aws-sdk-secretsmanager 1.65.0 → 1.67.0

data/lib/aws-sdk-secretsmanager/client.rb

@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
 require 'aws-sdk-core/plugins/checksum_algorithm.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/recursion_detection.rb'
-require 'aws-sdk-core/plugins/signature_v4.rb'
+require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:secretsmanager)
@@ -79,8 +79,9 @@ module Aws::SecretsManager
     add_plugin(Aws::Plugins::ChecksumAlgorithm)
     add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::RecursionDetection)
-    add_plugin(Aws::Plugins::SignatureV4)
+    add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
+    add_plugin(Aws::SecretsManager::Plugins::Endpoints)
 
     # @overload initialize(options)
     #   @param [Hash] options
@@ -297,6 +298,19 @@ module Aws::SecretsManager
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Aws::TokenProvider] :token_provider
+    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     following classes:
+    #
+    #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+    #       tokens.
+    #
+    #     * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+    #     will be used to search for tokens configured for your profile in shared configuration files.
+    #
     #   @option options [Boolean] :use_dualstack_endpoint
     #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
     #     will be used if available.
@@ -310,6 +324,9 @@ module Aws::SecretsManager
     #     When `true`, request parameters are validated before
     #     sending the request.
     #
+    #   @option options [Aws::SecretsManager::EndpointProvider] :endpoint_provider
+    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::SecretsManager::EndpointParameters`
+    #
     #   @option options [URI::HTTP,String] :http_proxy A proxy to send
     #     requests through.  Formatted like 'http://proxy.com:123'.
     #
@@ -376,15 +393,21 @@ module Aws::SecretsManager
     #
     # To turn on automatic rotation again, call RotateSecret.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][2].
+    #
     # <b>Required permissions: </b> `secretsmanager:CancelRotateSecret`. For
-    # more information, see [ IAM policy actions for Secrets Manager][2] and
-    # [Authentication and access control in Secrets Manager][3].
+    # more information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][4].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
@@ -475,11 +498,17 @@ module Aws::SecretsManager
     # to encrypt the secret, and you must create and use a customer managed
     # KMS key.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # except `SecretBinary` or `SecretString` because it might be logged.
+    # For more information, see [Logging Secrets Manager events with
+    # CloudTrail][3].
+    #
     # <b>Required permissions: </b> `secretsmanager:CreateSecret`. If you
     # include tags in the secret, you also need
     # `secretsmanager:TagResource`. For more information, see [ IAM policy
-    # actions for Secrets Manager][3] and [Authentication and access control
-    # in Secrets Manager][4].
+    # actions for Secrets Manager][4] and [Authentication and access control
+    # in Secrets Manager][5].
     #
     # To encrypt the secret with a KMS key other than `aws/secretsmanager`,
     # you need `kms:GenerateDataKey` and `kms:Decrypt` permission to the
@@ -489,8 +518,9 @@ module Aws::SecretsManager
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :name
     #   The name of the new secret.
@@ -730,14 +760,20 @@ module Aws::SecretsManager
     # Deletes the resource-based permission policy attached to the secret.
     # To attach a policy to a secret, use PutResourcePolicy.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][1].
+    #
     # <b>Required permissions: </b> `secretsmanager:DeleteResourcePolicy`.
-    # For more information, see [ IAM policy actions for Secrets Manager][1]
-    # and [Authentication and access control in Secrets Manager][2].
+    # For more information, see [ IAM policy actions for Secrets Manager][2]
+    # and [Authentication and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to delete the attached resource-based
@@ -824,15 +860,21 @@ module Aws::SecretsManager
     # secret value. You must first cancel the deletion with RestoreSecret
     # and then you can retrieve the secret.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][2].
+    #
     # <b>Required permissions: </b> `secretsmanager:DeleteSecret`. For more
-    # information, see [ IAM policy actions for Secrets Manager][2] and
-    # [Authentication and access control in Secrets Manager][3].
