aws-sdk-secretsmanager 1.81.0 → 1.89.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e59a6b33a6c17f0a2dc23311bef30f6ed2092732a4c870cab2cd056f83a8aab2
4
- data.tar.gz: 2611bd919d4d288fee0fe7ab8a20a51aba5eaab4b3a7577ecbee650aea0dde69
3
+ metadata.gz: 923abb0f15dbf93c43bc9b78c4e717937965e006f9b7cdd06f62e6a7e7607ee0
4
+ data.tar.gz: 646436ad1fb5ea3559377f2f42fcbfacc2d99ec543467f672d959bd22e60f03e
5
5
  SHA512:
6
- metadata.gz: 6ff4ae1cf3a2f34959beae04741dac6bfa1e13aba10e78cec0ae8c88886de8a685b3eedfcdc4e2e343112805cdba76918d6ac8e781062b402d7245c4757dc9ca
7
- data.tar.gz: 26f4cfe6a06783c0de02ea8aac85031e97bf5c358be95663bf524911cab44a6387d1e84e48cb1a83187b39e0fbeda043324f09d50a1ae688c65b421e5f4d5dc5
6
+ metadata.gz: c499c1ef98120af158f7d307087215836e635e5a5ca293c61def398cb2755d7768efd251feab4359cea0707d5b19599ccb93b365875db30de4e50439dc9a986d
7
+ data.tar.gz: 90b78a72e59b3259536b84cb542cbb9acce5078ec239d180d0ad0782ff434ffa74d572e7c0b60d268b7f0979a71cfc4975310ac532704f490dedd4bfc972c41e
data/CHANGELOG.md CHANGED
@@ -1,6 +1,46 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.89.0 (2024-01-11)
5
+ ------------------
6
+
7
+ * Feature - Doc only update for Secrets Manager
8
+
9
+ 1.88.0 (2023-12-22)
10
+ ------------------
11
+
12
+ * Feature - Update endpoint rules and examples.
13
+
14
+ 1.87.0 (2023-11-28)
15
+ ------------------
16
+
17
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
18
+
19
+ 1.86.0 (2023-11-27)
20
+ ------------------
21
+
22
+ * Feature - AWS Secrets Manager has released the BatchGetSecretValue API, which allows customers to fetch up to 20 Secrets with a single request using a list of secret names or filters.
23
+
24
+ 1.85.0 (2023-11-22)
25
+ ------------------
26
+
27
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
28
+
29
+ 1.84.0 (2023-10-19)
30
+ ------------------
31
+
32
+ * Feature - Documentation updates for Secrets Manager
33
+
34
+ 1.83.0 (2023-09-27)
35
+ ------------------
36
+
37
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
38
+
39
+ 1.82.0 (2023-08-10)
40
+ ------------------
41
+
42
+ * Feature - Add additional InvalidRequestException to list of possible exceptions for ListSecret.
43
+
4
44
  1.81.0 (2023-07-13)
5
45
  ------------------
6
46
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.81.0
1
+ 1.89.0
@@ -398,6 +398,156 @@ module Aws::SecretsManager
398
398
 
