aws-sdk-secretsmanager 1.81.0 → 1.89.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +40 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-secretsmanager/client.rb +226 -89
- data/lib/aws-sdk-secretsmanager/client_api.rb +61 -0
- data/lib/aws-sdk-secretsmanager/endpoint_provider.rb +16 -1
- data/lib/aws-sdk-secretsmanager/endpoints.rb +14 -0
- data/lib/aws-sdk-secretsmanager/plugins/endpoints.rb +5 -2
- data/lib/aws-sdk-secretsmanager/types.rb +205 -74
- data/lib/aws-sdk-secretsmanager.rb +2 -2
- metadata +9 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 923abb0f15dbf93c43bc9b78c4e717937965e006f9b7cdd06f62e6a7e7607ee0
|
4
|
+
data.tar.gz: 646436ad1fb5ea3559377f2f42fcbfacc2d99ec543467f672d959bd22e60f03e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c499c1ef98120af158f7d307087215836e635e5a5ca293c61def398cb2755d7768efd251feab4359cea0707d5b19599ccb93b365875db30de4e50439dc9a986d
|
7
|
+
data.tar.gz: 90b78a72e59b3259536b84cb542cbb9acce5078ec239d180d0ad0782ff434ffa74d572e7c0b60d268b7f0979a71cfc4975310ac532704f490dedd4bfc972c41e
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,46 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.89.0 (2024-01-11)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Doc only update for Secrets Manager
|
8
|
+
|
9
|
+
1.88.0 (2023-12-22)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Update endpoint rules and examples.
|
13
|
+
|
14
|
+
1.87.0 (2023-11-28)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
18
|
+
|
19
|
+
1.86.0 (2023-11-27)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - AWS Secrets Manager has released the BatchGetSecretValue API, which allows customers to fetch up to 20 Secrets with a single request using a list of secret names or filters.
|
23
|
+
|
24
|
+
1.85.0 (2023-11-22)
|
25
|
+
------------------
|
26
|
+
|
27
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
28
|
+
|
29
|
+
1.84.0 (2023-10-19)
|
30
|
+
------------------
|
31
|
+
|
32
|
+
* Feature - Documentation updates for Secrets Manager
|
33
|
+
|
34
|
+
1.83.0 (2023-09-27)
|
35
|
+
------------------
|
36
|
+
|
37
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
38
|
+
|
39
|
+
1.82.0 (2023-08-10)
|
40
|
+
------------------
|
41
|
+
|
42
|
+
* Feature - Add additional InvalidRequestException to list of possible exceptions for ListSecret.
|
43
|
+
|
4
44
|
1.81.0 (2023-07-13)
