to encrypt the secret, and you must create and use a customer managed
569
584
  # KMS key.
570
585
  #
586
+ #
587
+ #
588
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html
589
+ #
571
590
  # @option params [String, StringIO, File] :secret_binary
572
591
  # The binary data to encrypt and store in the new version of the secret.
573
592
  # We recommend that you store your binary data in a file and then pass
@@ -724,14 +743,20 @@ module Aws::SecretsManager
724
743
  # Deletes the resource-based permission policy attached to the secret.
725
744
  # To attach a policy to a secret, use PutResourcePolicy.
726
745
  #
746
+ # Secrets Manager generates a CloudTrail log entry when you call this
747
+ # action. Do not include sensitive information in request parameters
748
+ # because it might be logged. For more information, see [Logging Secrets
749
+ # Manager events with CloudTrail][1].
750
+ #
727
751
  # <b>Required permissions: </b> `secretsmanager:DeleteResourcePolicy`.
728
- # For more information, see [ IAM policy actions for Secrets Manager][1]
729
- # and [Authentication and access control in Secrets Manager][2].
752
+ # For more information, see [ IAM policy actions for Secrets Manager][2]
753
+ # and [Authentication and access control in Secrets Manager][3].
730
754
  #
731
755
  #
732
756
  #
733
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
734
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
757
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
758
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
759
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
735
760
  #
736
761
  # @option params [required, String] :secret_id
737
762
  # The ARN or name of the secret to delete the attached resource-based
@@ -818,15 +843,21 @@ module Aws::SecretsManager
818
843
  # secret value. You must first cancel the deletion with RestoreSecret
819
844
  # and then you can retrieve the secret.
820
845
  #
846
+ # Secrets Manager generates a CloudTrail log entry when you call this
847
+ # action. Do not include sensitive information in request parameters
848
+ # because it might be logged. For more information, see [Logging Secrets
849
+ # Manager events with CloudTrail][2].
850
+ #
821
851
  # <b>Required permissions: </b> `secretsmanager:DeleteSecret`. For more
822
- # information, see [ IAM policy actions for Secrets Manager][2] and
823
- # [Authentication and access control in Secrets Manager][3].
852
+ # information, see [ IAM policy actions for Secrets Manager][3] and
853
+ # [Authentication and access control in Secrets Manager][4].
824
854
  #
825
855
  #
826
856
  #
827
857
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html
828
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
829
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
858
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
859
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
860
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
830
861
  #
831
862
  # @option params [required, String] :secret_id
832
863
  # The ARN or name of the secret to delete.
@@ -915,14 +946,20 @@ module Aws::SecretsManager
915
946
  # secret value. Secrets Manager only returns fields that have a value in
916
947
  # the response.
917
948
  #
949
+ # Secrets Manager generates a CloudTrail log entry when you call this
950
+ # action. Do not include sensitive information in request parameters
951
+ # because it might be logged. For more information, see [Logging Secrets
952
+ # Manager events with CloudTrail][1].
953
+ #
918
954
  # <b>Required permissions: </b> `secretsmanager:DescribeSecret`. For
919
- # more information, see [ IAM policy actions for Secrets Manager][1] and
920
- # [Authentication and access control in Secrets Manager][2].
955
+ # more information, see [ IAM policy actions for Secrets Manager][2] and
956
+ # [Authentication and access control in Secrets Manager][3].
921
957
  #
922
958
  #
923
959
  #
924
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
925
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
960
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
961
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
962
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
926
963
  #
927
964
  # @option params [required, String] :secret_id
928
965
  # The ARN or name of the secret.
@@ -1049,14 +1086,20 @@ module Aws::SecretsManager
1049
1086
  # length and include every character type that the system you are
1050
1087
  # generating a password for can support.
1051
1088
  #
1089
+ # Secrets Manager generates a CloudTrail log entry when you call this
1090
+ # action. Do not include sensitive information in request parameters
1091
+ # because it might be logged. For more information, see [Logging Secrets
1092
+ # Manager events with CloudTrail][1].
1093
+ #
1052
1094
  # <b>Required permissions: </b> `secretsmanager:GetRandomPassword`. For
1053
- # more information, see [ IAM policy actions for Secrets Manager][1] and
1054
- # [Authentication and access control in Secrets Manager][2].
1095
+ # more information, see [ IAM policy actions for Secrets Manager][2] and
1096
+ # [Authentication and access control in Secrets Manager][3].