+    # information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][4].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to delete.
@@ -921,14 +963,20 @@ module Aws::SecretsManager
     # secret value. Secrets Manager only returns fields that have a value in
     # the response.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][1].
+    #
     # <b>Required permissions: </b> `secretsmanager:DescribeSecret`. For
-    # more information, see [ IAM policy actions for Secrets Manager][1] and
-    # [Authentication and access control in Secrets Manager][2].
+    # more information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
@@ -1055,14 +1103,20 @@ module Aws::SecretsManager
     # length and include every character type that the system you are
     # generating a password for can support.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][1].
+    #
     # <b>Required permissions: </b> `secretsmanager:GetRandomPassword`. For
-    # more information, see [ IAM policy actions for Secrets Manager][1] and
-    # [Authentication and access control in Secrets Manager][2].
+    # more information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [Integer] :password_length
     #   The length of the password. If you don't include this parameter, the
@@ -1152,15 +1206,21 @@ module Aws::SecretsManager
     # attached to a secret, see [Permissions policies attached to a
     # secret][1].
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][2].
+    #
     # <b>Required permissions: </b> `secretsmanager:GetResourcePolicy`. For
-    # more information, see [ IAM policy actions for Secrets Manager][2] and
-    # [Authentication and access control in Secrets Manager][3].
+    # more information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][4].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to retrieve the attached resource-based
@@ -1228,19 +1288,25 @@ module Aws::SecretsManager
     # specify AWSPREVIOUS. To revert to the previous version of a secret,
     # call [UpdateSecretVersionStage][2].
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][3].
+    #
     # <b>Required permissions: </b> `secretsmanager:GetSecretValue`. If the
     # secret is encrypted using a customer-managed key instead of the Amazon
     # Web Services managed key `aws/secretsmanager`, then you also need
     # `kms:Decrypt` permissions for that key. For more information, see [
-    # IAM policy actions for Secrets Manager][3] and [Authentication and
-    # access control in Secrets Manager][4].
+    # IAM policy actions for Secrets Manager][4] and [Authentication and
+    # access control in Secrets Manager][5].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
     # [2]: https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to retrieve.
@@ -1340,15 +1406,21 @@ module Aws::SecretsManager
     #
     # To list the secrets in the account, use ListSecrets.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][2].
+    #
     # <b>Required permissions: </b> `secretsmanager:ListSecretVersionIds`.
-    # For more information, see [ IAM policy actions for Secrets Manager][2]
-    # and [Authentication and access control in Secrets Manager][3].
+    # For more information, see [ IAM policy actions for Secrets Manager][3]
+    # and [Authentication and access control in Secrets Manager][4].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret whose versions you want to list.
@@ -1471,15 +1543,21 @@ module Aws::SecretsManager
     # For information about finding secrets in the console, see [Find
     # secrets in Secrets Manager][1].
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][2].
+    #
     # <b>Required permissions: </b> `secretsmanager:ListSecrets`. For more
-    # information, see [ IAM policy actions for Secrets Manager][2] and
-    # [Authentication and access control in Secrets Manager][3].
+    # information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][4].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [Integer] :max_results
     #   The number of results to include in the response.
@@ -1599,15 +1677,21 @@ module Aws::SecretsManager
     # For information about attaching a policy in the console, see [Attach a
     # permissions policy to a secret][2].
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][3].
+    #
     # <b>Required permissions: </b> `secretsmanager:PutResourcePolicy`. For
-    # more information, see [ IAM policy actions for Secrets Manager][3] and
+    # more information, see [ IAM policy actions for Secrets Manager][4] and
     # [Authentication and access control in Secrets Manager][1].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to attach the resource-based policy.
@@ -1693,12 +1777,10 @@ module Aws::SecretsManager
     # Manager automatically moves the staging label `AWSCURRENT` to this
     # version. If this operation creates the first version for the secret,
     # then Secrets Manager automatically attaches the staging label
-    # `AWSCURRENT` to it .
