aws-sdk-secretsmanager 1.81.0 → 1.89.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e59a6b33a6c17f0a2dc23311bef30f6ed2092732a4c870cab2cd056f83a8aab2
-  data.tar.gz: 2611bd919d4d288fee0fe7ab8a20a51aba5eaab4b3a7577ecbee650aea0dde69
+  metadata.gz: 923abb0f15dbf93c43bc9b78c4e717937965e006f9b7cdd06f62e6a7e7607ee0
+  data.tar.gz: 646436ad1fb5ea3559377f2f42fcbfacc2d99ec543467f672d959bd22e60f03e
 SHA512:
-  metadata.gz: 6ff4ae1cf3a2f34959beae04741dac6bfa1e13aba10e78cec0ae8c88886de8a685b3eedfcdc4e2e343112805cdba76918d6ac8e781062b402d7245c4757dc9ca
-  data.tar.gz: 26f4cfe6a06783c0de02ea8aac85031e97bf5c358be95663bf524911cab44a6387d1e84e48cb1a83187b39e0fbeda043324f09d50a1ae688c65b421e5f4d5dc5
+  metadata.gz: c499c1ef98120af158f7d307087215836e635e5a5ca293c61def398cb2755d7768efd251feab4359cea0707d5b19599ccb93b365875db30de4e50439dc9a986d
+  data.tar.gz: 90b78a72e59b3259536b84cb542cbb9acce5078ec239d180d0ad0782ff434ffa74d572e7c0b60d268b7f0979a71cfc4975310ac532704f490dedd4bfc972c41e

data/CHANGELOG.md

@@ -1,6 +1,46 @@
 Unreleased Changes
 ------------------
 
+1.89.0 (2024-01-11)
+------------------
+
+* Feature - Doc only update for Secrets Manager
+
+1.88.0 (2023-12-22)
+------------------
+
+* Feature - Update endpoint rules and examples.
+
+1.87.0 (2023-11-28)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.86.0 (2023-11-27)
+------------------
+
+* Feature - AWS Secrets Manager has released the BatchGetSecretValue API, which allows customers to fetch up to 20 Secrets with a single request using a list of secret names or filters.
+
+1.85.0 (2023-11-22)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.84.0 (2023-10-19)
+------------------
+
+* Feature - Documentation updates for Secrets Manager
+
+1.83.0 (2023-09-27)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.82.0 (2023-08-10)
+------------------
+
+* Feature - Add additional InvalidRequestException to list of possible exceptions for ListSecret.
+
 1.81.0 (2023-07-13)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.81.0
+1.89.0