1055
1097
  #
1056
1098
  #
1057
1099
  #
1058
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1059
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1100
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
1101
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1102
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1060
1103
  #
1061
1104
  # @option params [Integer] :password_length
1062
1105
  # The length of the password. If you don't include this parameter, the
@@ -1146,15 +1189,21 @@ module Aws::SecretsManager
1146
1189
  # attached to a secret, see [Permissions policies attached to a
1147
1190
  # secret][1].
1148
1191
  #
1192
+ # Secrets Manager generates a CloudTrail log entry when you call this
1193
+ # action. Do not include sensitive information in request parameters
1194
+ # because it might be logged. For more information, see [Logging Secrets
1195
+ # Manager events with CloudTrail][2].
1196
+ #
1149
1197
  # <b>Required permissions: </b> `secretsmanager:GetResourcePolicy`. For
1150
- # more information, see [ IAM policy actions for Secrets Manager][2] and
1151
- # [Authentication and access control in Secrets Manager][3].
1198
+ # more information, see [ IAM policy actions for Secrets Manager][3] and
1199
+ # [Authentication and access control in Secrets Manager][4].
1152
1200
  #
1153
1201
  #
1154
1202
  #
1155
1203
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html
1156
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1157
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1204
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
1205
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1206
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1158
1207
  #
1159
1208
  # @option params [required, String] :secret_id
1160
1209
  # The ARN or name of the secret to retrieve the attached resource-based
@@ -1218,18 +1267,29 @@ module Aws::SecretsManager
1218
1267
  # caching. Caching secrets improves speed and reduces your costs. For
1219
1268
  # more information, see [Cache secrets for your applications][1].
1220
1269
  #
1270
+ # To retrieve the previous version of a secret, use `VersionStage` and
1271
+ # specify AWSPREVIOUS. To revert to the previous version of a secret,
1272
+ # call [UpdateSecretVersionStage][2].
1273
+ #
1274
+ # Secrets Manager generates a CloudTrail log entry when you call this
1275
+ # action. Do not include sensitive information in request parameters
1276
+ # because it might be logged. For more information, see [Logging Secrets
1277
+ # Manager events with CloudTrail][3].
1278
+ #
1221
1279
  # <b>Required permissions: </b> `secretsmanager:GetSecretValue`. If the
1222
1280
  # secret is encrypted using a customer-managed key instead of the Amazon
1223
1281
  # Web Services managed key `aws/secretsmanager`, then you also need
1224
1282
  # `kms:Decrypt` permissions for that key. For more information, see [
1225
- # IAM policy actions for Secrets Manager][2] and [Authentication and
1226
- # access control in Secrets Manager][3].
1283
+ # IAM policy actions for Secrets Manager][4] and [Authentication and
1284
+ # access control in Secrets Manager][5].
1227
1285
  #
1228
1286
  #
1229
1287
  #
1230
1288
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
1231
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1232
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1289
+ # [2]: https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html
1290
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
1291
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1292
+ # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1233
1293
  #
1234
1294
  # @option params [required, String] :secret_id
1235
1295
  # The ARN or name of the secret to retrieve.
@@ -1329,15 +1389,21 @@ module Aws::SecretsManager
1329
1389
  #
1330
1390
  # To list the secrets in the account, use ListSecrets.
1331
1391
  #
1392
+ # Secrets Manager generates a CloudTrail log entry when you call this
1393
+ # action. Do not include sensitive information in request parameters
1394
+ # because it might be logged. For more information, see [Logging Secrets
1395
+ # Manager events with CloudTrail][2].
1396
+ #
1332
1397
  # <b>Required permissions: </b> `secretsmanager:ListSecretVersionIds`.
1333
- # For more information, see [ IAM policy actions for Secrets Manager][2]
1334
- # and [Authentication and access control in Secrets Manager][3].
1398
+ # For more information, see [ IAM policy actions for Secrets Manager][3]
1399
+ # and [Authentication and access control in Secrets Manager][4].
1335
1400
  #
1336
1401
  #
1337
1402
  #
1338
1403
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
1339
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1340
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1404
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
1405
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1406
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1341
1407
  #
1342
1408
  # @option params [required, String] :secret_id
1343
1409
  # The ARN or name of the secret whose versions you want to list.
@@ -1460,15 +1526,21 @@ module Aws::SecretsManager
1460
1526
  # For information about finding secrets in the console, see [Find
1461
1527
  # secrets in Secrets Manager][1].
1462
1528
  #
1529
+ # Secrets Manager generates a CloudTrail log entry when you call this
1530
+ # action. Do not include sensitive information in request parameters
1531
+ # because it might be logged. For more information, see [Logging Secrets
1532
+ # Manager events with CloudTrail][2].