|
5
45
|
------------------
|
6
46
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.89.0
|
@@ -398,6 +398,156 @@ module Aws::SecretsManager
|
|
398
398
|
|
399
399
|
# @!group API Operations
|
400
400
|
|
401
|
+
# Retrieves the contents of the encrypted fields `SecretString` or
|
402
|
+
# `SecretBinary` for up to 20 secrets. To retrieve a single secret, call
|
403
|
+
# GetSecretValue.
|
404
|
+
#
|
405
|
+
# To choose which secrets to retrieve, you can specify a list of secrets
|
406
|
+
# by name or ARN, or you can use filters. If Secrets Manager encounters
|
407
|
+
# errors such as `AccessDeniedException` while attempting to retrieve
|
408
|
+
# any of the secrets, you can see the errors in `Errors` in the
|
409
|
+
# response.
|
410
|
+
#
|
411
|
+
# Secrets Manager generates CloudTrail `GetSecretValue` log entries for
|
412
|
+
# each secret you request when you call this action. Do not include
|
413
|
+
# sensitive information in request parameters because it might be
|
414
|
+
# logged. For more information, see [Logging Secrets Manager events with
|
415
|
+
# CloudTrail][1].
|
416
|
+
#
|
417
|
+
# <b>Required permissions: </b> `secretsmanager:BatchGetSecretValue`,
|
418
|
+
# and you must have `secretsmanager:GetSecretValue` for each secret. If
|
419
|
+
# you use filters, you must also have `secretsmanager:ListSecrets`. If
|
420
|
+
# the secrets are encrypted using customer-managed keys instead of the
|
421
|
+
# Amazon Web Services managed key `aws/secretsmanager`, then you also
|
422
|
+
# need `kms:Decrypt` permissions for the keys. For more information, see
|
423
|
+
# [ IAM policy actions for Secrets Manager][2] and [Authentication and
|
424
|
+
# access control in Secrets Manager][3].
|
425
|
+
#
|
426
|
+
#
|
427
|
+
#
|
428
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
|
429
|
+
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
|
430
|
+
# [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
|
431
|
+
#
|
432
|
+
# @option params [Array<String>] :secret_id_list
|
433
|
+
# The ARN or names of the secrets to retrieve. You must include
|
434
|
+
# `Filters` or `SecretIdList`, but not both.
|
435
|
+
#
|
436
|
+
# @option params [Array<Types::Filter>] :filters
|
437
|
+
# The filters to choose which secrets to retrieve. You must include
|
438
|
+
# `Filters` or `SecretIdList`, but not both.
|
439
|
+
#
|
440
|
+
# @option params [Integer] :max_results
|
441
|
+
# The number of results to include in the response.
|
442
|
+
#
|
443
|
+
# If there are more results available, in the response, Secrets Manager
|
444
|
+
# includes `NextToken`. To get the next results, call
|
445
|
+
# `BatchGetSecretValue` again with the value from `NextToken`.
|
446
|
+
#
|
447
|
+
# @option params [String] :next_token
|
448
|
+
# A token that indicates where the output should continue from, if a
|
449
|
+
# previous call did not show all results. To get the next results, call
|
450
|
+
# `BatchGetSecretValue` again with this value.
|
451
|
+
#
|
452
|
+
# @return [Types::BatchGetSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
453
|
+
#
|
454
|
+
# * {Types::BatchGetSecretValueResponse#secret_values #secret_values} => Array<Types::SecretValueEntry>
|
455
|
+
# * {Types::BatchGetSecretValueResponse#next_token #next_token} => String
|
456
|
+
# * {Types::BatchGetSecretValueResponse#errors #errors} => Array<Types::APIErrorType>
|
457
|
+
#
|
458
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
459
|
+
#
|
460
|
+
#
|
461
|
+
# @example Example: To retrieve the secret values for a group of secrets listed by name
|
462
|
+
#
|
463
|
+
# # The following example gets the values for three secrets.
|
464
|
+
#
|
465
|
+
# resp = client.batch_get_secret_value({
|
466
|
+
# secret_id_list: [
|
467
|
+
# "MySecret1",
|
468
|
+
# "MySecret2",
|
469
|
+
# "MySecret3",
|
470
|
+
# ],
|
471
|
+
# })
|
472
|
+
#
|
473
|
+
# resp.to_h outputs the following:
|
474
|
+
# {
|
475
|
+
# errors: [
|
476
|
+
# ],
|
477
|
+
# secret_values: [
|
478
|
+
# {
|
479
|
+
# arn: "®ion-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret1-a1b2c3",
|
480
|
+
# created_date: Time.parse(1700591229.801),
|
481
|
+
# name: "MySecret1",
|
482
|
+
# secret_string: "{\"username\":\"diego_ramirez\",\"password\":\"EXAMPLE-PASSWORD\",\"engine\":\"mysql\",\"host\":\"secretsmanagertutorial.cluster.us-west-2.rds.amazonaws.com\",\"port\":3306,\"dbClusterIdentifier\":\"secretsmanagertutorial\"}",
|
483
|
+
# version_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLEaaaaa",
|
484
|
+
# version_stages: [
|
485
|
+
# "AWSCURRENT",
|
486
|
+
# ],
|
487
|
+
# },
|
488
|
+
# {
|
489
|
+
# arn: "®ion-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret2-a1b2c3",
|
490
|
+
# created_date: Time.parse(1699911394.105),
|
491
|
+
# name: "MySecret2",
|
492
|
+
# secret_string: "{\"username\":\"akua_mansa\",\"password\":\"EXAMPLE-PASSWORD\"",
|
493
|
+
# version_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
|
494
|
+
# version_stages: [
|
495
|
+
# "AWSCURRENT",
|
496
|
+
# ],
|
497
|
+
# },
|
498
|
+
# {
|
499
|
+
# arn: "®ion-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret3-a1b2c3",
|
500
|
+
# created_date: Time.parse(1699911394.105),
|
501
|
+
# name: "MySecret3",
|
502
|
+
# secret_string: "{\"username\":\"jie_liu\",\"password\":\"EXAMPLE-PASSWORD\"",
|
503
|
+
# version_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLEccccc",
|
504
|
+
# version_stages: [
|
505
|
+
# "AWSCURRENT",
|
506
|
+
# ],
|
507
|
+
# },
|
508
|
+
# ],
|
509
|
+
# }
|
510
|
+
#
|
511
|
+
# @example Request syntax with placeholder values
|
512
|
+
#
|
513
|
+
# resp = client.batch_get_secret_value({
|
514
|
+
# secret_id_list: ["SecretIdType"],
|
515
|
+
# filters: [
|
516
|
+
# {
|
517
|
+
# key: "description", # accepts description, name, tag-key, tag-value, primary-region, owning-service, all
|
518
|
+
# values: ["FilterValueStringType"],
|
519
|
+
# },
|
520
|
+
# ],
|
521
|
+
# max_results: 1,
|
522
|
+
# next_token: "NextTokenType",
|
523
|
+
# })
|
524
|
+
#
|
525
|
+
# @example Response structure
|
526
|
+
#
|
527
|
+
# resp.secret_values #=> Array
|
528
|
+
# resp.secret_values[0].arn #=> String
|
529
|
+
# resp.secret_values[0].name #=> String
|
530
|
+
# resp.secret_values[0].version_id #=> String
|
531
|
+
# resp.secret_values[0].secret_binary #=> String
|
532
|
+
# resp.secret_values[0].secret_string #=> String
|
533
|
+
# resp.secret_values[0].version_stages #=> Array
|
534
|
+
# resp.secret_values[0].version_stages[0] #=> String
|
535
|
+
# resp.secret_values[0].created_date #=> Time
|
536
|
+
# resp.next_token #=> String
|
537
|
+
# resp.errors #=> Array
|
538
|
+
# resp.errors[0].secret_id #=> String
|
539
|
+
# resp.errors[0].error_code #=> String
|
540
|
+
# resp.errors[0].message #=> String
|
541
|
+
#
|
542
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValue AWS API Documentation
|
543
|
+
#
|
544
|
+
# @overload batch_get_secret_value(params = {})
|
545
|
+
# @param [Hash] params ({})
|
546
|
+
def batch_get_secret_value(params = {}, options = {})
|
547
|
+
req = build_request(:batch_get_secret_value, params)
|
548
|
+
req.send_request(options)