data/lib/aws-sdk-secretsmanager/client.rb

@@ -398,6 +398,156 @@ module Aws::SecretsManager
 
     # @!group API Operations
 
+    # Retrieves the contents of the encrypted fields `SecretString` or
+    # `SecretBinary` for up to 20 secrets. To retrieve a single secret, call
+    # GetSecretValue.
+    #
+    # To choose which secrets to retrieve, you can specify a list of secrets
+    # by name or ARN, or you can use filters. If Secrets Manager encounters
+    # errors such as `AccessDeniedException` while attempting to retrieve
+    # any of the secrets, you can see the errors in `Errors` in the
+    # response.
+    #
+    # Secrets Manager generates CloudTrail `GetSecretValue` log entries for
+    # each secret you request when you call this action. Do not include
+    # sensitive information in request parameters because it might be
+    # logged. For more information, see [Logging Secrets Manager events with
+    # CloudTrail][1].
+    #
+    # <b>Required permissions: </b> `secretsmanager:BatchGetSecretValue`,
+    # and you must have `secretsmanager:GetSecretValue` for each secret. If
+    # you use filters, you must also have `secretsmanager:ListSecrets`. If
+    # the secrets are encrypted using customer-managed keys instead of the
+    # Amazon Web Services managed key `aws/secretsmanager`, then you also
+    # need `kms:Decrypt` permissions for the keys. For more information, see
+    # [ IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
+    # @option params [Array<String>] :secret_id_list
+    #   The ARN or names of the secrets to retrieve. You must include
+    #   `Filters` or `SecretIdList`, but not both.
+    #
+    # @option params [Array<Types::Filter>] :filters
+    #   The filters to choose which secrets to retrieve. You must include
+    #   `Filters` or `SecretIdList`, but not both.
+    #
+    # @option params [Integer] :max_results
+    #   The number of results to include in the response.
+    #
+    #   If there are more results available, in the response, Secrets Manager
+    #   includes `NextToken`. To get the next results, call
+    #   `BatchGetSecretValue` again with the value from `NextToken`.
+    #
+    # @option params [String] :next_token
+    #   A token that indicates where the output should continue from, if a
+    #   previous call did not show all results. To get the next results, call
+    #   `BatchGetSecretValue` again with this value.
+    #
+    # @return [Types::BatchGetSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::BatchGetSecretValueResponse#secret_values #secret_values} => Array&lt;Types::SecretValueEntry&gt;
+    #   * {Types::BatchGetSecretValueResponse#next_token #next_token} => String
+    #   * {Types::BatchGetSecretValueResponse#errors #errors} => Array&lt;Types::APIErrorType&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    #
+    # @example Example: To retrieve the secret values for a group of secrets listed by name
+    #
+    #   # The following example gets the values for three secrets.
+    #
+    #   resp = client.batch_get_secret_value({
+    #     secret_id_list: [
+    #       "MySecret1", 
+    #       "MySecret2", 
+    #       "MySecret3", 
+    #     ], 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     errors: [
+    #     ], 
+    #     secret_values: [
+    #       {
+    #         arn: "&region-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret1-a1b2c3", 
+    #         created_date: Time.parse(1700591229.801), 
+    #         name: "MySecret1", 
+    #         secret_string: "{\"username\":\"diego_ramirez\",\"password\":\"EXAMPLE-PASSWORD\",\"engine\":\"mysql\",\"host\":\"secretsmanagertutorial.cluster.us-west-2.rds.amazonaws.com\",\"port\":3306,\"dbClusterIdentifier\":\"secretsmanagertutorial\"}", 
+    #         version_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLEaaaaa", 
+    #         version_stages: [
+    #           "AWSCURRENT", 
+    #         ], 
+    #       }, 
+    #       {
+    #         arn: "&region-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret2-a1b2c3", 
+    #         created_date: Time.parse(1699911394.105), 
+    #         name: "MySecret2", 
+    #         secret_string: "{\"username\":\"akua_mansa\",\"password\":\"EXAMPLE-PASSWORD\"", 
+    #         version_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", 
+    #         version_stages: [
+    #           "AWSCURRENT", 
+    #         ], 
+    #       }, 
+    #       {
+    #         arn: "&region-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret3-a1b2c3", 
+    #         created_date: Time.parse(1699911394.105), 
+    #         name: "MySecret3", 
+    #         secret_string: "{\"username\":\"jie_liu\",\"password\":\"EXAMPLE-PASSWORD\"", 
+    #         version_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLEccccc", 
+    #         version_stages: [
+    #           "AWSCURRENT", 
+    #         ], 
+    #       }, 
+    #     ], 
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.batch_get_secret_value({
+    #     secret_id_list: ["SecretIdType"],
+    #     filters: [
+    #       {
+    #         key: "description", # accepts description, name, tag-key, tag-value, primary-region, owning-service, all
+    #         values: ["FilterValueStringType"],
+    #       },
+    #     ],
+    #     max_results: 1,
+    #     next_token: "NextTokenType",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.secret_values #=> Array
+    #   resp.secret_values[0].arn #=> String
+    #   resp.secret_values[0].name #=> String
+    #   resp.secret_values[0].version_id #=> String
+    #   resp.secret_values[0].secret_binary #=> String
+    #   resp.secret_values[0].secret_string #=> String
+    #   resp.secret_values[0].version_stages #=> Array
+    #   resp.secret_values[0].version_stages[0] #=> String
+    #   resp.secret_values[0].created_date #=> Time
+    #   resp.next_token #=> String
+    #   resp.errors #=> Array
+    #   resp.errors[0].secret_id #=> String
+    #   resp.errors[0].error_code #=> String
+    #   resp.errors[0].message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValue AWS API Documentation
+    #
+    # @overload batch_get_secret_value(params = {})
+    # @param [Hash] params ({})
+    def batch_get_secret_value(params = {}, options = {})
+      req = build_request(:batch_get_secret_value, params)
+      req.send_request(options)
+    end
+
     # Turns off automatic rotation, and if a rotation is currently in
     # progress, cancels the rotation.
     #
@@ -567,14 +717,14 @@ module Aws::SecretsManager
     #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
     #   Services SDKs to call this operation, then you can leave this
     #   parameter empty. The CLI or SDK generates a random UUID for you and
-    #   includes it as the value for this parameter in the request. If you
-    #   don't use the SDK and instead generate a raw HTTP request to the
-    #   Secrets Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for the new version and include the
-    #   value in the request.
+    #   includes it as the value for this parameter in the request.
     #
     #    </note>
     #
+    #   If you generate a raw HTTP request to the Secrets Manager service
+    #   endpoint, then you must generate a `ClientRequestToken` and include it
+    #   in the request.
+    #
     #   This value helps ensure idempotency. Secrets Manager uses this value
     #   to prevent the accidental creation of duplicate versions if there are
     #   failures and retries during a rotation. We recommend that you generate
@@ -676,32 +826,15 @@ module Aws::SecretsManager
     #   parameter, you should use single quotes to avoid confusion with the
     #   double quotes required in the JSON text.
     #
-    #   The following restrictions apply to tags:
-    #
-    #   * Maximum number of tags per secret: 50
-    #
-    #   * Maximum key length: 127 Unicode characters in UTF-8
-    #
-    #   * Maximum value length: 255 Unicode characters in UTF-8
-    #
-    #   * Tag keys and values are case sensitive.
-    #
-    #   * Do not use the `aws:` prefix in your tag names or values because
-    #     Amazon Web Services reserves it for Amazon Web Services use. You
-    #     can't edit or delete tag names or values with this prefix. Tags
-    #     with this prefix do not count against your tags per secret limit.
-    #
-    #   * If you use your tagging schema across multiple services and
-    #     resources, other services might have restrictions on allowed
-    #     characters. Generally allowed characters: letters, spaces, and
-    #     numbers representable in UTF-8, plus the following special
-    #     characters: + - = . \_ : / @.
+    #   For tag quotas and naming restrictions, see [Service quotas for
+    #   Tagging][4] in the *Amazon Web Services General Reference guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac
     #   [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2
     #   [3]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [4]: https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas
     #
     # @option params [Array<Types::ReplicaRegionType>] :add_replica_regions
     #   A list of Regions and KMS keys to replicate secrets.
@@ -1132,7 +1265,9 @@ module Aws::SecretsManager
 