1533
+ #
1463
1534
  # <b>Required permissions: </b> `secretsmanager:ListSecrets`. For more
1464
- # information, see [ IAM policy actions for Secrets Manager][2] and
1465
- # [Authentication and access control in Secrets Manager][3].
1535
+ # information, see [ IAM policy actions for Secrets Manager][3] and
1536
+ # [Authentication and access control in Secrets Manager][4].
1466
1537
  #
1467
1538
  #
1468
1539
  #
1469
1540
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html
1470
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1471
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1541
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
1542
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1543
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1472
1544
  #
1473
1545
  # @option params [Integer] :max_results
1474
1546
  # The number of results to include in the response.
@@ -1588,15 +1660,21 @@ module Aws::SecretsManager
1588
1660
  # For information about attaching a policy in the console, see [Attach a
1589
1661
  # permissions policy to a secret][2].
1590
1662
  #
1663
+ # Secrets Manager generates a CloudTrail log entry when you call this
1664
+ # action. Do not include sensitive information in request parameters
1665
+ # because it might be logged. For more information, see [Logging Secrets
1666
+ # Manager events with CloudTrail][3].
1667
+ #
1591
1668
  # <b>Required permissions: </b> `secretsmanager:PutResourcePolicy`. For
1592
- # more information, see [ IAM policy actions for Secrets Manager][3] and
1669
+ # more information, see [ IAM policy actions for Secrets Manager][4] and
1593
1670
  # [Authentication and access control in Secrets Manager][1].
1594
1671
  #
1595
1672
  #
1596
1673
  #
1597
1674
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1598
1675
  # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html
1599
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1676
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
1677
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1600
1678
  #
1601
1679
  # @option params [required, String] :secret_id
1602
1680
  # The ARN or name of the secret to attach the resource-based policy.
@@ -1682,12 +1760,10 @@ module Aws::SecretsManager
1682
1760
  # Manager automatically moves the staging label `AWSCURRENT` to this
1683
1761
  # version. If this operation creates the first version for the secret,
1684
1762
  # then Secrets Manager automatically attaches the staging label
1685
- # `AWSCURRENT` to it .
1686
- #
1687
- # If this operation moves the staging label `AWSCURRENT` from another
1688
- # version to this version, then Secrets Manager also automatically moves
1689
- # the staging label `AWSPREVIOUS` to the version that `AWSCURRENT` was
1690
- # removed from.
1763
+ # `AWSCURRENT` to it. If this operation moves the staging label
1764
+ # `AWSCURRENT` from another version to this version, then Secrets
1765
+ # Manager also automatically moves the staging label `AWSPREVIOUS` to
1766
+ # the version that `AWSCURRENT` was removed from.
1691
1767
  #
1692
1768
  # This operation is idempotent. If you call this operation with a
1693
1769
  # `ClientRequestToken` that matches an existing version's VersionId,
@@ -1696,14 +1772,21 @@ module Aws::SecretsManager
1696
1772
  # fails because you can't modify an existing version; you can only
1697
1773
  # create new ones.
1698
1774
  #
1775
+ # Secrets Manager generates a CloudTrail log entry when you call this
1776
+ # action. Do not include sensitive information in request parameters
1777
+ # except `SecretBinary` or `SecretString` because it might be logged.
1778
+ # For more information, see [Logging Secrets Manager events with
1779
+ # CloudTrail][1].
1780
+ #
1699
1781
  # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For
1700
- # more information, see [ IAM policy actions for Secrets Manager][1] and
1701
- # [Authentication and access control in Secrets Manager][2].
1782
+ # more information, see [ IAM policy actions for Secrets Manager][2] and
1783
+ # [Authentication and access control in Secrets Manager][3].
1702
1784
  #
1703
1785
  #
1704
1786
  #
1705
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1706
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1787
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
1788
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1789
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1707
1790
  #
1708
1791
  # @option params [required, String] :secret_id
1709
1792
  # The ARN or name of the secret to add a new version to.
@@ -1850,15 +1933,21 @@ module Aws::SecretsManager
1850
1933
  # For a secret that is replicated to other Regions, deletes the secret
1851
1934
  # replicas from the Regions you specify.
1852
1935
  #
1936
+ # Secrets Manager generates a CloudTrail log entry when you call this
1937
+ # action. Do not include sensitive information in request parameters
1938
+ # because it might be logged. For more information, see [Logging Secrets
1939
+ # Manager events with CloudTrail][1].