399
399
  # @!group API Operations
400
400
 
401
+ # Retrieves the contents of the encrypted fields `SecretString` or
402
+ # `SecretBinary` for up to 20 secrets. To retrieve a single secret, call
403
+ # GetSecretValue.
404
+ #
405
+ # To choose which secrets to retrieve, you can specify a list of secrets
406
+ # by name or ARN, or you can use filters. If Secrets Manager encounters
407
+ # errors such as `AccessDeniedException` while attempting to retrieve
408
+ # any of the secrets, you can see the errors in `Errors` in the
409
+ # response.
410
+ #
411
+ # Secrets Manager generates CloudTrail `GetSecretValue` log entries for
412
+ # each secret you request when you call this action. Do not include
413
+ # sensitive information in request parameters because it might be
414
+ # logged. For more information, see [Logging Secrets Manager events with
415
+ # CloudTrail][1].
416
+ #
417
+ # <b>Required permissions: </b> `secretsmanager:BatchGetSecretValue`,
418
+ # and you must have `secretsmanager:GetSecretValue` for each secret. If
419
+ # you use filters, you must also have `secretsmanager:ListSecrets`. If
420
+ # the secrets are encrypted using customer-managed keys instead of the
421
+ # Amazon Web Services managed key `aws/secretsmanager`, then you also
422
+ # need `kms:Decrypt` permissions for the keys. For more information, see
423
+ # [ IAM policy actions for Secrets Manager][2] and [Authentication and
424
+ # access control in Secrets Manager][3].
425
+ #
426
+ #
427
+ #
428
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
429
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
430
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
431
+ #
432
+ # @option params [Array<String>] :secret_id_list
433
+ # The ARN or names of the secrets to retrieve. You must include
434
+ # `Filters` or `SecretIdList`, but not both.
435
+ #
436
+ # @option params [Array<Types::Filter>] :filters
437
+ # The filters to choose which secrets to retrieve. You must include
438
+ # `Filters` or `SecretIdList`, but not both.
439
+ #
440
+ # @option params [Integer] :max_results
441
+ # The number of results to include in the response.
442
+ #
443
+ # If there are more results available, in the response, Secrets Manager
444
+ # includes `NextToken`. To get the next results, call
445
+ # `BatchGetSecretValue` again with the value from `NextToken`.
446
+ #
447
+ # @option params [String] :next_token
448
+ # A token that indicates where the output should continue from, if a
449
+ # previous call did not show all results. To get the next results, call
450
+ # `BatchGetSecretValue` again with this value.
451
+ #
452
+ # @return [Types::BatchGetSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
453
+ #
454
+ # * {Types::BatchGetSecretValueResponse#secret_values #secret_values} => Array&lt;Types::SecretValueEntry&gt;
455
+ # * {Types::BatchGetSecretValueResponse#next_token #next_token} => String
456
+ # * {Types::BatchGetSecretValueResponse#errors #errors} => Array&lt;Types::APIErrorType&gt;
457
+ #
458
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
459
+ #
460
+ #
461
+ # @example Example: To retrieve the secret values for a group of secrets listed by name
462
+ #
463
+ # # The following example gets the values for three secrets.
464
+ #
465
+ # resp = client.batch_get_secret_value({
466
+ # secret_id_list: [
467
+ # "MySecret1",
468
+ # "MySecret2",
469
+ # "MySecret3",
470
+ # ],
471
+ # })
472
+ #
473
+ # resp.to_h outputs the following:
474
+ # {
475
+ # errors: [
476
+ # ],
477
+ # secret_values: [
478
+ # {
479
+ # arn: "&region-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret1-a1b2c3",
480
+ # created_date: Time.parse(1700591229.801),
481
+ # name: "MySecret1",
482
+ # secret_string: "{\"username\":\"diego_ramirez\",\"password\":\"EXAMPLE-PASSWORD\",\"engine\":\"mysql\",\"host\":\"secretsmanagertutorial.cluster.us-west-2.rds.amazonaws.com\",\"port\":3306,\"dbClusterIdentifier\":\"secretsmanagertutorial\"}",
483
+ # version_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLEaaaaa",
484
+ # version_stages: [
485
+ # "AWSCURRENT",
486
+ # ],
487
+ # },
488
+ # {
489
+ # arn: "&region-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret2-a1b2c3",
490
+ # created_date: Time.parse(1699911394.105),
491
+ # name: "MySecret2",
492
+ # secret_string: "{\"username\":\"akua_mansa\",\"password\":\"EXAMPLE-PASSWORD\"",
493
+ # version_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
494
+ # version_stages: [
495
+ # "AWSCURRENT",
496
+ # ],
497
+ # },
498
+ # {
499
+ # arn: "&region-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret3-a1b2c3",
500
+ # created_date: Time.parse(1699911394.105),
501
+ # name: "MySecret3",
502
+ # secret_string: "{\"username\":\"jie_liu\",\"password\":\"EXAMPLE-PASSWORD\"",
503
+ # version_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLEccccc",
504
+ # version_stages: [
505
+ # "AWSCURRENT",
506
+ # ],
507
+ # },
508
+ # ],
509
+ # }
510
+ #
511
+ # @example Request syntax with placeholder values
512
+ #
513
+ # resp = client.batch_get_secret_value({
514
+ # secret_id_list: ["SecretIdType"],
515
+ # filters: [
516
+ # {
517
+ # key: "description", # accepts description, name, tag-key, tag-value, primary-region, owning-service, all
518
+ # values: ["FilterValueStringType"],
519
+ # },
520
+ # ],
521
+ # max_results: 1,
522
+ # next_token: "NextTokenType",
523
+ # })
524
+ #
525
+ # @example Response structure
526
+ #
527
+ # resp.secret_values #=> Array
528
+ # resp.secret_values[0].arn #=> String
529
+ # resp.secret_values[0].name #=> String
530
+ # resp.secret_values[0].version_id #=> String
531
+ # resp.secret_values[0].secret_binary #=> String
532
+ # resp.secret_values[0].secret_string #=> String
533
+ # resp.secret_values[0].version_stages #=> Array
534
+ # resp.secret_values[0].version_stages[0] #=> String
535
+ # resp.secret_values[0].created_date #=> Time
536
+ # resp.next_token #=> String
537
+ # resp.errors #=> Array
538
+ # resp.errors[0].secret_id #=> String
539
+ # resp.errors[0].error_code #=> String
540
+ # resp.errors[0].message #=> String
541
+ #
542
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValue AWS API Documentation
543
+ #
544
+ # @overload batch_get_secret_value(params = {})
545
+ # @param [Hash] params ({})
546
+ def batch_get_secret_value(params = {}, options = {})
547
+ req = build_request(:batch_get_secret_value, params)
548
+ req.send_request(options)
549
+ end
550
+
401
551
  # Turns off automatic rotation, and if a rotation is currently in
402
552
  # progress, cancels the rotation.
403
553
  #
@@ -567,14 +717,14 @@ module Aws::SecretsManager
567
717
  # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
568
718
  # Services SDKs to call this operation, then you can leave this
569
719
  # parameter empty. The CLI or SDK generates a random UUID for you and
570
- # includes it as the value for this parameter in the request. If you
571
- # don't use the SDK and instead generate a raw HTTP request to the
572
- # Secrets Manager service endpoint, then you must generate a
573
- # `ClientRequestToken` yourself for the new version and include the
574
- # value in the request.
720
+ # includes it as the value for this parameter in the request.
575
721
  #
576
722
  # </note>
577
723
  #
724
+ # If you generate a raw HTTP request to the Secrets Manager service
725
+ # endpoint, then you must generate a `ClientRequestToken` and include it
726
+ # in the request.
727
+ #
578
728
  # This value helps ensure idempotency. Secrets Manager uses this value
579
729
  # to prevent the accidental creation of duplicate versions if there are
580
730
  # failures and retries during a rotation. We recommend that you generate
@@ -676,32 +826,15 @@ module Aws::SecretsManager
676
826
  # parameter, you should use single quotes to avoid confusion with the
677
827
  # double quotes required in the JSON text.
678
828
  #
679
- # The following restrictions apply to tags:
680
- #
681
- # * Maximum number of tags per secret: 50
682
- #
683
- # * Maximum key length: 127 Unicode characters in UTF-8
684
- #
685
- # * Maximum value length: 255 Unicode characters in UTF-8
686
- #
687
- # * Tag keys and values are case sensitive.
688
- #
689
- # * Do not use the `aws:` prefix in your tag names or values because
690
- # Amazon Web Services reserves it for Amazon Web Services use. You
691
- # can't edit or delete tag names or values with this prefix. Tags
692
- # with this prefix do not count against your tags per secret limit.
693
- #
694
- # * If you use your tagging schema across multiple services and
695
- # resources, other services might have restrictions on allowed
696
- # characters. Generally allowed characters: letters, spaces, and
697
- # numbers representable in UTF-8, plus the following special
698
- # characters: + - = . \_ : / @.
829
+ # For tag quotas and naming restrictions, see [Service quotas for
830
+ # Tagging][4] in the *Amazon Web Services General Reference guide*.
699
831
  #
700
832
  #
701
833
  #
702
834
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac
703
835
  # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2
704
836
  # [3]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
837
+ # [4]: https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas
705
838
  #
706
839
  # @option params [Array<Types::ReplicaRegionType>] :add_replica_regions
707
840
  # A list of Regions and KMS keys to replicate secrets.
@@ -1132,7 +1265,9 @@ module Aws::SecretsManager
1132
1265
 