     # Generates a random password. We recommend that you specify the maximum
     # length and include every character type that the system you are
-    # generating a password for can support.
+    # generating a password for can support. By default, Secrets Manager
+    # uses uppercase and lowercase letters, numbers, and the following
+    # characters in passwords: `` !"#$%&'()*+,-./:;<=>?@[\\]^_`\{|\}~ ``
     #
     # Secrets Manager generates a CloudTrail log entry when you call this
     # action. Do not include sensitive information in request parameters
@@ -1311,6 +1446,9 @@ module Aws::SecretsManager
     # `SecretBinary` from the specified version of a secret, whichever
     # contains content.
     #
+    # To retrieve the values for a group of secrets, call
+    # BatchGetSecretValue.
+    #
     # We recommend that you cache your secret values by using client-side
     # caching. Caching secrets improves speed and reduces your costs. For
     # more information, see [Cache secrets for your applications][1].
@@ -1569,7 +1707,7 @@ module Aws::SecretsManager
     #
     # To list the versions of a secret, use ListSecretVersionIds.
     #
-    # To get the secret value from `SecretString` or `SecretBinary`, call
+    # To retrieve the values for the secrets, call BatchGetSecretValue or
     # GetSecretValue.
     #
     # For information about finding secrets in the console, see [Find
@@ -1860,19 +1998,20 @@ module Aws::SecretsManager
     #
     #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
     #   Services SDKs to call this operation, then you can leave this
-    #   parameter empty because they generate a random UUID for you. If you
-    #   don't use the SDK and instead generate a raw HTTP request to the
-    #   Secrets Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for new versions and include that value
-    #   in the request.
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes it as the value for this parameter in the request.
     #
     #    </note>
     #
+    #   If you generate a raw HTTP request to the Secrets Manager service
+    #   endpoint, then you must generate a `ClientRequestToken` and include it
+    #   in the request.
+    #
     #   This value helps ensure idempotency. Secrets Manager uses this value
     #   to prevent the accidental creation of duplicate versions if there are
-    #   failures and retries during the Lambda rotation function processing.
-    #   We recommend that you generate a [UUID-type][1] value to ensure
-    #   uniqueness within the specified secret.
+    #   failures and retries during a rotation. We recommend that you generate
+    #   a [UUID-type][1] value to ensure uniqueness of your versions within
+    #   the specified secret.
     #
     #   * If the `ClientRequestToken` value isn't already associated with a
     #     version of the secret then a new version of the secret is created.
@@ -2049,9 +2188,13 @@ module Aws::SecretsManager
     # Manager events with CloudTrail][2].
     #
     # <b>Required permissions: </b>
-    # `secretsmanager:ReplicateSecretToRegions`. For more information, see [
-    # IAM policy actions for Secrets Manager][3] and [Authentication and
-    # access control in Secrets Manager][4].
+    # `secretsmanager:ReplicateSecretToRegions`. If the primary secret is
+    # encrypted with a KMS key other than `aws/secretsmanager`, you also
+    # need `kms:Decrypt` permission to the key. To encrypt the replicated
+    # secret with a KMS key other than `aws/secretsmanager`, you need
+    # `kms:GenerateDataKey` and `kms:Encrypt` to the key. For more
+    # information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][4].
     #
     #
     #
@@ -2253,24 +2396,27 @@ module Aws::SecretsManager
     #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen
     #
     # @option params [String] :client_request_token
-    #   A unique identifier for the new version of the secret that helps
-    #   ensure idempotency. Secrets Manager uses this value to prevent the
-    #   accidental creation of duplicate versions if there are failures and
-    #   retries during rotation. This value becomes the `VersionId` of the new
-    #   version.
-    #
-    #   If you use the Amazon Web Services CLI or one of the Amazon Web
-    #   Services SDK to call this operation, then you can leave this parameter
-    #   empty. The CLI or SDK generates a random UUID for you and includes
-    #   that in the request for this parameter. If you don't use the SDK and
-    #   instead generate a raw HTTP request to the Secrets Manager service
-    #   endpoint, then you must generate a `ClientRequestToken` yourself for
-    #   new versions and include that value in the request.
-    #
-    #   You only need to specify this value if you implement your own retry
-    #   logic and you want to ensure that Secrets Manager doesn't attempt to
-    #   create a secret version twice. We recommend that you generate a
-    #   [UUID-type][1] value to ensure uniqueness within the specified secret.
+    #   A unique identifier for the new version of the secret. You only need
+    #   to specify this value if you implement your own retry logic and you
+    #   want to ensure that Secrets Manager doesn't attempt to create a
+    #   secret version twice.
+    #
+    #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDKs to call this operation, then you can leave this
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes it as the value for this parameter in the request.
+    #
+    #    </note>
+    #
+    #   If you generate a raw HTTP request to the Secrets Manager service
+    #   endpoint, then you must generate a `ClientRequestToken` and include it
+    #   in the request.
+    #
+    #   This value helps ensure idempotency. Secrets Manager uses this value
+    #   to prevent the accidental creation of duplicate versions if there are
+    #   failures and retries during a rotation. We recommend that you generate
+    #   a [UUID-type][1] value to ensure uniqueness of your versions within
+    #   the specified secret.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -2438,26 +2584,8 @@ module Aws::SecretsManager
     # specific versions of the secret. This operation appends tags to the
     # existing list of tags.
     #
-    # The following restrictions apply to tags:
-    #
-    # * Maximum number of tags per secret: 50
-    #
-    # * Maximum key length: 127 Unicode characters in UTF-8
-    #
-    # * Maximum value length: 255 Unicode characters in UTF-8
-    #
-    # * Tag keys and values are case sensitive.
-    #
-    # * Do not use the `aws:` prefix in your tag names or values because
-    #   Amazon Web Services reserves it for Amazon Web Services use. You
-    #   can't edit or delete tag names or values with this prefix. Tags
-    #   with this prefix do not count against your tags per secret limit.
-    #
-    # * If you use your tagging schema across multiple services and
-    #   resources, other services might have restrictions on allowed
-    #   characters. Generally allowed characters: letters, spaces, and
-    #   numbers representable in UTF-8, plus the following special
-    #   characters: + - = . \_ : / @.
+    # For tag quotas and naming restrictions, see [Service quotas for
+    # Tagging][1] in the *Amazon Web Services General Reference guide*.
     #
     # If you use tags as part of your security strategy, then adding or
     # removing a tag can change permissions. If successfully completing this
@@ -2467,17 +2595,18 @@ module Aws::SecretsManager
     # Secrets Manager generates a CloudTrail log entry when you call this
     # action. Do not include sensitive information in request parameters
     # because it might be logged. For more information, see [Logging Secrets
-    # Manager events with CloudTrail][1].
+    # Manager events with CloudTrail][2].
     #
     # <b>Required permissions: </b> `secretsmanager:TagResource`. For more
-    # information, see [ IAM policy actions for Secrets Manager][2] and
-    # [Authentication and access control in Secrets Manager][3].
+    # information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][4].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [1]: https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The identifier for the secret to attach tags to. You can specify
@@ -2701,19 +2830,27 @@ module Aws::SecretsManager
     #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
     #   Services SDKs to call this operation, then you can leave this
     #   parameter empty. The CLI or SDK generates a random UUID for you and
-    #   includes it as the value for this parameter in the request. If you
-    #   don't use the SDK and instead generate a raw HTTP request to the
-    #   Secrets Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for the new version and include the
-    #   value in the request.
+    #   includes it as the value for this parameter in the request.
     #
     #    </note>
     #
-    #   This value becomes the `VersionId` of the new version.
+    #   If you generate a raw HTTP request to the Secrets Manager service
+    #   endpoint, then you must generate a `ClientRequestToken` and include it
+    #   in the request.
+    #
+    #   This value helps ensure idempotency. Secrets Manager uses this value
+    #   to prevent the accidental creation of duplicate versions if there are
+    #   failures and retries during a rotation. We recommend that you generate
+    #   a [UUID-type][1] value to ensure uniqueness of your versions within
+    #   the specified secret.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
     #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
+    #
     # @option params [String] :description
     #   The description of the secret.
     #
@@ -3108,7 +3245,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.81.0'
+      context[:gem_version] = '1.89.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-secretsmanager/client_api.rb