1940
+ #
1853
1941
  # <b>Required permissions: </b>
1854
1942
  # `secretsmanager:RemoveRegionsFromReplication`. For more information,
1855
- # see [ IAM policy actions for Secrets Manager][1] and [Authentication
1856
- # and access control in Secrets Manager][2].
1943
+ # see [ IAM policy actions for Secrets Manager][2] and [Authentication
1944
+ # and access control in Secrets Manager][3].
1857
1945
  #
1858
1946
  #
1859
1947
  #
1860
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1861
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1948
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
1949
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1950
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1862
1951
  #
1863
1952
  # @option params [required, String] :secret_id
1864
1953
  # The ARN or name of the secret.
@@ -1899,16 +1988,22 @@ module Aws::SecretsManager
1899
1988
 
1900
1989
  # Replicates the secret to a new Regions. See [Multi-Region secrets][1].
1901
1990
  #
1991
+ # Secrets Manager generates a CloudTrail log entry when you call this
1992
+ # action. Do not include sensitive information in request parameters
1993
+ # because it might be logged. For more information, see [Logging Secrets
1994
+ # Manager events with CloudTrail][2].
1995
+ #
1902
1996
  # <b>Required permissions: </b>
1903
1997
  # `secretsmanager:ReplicateSecretToRegions`. For more information, see [
1904
- # IAM policy actions for Secrets Manager][2] and [Authentication and
1905
- # access control in Secrets Manager][3].
1998
+ # IAM policy actions for Secrets Manager][3] and [Authentication and
1999
+ # access control in Secrets Manager][4].
1906
2000
  #
1907
2001
  #
1908
2002
  #
1909
2003
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html
1910
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1911
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2004
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2005
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2006
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1912
2007
  #
1913
2008
  # @option params [required, String] :secret_id
1914
2009
  # The ARN or name of the secret to replicate.
@@ -1961,14 +2056,20 @@ module Aws::SecretsManager
1961
2056
  # `DeletedDate` time stamp. You can access a secret again after it has
1962
2057
  # been restored.
1963
2058
  #
2059
+ # Secrets Manager generates a CloudTrail log entry when you call this
2060
+ # action. Do not include sensitive information in request parameters
2061
+ # because it might be logged. For more information, see [Logging Secrets
2062
+ # Manager events with CloudTrail][1].
2063
+ #
1964
2064
  # <b>Required permissions: </b> `secretsmanager:RestoreSecret`. For more
1965
- # information, see [ IAM policy actions for Secrets Manager][1] and
1966
- # [Authentication and access control in Secrets Manager][2].
2065
+ # information, see [ IAM policy actions for Secrets Manager][2] and
2066
+ # [Authentication and access control in Secrets Manager][3].
1967
2067
  #
1968
2068
  #
1969
2069
  #
1970
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
1971
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2070
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2071
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2072
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1972
2073
  #
1973
2074
  # @option params [required, String] :secret_id
1974
2075
  # The ARN or name of the secret to restore.
@@ -2053,11 +2154,16 @@ module Aws::SecretsManager
2053
2154
  # later invocation of `RotateSecret` assumes that a previous rotation
2054
2155
  # request is still in progress and returns an error.
2055
2156
  #
2157
+ # Secrets Manager generates a CloudTrail log entry when you call this
2158
+ # action. Do not include sensitive information in request parameters
2159
+ # because it might be logged. For more information, see [Logging Secrets
2160
+ # Manager events with CloudTrail][7].
2161
+ #
2056
2162
  # <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more
2057
- # information, see [ IAM policy actions for Secrets Manager][7] and
2058
- # [Authentication and access control in Secrets Manager][8]. You also
2163
+ # information, see [ IAM policy actions for Secrets Manager][8] and
2164
+ # [Authentication and access control in Secrets Manager][9]. You also
2059
2165
  # need `lambda:InvokeFunction` permissions on the rotation function. For
2060
- # more information, see [ Permissions for rotation][9].
2166
+ # more information, see [ Permissions for rotation][10].