-    #
-    # If this operation moves the staging label `AWSCURRENT` from another
-    # version to this version, then Secrets Manager also automatically moves
-    # the staging label `AWSPREVIOUS` to the version that `AWSCURRENT` was
-    # removed from.
+    # `AWSCURRENT` to it. If this operation moves the staging label
+    # `AWSCURRENT` from another version to this version, then Secrets
+    # Manager also automatically moves the staging label `AWSPREVIOUS` to
+    # the version that `AWSCURRENT` was removed from.
     #
     # This operation is idempotent. If you call this operation with a
     # `ClientRequestToken` that matches an existing version's VersionId,
@@ -1707,14 +1789,21 @@ module Aws::SecretsManager
     # fails because you can't modify an existing version; you can only
     # create new ones.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # except `SecretBinary` or `SecretString` because it might be logged.
+    # For more information, see [Logging Secrets Manager events with
+    # CloudTrail][1].
+    #
     # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For
-    # more information, see [ IAM policy actions for Secrets Manager][1] and
-    # [Authentication and access control in Secrets Manager][2].
+    # more information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to add a new version to.
@@ -1861,15 +1950,21 @@ module Aws::SecretsManager
     # For a secret that is replicated to other Regions, deletes the secret
     # replicas from the Regions you specify.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][1].
+    #
     # <b>Required permissions: </b>
     # `secretsmanager:RemoveRegionsFromReplication`. For more information,
-    # see [ IAM policy actions for Secrets Manager][1] and [Authentication
-    # and access control in Secrets Manager][2].
+    # see [ IAM policy actions for Secrets Manager][2] and [Authentication
+    # and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
@@ -1910,16 +2005,22 @@ module Aws::SecretsManager
 
     # Replicates the secret to a new Regions. See [Multi-Region secrets][1].
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][2].
+    #
     # <b>Required permissions: </b>
     # `secretsmanager:ReplicateSecretToRegions`. For more information, see [
-    # IAM policy actions for Secrets Manager][2] and [Authentication and
-    # access control in Secrets Manager][3].
+    # IAM policy actions for Secrets Manager][3] and [Authentication and
+    # access control in Secrets Manager][4].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to replicate.
@@ -1972,14 +2073,20 @@ module Aws::SecretsManager
     # `DeletedDate` time stamp. You can access a secret again after it has
     # been restored.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][1].
+    #
     # <b>Required permissions: </b> `secretsmanager:RestoreSecret`. For more
-    # information, see [ IAM policy actions for Secrets Manager][1] and
-    # [Authentication and access control in Secrets Manager][2].
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to restore.
@@ -2064,11 +2171,16 @@ module Aws::SecretsManager
     # later invocation of `RotateSecret` assumes that a previous rotation
     # request is still in progress and returns an error.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][7].
+    #
     # <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more
-    # information, see [ IAM policy actions for Secrets Manager][7] and
-    # [Authentication and access control in Secrets Manager][8]. You also
+    # information, see [ IAM policy actions for Secrets Manager][8] and
+    # [Authentication and access control in Secrets Manager][9]. You also
     # need `lambda:InvokeFunction` permissions on the rotation function. For
-    # more information, see [ Permissions for rotation][9].
+    # more information, see [ Permissions for rotation][10].
     #
     #
     #
@@ -2078,9 +2190,10 @@ module Aws::SecretsManager
     # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
     # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html
     # [6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html
-    # [7]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [8]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
-    # [9]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
+    # [7]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [8]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [9]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [10]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to rotate.
@@ -2222,15 +2335,21 @@ module Aws::SecretsManager
     # You must call this operation from the Region in which you want to
     # promote the replica to a primary secret.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][1].
+    #
     # <b>Required permissions: </b>
     # `secretsmanager:StopReplicationToReplica`. For more information, see [
-    # IAM policy actions for Secrets Manager][1] and [Authentication and
-    # access control in Secrets Manager][2].