@@ -13,8 +13,12 @@ module Aws::SecretsManager
 
     include Seahorse::Model
 
+    APIErrorListType = Shapes::ListShape.new(name: 'APIErrorListType')
+    APIErrorType = Shapes::StructureShape.new(name: 'APIErrorType')
     AddReplicaRegionListType = Shapes::ListShape.new(name: 'AddReplicaRegionListType')
     AutomaticallyRotateAfterDaysType = Shapes::IntegerShape.new(name: 'AutomaticallyRotateAfterDaysType')
+    BatchGetSecretValueRequest = Shapes::StructureShape.new(name: 'BatchGetSecretValueRequest')
+    BatchGetSecretValueResponse = Shapes::StructureShape.new(name: 'BatchGetSecretValueResponse')
     BooleanType = Shapes::BooleanShape.new(name: 'BooleanType')
     CancelRotateSecretRequest = Shapes::StructureShape.new(name: 'CancelRotateSecretRequest')
     CancelRotateSecretResponse = Shapes::StructureShape.new(name: 'CancelRotateSecretResponse')
@@ -34,6 +38,7 @@ module Aws::SecretsManager
     DescriptionType = Shapes::StringShape.new(name: 'DescriptionType')
     DurationType = Shapes::StringShape.new(name: 'DurationType')
     EncryptionFailure = Shapes::StructureShape.new(name: 'EncryptionFailure')
+    ErrorCode = Shapes::StringShape.new(name: 'ErrorCode')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     ExcludeCharactersType = Shapes::StringShape.new(name: 'ExcludeCharactersType')
     ExcludeLowercaseType = Shapes::BooleanShape.new(name: 'ExcludeLowercaseType')
@@ -67,6 +72,7 @@ module Aws::SecretsManager
     ListSecretsRequest = Shapes::StructureShape.new(name: 'ListSecretsRequest')
     ListSecretsResponse = Shapes::StructureShape.new(name: 'ListSecretsResponse')
     MalformedPolicyDocumentException = Shapes::StructureShape.new(name: 'MalformedPolicyDocumentException')
+    MaxResultsBatchType = Shapes::IntegerShape.new(name: 'MaxResultsBatchType')
     MaxResultsType = Shapes::IntegerShape.new(name: 'MaxResultsType')
     NameType = Shapes::StringShape.new(name: 'NameType')
     NextRotationDateType = Shapes::TimestampShape.new(name: 'NextRotationDateType')
@@ -104,11 +110,14 @@ module Aws::SecretsManager
     ScheduleExpressionType = Shapes::StringShape.new(name: 'ScheduleExpressionType')
     SecretARNType = Shapes::StringShape.new(name: 'SecretARNType')
     SecretBinaryType = Shapes::BlobShape.new(name: 'SecretBinaryType')
+    SecretIdListType = Shapes::ListShape.new(name: 'SecretIdListType')
     SecretIdType = Shapes::StringShape.new(name: 'SecretIdType')
     SecretListEntry = Shapes::StructureShape.new(name: 'SecretListEntry')
     SecretListType = Shapes::ListShape.new(name: 'SecretListType')
     SecretNameType = Shapes::StringShape.new(name: 'SecretNameType')
     SecretStringType = Shapes::StringShape.new(name: 'SecretStringType')
+    SecretValueEntry = Shapes::StructureShape.new(name: 'SecretValueEntry')
+    SecretValuesType = Shapes::ListShape.new(name: 'SecretValuesType')
     SecretVersionIdType = Shapes::StringShape.new(name: 'SecretVersionIdType')
     SecretVersionStageType = Shapes::StringShape.new(name: 'SecretVersionStageType')
     SecretVersionStagesType = Shapes::ListShape.new(name: 'SecretVersionStagesType')
@@ -137,8 +146,26 @@ module Aws::SecretsManager
     ValidationErrorsEntry = Shapes::StructureShape.new(name: 'ValidationErrorsEntry')
     ValidationErrorsType = Shapes::ListShape.new(name: 'ValidationErrorsType')
 