2061
2167
  #
2062
2168
  #
2063
2169
  #
@@ -2067,9 +2173,10 @@ module Aws::SecretsManager
2067
2173
  # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
2068
2174
  # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html
2069
2175
  # [6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html
2070
- # [7]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2071
- # [8]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2072
- # [9]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
2176
+ # [7]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2177
+ # [8]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2178
+ # [9]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2179
+ # [10]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
2073
2180
  #
2074
2181
  # @option params [required, String] :secret_id
2075
2182
  # The ARN or name of the secret to rotate.
@@ -2211,15 +2318,21 @@ module Aws::SecretsManager
2211
2318
  # You must call this operation from the Region in which you want to
2212
2319
  # promote the replica to a primary secret.
2213
2320
  #
2321
+ # Secrets Manager generates a CloudTrail log entry when you call this
2322
+ # action. Do not include sensitive information in request parameters
2323
+ # because it might be logged. For more information, see [Logging Secrets
2324
+ # Manager events with CloudTrail][1].
2325
+ #
2214
2326
  # <b>Required permissions: </b>
2215
2327
  # `secretsmanager:StopReplicationToReplica`. For more information, see [
2216
- # IAM policy actions for Secrets Manager][1] and [Authentication and
2217
- # access control in Secrets Manager][2].
2328
+ # IAM policy actions for Secrets Manager][2] and [Authentication and
2329
+ # access control in Secrets Manager][3].
2218
2330
  #
2219
2331
  #
2220
2332
  #
2221
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2222
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2333
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2334
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2335
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2223
2336
  #
2224
2337
  # @option params [required, String] :secret_id
2225
2338
  # The ARN of the primary secret.
@@ -2278,14 +2391,20 @@ module Aws::SecretsManager
2278
2391
  # operation would result in you losing your permissions for this secret,
2279
2392
  # then the operation is blocked and returns an Access Denied error.
2280
2393
  #
2394
+ # Secrets Manager generates a CloudTrail log entry when you call this
2395
+ # action. Do not include sensitive information in request parameters
2396
+ # because it might be logged. For more information, see [Logging Secrets
2397
+ # Manager events with CloudTrail][1].
2398
+ #
2281
2399
  # <b>Required permissions: </b> `secretsmanager:TagResource`. For more
2282
- # information, see [ IAM policy actions for Secrets Manager][1] and
2283
- # [Authentication and access control in Secrets Manager][2].
2400
+ # information, see [ IAM policy actions for Secrets Manager][2] and
2401
+ # [Authentication and access control in Secrets Manager][3].
2284
2402
  #
2285
2403
  #
2286
2404
  #
2287
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2288
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2405
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2406
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2407
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2289
2408
  #
2290
2409
  # @option params [required, String] :secret_id
2291
2410
  # The identifier for the secret to attach tags to. You can specify
@@ -2365,14 +2484,20 @@ module Aws::SecretsManager
2365
2484
  # would result in you losing your permissions for this secret, then the
2366
2485
  # operation is blocked and returns an Access Denied error.
2367
2486
  #
2487
+ # Secrets Manager generates a CloudTrail log entry when you call this
2488
+ # action. Do not include sensitive information in request parameters
2489
+ # because it might be logged. For more information, see [Logging Secrets
2490
+ # Manager events with CloudTrail][1].
2491
+ #
2368
2492
  # <b>Required permissions: </b> `secretsmanager:UntagResource`. For more
2369
- # information, see [ IAM policy actions for Secrets Manager][1] and
2370
- # [Authentication and access control in Secrets Manager][2].
2493
+ # information, see [ IAM policy actions for Secrets Manager][2] and
2494
+ # [Authentication and access control in Secrets Manager][3].
2371
2495
  #
2372
2496
  #
2373
2497
  #
2374
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2375
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2498
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2499
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2500
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2376
2501
  #
2377
2502
  # @option params [required, String] :secret_id
2378
2503
  # The ARN or name of the secret.
@@ -2447,8 +2572,9 @@ module Aws::SecretsManager
2447
2572
  # reach the quota for secret versions.
2448
2573
  #
2449
2574
  # If you include `SecretString` or `SecretBinary` to create a new secret
2450
- # version, Secrets Manager automatically attaches the staging label
2451
- # `AWSCURRENT` to the new version.
2575
+ # version, Secrets Manager automatically moves the staging label
2576
+ # `AWSCURRENT` to the new version. Then it attaches the label
2577
+ # `AWSPREVIOUS` to the version that `AWSCURRENT` was removed from.