1133
1266
  # Generates a random password. We recommend that you specify the maximum
1134
1267
  # length and include every character type that the system you are
1135
- # generating a password for can support.
1268
+ # generating a password for can support. By default, Secrets Manager
1269
+ # uses uppercase and lowercase letters, numbers, and the following
1270
+ # characters in passwords: `` !"#$%&'()*+,-./:;<=>?@[\\]^_`\{|\}~ ``
1136
1271
  #
1137
1272
  # Secrets Manager generates a CloudTrail log entry when you call this
1138
1273
  # action. Do not include sensitive information in request parameters
@@ -1311,6 +1446,9 @@ module Aws::SecretsManager
1311
1446
  # `SecretBinary` from the specified version of a secret, whichever
1312
1447
  # contains content.
1313
1448
  #
1449
+ # To retrieve the values for a group of secrets, call
1450
+ # BatchGetSecretValue.
1451
+ #
1314
1452
  # We recommend that you cache your secret values by using client-side
1315
1453
  # caching. Caching secrets improves speed and reduces your costs. For
1316
1454
  # more information, see [Cache secrets for your applications][1].
@@ -1569,7 +1707,7 @@ module Aws::SecretsManager
1569
1707
  #
1570
1708
  # To list the versions of a secret, use ListSecretVersionIds.
1571
1709
  #
1572
- # To get the secret value from `SecretString` or `SecretBinary`, call
1710
+ # To retrieve the values for the secrets, call BatchGetSecretValue or
1573
1711
  # GetSecretValue.
1574
1712
  #
1575
1713
  # For information about finding secrets in the console, see [Find
@@ -1860,19 +1998,20 @@ module Aws::SecretsManager
1860
1998
  #
1861
1999
  # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
1862
2000
  # Services SDKs to call this operation, then you can leave this
1863
- # parameter empty because they generate a random UUID for you. If you
1864
- # don't use the SDK and instead generate a raw HTTP request to the
1865
- # Secrets Manager service endpoint, then you must generate a
1866
- # `ClientRequestToken` yourself for new versions and include that value
1867
- # in the request.
2001
+ # parameter empty. The CLI or SDK generates a random UUID for you and
2002
+ # includes it as the value for this parameter in the request.
1868
2003
  #
1869
2004
  # </note>
1870
2005
  #
2006
+ # If you generate a raw HTTP request to the Secrets Manager service
2007
+ # endpoint, then you must generate a `ClientRequestToken` and include it
2008
+ # in the request.
2009
+ #
1871
2010
  # This value helps ensure idempotency. Secrets Manager uses this value
1872
2011
  # to prevent the accidental creation of duplicate versions if there are
1873
- # failures and retries during the Lambda rotation function processing.
1874
- # We recommend that you generate a [UUID-type][1] value to ensure
1875
- # uniqueness within the specified secret.
2012
+ # failures and retries during a rotation. We recommend that you generate
2013
+ # a [UUID-type][1] value to ensure uniqueness of your versions within
2014
+ # the specified secret.
1876
2015
  #
1877
2016
  # * If the `ClientRequestToken` value isn't already associated with a
1878
2017
  # version of the secret then a new version of the secret is created.
@@ -2049,9 +2188,13 @@ module Aws::SecretsManager
2049
2188
  # Manager events with CloudTrail][2].
2050
2189
  #
2051
2190
  # <b>Required permissions: </b>
2052
- # `secretsmanager:ReplicateSecretToRegions`. For more information, see [
2053
- # IAM policy actions for Secrets Manager][3] and [Authentication and
2054
- # access control in Secrets Manager][4].
2191
+ # `secretsmanager:ReplicateSecretToRegions`. If the primary secret is
2192
+ # encrypted with a KMS key other than `aws/secretsmanager`, you also
2193
+ # need `kms:Decrypt` permission to the key. To encrypt the replicated
2194
+ # secret with a KMS key other than `aws/secretsmanager`, you need
2195
+ # `kms:GenerateDataKey` and `kms:Encrypt` to the key. For more
2196
+ # information, see [ IAM policy actions for Secrets Manager][3] and
2197
+ # [Authentication and access control in Secrets Manager][4].
2055
2198
  #
2056
2199
  #
2057
2200
  #
@@ -2253,24 +2396,27 @@ module Aws::SecretsManager
2253
2396
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen
2254
2397
  #
2255
2398
  # @option params [String] :client_request_token
2256
- # A unique identifier for the new version of the secret that helps
2257
- # ensure idempotency. Secrets Manager uses this value to prevent the
2258
- # accidental creation of duplicate versions if there are failures and
2259
- # retries during rotation. This value becomes the `VersionId` of the new
2260
- # version.
2261
- #
2262
- # If you use the Amazon Web Services CLI or one of the Amazon Web
2263
- # Services SDK to call this operation, then you can leave this parameter
2264
- # empty. The CLI or SDK generates a random UUID for you and includes
2265
- # that in the request for this parameter. If you don't use the SDK and
2266
- # instead generate a raw HTTP request to the Secrets Manager service
2267
- # endpoint, then you must generate a `ClientRequestToken` yourself for
2268
- # new versions and include that value in the request.
2269
- #
2270
- # You only need to specify this value if you implement your own retry
2271
- # logic and you want to ensure that Secrets Manager doesn't attempt to
2272
- # create a secret version twice. We recommend that you generate a
2273
- # [UUID-type][1] value to ensure uniqueness within the specified secret.
2399
+ # A unique identifier for the new version of the secret. You only need
2400
+ # to specify this value if you implement your own retry logic and you
2401
+ # want to ensure that Secrets Manager doesn't attempt to create a
2402
+ # secret version twice.
2403
+ #
2404
+ # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
2405
+ # Services SDKs to call this operation, then you can leave this
2406
+ # parameter empty. The CLI or SDK generates a random UUID for you and
2407
+ # includes it as the value for this parameter in the request.
2408
+ #
2409
+ # </note>
2410
+ #
2411
+ # If you generate a raw HTTP request to the Secrets Manager service
2412
+ # endpoint, then you must generate a `ClientRequestToken` and include it
2413
+ # in the request.
2414
+ #
2415
+ # This value helps ensure idempotency. Secrets Manager uses this value
2416
+ # to prevent the accidental creation of duplicate versions if there are
2417
+ # failures and retries during a rotation. We recommend that you generate
2418
+ # a [UUID-type][1] value to ensure uniqueness of your versions within
2419
+ # the specified secret.
2274
2420
  #
2275
2421
  # **A suitable default value is auto-generated.** You should normally
2276
2422
  # not need to pass this option.**
@@ -2438,26 +2584,8 @@ module Aws::SecretsManager
2438
2584
  # specific versions of the secret. This operation appends tags to the
2439
2585
  # existing list of tags.
2440
2586
  #
2441
- # The following restrictions apply to tags:
2442
- #
2443
- # * Maximum number of tags per secret: 50
2444
- #
2445
- # * Maximum key length: 127 Unicode characters in UTF-8
2446
- #
2447
- # * Maximum value length: 255 Unicode characters in UTF-8
2448
- #
2449
- # * Tag keys and values are case sensitive.
2450
- #
2451
- # * Do not use the `aws:` prefix in your tag names or values because
2452
- # Amazon Web Services reserves it for Amazon Web Services use. You
2453
- # can't edit or delete tag names or values with this prefix. Tags
2454
- # with this prefix do not count against your tags per secret limit.
2455
- #
2456
- # * If you use your tagging schema across multiple services and
2457
- # resources, other services might have restrictions on allowed
2458
- # characters. Generally allowed characters: letters, spaces, and
2459
- # numbers representable in UTF-8, plus the following special
2460
- # characters: + - = . \_ : / @.
2587
+ # For tag quotas and naming restrictions, see [Service quotas for
2588
+ # Tagging][1] in the *Amazon Web Services General Reference guide*.
2461
2589
  #
2462
2590
  # If you use tags as part of your security strategy, then adding or
2463
2591
  # removing a tag can change permissions. If successfully completing this
@@ -2467,17 +2595,18 @@ module Aws::SecretsManager
2467
2595
  # Secrets Manager generates a CloudTrail log entry when you call this
2468
2596
  # action. Do not include sensitive information in request parameters
2469
2597
  # because it might be logged. For more information, see [Logging Secrets
2470
- # Manager events with CloudTrail][1].
2598
+ # Manager events with CloudTrail][2].
2471
2599
  #
2472
2600
  # <b>Required permissions: </b> `secretsmanager:TagResource`. For more
2473
- # information, see [ IAM policy actions for Secrets Manager][2] and
2474
- # [Authentication and access control in Secrets Manager][3].
2601
+ # information, see [ IAM policy actions for Secrets Manager][3] and
2602
+ # [Authentication and access control in Secrets Manager][4].
2475
2603
  #
2476
2604
  #
2477
2605
  #
2478
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2479
- # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2480
- # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2606
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas
2607
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
2608
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
2609
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2481
2610
  #
2482
2611
  # @option params [required, String] :secret_id
2483
2612
  # The identifier for the secret to attach tags to. You can specify
@@ -2701,19 +2830,27 @@ module Aws::SecretsManager
2701
2830
  # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
2702
2831
  # Services SDKs to call this operation, then you can leave this
2703
2832
  # parameter empty. The CLI or SDK generates a random UUID for you and
2704
- # includes it as the value for this parameter in the request. If you
2705
- # don't use the SDK and instead generate a raw HTTP request to the
2706
- # Secrets Manager service endpoint, then you must generate a
2707
- # `ClientRequestToken` yourself for the new version and include the
2708
- # value in the request.
2833
+ # includes it as the value for this parameter in the request.
2709
2834
  #
2710
2835
  # </note>
2711
2836
  #
2712
- # This value becomes the `VersionId` of the new version.
2837
+ # If you generate a raw HTTP request to the Secrets Manager service
2838
+ # endpoint, then you must generate a `ClientRequestToken` and include it
2839
+ # in the request.
2840
+ #
2841
+ # This value helps ensure idempotency. Secrets Manager uses this value
2842
+ # to prevent the accidental creation of duplicate versions if there are
2843
+ # failures and retries during a rotation. We recommend that you generate
2844
+ # a [UUID-type][1] value to ensure uniqueness of your versions within
2845
+ # the specified secret.
2713
2846
  #
2714
2847
  # **A suitable default value is auto-generated.** You should normally
2715
2848
  # not need to pass this option.**
2716
2849
  #
2850
+ #
2851
+ #
2852
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
2853
+ #
2717
2854
  # @option params [String] :description
2718
2855
  # The description of the secret.
2719
2856
  #
@@ -3108,7 +3245,7 @@ module Aws::SecretsManager
3108
3245
  params: params,
3109
3246
  config: config)
3110
3247
  context[:gem_name] = 'aws-sdk-secretsmanager'
3111
- context[:gem_version] = '1.81.0'
3248
+ context[:gem_version] = '1.89.0'
3112
3249
  Seahorse::Client::Request.new(handlers, context)
3113
3250
  end
3114
3251
 