|
549
|
+
end
|
550
|
+
|
401
551
|
# Turns off automatic rotation, and if a rotation is currently in
|
402
552
|
# progress, cancels the rotation.
|
403
553
|
#
|
@@ -567,14 +717,14 @@ module Aws::SecretsManager
|
|
567
717
|
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
568
718
|
# Services SDKs to call this operation, then you can leave this
|
569
719
|
# parameter empty. The CLI or SDK generates a random UUID for you and
|
570
|
-
# includes it as the value for this parameter in the request.
|
571
|
-
# don't use the SDK and instead generate a raw HTTP request to the
|
572
|
-
# Secrets Manager service endpoint, then you must generate a
|
573
|
-
# `ClientRequestToken` yourself for the new version and include the
|
574
|
-
# value in the request.
|
720
|
+
# includes it as the value for this parameter in the request.
|
575
721
|
#
|
576
722
|
# </note>
|
577
723
|
#
|
724
|
+
# If you generate a raw HTTP request to the Secrets Manager service
|
725
|
+
# endpoint, then you must generate a `ClientRequestToken` and include it
|
726
|
+
# in the request.
|
727
|
+
#
|
578
728
|
# This value helps ensure idempotency. Secrets Manager uses this value
|
579
729
|
# to prevent the accidental creation of duplicate versions if there are
|
580
730
|
# failures and retries during a rotation. We recommend that you generate
|
@@ -676,32 +826,15 @@ module Aws::SecretsManager
|
|
676
826
|
# parameter, you should use single quotes to avoid confusion with the
|
677
827
|
# double quotes required in the JSON text.
|
678
828
|
#
|
679
|
-
#
|
680
|
-
#
|
681
|
-
# * Maximum number of tags per secret: 50
|
682
|
-
#
|
683
|
-
# * Maximum key length: 127 Unicode characters in UTF-8
|
684
|
-
#
|
685
|
-
# * Maximum value length: 255 Unicode characters in UTF-8
|
686
|
-
#
|
687
|
-
# * Tag keys and values are case sensitive.
|
688
|
-
#
|
689
|
-
# * Do not use the `aws:` prefix in your tag names or values because
|
690
|
-
# Amazon Web Services reserves it for Amazon Web Services use. You
|
691
|
-
# can't edit or delete tag names or values with this prefix. Tags
|
692
|
-
# with this prefix do not count against your tags per secret limit.
|
693
|
-
#
|
694
|
-
# * If you use your tagging schema across multiple services and
|
695
|
-
# resources, other services might have restrictions on allowed
|
696
|
-
# characters. Generally allowed characters: letters, spaces, and
|
697
|
-
# numbers representable in UTF-8, plus the following special
|
698
|
-
# characters: + - = . \_ : / @.
|
829
|
+
# For tag quotas and naming restrictions, see [Service quotas for
|
830
|
+
# Tagging][4] in the *Amazon Web Services General Reference guide*.
|
699
831
|
#
|
700
832
|
#
|
701
833
|
#
|
702
834
|
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac
|
703
835
|
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2
|
704
836
|
# [3]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
|
837
|
+
# [4]: https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas
|
705
838
|
#
|
706
839
|
# @option params [Array<Types::ReplicaRegionType>] :add_replica_regions
|
707
840
|
# A list of Regions and KMS keys to replicate secrets.
|
@@ -1132,7 +1265,9 @@ module Aws::SecretsManager
|
|
1132
1265
|
|
1133
1266
|
# Generates a random password. We recommend that you specify the maximum
|
1134
1267
|
# length and include every character type that the system you are
|
1135
|
-
# generating a password for can support.
|
1268
|
+
# generating a password for can support. By default, Secrets Manager
|
1269
|
+
# uses uppercase and lowercase letters, numbers, and the following
|
1270
|
+
# characters in passwords: `` !"#$%&'()*+,-./:;<=>?@[\\]^_`\{|\}~ ``
|
1136
1271
|
#
|
1137
1272
|
# Secrets Manager generates a CloudTrail log entry when you call this
|
1138
1273
|
# action. Do not include sensitive information in request parameters
|
@@ -1311,6 +1446,9 @@ module Aws::SecretsManager
|
|
1311
1446
|
# `SecretBinary` from the specified version of a secret, whichever
|
1312
1447
|
# contains content.
|
1313
1448
|
#
|
1449
|
+
# To retrieve the values for a group of secrets, call
|
1450
|
+
# BatchGetSecretValue.
|
1451
|
+
#
|
1314
1452
|
# We recommend that you cache your secret values by using client-side
|
1315
1453
|
# caching. Caching secrets improves speed and reduces your costs. For
|
1316
1454
|
# more information, see [Cache secrets for your applications][1].
|
@@ -1569,7 +1707,7 @@ module Aws::SecretsManager
|
|
1569
1707
|
#
|
1570
1708
|
# To list the versions of a secret, use ListSecretVersionIds.
|
1571
1709
|
#
|
1572
|
-
# To
|
1710
|
+
# To retrieve the values for the secrets, call BatchGetSecretValue or
|
1573
1711
|
# GetSecretValue.
|
1574
1712
|
#
|
1575
1713
|
# For information about finding secrets in the console, see [Find
|
@@ -1860,19 +1998,20 @@ module Aws::SecretsManager
|
|
1860
1998
|
#
|
1861
1999
|
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
1862
2000
|
# Services SDKs to call this operation, then you can leave this
|
1863
|
-
# parameter empty
|
1864
|
-
#
|
1865
|
-
# Secrets Manager service endpoint, then you must generate a
|
1866
|
-
# `ClientRequestToken` yourself for new versions and include that value
|