2452
2578
  #
2453
2579
  # If you call this operation with a `ClientRequestToken` that matches an
2454
2580
  # existing version's `VersionId`, the operation results in an error.
@@ -2456,31 +2582,25 @@ module Aws::SecretsManager
2456
2582
  # version. To remove a version, remove all staging labels from it. See
2457
2583
  # UpdateSecretVersionStage.
2458
2584
  #
2459
- # If you don't specify an KMS encryption key, Secrets Manager uses the
2460
- # Amazon Web Services managed key `aws/secretsmanager`. If this key
2461
- # doesn't already exist in your account, then Secrets Manager creates
2462
- # it for you automatically. All users and roles in the Amazon Web
2463
- # Services account automatically have access to use
2464
- # `aws/secretsmanager`. Creating `aws/secretsmanager` can result in a
2465
- # one-time significant delay in returning the result.
2466
- #
2467
- # If the secret is in a different Amazon Web Services account from the
2468
- # credentials calling the API, then you can't use `aws/secretsmanager`
2469
- # to encrypt the secret, and you must create and use a customer managed
2470
- # key.
2585
+ # Secrets Manager generates a CloudTrail log entry when you call this
2586
+ # action. Do not include sensitive information in request parameters
2587
+ # except `SecretBinary` or `SecretString` because it might be logged.
2588
+ # For more information, see [Logging Secrets Manager events with
2589
+ # CloudTrail][1].
2471
2590
  #
2472
2591
  # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more
2473
- # information, see [ IAM policy actions for Secrets Manager][1] and
2474
- # [Authentication and access control in Secrets Manager][2]. If you use
2592
+ # information, see [ IAM policy actions for Secrets Manager][2] and
2593
+ # [Authentication and access control in Secrets Manager][3]. If you use
2475
2594
  # a customer managed key, you must also have `kms:GenerateDataKey` and
2476
2595
  # `kms:Decrypt` permissions on the key. For more information, see [
2477
- # Secret encryption and decryption][3].
2596
+ # Secret encryption and decryption][4].
2478
2597
  #
2479
2598
  #
2480
2599
  #
2481
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2482
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2483
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html
2600
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2601
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2602
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2603
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html
2484
2604
  #
2485
2605
  # @option params [required, String] :secret_id
2486
2606
  # The ARN or name of the secret.
@@ -2518,11 +2638,23 @@ module Aws::SecretsManager
2518
2638
  #
2519
2639
  # @option params [String] :kms_key_id
2520
2640
  # The ARN, key ID, or alias of the KMS key that Secrets Manager uses to
2521
- # encrypt new secret versions as well as any existing versions the
2641
+ # encrypt new secret versions as well as any existing versions with the
2522
2642
  # staging labels `AWSCURRENT`, `AWSPENDING`, or `AWSPREVIOUS`. For more
2523
2643
  # information about versions and staging labels, see [Concepts:
2524
2644
  # Version][1].
2525
2645
  #
2646
+ # A key alias is always prefixed by `alias/`, for example
2647
+ # `alias/aws/secretsmanager`. For more information, see [About
2648
+ # aliases][2].
2649
+ #
2650
+ # If you set this to an empty string, Secrets Manager uses the Amazon
2651
+ # Web Services managed key `aws/secretsmanager`. If this key doesn't
2652
+ # already exist in your account, then Secrets Manager creates it for you
2653
+ # automatically. All users and roles in the Amazon Web Services account
2654
+ # automatically have access to use `aws/secretsmanager`. Creating
2655
+ # `aws/secretsmanager` can result in a one-time significant delay in
2656
+ # returning the result.
2657
+ #
2526
2658
  # You can only use the Amazon Web Services managed key
2527
2659
  # `aws/secretsmanager` if you call this operation using credentials from
2528
2660
  # the same Amazon Web Services account that owns the secret. If the
@@ -2534,6 +2666,7 @@ module Aws::SecretsManager
2534
2666
  #
2535
2667
  #
2536
2668
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
2669
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html
2537
2670
  #
2538
2671
  # @option params [String, StringIO, File] :secret_binary
2539
2672
  # The binary data to encrypt and store in the new version of the secret.
@@ -2660,16 +2793,22 @@ module Aws::SecretsManager
2660
2793
  # then the version is considered to be 'deprecated' and can be deleted
2661
2794
  # by Secrets Manager.
2662
2795
  #
2796
+ # Secrets Manager generates a CloudTrail log entry when you call this
2797
+ # action. Do not include sensitive information in request parameters
2798
+ # because it might be logged. For more information, see [Logging Secrets
2799
+ # Manager events with CloudTrail][2].