@@ -13,8 +13,12 @@ module Aws::SecretsManager
13
13
 
14
14
  include Seahorse::Model
15
15
 
16
+ APIErrorListType = Shapes::ListShape.new(name: 'APIErrorListType')
17
+ APIErrorType = Shapes::StructureShape.new(name: 'APIErrorType')
16
18
  AddReplicaRegionListType = Shapes::ListShape.new(name: 'AddReplicaRegionListType')
17
19
  AutomaticallyRotateAfterDaysType = Shapes::IntegerShape.new(name: 'AutomaticallyRotateAfterDaysType')
20
+ BatchGetSecretValueRequest = Shapes::StructureShape.new(name: 'BatchGetSecretValueRequest')
21
+ BatchGetSecretValueResponse = Shapes::StructureShape.new(name: 'BatchGetSecretValueResponse')
18
22
  BooleanType = Shapes::BooleanShape.new(name: 'BooleanType')
19
23
  CancelRotateSecretRequest = Shapes::StructureShape.new(name: 'CancelRotateSecretRequest')
20
24
  CancelRotateSecretResponse = Shapes::StructureShape.new(name: 'CancelRotateSecretResponse')
@@ -34,6 +38,7 @@ module Aws::SecretsManager
34
38
  DescriptionType = Shapes::StringShape.new(name: 'DescriptionType')
35
39
  DurationType = Shapes::StringShape.new(name: 'DurationType')
36
40
  EncryptionFailure = Shapes::StructureShape.new(name: 'EncryptionFailure')
41
+ ErrorCode = Shapes::StringShape.new(name: 'ErrorCode')
37
42
  ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
38
43
  ExcludeCharactersType = Shapes::StringShape.new(name: 'ExcludeCharactersType')
39
44
  ExcludeLowercaseType = Shapes::BooleanShape.new(name: 'ExcludeLowercaseType')
@@ -67,6 +72,7 @@ module Aws::SecretsManager
67
72
  ListSecretsRequest = Shapes::StructureShape.new(name: 'ListSecretsRequest')
68
73
  ListSecretsResponse = Shapes::StructureShape.new(name: 'ListSecretsResponse')
69
74
  MalformedPolicyDocumentException = Shapes::StructureShape.new(name: 'MalformedPolicyDocumentException')
75
+ MaxResultsBatchType = Shapes::IntegerShape.new(name: 'MaxResultsBatchType')
70
76
  MaxResultsType = Shapes::IntegerShape.new(name: 'MaxResultsType')
71
77
  NameType = Shapes::StringShape.new(name: 'NameType')
72
78
  NextRotationDateType = Shapes::TimestampShape.new(name: 'NextRotationDateType')
@@ -104,11 +110,14 @@ module Aws::SecretsManager
104
110
  ScheduleExpressionType = Shapes::StringShape.new(name: 'ScheduleExpressionType')
105
111
  SecretARNType = Shapes::StringShape.new(name: 'SecretARNType')
106
112
  SecretBinaryType = Shapes::BlobShape.new(name: 'SecretBinaryType')
113
+ SecretIdListType = Shapes::ListShape.new(name: 'SecretIdListType')
107
114
  SecretIdType = Shapes::StringShape.new(name: 'SecretIdType')
108
115
  SecretListEntry = Shapes::StructureShape.new(name: 'SecretListEntry')
109
116
  SecretListType = Shapes::ListShape.new(name: 'SecretListType')
110
117
  SecretNameType = Shapes::StringShape.new(name: 'SecretNameType')
111
118
  SecretStringType = Shapes::StringShape.new(name: 'SecretStringType')
119
+ SecretValueEntry = Shapes::StructureShape.new(name: 'SecretValueEntry')
120
+ SecretValuesType = Shapes::ListShape.new(name: 'SecretValuesType')
112
121
  SecretVersionIdType = Shapes::StringShape.new(name: 'SecretVersionIdType')
113
122
  SecretVersionStageType = Shapes::StringShape.new(name: 'SecretVersionStageType')
114
123
  SecretVersionStagesType = Shapes::ListShape.new(name: 'SecretVersionStagesType')
@@ -137,8 +146,26 @@ module Aws::SecretsManager
137
146
  ValidationErrorsEntry = Shapes::StructureShape.new(name: 'ValidationErrorsEntry')
138
147
  ValidationErrorsType = Shapes::ListShape.new(name: 'ValidationErrorsType')
139
148
 