+    APIErrorListType.member = Shapes::ShapeRef.new(shape: APIErrorType)
+
+    APIErrorType.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, location_name: "SecretId"))
+    APIErrorType.add_member(:error_code, Shapes::ShapeRef.new(shape: ErrorCode, location_name: "ErrorCode"))
+    APIErrorType.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
+    APIErrorType.struct_class = Types::APIErrorType
+
     AddReplicaRegionListType.member = Shapes::ShapeRef.new(shape: ReplicaRegionType)
 
+    BatchGetSecretValueRequest.add_member(:secret_id_list, Shapes::ShapeRef.new(shape: SecretIdListType, location_name: "SecretIdList"))
+    BatchGetSecretValueRequest.add_member(:filters, Shapes::ShapeRef.new(shape: FiltersListType, location_name: "Filters"))
+    BatchGetSecretValueRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResultsBatchType, location_name: "MaxResults", metadata: {"box"=>true}))
+    BatchGetSecretValueRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "NextToken"))
+    BatchGetSecretValueRequest.struct_class = Types::BatchGetSecretValueRequest
+
+    BatchGetSecretValueResponse.add_member(:secret_values, Shapes::ShapeRef.new(shape: SecretValuesType, location_name: "SecretValues"))
+    BatchGetSecretValueResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "NextToken"))
+    BatchGetSecretValueResponse.add_member(:errors, Shapes::ShapeRef.new(shape: APIErrorListType, location_name: "Errors"))
+    BatchGetSecretValueResponse.struct_class = Types::BatchGetSecretValueResponse
+
     CancelRotateSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
     CancelRotateSecretRequest.struct_class = Types::CancelRotateSecretRequest
 
@@ -386,6 +413,8 @@ module Aws::SecretsManager
     RotationRulesType.add_member(:schedule_expression, Shapes::ShapeRef.new(shape: ScheduleExpressionType, location_name: "ScheduleExpression"))
     RotationRulesType.struct_class = Types::RotationRulesType
 
+    SecretIdListType.member = Shapes::ShapeRef.new(shape: SecretIdType)
+
     SecretListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
     SecretListEntry.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
     SecretListEntry.add_member(:description, Shapes::ShapeRef.new(shape: DescriptionType, location_name: "Description"))
@@ -407,6 +436,17 @@ module Aws::SecretsManager
 
     SecretListType.member = Shapes::ShapeRef.new(shape: SecretListEntry)
 
+    SecretValueEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    SecretValueEntry.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
+    SecretValueEntry.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
+    SecretValueEntry.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
+    SecretValueEntry.add_member(:secret_string, Shapes::ShapeRef.new(shape: SecretStringType, location_name: "SecretString"))
+    SecretValueEntry.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
+    SecretValueEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: CreatedDateType, location_name: "CreatedDate", metadata: {"box"=>true}))
+    SecretValueEntry.struct_class = Types::SecretValueEntry
+
+    SecretValuesType.member = Shapes::ShapeRef.new(shape: SecretValueEntry)
+
     SecretVersionStagesType.member = Shapes::ShapeRef.new(shape: SecretVersionStageType)
 
     SecretVersionsListEntry.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
@@ -499,6 +539,26 @@ module Aws::SecretsManager
         "uid" => "secretsmanager-2017-10-17",
       }
 