2800
+ #
2663
2801
  # <b>Required permissions: </b>
2664
2802
  # `secretsmanager:UpdateSecretVersionStage`. For more information, see [
2665
- # IAM policy actions for Secrets Manager][2] and [Authentication and
2666
- # access control in Secrets Manager][3].
2803
+ # IAM policy actions for Secrets Manager][3] and [Authentication and
2804
+ # access control in Secrets Manager][4].
2667
2805
  #
2668
2806
  #
2669
2807
  #
2670
2808
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
2671
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2672
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2809
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2810
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2811
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2673
2812
  #
2674
2813
  # @option params [required, String] :secret_id
2675
2814
  # The ARN or the name of the secret with the version and staging
@@ -2798,15 +2937,21 @@ module Aws::SecretsManager
2798
2937
  #
2799
2938
  # * Verifies the policy does not lock out a caller.
2800
2939
  #
2940
+ # Secrets Manager generates a CloudTrail log entry when you call this
2941
+ # action. Do not include sensitive information in request parameters
2942
+ # because it might be logged. For more information, see [Logging Secrets
2943
+ # Manager events with CloudTrail][2].
2944
+ #
2801
2945
  # <b>Required permissions: </b> `secretsmanager:ValidateResourcePolicy`.
2802
- # For more information, see [ IAM policy actions for Secrets Manager][2]
2803
- # and [Authentication and access control in Secrets Manager][3].
2946
+ # For more information, see [ IAM policy actions for Secrets Manager][3]
2947
+ # and [Authentication and access control in Secrets Manager][4].
2804
2948
  #
2805
2949
  #
2806
2950
  #
2807
2951
  # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/
2808
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2809
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2952
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2953
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2954
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2810
2955
  #
2811
2956
  # @option params [String] :secret_id
2812
2957
  # This field is reserved for internal use.
@@ -2879,7 +3024,7 @@ module Aws::SecretsManager
2879
3024
  params: params,
2880
3025
  config: config)
2881
3026
  context[:gem_name] = 'aws-sdk-secretsmanager'
2882
- context[:gem_version] = '1.64.0'
3027
+ context[:gem_version] = '1.66.0'
2883
3028
  Seahorse::Client::Request.new(handlers, context)
2884
3029
  end
2885
3030
 
@@ -152,7 +152,9 @@ module Aws::SecretsManager
152
152
  #
153
153
  # @!attribute [rw] kms_key_id
154
154
  # The ARN, key ID, or alias of the KMS key that Secrets Manager uses
155
- # to encrypt the secret value in the secret.
155
+ # to encrypt the secret value in the secret. An alias is always
156
+ # prefixed by `alias/`, for example `alias/aws/secretsmanager`. For
157
+ # more information, see [About aliases][1].
156
158
  #
157
159
  # To use a KMS key in a different account, use the key ARN or the
158
160
  # alias ARN.
@@ -166,6 +168,10 @@ module Aws::SecretsManager
166
168
  # credentials calling the API, then you can't use
167
169
  # `aws/secretsmanager` to encrypt the secret, and you must create and
168
170
  # use a customer managed KMS key.
171
+ #
172
+ #
173
+ #
174
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html
169
175
  # @return [String]
170
176
  #
171
177
  # @!attribute [rw] secret_binary
@@ -489,9 +495,10 @@ module Aws::SecretsManager
489
495
  # @return [String]
490
496
  #
491
497
  # @!attribute [rw] kms_key_id
492
- # The ARN of the KMS key that Secrets Manager uses to encrypt the
493
- # secret value. If the secret is encrypted with the Amazon Web
494
- # Services managed key `aws/secretsmanager`, this field is omitted.
498
+ # The key ID or alias ARN of the KMS key that Secrets Manager uses to
499
+ # encrypt the secret value. If the secret is encrypted with the Amazon
500
+ # Web Services managed key `aws/secretsmanager`, this field is
501
+ # omitted. Secrets created using the console use an KMS key ID.
495
502
  # @return [String]
496
503
  #
497
504
  # @!attribute [rw] rotation_enabled
@@ -525,9 +532,8 @@ module Aws::SecretsManager
525
532
  # @return [Time]
526
533
  #
527
534
  # @!attribute [rw] last_accessed_date
528
- # The last date that the secret value was retrieved. This value does
529
- # not include the time. This field is omitted if the secret has never
530
- # been retrieved.
535
+ # The date that the secret was last accessed in the Region. This field
536
+ # is omitted if the secret has never been retrieved in the Region.