149
+ APIErrorListType.member = Shapes::ShapeRef.new(shape: APIErrorType)
150
+
151
+ APIErrorType.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, location_name: "SecretId"))
152
+ APIErrorType.add_member(:error_code, Shapes::ShapeRef.new(shape: ErrorCode, location_name: "ErrorCode"))
153
+ APIErrorType.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
154
+ APIErrorType.struct_class = Types::APIErrorType
155
+
140
156
  AddReplicaRegionListType.member = Shapes::ShapeRef.new(shape: ReplicaRegionType)
141
157
 
158
+ BatchGetSecretValueRequest.add_member(:secret_id_list, Shapes::ShapeRef.new(shape: SecretIdListType, location_name: "SecretIdList"))
159
+ BatchGetSecretValueRequest.add_member(:filters, Shapes::ShapeRef.new(shape: FiltersListType, location_name: "Filters"))
160
+ BatchGetSecretValueRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResultsBatchType, location_name: "MaxResults", metadata: {"box"=>true}))
161
+ BatchGetSecretValueRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "NextToken"))
162
+ BatchGetSecretValueRequest.struct_class = Types::BatchGetSecretValueRequest
163
+
164
+ BatchGetSecretValueResponse.add_member(:secret_values, Shapes::ShapeRef.new(shape: SecretValuesType, location_name: "SecretValues"))
165
+ BatchGetSecretValueResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "NextToken"))
166
+ BatchGetSecretValueResponse.add_member(:errors, Shapes::ShapeRef.new(shape: APIErrorListType, location_name: "Errors"))
167
+ BatchGetSecretValueResponse.struct_class = Types::BatchGetSecretValueResponse
168
+
142
169
  CancelRotateSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
143
170
  CancelRotateSecretRequest.struct_class = Types::CancelRotateSecretRequest
144
171
 
@@ -386,6 +413,8 @@ module Aws::SecretsManager
386
413
  RotationRulesType.add_member(:schedule_expression, Shapes::ShapeRef.new(shape: ScheduleExpressionType, location_name: "ScheduleExpression"))
387
414
  RotationRulesType.struct_class = Types::RotationRulesType
388
415
 
416
+ SecretIdListType.member = Shapes::ShapeRef.new(shape: SecretIdType)
417
+
389
418
  SecretListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
390
419
  SecretListEntry.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
391
420
  SecretListEntry.add_member(:description, Shapes::ShapeRef.new(shape: DescriptionType, location_name: "Description"))
@@ -407,6 +436,17 @@ module Aws::SecretsManager
407
436
 
408
437
  SecretListType.member = Shapes::ShapeRef.new(shape: SecretListEntry)
409
438
 
439
+ SecretValueEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
440
+ SecretValueEntry.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
441
+ SecretValueEntry.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
442
+ SecretValueEntry.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
443
+ SecretValueEntry.add_member(:secret_string, Shapes::ShapeRef.new(shape: SecretStringType, location_name: "SecretString"))
444
+ SecretValueEntry.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
445
+ SecretValueEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: CreatedDateType, location_name: "CreatedDate", metadata: {"box"=>true}))
446
+ SecretValueEntry.struct_class = Types::SecretValueEntry
447
+
448
+ SecretValuesType.member = Shapes::ShapeRef.new(shape: SecretValueEntry)
449
+
410
450
  SecretVersionStagesType.member = Shapes::ShapeRef.new(shape: SecretVersionStageType)
411
451
 
412
452
  SecretVersionsListEntry.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
@@ -499,6 +539,26 @@ module Aws::SecretsManager
499
539
  "uid" => "secretsmanager-2017-10-17",
500
540
  }
501
541
 
542
+ api.add_operation(:batch_get_secret_value, Seahorse::Model::Operation.new.tap do |o|
543
+ o.name = "BatchGetSecretValue"
544
+ o.http_method = "POST"
545
+ o.http_request_uri = "/"
546
+ o.input = Shapes::ShapeRef.new(shape: BatchGetSecretValueRequest)
547
+ o.output = Shapes::ShapeRef.new(shape: BatchGetSecretValueResponse)
548
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
549
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
550
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
551
+ o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
552
+ o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
553
+ o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
554
+ o[:pager] = Aws::Pager.new(
555
+ limit_key: "max_results",
556
+ tokens: {
557
+ "next_token" => "next_token"
558
+ }
559
+ )
560
+ end)
561
+
502
562
  api.add_operation(:cancel_rotate_secret, Seahorse::Model::Operation.new.tap do |o|
503
563
  o.name = "CancelRotateSecret"
504
564
  o.http_method = "POST"
@@ -625,6 +685,7 @@ module Aws::SecretsManager
625
685
  o.input = Shapes::ShapeRef.new(shape: ListSecretsRequest)
626
686
  o.output = Shapes::ShapeRef.new(shape: ListSecretsResponse)
627
687
  o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
688
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
628
689
  o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
629
690
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
630
691
  o[:pager] = Aws::Pager.new(
@@ -27,18 +27,33 @@ module Aws::SecretsManager
27
27
  if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
28
28
  if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
29
29
  if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
30
+ if Aws::Endpoints::Matchers.string_equals?("aws", Aws::Endpoints::Matchers.attr(partition_result, "name"))
31
+ return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.amazonaws.com", headers: {}, properties: {})
32
+ end
33
+ if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
34
+ return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.amazonaws.com", headers: {}, properties: {})
35
+ end
30
36
  return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
31
37
  end
32
38
  raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
33
39
  end
34
40
  if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
35
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
41
+ if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
36
42
  return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
37
43
  end
38
44
  raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
39
45
  end
40
46
  if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
41
47
  if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
48
+ if Aws::Endpoints::Matchers.string_equals?("aws", Aws::Endpoints::Matchers.attr(partition_result, "name"))
49
+ return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.amazonaws.com", headers: {}, properties: {})
50
+ end
51
+ if Aws::Endpoints::Matchers.string_equals?("aws-cn", Aws::Endpoints::Matchers.attr(partition_result, "name"))
52
+ return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.amazonaws.com.cn", headers: {}, properties: {})
53
+ end
54
+ if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
55
+ return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.amazonaws.com", headers: {}, properties: {})
56
+ end
42
57
  return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
43
58
  end
44
59
  raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
@@ -12,6 +12,20 @@ module Aws::SecretsManager
12
12
  # @api private
13
13
  module Endpoints
14
14
 