1867
|
-
# in the request.
|
2001
|
+
# parameter empty. The CLI or SDK generates a random UUID for you and
|
2002
|
+
# includes it as the value for this parameter in the request.
|
1868
2003
|
#
|
1869
2004
|
# </note>
|
1870
2005
|
#
|
2006
|
+
# If you generate a raw HTTP request to the Secrets Manager service
|
2007
|
+
# endpoint, then you must generate a `ClientRequestToken` and include it
|
2008
|
+
# in the request.
|
2009
|
+
#
|
1871
2010
|
# This value helps ensure idempotency. Secrets Manager uses this value
|
1872
2011
|
# to prevent the accidental creation of duplicate versions if there are
|
1873
|
-
# failures and retries during
|
1874
|
-
#
|
1875
|
-
#
|
2012
|
+
# failures and retries during a rotation. We recommend that you generate
|
2013
|
+
# a [UUID-type][1] value to ensure uniqueness of your versions within
|
2014
|
+
# the specified secret.
|
1876
2015
|
#
|
1877
2016
|
# * If the `ClientRequestToken` value isn't already associated with a
|
1878
2017
|
# version of the secret then a new version of the secret is created.
|
@@ -2049,9 +2188,13 @@ module Aws::SecretsManager
|
|
2049
2188
|
# Manager events with CloudTrail][2].
|
2050
2189
|
#
|
2051
2190
|
# <b>Required permissions: </b>
|
2052
|
-
# `secretsmanager:ReplicateSecretToRegions`.
|
2053
|
-
#
|
2054
|
-
#
|
2191
|
+
# `secretsmanager:ReplicateSecretToRegions`. If the primary secret is
|
2192
|
+
# encrypted with a KMS key other than `aws/secretsmanager`, you also
|
2193
|
+
# need `kms:Decrypt` permission to the key. To encrypt the replicated
|
2194
|
+
# secret with a KMS key other than `aws/secretsmanager`, you need
|
2195
|
+
# `kms:GenerateDataKey` and `kms:Encrypt` to the key. For more
|
2196
|
+
# information, see [ IAM policy actions for Secrets Manager][3] and
|
2197
|
+
# [Authentication and access control in Secrets Manager][4].
|
2055
2198
|
#
|
2056
2199
|
#
|
2057
2200
|
#
|
@@ -2253,24 +2396,27 @@ module Aws::SecretsManager
|
|
2253
2396
|
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen
|
2254
2397
|
#
|
2255
2398
|
# @option params [String] :client_request_token
|
2256
|
-
# A unique identifier for the new version of the secret
|
2257
|
-
#
|
2258
|
-
#
|
2259
|
-
#
|
2260
|
-
#
|
2261
|
-
#
|
2262
|
-
#
|
2263
|
-
#
|
2264
|
-
#
|
2265
|
-
#
|
2266
|
-
#
|
2267
|
-
#
|
2268
|
-
#
|
2269
|
-
#
|
2270
|
-
#
|
2271
|
-
#
|
2272
|
-
#
|
2273
|
-
#
|
2399
|
+
# A unique identifier for the new version of the secret. You only need
|
2400
|
+
# to specify this value if you implement your own retry logic and you
|
2401
|
+
# want to ensure that Secrets Manager doesn't attempt to create a
|
2402
|
+
# secret version twice.
|
2403
|
+
#
|
2404
|
+
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
2405
|
+
# Services SDKs to call this operation, then you can leave this
|
2406
|
+
# parameter empty. The CLI or SDK generates a random UUID for you and
|
2407
|
+
# includes it as the value for this parameter in the request.
|
2408
|
+
#
|
2409
|
+
# </note>
|
2410
|
+
#
|
2411
|
+
# If you generate a raw HTTP request to the Secrets Manager service
|
2412
|
+
# endpoint, then you must generate a `ClientRequestToken` and include it
|
2413
|
+
# in the request.
|
2414
|
+
#
|
2415
|
+
# This value helps ensure idempotency. Secrets Manager uses this value
|
2416
|
+
# to prevent the accidental creation of duplicate versions if there are
|
2417
|
+
# failures and retries during a rotation. We recommend that you generate
|
2418
|
+
# a [UUID-type][1] value to ensure uniqueness of your versions within
|
2419
|
+
# the specified secret.
|
2274
2420
|
#
|
2275
2421
|
# **A suitable default value is auto-generated.** You should normally
|
2276
2422
|
# not need to pass this option.**
|
@@ -2438,26 +2584,8 @@ module Aws::SecretsManager
|
|
2438
2584
|
# specific versions of the secret. This operation appends tags to the
|
2439
2585
|
# existing list of tags.
|
2440
2586
|
#
|
2441
|
-
#
|
2442
|
-
#
|
2443
|
-
# * Maximum number of tags per secret: 50
|
2444
|
-
#
|
2445
|
-
# * Maximum key length: 127 Unicode characters in UTF-8
|
2446
|
-
#
|
2447
|
-
# * Maximum value length: 255 Unicode characters in UTF-8
|
2448
|
-
#
|
2449
|
-
# * Tag keys and values are case sensitive.
|
2450
|
-
#
|
2451
|
-
# * Do not use the `aws:` prefix in your tag names or values because
|
2452
|
-
# Amazon Web Services reserves it for Amazon Web Services use. You
|
2453
|
-
# can't edit or delete tag names or values with this prefix. Tags
|
2454
|
-
# with this prefix do not count against your tags per secret limit.
|
2455
|
-
#
|
2456
|
-
# * If you use your tagging schema across multiple services and
|
2457
|
-
# resources, other services might have restrictions on allowed
|
2458
|
-
# characters. Generally allowed characters: letters, spaces, and
|
2459
|
-
# numbers representable in UTF-8, plus the following special
|
2460
|
-
# characters: + - = . \_ : / @.
|
2587
|
+
# For tag quotas and naming restrictions, see [Service quotas for
|
2588
|
+
# Tagging][1] in the *Amazon Web Services General Reference guide*.
|
2461
2589
|
#
|
2462
2590
|
# If you use tags as part of your security strategy, then adding or
|
2463
2591
|