+      api.add_operation(:batch_get_secret_value, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "BatchGetSecretValue"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: BatchGetSecretValueRequest)
+        o.output = Shapes::ShapeRef.new(shape: BatchGetSecretValueResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:cancel_rotate_secret, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CancelRotateSecret"
         o.http_method = "POST"
@@ -625,6 +685,7 @@ module Aws::SecretsManager
         o.input = Shapes::ShapeRef.new(shape: ListSecretsRequest)
         o.output = Shapes::ShapeRef.new(shape: ListSecretsResponse)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o[:pager] = Aws::Pager.new(

data/lib/aws-sdk-secretsmanager/endpoint_provider.rb

@@ -27,18 +27,33 @@ module Aws::SecretsManager
         if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              if Aws::Endpoints::Matchers.string_equals?("aws", Aws::Endpoints::Matchers.attr(partition_result, "name"))
+                return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.amazonaws.com", headers: {}, properties: {})
+              end
+              if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
+                return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.amazonaws.com", headers: {}, properties: {})
+              end
               return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+              if Aws::Endpoints::Matchers.string_equals?("aws", Aws::Endpoints::Matchers.attr(partition_result, "name"))
+                return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.amazonaws.com", headers: {}, properties: {})
+              end
+              if Aws::Endpoints::Matchers.string_equals?("aws-cn", Aws::Endpoints::Matchers.attr(partition_result, "name"))
+                return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.amazonaws.com.cn", headers: {}, properties: {})
+              end
+              if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
+                return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.amazonaws.com", headers: {}, properties: {})
+              end
               return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"

data/lib/aws-sdk-secretsmanager/endpoints.rb

@@ -12,6 +12,20 @@ module Aws::SecretsManager
   # @api private
   module Endpoints
 
+    class BatchGetSecretValue
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::SecretsManager::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class CancelRotateSecret
       def self.build(context)
         unless context.config.regional_endpoint

data/lib/aws-sdk-secretsmanager/plugins/endpoints.rb

@@ -25,16 +25,17 @@ module Aws::SecretsManager
       # @api private
       class Handler < Seahorse::Client::Handler
         def call(context)
-          # If endpoint was discovered, do not resolve or apply the endpoint.
           unless context[:discovered_endpoint]
             params = parameters_for_operation(context)
             endpoint = context.config.endpoint_provider.resolve_endpoint(params)
 
             context.http_request.endpoint = endpoint.url
             apply_endpoint_headers(context, endpoint.headers)
+
+            context[:endpoint_params] = params
+            context[:endpoint_properties] = endpoint.properties
           end
 
-          context[:endpoint_params] = params
           context[:auth_scheme] =
             Aws::Endpoints.resolve_auth_scheme(context, endpoint)
 
@@ -56,6 +57,8 @@ module Aws::SecretsManager
 
         def parameters_for_operation(context)
           case context.operation_name
+          when :batch_get_secret_value
+            Aws::SecretsManager::Endpoints::BatchGetSecretValue.build(context)
           when :cancel_rotate_secret
             Aws::SecretsManager::Endpoints::CancelRotateSecret.build(context)
           when :create_secret