531
537
  # @return [Time]
532
538
  #
533
539
  # @!attribute [rw] deleted_date
@@ -578,7 +584,13 @@ module Aws::SecretsManager
578
584
  # @return [Hash<String,Array<String>>]
579
585
  #
580
586
  # @!attribute [rw] owning_service
581
- # The name of the service that created this secret.
587
+ # The ID of the service that created this secret. For more
588
+ # information, see [Secrets managed by other Amazon Web Services
589
+ # services][1].
590
+ #
591
+ #
592
+ #
593
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html
582
594
  # @return [String]
583
595
  #
584
596
  # @!attribute [rw] created_date
@@ -1003,6 +1015,14 @@ module Aws::SecretsManager
1003
1015
  # a Lambda function ARN configured and you didn't include such an ARN
1004
1016
  # as a parameter in this call.
1005
1017
  #
1018
+ # * The secret is managed by another service, and you must use that
1019
+ # service to update it. For more information, see [Secrets managed by
1020
+ # other Amazon Web Services services][1].
1021
+ #
1022
+ #
1023
+ #
1024
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html
1025
+ #
1006
1026
  # @!attribute [rw] message
1007
1027
  # @return [String]
1008
1028
  #
@@ -1580,7 +1600,8 @@ module Aws::SecretsManager
1580
1600
  # @return [String]
1581
1601
  #
1582
1602
  # @!attribute [rw] last_accessed_date
1583
- # The date that you last accessed the secret in the Region.
1603
+ # The date that the secret was last accessed in the Region. This field
1604
+ # is omitted if the secret has never been retrieved in the Region.
1584
1605
  # @return [Time]
1585
1606
  #
1586
1607
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicationStatusType AWS API Documentation
@@ -1912,9 +1933,8 @@ module Aws::SecretsManager
1912
1933
  # @return [Time]
1913
1934
  #
1914
1935
  # @!attribute [rw] last_accessed_date
1915
- # The last date that this secret was accessed. This value is truncated
1916
- # to midnight of the date and therefore shows only the date, not the
1917
- # time.
1936
+ # The date that the secret was last accessed in the Region. This field
1937
+ # is omitted if the secret has never been retrieved in the Region.
1918
1938
  # @return [Time]
1919
1939
  #
1920
1940
  # @!attribute [rw] deleted_date
@@ -2229,11 +2249,23 @@ module Aws::SecretsManager
2229
2249
  #
2230
2250
  # @!attribute [rw] kms_key_id
2231
2251
  # The ARN, key ID, or alias of the KMS key that Secrets Manager uses
2232
- # to encrypt new secret versions as well as any existing versions the
2233
- # staging labels `AWSCURRENT`, `AWSPENDING`, or `AWSPREVIOUS`. For
2252
+ # to encrypt new secret versions as well as any existing versions with
2253
+ # the staging labels `AWSCURRENT`, `AWSPENDING`, or `AWSPREVIOUS`. For
2234
2254
  # more information about versions and staging labels, see [Concepts:
2235
2255
  # Version][1].
2236
2256
  #
2257
+ # A key alias is always prefixed by `alias/`, for example
2258
+ # `alias/aws/secretsmanager`. For more information, see [About
2259
+ # aliases][2].
2260
+ #
2261
+ # If you set this to an empty string, Secrets Manager uses the Amazon
2262
+ # Web Services managed key `aws/secretsmanager`. If this key doesn't
2263
+ # already exist in your account, then Secrets Manager creates it for
2264
+ # you automatically. All users and roles in the Amazon Web Services
2265
+ # account automatically have access to use `aws/secretsmanager`.
2266
+ # Creating `aws/secretsmanager` can result in a one-time significant
2267
+ # delay in returning the result.
2268
+ #
2237
2269
  # You can only use the Amazon Web Services managed key
2238
2270
  # `aws/secretsmanager` if you call this operation using credentials
2239
2271
  # from the same Amazon Web Services account that owns the secret. If
@@ -2245,6 +2277,7 @@ module Aws::SecretsManager
2245
2277
  #
2246
2278
  #
2247
2279
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
2280
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html
2248
2281
  # @return [String]
2249
2282
  #
2250
2283
  # @!attribute [rw] secret_binary
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
48
48
  # @!group service
49
49
  module Aws::SecretsManager
50
50
 
51
- GEM_VERSION = '1.64.0'
51
+ GEM_VERSION = '1.66.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-secretsmanager
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.64.0
4
+ version: 1.66.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-16 00:00:00.000000000 Z
11
+ date: 2022-09-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core