# removing a tag can change permissions. If successfully completing this
|
@@ -2467,17 +2595,18 @@ module Aws::SecretsManager
|
|
2467
2595
|
# Secrets Manager generates a CloudTrail log entry when you call this
|
2468
2596
|
# action. Do not include sensitive information in request parameters
|
2469
2597
|
# because it might be logged. For more information, see [Logging Secrets
|
2470
|
-
# Manager events with CloudTrail][
|
2598
|
+
# Manager events with CloudTrail][2].
|
2471
2599
|
#
|
2472
2600
|
# <b>Required permissions: </b> `secretsmanager:TagResource`. For more
|
2473
|
-
# information, see [ IAM policy actions for Secrets Manager][
|
2474
|
-
# [Authentication and access control in Secrets Manager][
|
2601
|
+
# information, see [ IAM policy actions for Secrets Manager][3] and
|
2602
|
+
# [Authentication and access control in Secrets Manager][4].
|
2475
2603
|
#
|
2476
2604
|
#
|
2477
2605
|
#
|
2478
|
-
# [1]: https://docs.aws.amazon.com/
|
2479
|
-
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2480
|
-
# [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2606
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas
|
2607
|
+
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
|
2608
|
+
# [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
|
2609
|
+
# [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
|
2481
2610
|
#
|
2482
2611
|
# @option params [required, String] :secret_id
|
2483
2612
|
# The identifier for the secret to attach tags to. You can specify
|
@@ -2701,19 +2830,27 @@ module Aws::SecretsManager
|
|
2701
2830
|
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
2702
2831
|
# Services SDKs to call this operation, then you can leave this
|
2703
2832
|
# parameter empty. The CLI or SDK generates a random UUID for you and
|
2704
|
-
# includes it as the value for this parameter in the request.
|
2705
|
-
# don't use the SDK and instead generate a raw HTTP request to the
|
2706
|
-
# Secrets Manager service endpoint, then you must generate a
|
2707
|
-
# `ClientRequestToken` yourself for the new version and include the
|
2708
|
-
# value in the request.
|
2833
|
+
# includes it as the value for this parameter in the request.
|
2709
2834
|
#
|
2710
2835
|
# </note>
|
2711
2836
|
#
|
2712
|
-
#
|
2837
|
+
# If you generate a raw HTTP request to the Secrets Manager service
|
2838
|
+
# endpoint, then you must generate a `ClientRequestToken` and include it
|
2839
|
+
# in the request.
|
2840
|
+
#
|
2841
|
+
# This value helps ensure idempotency. Secrets Manager uses this value
|
2842
|
+
# to prevent the accidental creation of duplicate versions if there are
|
2843
|
+
# failures and retries during a rotation. We recommend that you generate
|
2844
|
+
# a [UUID-type][1] value to ensure uniqueness of your versions within
|
2845
|
+
# the specified secret.
|
2713
2846
|
#
|
2714
2847
|
# **A suitable default value is auto-generated.** You should normally
|
2715
2848
|
# not need to pass this option.**
|
2716
2849
|
#
|
2850
|
+
#
|
2851
|
+
#
|
2852
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
2853
|
+
#
|
2717
2854
|
# @option params [String] :description
|
2718
2855
|
# The description of the secret.
|
2719
2856
|
#
|
@@ -3108,7 +3245,7 @@ module Aws::SecretsManager
|
|
3108
3245
|
params: params,
|
3109
3246
|
config: config)
|
3110
3247
|
context[:gem_name] = 'aws-sdk-secretsmanager'
|
3111
|
-
context[:gem_version] = '1.
|
3248
|
+
context[:gem_version] = '1.89.0'
|
3112
3249
|
Seahorse::Client::Request.new(handlers, context)
|
3113
3250
|
end
|
3114
3251
|
|
@@ -13,8 +13,12 @@ module Aws::SecretsManager
|
|
13
13
|
|
14
14
|
include Seahorse::Model
|
15
15
|
|
16
|
+
APIErrorListType = Shapes::ListShape.new(name: 'APIErrorListType')
|
17
|
+
APIErrorType = Shapes::StructureShape.new(name: 'APIErrorType')
|
16
18
|
AddReplicaRegionListType = Shapes::ListShape.new(name: 'AddReplicaRegionListType')
|
17
19
|
AutomaticallyRotateAfterDaysType = Shapes::IntegerShape.new(name: 'AutomaticallyRotateAfterDaysType')
|
20
|
+
BatchGetSecretValueRequest = Shapes::StructureShape.new(name: 'BatchGetSecretValueRequest')
|
21
|
+
BatchGetSecretValueResponse = Shapes::StructureShape.new(name: 'BatchGetSecretValueResponse')
|
18
22
|
BooleanType = Shapes::BooleanShape.new(name: 'BooleanType')
|
19
23
|
CancelRotateSecretRequest = Shapes::StructureShape.new(name: 'CancelRotateSecretRequest')
|
20
24
|
CancelRotateSecretResponse = Shapes::StructureShape.new(name: 'CancelRotateSecretResponse')
|
@@ -34,6 +38,7 @@ module Aws::SecretsManager
|
|
34
38
|
DescriptionType = Shapes::StringShape.new(name: 'DescriptionType')
|
35
39
|
DurationType = Shapes::StringShape.new(name: 'DurationType')
|
36
40
|
EncryptionFailure = Shapes::StructureShape.new(name: 'EncryptionFailure')
|
41
|
+
ErrorCode = Shapes::StringShape.new(name: 'ErrorCode')
|
37
42
|
ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
|
38
43
|
ExcludeCharactersType = Shapes::StringShape.new(name: 'ExcludeCharactersType')
|
39
44
|
ExcludeLowercaseType = Shapes::BooleanShape.new(name: 'ExcludeLowercaseType')
|
@@ -67,6 +72,7 @@ module Aws::SecretsManager
|
|
67
72
|
ListSecretsRequest = Shapes::StructureShape.new(name: 'ListSecretsRequest')
|