15
+ class BatchGetSecretValue
16
+ def self.build(context)
17
+ unless context.config.regional_endpoint
18
+ endpoint = context.config.endpoint.to_s
19
+ end
20
+ Aws::SecretsManager::EndpointParameters.new(
21
+ region: context.config.region,
22
+ use_dual_stack: context.config.use_dualstack_endpoint,
23
+ use_fips: context.config.use_fips_endpoint,
24
+ endpoint: endpoint,
25
+ )
26
+ end
27
+ end
28
+
15
29
  class CancelRotateSecret
16
30
  def self.build(context)
17
31
  unless context.config.regional_endpoint
@@ -25,16 +25,17 @@ module Aws::SecretsManager
25
25
  # @api private
26
26
  class Handler < Seahorse::Client::Handler
27
27
  def call(context)
28
- # If endpoint was discovered, do not resolve or apply the endpoint.
29
28
  unless context[:discovered_endpoint]
30
29
  params = parameters_for_operation(context)
31
30
  endpoint = context.config.endpoint_provider.resolve_endpoint(params)
32
31
 
33
32
  context.http_request.endpoint = endpoint.url
34
33
  apply_endpoint_headers(context, endpoint.headers)
34
+
35
+ context[:endpoint_params] = params
36
+ context[:endpoint_properties] = endpoint.properties
35
37
  end
36
38
 
37
- context[:endpoint_params] = params
38
39
  context[:auth_scheme] =
39
40
  Aws::Endpoints.resolve_auth_scheme(context, endpoint)
40
41
 
@@ -56,6 +57,8 @@ module Aws::SecretsManager
56
57
 
57
58
  def parameters_for_operation(context)
58
59
  case context.operation_name
60
+ when :batch_get_secret_value
61
+ Aws::SecretsManager::Endpoints::BatchGetSecretValue.build(context)
59
62
  when :cancel_rotate_secret
60
63
  Aws::SecretsManager::Endpoints::CancelRotateSecret.build(context)
61
64
  when :create_secret
@@ -10,6 +10,97 @@
10
10
  module Aws::SecretsManager
11
11
  module Types
12
12
 