data/lib/aws-sdk-secretsmanager/types.rb

@@ -10,6 +10,97 @@
 module Aws::SecretsManager
   module Types
 
+    # The error Secrets Manager encountered while retrieving an individual
+    # secret as part of BatchGetSecretValue.
+    #
+    # @!attribute [rw] secret_id
+    #   The ARN or name of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_code
+    #   The error Secrets Manager encountered while retrieving an individual
+    #   secret as part of BatchGetSecretValue, for example
+    #   `ResourceNotFoundException`,`InvalidParameterException`,
+    #   `InvalidRequestException`, `DecryptionFailure`, or
+    #   `AccessDeniedException`.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   A message describing the error.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/APIErrorType AWS API Documentation
+    #
+    class APIErrorType < Struct.new(
+      :secret_id,
+      :error_code,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] secret_id_list
+    #   The ARN or names of the secrets to retrieve. You must include
+    #   `Filters` or `SecretIdList`, but not both.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] filters
+    #   The filters to choose which secrets to retrieve. You must include
+    #   `Filters` or `SecretIdList`, but not both.
+    #   @return [Array<Types::Filter>]
+    #
+    # @!attribute [rw] max_results
+    #   The number of results to include in the response.
+    #
+    #   If there are more results available, in the response, Secrets
+    #   Manager includes `NextToken`. To get the next results, call
+    #   `BatchGetSecretValue` again with the value from `NextToken`.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   A token that indicates where the output should continue from, if a
+    #   previous call did not show all results. To get the next results,
+    #   call `BatchGetSecretValue` again with this value.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValueRequest AWS API Documentation
+    #
+    class BatchGetSecretValueRequest < Struct.new(
+      :secret_id_list,
+      :filters,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] secret_values
+    #   A list of secret values.
+    #   @return [Array<Types::SecretValueEntry>]
+    #
+    # @!attribute [rw] next_token
+    #   Secrets Manager includes this value if there's more output
+    #   available than what is included in the current response. This can
+    #   occur even when the response includes no values at all, such as when
+    #   you ask for a filtered view of a long list. To get the next results,
+    #   call `BatchGetSecretValue` again with this value.
+    #   @return [String]
+    #
+    # @!attribute [rw] errors
+    #   A list of errors Secrets Manager encountered while attempting to
+    #   retrieve individual secrets.
+    #   @return [Array<Types::APIErrorType>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValueResponse AWS API Documentation
+    #
+    class BatchGetSecretValueResponse < Struct.new(
+      :secret_values,
+      :next_token,
+      :errors)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] secret_id
     #   The ARN or name of the secret.
     #
@@ -77,14 +168,14 @@ module Aws::SecretsManager
     #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
     #   Services SDKs to call this operation, then you can leave this
     #   parameter empty. The CLI or SDK generates a random UUID for you and
-    #   includes it as the value for this parameter in the request. If you
-    #   don't use the SDK and instead generate a raw HTTP request to the
-    #   Secrets Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for the new version and include the
-    #   value in the request.
+    #   includes it as the value for this parameter in the request.
     #
     #    </note>
     #
+    #   If you generate a raw HTTP request to the Secrets Manager service
+    #   endpoint, then you must generate a `ClientRequestToken` and include
+    #   it in the request.
+    #
     #   This value helps ensure idempotency. Secrets Manager uses this value
     #   to prevent the accidental creation of duplicate versions if there
     #   are failures and retries during a rotation. We recommend that you
@@ -191,32 +282,15 @@ module Aws::SecretsManager
     #   parameter, you should use single quotes to avoid confusion with the
     #   double quotes required in the JSON text.
     #
-    #   The following restrictions apply to tags:
-    #
-    #   * Maximum number of tags per secret: 50
-    #
-    #   * Maximum key length: 127 Unicode characters in UTF-8
-    #
-    #   * Maximum value length: 255 Unicode characters in UTF-8
-    #
-    #   * Tag keys and values are case sensitive.
-    #
-    #   * Do not use the `aws:` prefix in your tag names or values because
-    #     Amazon Web Services reserves it for Amazon Web Services use. You
-    #     can't edit or delete tag names or values with this prefix. Tags
-    #     with this prefix do not count against your tags per secret limit.
-    #
-    #   * If you use your tagging schema across multiple services and
-    #     resources, other services might have restrictions on allowed
-    #     characters. Generally allowed characters: letters, spaces, and
-    #     numbers representable in UTF-8, plus the following special
-    #     characters: + - = . \_ : / @.
+    #   For tag quotas and naming restrictions, see [Service quotas for
+    #   Tagging][4] in the *Amazon Web Services General Reference guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac
     #   [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2
     #   [3]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
+    #   [4]: https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] add_replica_regions
@@ -472,8 +546,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] last_rotated_date
     #   The last date and time that Secrets Manager rotated the secret. If
-    #   the secret isn't configured for rotation, Secrets Manager returns
-    #   null.
+    #   the secret isn't configured for rotation or rotation has been
+    #   disabled, Secrets Manager returns null.
     #   @return [Time]
     #
     # @!attribute [rw] last_changed_date
@@ -499,8 +573,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] next_rotation_date
     #   The next rotation is scheduled to occur on or before this date. If
-    #   the secret isn't configured for rotation, Secrets Manager returns
-    #   null.
+    #   the secret isn't configured for rotation or rotation has been
+    #   disabled, Secrets Manager returns null.
     #   @return [Time]
     #
     # @!attribute [rw] tags
@@ -838,18 +912,15 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] secret_binary
     #   The decrypted secret value, if the secret value was originally
-    #   provided as binary data in the form of a byte array. The response
-    #   parameter represents the binary data as a [base64-encoded][1]
-    #   string.
+    #   provided as binary data in the form of a byte array. When you
+    #   retrieve a `SecretBinary` using the HTTP API, the Python SDK, or the
+    #   Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it
+    #   is not encoded.
     #
     #   If the secret was created by using the Secrets Manager console, or
     #   if the secret value was originally provided as a string, then this
     #   field is omitted. The secret value appears in `SecretString`
     #   instead.
-    #
-    #
-    #
-    #   [1]: https://tools.ietf.org/html/rfc4648#section-4
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -1215,19 +1286,20 @@ module Aws::SecretsManager
     #
     #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
     #   Services SDKs to call this operation, then you can leave this
-    #   parameter empty because they generate a random UUID for you. If you
-    #   don't use the SDK and instead generate a raw HTTP request to the
-    #   Secrets Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for new versions and include that
-    #   value in the request.
+    #   parameter empty. The CLI or SDK generates a random UUID for you and
+    #   includes it as the value for this parameter in the request.
     #
     #    </note>
     #
+    #   If you generate a raw HTTP request to the Secrets Manager service
+    #   endpoint, then you must generate a `ClientRequestToken` and include