68
73
|
ListSecretsResponse = Shapes::StructureShape.new(name: 'ListSecretsResponse')
|
69
74
|
MalformedPolicyDocumentException = Shapes::StructureShape.new(name: 'MalformedPolicyDocumentException')
|
75
|
+
MaxResultsBatchType = Shapes::IntegerShape.new(name: 'MaxResultsBatchType')
|
70
76
|
MaxResultsType = Shapes::IntegerShape.new(name: 'MaxResultsType')
|
71
77
|
NameType = Shapes::StringShape.new(name: 'NameType')
|
72
78
|
NextRotationDateType = Shapes::TimestampShape.new(name: 'NextRotationDateType')
|
@@ -104,11 +110,14 @@ module Aws::SecretsManager
|
|
104
110
|
ScheduleExpressionType = Shapes::StringShape.new(name: 'ScheduleExpressionType')
|
105
111
|
SecretARNType = Shapes::StringShape.new(name: 'SecretARNType')
|
106
112
|
SecretBinaryType = Shapes::BlobShape.new(name: 'SecretBinaryType')
|
113
|
+
SecretIdListType = Shapes::ListShape.new(name: 'SecretIdListType')
|
107
114
|
SecretIdType = Shapes::StringShape.new(name: 'SecretIdType')
|
108
115
|
SecretListEntry = Shapes::StructureShape.new(name: 'SecretListEntry')
|
109
116
|
SecretListType = Shapes::ListShape.new(name: 'SecretListType')
|
110
117
|
SecretNameType = Shapes::StringShape.new(name: 'SecretNameType')
|
111
118
|
SecretStringType = Shapes::StringShape.new(name: 'SecretStringType')
|
119
|
+
SecretValueEntry = Shapes::StructureShape.new(name: 'SecretValueEntry')
|
120
|
+
SecretValuesType = Shapes::ListShape.new(name: 'SecretValuesType')
|
112
121
|
SecretVersionIdType = Shapes::StringShape.new(name: 'SecretVersionIdType')
|
113
122
|
SecretVersionStageType = Shapes::StringShape.new(name: 'SecretVersionStageType')
|
114
123
|
SecretVersionStagesType = Shapes::ListShape.new(name: 'SecretVersionStagesType')
|
@@ -137,8 +146,26 @@ module Aws::SecretsManager
|
|
137
146
|
ValidationErrorsEntry = Shapes::StructureShape.new(name: 'ValidationErrorsEntry')
|
138
147
|
ValidationErrorsType = Shapes::ListShape.new(name: 'ValidationErrorsType')
|
139
148
|
|
149
|
+
APIErrorListType.member = Shapes::ShapeRef.new(shape: APIErrorType)
|
150
|
+
|
151
|
+
APIErrorType.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, location_name: "SecretId"))
|
152
|
+
APIErrorType.add_member(:error_code, Shapes::ShapeRef.new(shape: ErrorCode, location_name: "ErrorCode"))
|
153
|
+
APIErrorType.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
|
154
|
+
APIErrorType.struct_class = Types::APIErrorType
|
155
|
+
|
140
156
|
AddReplicaRegionListType.member = Shapes::ShapeRef.new(shape: ReplicaRegionType)
|
141
157
|
|
158
|
+
BatchGetSecretValueRequest.add_member(:secret_id_list, Shapes::ShapeRef.new(shape: SecretIdListType, location_name: "SecretIdList"))
|
159
|
+
BatchGetSecretValueRequest.add_member(:filters, Shapes::ShapeRef.new(shape: FiltersListType, location_name: "Filters"))
|
160
|
+
BatchGetSecretValueRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResultsBatchType, location_name: "MaxResults", metadata: {"box"=>true}))
|
161
|
+
BatchGetSecretValueRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "NextToken"))
|
162
|
+
BatchGetSecretValueRequest.struct_class = Types::BatchGetSecretValueRequest
|
163
|
+
|
164
|
+
BatchGetSecretValueResponse.add_member(:secret_values, Shapes::ShapeRef.new(shape: SecretValuesType, location_name: "SecretValues"))
|
165
|
+
BatchGetSecretValueResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextTokenType, location_name: "NextToken"))
|
166
|
+
BatchGetSecretValueResponse.add_member(:errors, Shapes::ShapeRef.new(shape: APIErrorListType, location_name: "Errors"))
|
167
|
+
BatchGetSecretValueResponse.struct_class = Types::BatchGetSecretValueResponse
|
168
|
+
|
142
169
|
CancelRotateSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
|
143
170
|
CancelRotateSecretRequest.struct_class = Types::CancelRotateSecretRequest
|
144
171
|
|
@@ -386,6 +413,8 @@ module Aws::SecretsManager
|
|
386
413
|
RotationRulesType.add_member(:schedule_expression, Shapes::ShapeRef.new(shape: ScheduleExpressionType, location_name: "ScheduleExpression"))
|
387
414
|
RotationRulesType.struct_class = Types::RotationRulesType
|
388
415
|
|
416
|
+
SecretIdListType.member = Shapes::ShapeRef.new(shape: SecretIdType)
|
417
|
+
|
389
418
|
SecretListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
|
390
419
|
SecretListEntry.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
|
391
420
|
SecretListEntry.add_member(:description, Shapes::ShapeRef.new(shape: DescriptionType, location_name: "Description"))
|
@@ -407,6 +436,17 @@ module Aws::SecretsManager
|
|
407
436
|
|
408
437
|
SecretListType.member = Shapes::ShapeRef.new(shape: SecretListEntry)
|
409
438
|
|
439
|
+
SecretValueEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
|
440
|
+
SecretValueEntry.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
|
441
|
+
SecretValueEntry.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
|
442
|
+
SecretValueEntry.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
|
443
|
+
SecretValueEntry.add_member(:secret_string, Shapes::ShapeRef.new(shape: SecretStringType, location_name: "SecretString"))
|
444
|
+
SecretValueEntry.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
|
445
|
+
SecretValueEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: CreatedDateType, location_name: "CreatedDate", metadata: {"box"=>true}))
|
446
|
+
SecretValueEntry.struct_class = Types::SecretValueEntry
|
447
|
+
|
448
|
+
SecretValuesType.member = Shapes::ShapeRef.new(shape: SecretValueEntry)
|
449
|
+
|
410
450
|
SecretVersionStagesType.member = Shapes::ShapeRef.new(shape: SecretVersionStageType)
|
411
451
|
|
412
452
|
SecretVersionsListEntry.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
|
@@ -499,6 +539,26 @@ module Aws::SecretsManager
|
|
499
539
|
"uid" => "secretsmanager-2017-10-17",
|
500
540
|
}
|
501
541
|
|
542
|
+
api.add_operation(:batch_get_secret_value, Seahorse::Model::Operation.new.tap do |o|
|
543
|
+
o.name = "BatchGetSecretValue"
|
544
|
+
o.http_method = "POST"
|
545
|
+
o.http_request_uri = "/"
|
546
|
+
o.input = Shapes::ShapeRef.new(shape: BatchGetSecretValueRequest)
|
547
|
+
o.output = Shapes::ShapeRef.new(shape: BatchGetSecretValueResponse)
|
548
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
549
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
550
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
551
|
+
o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
|
552
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
553
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
|
554
|
+
o[:pager] = Aws::Pager.new(
|
555
|
+
limit_key: "max_results",
|
556
|
+
tokens: {
|
557
|
+
"next_token" => "next_token"
|
558
|
+
}
|
559
|
+
)
|
560
|
+
end)
|
561
|
+
|
502
562
|
api.add_operation(:cancel_rotate_secret, Seahorse::Model::Operation.new.tap do |o|
|
503
563
|
o.name = "CancelRotateSecret"
|
504
564
|
o.http_method = "POST"
|
@@ -625,6 +685,7 @@ module Aws::SecretsManager
|
|
625
685
|
o.input = Shapes::ShapeRef.new(shape: ListSecretsRequest)
|
626
686
|
o.output = Shapes::ShapeRef.new(shape: ListSecretsResponse)
|
627
687
|
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
688
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
628
689
|
o.errors << Shapes::ShapeRef.new(shape: InvalidNextTokenException)
|
629
690
|
o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
|
630
691
|
o[:pager] = Aws::Pager.new(
|
@@ -27,18 +27,33 @@ module Aws::SecretsManager
|
|
27
27
|
if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
|
28
28
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
29
29
|
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
30
|
+
if Aws::Endpoints::Matchers.string_equals?("aws", Aws::Endpoints::Matchers.attr(partition_result, "name"))
|
31
|
+
return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.amazonaws.com", headers: {}, properties: {})
|
32
|
+
end
|
33
|
+
if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
|
34
|
+
return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.amazonaws.com", headers: {}, properties: {})
|
35
|
+
end
|
30
36
|
return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
31
37
|
end
|
32
38
|
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
33
39
|
end
|
34
40
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
35
|
-
if Aws::Endpoints::Matchers.boolean_equals?(
|
41
|
+
if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
|
36
42
|
return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
37
43
|
end
|
38
44
|
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
39
45
|
end
|
40
46
|
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
41
47
|
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
48
|
+
if Aws::Endpoints::Matchers.string_equals?("aws", Aws::Endpoints::Matchers.attr(partition_result, "name"))
|
49
|
+
return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.amazonaws.com", headers: {}, properties: {})
|
50
|
+
end
|
51
|
+
if Aws::Endpoints::Matchers.string_equals?("aws-cn", Aws::Endpoints::Matchers.attr(partition_result, "name"))
|
52
|
+
return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.amazonaws.com.cn", headers: {}, properties: {})
|
53
|
+
end
|
54
|
+
if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
|
55
|
+
return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.amazonaws.com", headers: {}, properties: {})
|
56
|
+
end
|
42
57
|
return Aws::Endpoints::Endpoint.new(url: "https://secretsmanager.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
43
58
|
end
|
44
59
|
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
@@ -12,6 +12,20 @@ module Aws::SecretsManager
|
|
12
12
|
# @api private
|
13
13
|
module Endpoints
|
14
14
|
|
15
|
+
class BatchGetSecretValue
|
16
|
+
def self.build(context)
|
17
|
+
unless context.config.regional_endpoint
|
18
|
+
endpoint = context.config.endpoint.to_s
|
19
|
+
end
|
20
|
+
Aws::SecretsManager::EndpointParameters.new(
|
21
|
+
region: context.config.region,
|
22
|
+
use_dual_stack: context.config.use_dualstack_endpoint,
|
23
|
+
use_fips: context.config.use_fips_endpoint,
|
24
|
+
endpoint: endpoint,
|
25
|
+
)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
15
29
|
class CancelRotateSecret
|
16
30
|
def self.build(context)
|
17
31
|
unless context.config.regional_endpoint
|
@@ -25,16 +25,17 @@ module Aws::SecretsManager
|
|
25
25
|
# @api private
|
26
26
|
class Handler < Seahorse::Client::Handler
|
27
27
|
def call(context)