13
+ # The error Secrets Manager encountered while retrieving an individual
14
+ # secret as part of BatchGetSecretValue.
15
+ #
16
+ # @!attribute [rw] secret_id
17
+ # The ARN or name of the secret.
18
+ # @return [String]
19
+ #
20
+ # @!attribute [rw] error_code
21
+ # The error Secrets Manager encountered while retrieving an individual
22
+ # secret as part of BatchGetSecretValue, for example
23
+ # `ResourceNotFoundException`,`InvalidParameterException`,
24
+ # `InvalidRequestException`, `DecryptionFailure`, or
25
+ # `AccessDeniedException`.
26
+ # @return [String]
27
+ #
28
+ # @!attribute [rw] message
29
+ # A message describing the error.
30
+ # @return [String]
31
+ #
32
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/APIErrorType AWS API Documentation
33
+ #
34
+ class APIErrorType < Struct.new(
35
+ :secret_id,
36
+ :error_code,
37
+ :message)
38
+ SENSITIVE = []
39
+ include Aws::Structure
40
+ end
41
+
42
+ # @!attribute [rw] secret_id_list
43
+ # The ARN or names of the secrets to retrieve. You must include
44
+ # `Filters` or `SecretIdList`, but not both.
45
+ # @return [Array<String>]
46
+ #
47
+ # @!attribute [rw] filters
48
+ # The filters to choose which secrets to retrieve. You must include
49
+ # `Filters` or `SecretIdList`, but not both.
50
+ # @return [Array<Types::Filter>]
51
+ #
52
+ # @!attribute [rw] max_results
53
+ # The number of results to include in the response.
54
+ #
55
+ # If there are more results available, in the response, Secrets
56
+ # Manager includes `NextToken`. To get the next results, call
57
+ # `BatchGetSecretValue` again with the value from `NextToken`.
58
+ # @return [Integer]
59
+ #
60
+ # @!attribute [rw] next_token
61
+ # A token that indicates where the output should continue from, if a
62
+ # previous call did not show all results. To get the next results,
63
+ # call `BatchGetSecretValue` again with this value.
64
+ # @return [String]
65
+ #
66
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValueRequest AWS API Documentation
67
+ #
68
+ class BatchGetSecretValueRequest < Struct.new(
69
+ :secret_id_list,
70
+ :filters,
71
+ :max_results,
72
+ :next_token)
73
+ SENSITIVE = []
74
+ include Aws::Structure
75
+ end
76
+
77
+ # @!attribute [rw] secret_values
78
+ # A list of secret values.
79
+ # @return [Array<Types::SecretValueEntry>]
80
+ #
81
+ # @!attribute [rw] next_token
82
+ # Secrets Manager includes this value if there's more output
83
+ # available than what is included in the current response. This can
84
+ # occur even when the response includes no values at all, such as when
85
+ # you ask for a filtered view of a long list. To get the next results,
86
+ # call `BatchGetSecretValue` again with this value.
87
+ # @return [String]
88
+ #
89
+ # @!attribute [rw] errors
90
+ # A list of errors Secrets Manager encountered while attempting to
91
+ # retrieve individual secrets.
92
+ # @return [Array<Types::APIErrorType>]
93
+ #
94
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValueResponse AWS API Documentation
95
+ #
96
+ class BatchGetSecretValueResponse < Struct.new(
97
+ :secret_values,
98
+ :next_token,
99
+ :errors)
100
+ SENSITIVE = []
101
+ include Aws::Structure
102
+ end
103
+
13
104
  # @!attribute [rw] secret_id
14
105
  # The ARN or name of the secret.
15
106
  #
@@ -77,14 +168,14 @@ module Aws::SecretsManager
77
168
  # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
78
169
  # Services SDKs to call this operation, then you can leave this
79
170
  # parameter empty. The CLI or SDK generates a random UUID for you and
80
- # includes it as the value for this parameter in the request. If you
81
- # don't use the SDK and instead generate a raw HTTP request to the
82
- # Secrets Manager service endpoint, then you must generate a
83
- # `ClientRequestToken` yourself for the new version and include the
84
- # value in the request.
171
+ # includes it as the value for this parameter in the request.
85
172
  #
86
173
  # </note>
87
174
  #
175
+ # If you generate a raw HTTP request to the Secrets Manager service
176
+ # endpoint, then you must generate a `ClientRequestToken` and include
177
+ # it in the request.
178
+ #
88
179
  # This value helps ensure idempotency. Secrets Manager uses this value
89
180
  # to prevent the accidental creation of duplicate versions if there
90
181
  # are failures and retries during a rotation. We recommend that you
@@ -191,32 +282,15 @@ module Aws::SecretsManager
191
282
  # parameter, you should use single quotes to avoid confusion with the
192
283
  # double quotes required in the JSON text.
193
284
  #
194
- # The following restrictions apply to tags:
195
- #
196
- # * Maximum number of tags per secret: 50
197
- #
198
- # * Maximum key length: 127 Unicode characters in UTF-8
199
- #
200
- # * Maximum value length: 255 Unicode characters in UTF-8
201
- #
202
- # * Tag keys and values are case sensitive.
203
- #
204
- # * Do not use the `aws:` prefix in your tag names or values because
205
- # Amazon Web Services reserves it for Amazon Web Services use. You
206
- # can't edit or delete tag names or values with this prefix. Tags
207
- # with this prefix do not count against your tags per secret limit.
208
- #
209
- # * If you use your tagging schema across multiple services and
210
- # resources, other services might have restrictions on allowed
211
- # characters. Generally allowed characters: letters, spaces, and
212
- # numbers representable in UTF-8, plus the following special
213
- # characters: + - = . \_ : / @.
285
+ # For tag quotas and naming restrictions, see [Service quotas for
286
+ # Tagging][4] in the *Amazon Web Services General Reference guide*.
214
287
  #
215
288
  #
216
289
  #
217
290
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac
218
291
  # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2
219
292
  # [3]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
293
+ # [4]: https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas
220
294
  # @return [Array<Types::Tag>]
221
295
  #
222
296
  # @!attribute [rw] add_replica_regions
@@ -472,8 +546,8 @@ module Aws::SecretsManager
472
546
  #
473
547
  # @!attribute [rw] last_rotated_date
474
548
  # The last date and time that Secrets Manager rotated the secret. If
475
- # the secret isn't configured for rotation, Secrets Manager returns
476
- # null.
549
+ # the secret isn't configured for rotation or rotation has been
550
+ # disabled, Secrets Manager returns null.
477
551
  # @return [Time]
478
552
  #
479
553
  # @!attribute [rw] last_changed_date
@@ -499,8 +573,8 @@ module Aws::SecretsManager
499
573
  #
500
574
  # @!attribute [rw] next_rotation_date
501
575
  # The next rotation is scheduled to occur on or before this date. If
502
- # the secret isn't configured for rotation, Secrets Manager returns
503
- # null.
576
+ # the secret isn't configured for rotation or rotation has been
577
+ # disabled, Secrets Manager returns null.
504
578
  # @return [Time]
505
579
  #
506
580
  # @!attribute [rw] tags
@@ -838,18 +912,15 @@ module Aws::SecretsManager
838
912
  #
839
913
  # @!attribute [rw] secret_binary
840
914
  # The decrypted secret value, if the secret value was originally
841
- # provided as binary data in the form of a byte array. The response
842
- # parameter represents the binary data as a [base64-encoded][1]
843
- # string.
915
+ # provided as binary data in the form of a byte array. When you
916
+ # retrieve a `SecretBinary` using the HTTP API, the Python SDK, or the
917
+ # Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it
918
+ # is not encoded.
844
919
  #
845
920
  # If the secret was created by using the Secrets Manager console, or
846
921
  # if the secret value was originally provided as a string, then this
847
922
  # field is omitted. The secret value appears in `SecretString`
848
923
  # instead.
849
- #
850
- #
851
- #
852
- # [1]: https://tools.ietf.org/html/rfc4648#section-4
853
924
  # @return [String]
854
925
  #
855
926
  # @!attribute [rw] secret_string
@@ -1215,19 +1286,20 @@ module Aws::SecretsManager
1215
1286
  #
1216
1287
  # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
1217
1288
  # Services SDKs to call this operation, then you can leave this
1218
- # parameter empty because they generate a random UUID for you. If you
1219
- # don't use the SDK and instead generate a raw HTTP request to the
1220
- # Secrets Manager service endpoint, then you must generate a
1221
- # `ClientRequestToken` yourself for new versions and include that
1222
- # value in the request.
1289
+ # parameter empty. The CLI or SDK generates a random UUID for you and
1290
+ # includes it as the value for this parameter in the request.
1223
1291
  #
1224
1292
  # </note>
1225
1293
  #
1294
+ # If you generate a raw HTTP request to the Secrets Manager service
1295
+ # endpoint, then you must generate a `ClientRequestToken` and include
1296
+ # it in the request.
1297
+ #
1226
1298
  # This value helps ensure idempotency. Secrets Manager uses this value
1227
1299
  # to prevent the accidental creation of duplicate versions if there
1228
- # are failures and retries during the Lambda rotation function
1229
- # processing. We recommend that you generate a [UUID-type][1] value to
1230
- # ensure uniqueness within the specified secret.
1300
+ # are failures and retries during a rotation. We recommend that you
1301
+ # generate a [UUID-type][1] value to ensure uniqueness of your
1302
+ # versions within the specified secret.
1231
1303
  #
1232
1304
  # * If the `ClientRequestToken` value isn't already associated with a
1233
1305
  # version of the secret then a new version of the secret is created.
@@ -1542,26 +1614,27 @@ module Aws::SecretsManager
1542
1614
  # @return [String]
1543
1615
  #
1544
1616
  # @!attribute [rw] client_request_token
1545
- # A unique identifier for the new version of the secret that helps
1546
- # ensure idempotency. Secrets Manager uses this value to prevent the
1547
- # accidental creation of duplicate versions if there are failures and
1548
- # retries during rotation. This value becomes the `VersionId` of the
1549
- # new version.
1617
+ # A unique identifier for the new version of the secret. You only need
1618
+ # to specify this value if you implement your own retry logic and you
1619
+ # want to ensure that Secrets Manager doesn't attempt to create a
1620
+ # secret version twice.
1550
1621
  #
1551
- # If you use the Amazon Web Services CLI or one of the Amazon Web
1552
- # Services SDK to call this operation, then you can leave this
1622
+ # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
1623
+ # Services SDKs to call this operation, then you can leave this
1553
1624
  # parameter empty. The CLI or SDK generates a random UUID for you and
1554
- # includes that in the request for this parameter. If you don't use
1555
- # the SDK and instead generate a raw HTTP request to the Secrets
1556
- # Manager service endpoint, then you must generate a
1557
- # `ClientRequestToken` yourself for new versions and include that
1558
- # value in the request.
1559
- #
1560
- # You only need to specify this value if you implement your own retry
1561
- # logic and you want to ensure that Secrets Manager doesn't attempt
1562
- # to create a secret version twice. We recommend that you generate a
1563
- # [UUID-type][1] value to ensure uniqueness within the specified
1564
- # secret.
1625
+ # includes it as the value for this parameter in the request.
1626
+ #
1627
+ # </note>
1628
+ #
1629
+ # If you generate a raw HTTP request to the Secrets Manager service
1630
+ # endpoint, then you must generate a `ClientRequestToken` and include
1631
+ # it in the request.
1632
+ #
1633
+ # This value helps ensure idempotency. Secrets Manager uses this value
1634
+ # to prevent the accidental creation of duplicate versions if there
1635
+ # are failures and retries during a rotation. We recommend that you
1636
+ # generate a [UUID-type][1] value to ensure uniqueness of your
1637
+ # versions within the specified secret.
1565
1638
  #
1566
1639
  # **A suitable default value is auto-generated.** You should normally
1567
1640
  # not need to pass this option.
@@ -1730,10 +1803,7 @@ module Aws::SecretsManager
1730
1803
  # @return [String]
1731
1804
  #
1732
1805
  # @!attribute [rw] name
1733
- # The friendly name of the secret. You can use forward slashes in the
1734
- # name to represent a path hierarchy. For example,
1735
- # `/prod/databases/dbserver1` could represent the secret for a server
1736
- # named `dbserver1` in the folder `databases` in the folder `prod`.
1806
+ # The friendly name of the secret.
1737
1807
  # @return [String]
1738
1808
  #
1739
1809
  # @!attribute [rw] description
@@ -1794,8 +1864,8 @@ module Aws::SecretsManager
1794
1864
  #
1795
1865
  # @!attribute [rw] next_rotation_date
1796
1866
  # The next rotation is scheduled to occur on or before this date. If
1797
- # the secret isn't configured for rotation, Secrets Manager returns
1798
- # null.
1867
+ # the secret isn't configured for rotation or rotation has been
1868
+ # disabled, Secrets Manager returns null.
1799
1869
  # @return [Time]
1800
1870
  #
1801
1871
  # @!attribute [rw] tags
@@ -1858,6 +1928,59 @@ module Aws::SecretsManager
1858
1928
  include Aws::Structure
1859
1929
  end
1860
1930
 