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN of the primary secret.
@@ -2289,14 +2408,20 @@ module Aws::SecretsManager
     # operation would result in you losing your permissions for this secret,
     # then the operation is blocked and returns an Access Denied error.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][1].
+    #
     # <b>Required permissions: </b> `secretsmanager:TagResource`. For more
-    # information, see [ IAM policy actions for Secrets Manager][1] and
-    # [Authentication and access control in Secrets Manager][2].
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The identifier for the secret to attach tags to. You can specify
@@ -2376,14 +2501,20 @@ module Aws::SecretsManager
     # would result in you losing your permissions for this secret, then the
     # operation is blocked and returns an Access Denied error.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][1].
+    #
     # <b>Required permissions: </b> `secretsmanager:UntagResource`. For more
-    # information, see [ IAM policy actions for Secrets Manager][1] and
-    # [Authentication and access control in Secrets Manager][2].
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
@@ -2458,8 +2589,9 @@ module Aws::SecretsManager
     # reach the quota for secret versions.
     #
     # If you include `SecretString` or `SecretBinary` to create a new secret
-    # version, Secrets Manager automatically attaches the staging label
-    # `AWSCURRENT` to the new version.
+    # version, Secrets Manager automatically moves the staging label
+    # `AWSCURRENT` to the new version. Then it attaches the label
+    # `AWSPREVIOUS` to the version that `AWSCURRENT` was removed from.
     #
     # If you call this operation with a `ClientRequestToken` that matches an
     # existing version's `VersionId`, the operation results in an error.
@@ -2467,18 +2599,25 @@ module Aws::SecretsManager
     # version. To remove a version, remove all staging labels from it. See
     # UpdateSecretVersionStage.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # except `SecretBinary` or `SecretString` because it might be logged.
+    # For more information, see [Logging Secrets Manager events with
+    # CloudTrail][1].
+    #
     # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more
-    # information, see [ IAM policy actions for Secrets Manager][1] and
-    # [Authentication and access control in Secrets Manager][2]. If you use
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3]. If you use
     # a customer managed key, you must also have `kms:GenerateDataKey` and
     # `kms:Decrypt` permissions on the key. For more information, see [
-    # Secret encryption and decryption][3].
+    # Secret encryption and decryption][4].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
@@ -2671,16 +2810,22 @@ module Aws::SecretsManager
     # then the version is considered to be 'deprecated' and can be deleted
     # by Secrets Manager.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][2].
+    #
     # <b>Required permissions: </b>
     # `secretsmanager:UpdateSecretVersionStage`. For more information, see [
-    # IAM policy actions for Secrets Manager][2] and [Authentication and
-    # access control in Secrets Manager][3].
+    # IAM policy actions for Secrets Manager][3] and [Authentication and
+    # access control in Secrets Manager][4].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or the name of the secret with the version and staging
@@ -2809,15 +2954,21 @@ module Aws::SecretsManager
     #
     # * Verifies the policy does not lock out a caller.
     #
+    # Secrets Manager generates a CloudTrail log entry when you call this
+    # action. Do not include sensitive information in request parameters
+    # because it might be logged. For more information, see [Logging Secrets
+    # Manager events with CloudTrail][2].
+    #
     # <b>Required permissions: </b> `secretsmanager:ValidateResourcePolicy`.
-    # For more information, see [ IAM policy actions for Secrets Manager][2]
-    # and [Authentication and access control in Secrets Manager][3].
+    # For more information, see [ IAM policy actions for Secrets Manager][3]
+    # and [Authentication and access control in Secrets Manager][4].
     #
     #
     #
     # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [String] :secret_id
     #   This field is reserved for internal use.
@@ -2890,7 +3041,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.65.0'
+      context[:gem_version] = '1.67.0'
       Seahorse::Client::Request.new(handlers, context)
     end