+    #   it in the request.
+    #
     #   This value helps ensure idempotency. Secrets Manager uses this value
     #   to prevent the accidental creation of duplicate versions if there
-    #   are failures and retries during the Lambda rotation function
-    #   processing. We recommend that you generate a [UUID-type][1] value to
-    #   ensure uniqueness within the specified secret.
+    #   are failures and retries during a rotation. We recommend that you
+    #   generate a [UUID-type][1] value to ensure uniqueness of your
+    #   versions within the specified secret.
     #
     #   * If the `ClientRequestToken` value isn't already associated with a
     #     version of the secret then a new version of the secret is created.
@@ -1542,26 +1614,27 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] client_request_token
-    #   A unique identifier for the new version of the secret that helps
-    #   ensure idempotency. Secrets Manager uses this value to prevent the
-    #   accidental creation of duplicate versions if there are failures and
-    #   retries during rotation. This value becomes the `VersionId` of the
-    #   new version.
+    #   A unique identifier for the new version of the secret. You only need
+    #   to specify this value if you implement your own retry logic and you
+    #   want to ensure that Secrets Manager doesn't attempt to create a
+    #   secret version twice.
     #
-    #   If you use the Amazon Web Services CLI or one of the Amazon Web
-    #   Services SDK to call this operation, then you can leave this
+    #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
+    #   Services SDKs to call this operation, then you can leave this
     #   parameter empty. The CLI or SDK generates a random UUID for you and
-    #   includes that in the request for this parameter. If you don't use
-    #   the SDK and instead generate a raw HTTP request to the Secrets
-    #   Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for new versions and include that
-    #   value in the request.
-    #
-    #   You only need to specify this value if you implement your own retry
-    #   logic and you want to ensure that Secrets Manager doesn't attempt
-    #   to create a secret version twice. We recommend that you generate a
-    #   [UUID-type][1] value to ensure uniqueness within the specified
-    #   secret.
+    #   includes it as the value for this parameter in the request.
+    #
+    #    </note>
+    #
+    #   If you generate a raw HTTP request to the Secrets Manager service
+    #   endpoint, then you must generate a `ClientRequestToken` and include
+    #   it in the request.
+    #
+    #   This value helps ensure idempotency. Secrets Manager uses this value
+    #   to prevent the accidental creation of duplicate versions if there
+    #   are failures and retries during a rotation. We recommend that you
+    #   generate a [UUID-type][1] value to ensure uniqueness of your
+    #   versions within the specified secret.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -1730,10 +1803,7 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The friendly name of the secret. You can use forward slashes in the
-    #   name to represent a path hierarchy. For example,
-    #   `/prod/databases/dbserver1` could represent the secret for a server
-    #   named `dbserver1` in the folder `databases` in the folder `prod`.
+    #   The friendly name of the secret.
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -1794,8 +1864,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] next_rotation_date
     #   The next rotation is scheduled to occur on or before this date. If
-    #   the secret isn't configured for rotation, Secrets Manager returns
-    #   null.
+    #   the secret isn't configured for rotation or rotation has been
+    #   disabled, Secrets Manager returns null.
     #   @return [Time]
     #
     # @!attribute [rw] tags
@@ -1858,6 +1928,59 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
+    # A structure that contains the secret value and other details for a
+    # secret.
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The friendly name of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] version_id
+    #   The unique version identifier of this version of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_binary
+    #   The decrypted secret value, if the secret value was originally
+    #   provided as binary data in the form of a byte array. The parameter
+    #   represents the binary data as a [base64-encoded][1] string.
+    #
+    #
+    #
+    #   [1]: https://tools.ietf.org/html/rfc4648#section-4
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_string
+    #   The decrypted secret value, if the secret value was originally
+    #   provided as a string or through the Secrets Manager console.
+    #   @return [String]
+    #
+    # @!attribute [rw] version_stages
+    #   A list of all of the staging labels currently attached to this
+    #   version of the secret.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] created_date
+    #   The date the secret was created.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretValueEntry AWS API Documentation
+    #
+    class SecretValueEntry < Struct.new(
+      :arn,
+      :name,
+      :version_id,
+      :secret_binary,
+      :secret_string,
+      :version_stages,
+      :created_date)
+      SENSITIVE = [:secret_binary, :secret_string]
+      include Aws::Structure
+    end
+
     # A structure that contains information about one version of a secret.
     #
     # @!attribute [rw] version_id
@@ -2031,18 +2154,26 @@ module Aws::SecretsManager
     #   <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
     #   Services SDKs to call this operation, then you can leave this
     #   parameter empty. The CLI or SDK generates a random UUID for you and
-    #   includes it as the value for this parameter in the request. If you
-    #   don't use the SDK and instead generate a raw HTTP request to the
-    #   Secrets Manager service endpoint, then you must generate a
-    #   `ClientRequestToken` yourself for the new version and include the
-    #   value in the request.
+    #   includes it as the value for this parameter in the request.
     #
     #    </note>
     #
-    #   This value becomes the `VersionId` of the new version.
+    #   If you generate a raw HTTP request to the Secrets Manager service
+    #   endpoint, then you must generate a `ClientRequestToken` and include
+    #   it in the request.
+    #
+    #   This value helps ensure idempotency. Secrets Manager uses this value
+    #   to prevent the accidental creation of duplicate versions if there
+    #   are failures and retries during a rotation. We recommend that you
+    #   generate a [UUID-type][1] value to ensure uniqueness of your
+    #   versions within the specified secret.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
+    #
+    #
+    #
+    #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
     #   @return [String]
     #
     # @!attribute [rw] description

data/lib/aws-sdk-secretsmanager.rb

@@ -32,7 +32,7 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # structure.
 #
 #     secrets_manager = Aws::SecretsManager::Client.new
-#     resp = secrets_manager.cancel_rotate_secret(params)
+#     resp = secrets_manager.batch_get_secret_value(params)
 #
 # See {Client} for more information.
 #
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @!group service
 module Aws::SecretsManager
 
-  GEM_VERSION = '1.81.0'
+  GEM_VERSION = '1.89.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.81.0
+  version: 1.89.0
 platform: ruby
 authors:
 - Amazon Web Services
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-13 00:00:00.000000000 Z
+date: 2024-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.177.0
+        version: 3.188.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.177.0
+        version: 3.188.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement
@@ -72,7 +72,7 @@ licenses:
 metadata:
   source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-secretsmanager
   changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-secretsmanager/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -80,15 +80,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: AWS SDK for Ruby - AWS Secrets Manager
 test_files: []