1931
+ # A structure that contains the secret value and other details for a
1932
+ # secret.
1933
+ #
1934
+ # @!attribute [rw] arn
1935
+ # The Amazon Resource Name (ARN) of the secret.
1936
+ # @return [String]
1937
+ #
1938
+ # @!attribute [rw] name
1939
+ # The friendly name of the secret.
1940
+ # @return [String]
1941
+ #
1942
+ # @!attribute [rw] version_id
1943
+ # The unique version identifier of this version of the secret.
1944
+ # @return [String]
1945
+ #
1946
+ # @!attribute [rw] secret_binary
1947
+ # The decrypted secret value, if the secret value was originally
1948
+ # provided as binary data in the form of a byte array. The parameter
1949
+ # represents the binary data as a [base64-encoded][1] string.
1950
+ #
1951
+ #
1952
+ #
1953
+ # [1]: https://tools.ietf.org/html/rfc4648#section-4
1954
+ # @return [String]
1955
+ #
1956
+ # @!attribute [rw] secret_string
1957
+ # The decrypted secret value, if the secret value was originally
1958
+ # provided as a string or through the Secrets Manager console.
1959
+ # @return [String]
1960
+ #
1961
+ # @!attribute [rw] version_stages
1962
+ # A list of all of the staging labels currently attached to this
1963
+ # version of the secret.
1964
+ # @return [Array<String>]
1965
+ #
1966
+ # @!attribute [rw] created_date
1967
+ # The date the secret was created.
1968
+ # @return [Time]
1969
+ #
1970
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretValueEntry AWS API Documentation
1971
+ #
1972
+ class SecretValueEntry < Struct.new(
1973
+ :arn,
1974
+ :name,
1975
+ :version_id,
1976
+ :secret_binary,
1977
+ :secret_string,
1978
+ :version_stages,
1979
+ :created_date)
1980
+ SENSITIVE = [:secret_binary, :secret_string]
1981
+ include Aws::Structure
1982
+ end
1983
+
1861
1984
  # A structure that contains information about one version of a secret.
1862
1985
  #
1863
1986
  # @!attribute [rw] version_id
@@ -2031,18 +2154,26 @@ module Aws::SecretsManager
2031
2154
  # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
2032
2155
  # Services SDKs to call this operation, then you can leave this
2033
2156
  # parameter empty. The CLI or SDK generates a random UUID for you and
2034
- # includes it as the value for this parameter in the request. If you
2035
- # don't use the SDK and instead generate a raw HTTP request to the
2036
- # Secrets Manager service endpoint, then you must generate a
2037
- # `ClientRequestToken` yourself for the new version and include the
2038
- # value in the request.
2157
+ # includes it as the value for this parameter in the request.
2039
2158
  #
2040
2159
  # </note>
2041
2160
  #
2042
- # This value becomes the `VersionId` of the new version.
2161
+ # If you generate a raw HTTP request to the Secrets Manager service
2162
+ # endpoint, then you must generate a `ClientRequestToken` and include
2163
+ # it in the request.
2164
+ #
2165
+ # This value helps ensure idempotency. Secrets Manager uses this value
2166
+ # to prevent the accidental creation of duplicate versions if there
2167
+ # are failures and retries during a rotation. We recommend that you
2168
+ # generate a [UUID-type][1] value to ensure uniqueness of your
2169
+ # versions within the specified secret.
2043
2170
  #
2044
2171
  # **A suitable default value is auto-generated.** You should normally
2045
2172
  # not need to pass this option.
2173
+ #
2174
+ #
2175
+ #
2176
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
2046
2177
  # @return [String]
2047
2178
  #
2048
2179
  # @!attribute [rw] description
@@ -32,7 +32,7 @@ require_relative 'aws-sdk-secretsmanager/customizations'
32
32
  # structure.
33
33
  #
34
34
  # secrets_manager = Aws::SecretsManager::Client.new
35
- # resp = secrets_manager.cancel_rotate_secret(params)
35
+ # resp = secrets_manager.batch_get_secret_value(params)
36
36
  #
37
37
  # See {Client} for more information.
38
38
  #
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
52
52
  # @!group service
53
53
  module Aws::SecretsManager
54
54
 
55
- GEM_VERSION = '1.81.0'
55
+ GEM_VERSION = '1.89.0'
56
56
 
57
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-secretsmanager
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.81.0
4
+ version: 1.89.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-13 00:00:00.000000000 Z
11
+ date: 2024-01-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.177.0
22
+ version: 3.188.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.177.0
32
+ version: 3.188.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -72,7 +72,7 @@ licenses:
72
72
  metadata:
73
73
  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-secretsmanager
74
74
  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-secretsmanager/CHANGELOG.md
75
- post_install_message:
75
+ post_install_message:
76
76
  rdoc_options: []
77
77
  require_paths:
78
78
  - lib
@@ -80,15 +80,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
80
80
  requirements:
81
81
  - - ">="
82
82
  - !ruby/object:Gem::Version
83
- version: '2.3'
83
+ version: '2.5'
84
84
  required_rubygems_version: !ruby/object:Gem::Requirement
85
85
  requirements:
86
86
  - - ">="
87
87
  - !ruby/object:Gem::Version
88
88
  version: '0'
89
89
  requirements: []
90
- rubygems_version: 3.1.6
91
- signing_key:
90
+ rubygems_version: 3.4.10
91
+ signing_key:
92
92
  specification_version: 4
93
93
  summary: AWS SDK for Ruby - AWS Secrets Manager
94
94
  test_files: []