|
28
|
-
# If endpoint was discovered, do not resolve or apply the endpoint.
|
29
28
|
unless context[:discovered_endpoint]
|
30
29
|
params = parameters_for_operation(context)
|
31
30
|
endpoint = context.config.endpoint_provider.resolve_endpoint(params)
|
32
31
|
|
33
32
|
context.http_request.endpoint = endpoint.url
|
34
33
|
apply_endpoint_headers(context, endpoint.headers)
|
34
|
+
|
35
|
+
context[:endpoint_params] = params
|
36
|
+
context[:endpoint_properties] = endpoint.properties
|
35
37
|
end
|
36
38
|
|
37
|
-
context[:endpoint_params] = params
|
38
39
|
context[:auth_scheme] =
|
39
40
|
Aws::Endpoints.resolve_auth_scheme(context, endpoint)
|
40
41
|
|
@@ -56,6 +57,8 @@ module Aws::SecretsManager
|
|
56
57
|
|
57
58
|
def parameters_for_operation(context)
|
58
59
|
case context.operation_name
|
60
|
+
when :batch_get_secret_value
|
61
|
+
Aws::SecretsManager::Endpoints::BatchGetSecretValue.build(context)
|
59
62
|
when :cancel_rotate_secret
|
60
63
|
Aws::SecretsManager::Endpoints::CancelRotateSecret.build(context)
|
61
64
|
when :create_secret
|
@@ -10,6 +10,97 @@
|
|
10
10
|
module Aws::SecretsManager
|
11
11
|
module Types
|
12
12
|
|
13
|
+
# The error Secrets Manager encountered while retrieving an individual
|
14
|
+
# secret as part of BatchGetSecretValue.
|
15
|
+
#
|
16
|
+
# @!attribute [rw] secret_id
|
17
|
+
# The ARN or name of the secret.
|
18
|
+
# @return [String]
|
19
|
+
#
|
20
|
+
# @!attribute [rw] error_code
|
21
|
+
# The error Secrets Manager encountered while retrieving an individual
|
22
|
+
# secret as part of BatchGetSecretValue, for example
|
23
|
+
# `ResourceNotFoundException`,`InvalidParameterException`,
|
24
|
+
# `InvalidRequestException`, `DecryptionFailure`, or
|
25
|
+
# `AccessDeniedException`.
|
26
|
+
# @return [String]
|
27
|
+
#
|
28
|
+
# @!attribute [rw] message
|
29
|
+
# A message describing the error.
|
30
|
+
# @return [String]
|
31
|
+
#
|
32
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/APIErrorType AWS API Documentation
|
33
|
+
#
|
34
|
+
class APIErrorType < Struct.new(
|
35
|
+
:secret_id,
|
36
|
+
:error_code,
|
37
|
+
:message)
|
38
|
+
SENSITIVE = []
|
39
|
+
include Aws::Structure
|
40
|
+
end
|
41
|
+
|
42
|
+
# @!attribute [rw] secret_id_list
|
43
|
+
# The ARN or names of the secrets to retrieve. You must include
|
44
|
+
# `Filters` or `SecretIdList`, but not both.
|
45
|
+
# @return [Array<String>]
|
46
|
+
#
|
47
|
+
# @!attribute [rw] filters
|
48
|
+
# The filters to choose which secrets to retrieve. You must include
|
49
|
+
# `Filters` or `SecretIdList`, but not both.
|
50
|
+
# @return [Array<Types::Filter>]
|
51
|
+
#
|
52
|
+
# @!attribute [rw] max_results
|
53
|
+
# The number of results to include in the response.
|
54
|
+
#
|
55
|
+
# If there are more results available, in the response, Secrets
|
56
|
+
# Manager includes `NextToken`. To get the next results, call
|
57
|
+
# `BatchGetSecretValue` again with the value from `NextToken`.
|
58
|
+
# @return [Integer]
|
59
|
+
#
|
60
|
+
# @!attribute [rw] next_token
|
61
|
+
# A token that indicates where the output should continue from, if a
|
62
|
+
# previous call did not show all results. To get the next results,
|
63
|
+
# call `BatchGetSecretValue` again with this value.
|
64
|
+
# @return [String]
|
65
|
+
#
|
66
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValueRequest AWS API Documentation
|
67
|
+
#
|
68
|
+
class BatchGetSecretValueRequest < Struct.new(
|
69
|
+
:secret_id_list,
|
70
|
+
:filters,
|
71
|
+
:max_results,
|
72
|
+
:next_token)
|
73
|
+
SENSITIVE = []
|
74
|
+
include Aws::Structure
|
75
|
+
end
|
76
|
+
|
77
|
+
# @!attribute [rw] secret_values
|
78
|
+
# A list of secret values.
|
79
|
+
# @return [Array<Types::SecretValueEntry>]
|
80
|
+
#
|
81
|
+
# @!attribute [rw] next_token
|
82
|
+
# Secrets Manager includes this value if there's more output
|
83
|
+
# available than what is included in the current response. This can
|
84
|
+
# occur even when the response includes no values at all, such as when
|
85
|
+
# you ask for a filtered view of a long list. To get the next results,
|
86
|
+
# call `BatchGetSecretValue` again with this value.
|
87
|
+
# @return [String]
|
88
|
+
#
|
89
|
+
# @!attribute [rw] errors
|
90
|
+
# A list of errors Secrets Manager encountered while attempting to
|
91
|
+
# retrieve individual secrets.
|
92
|
+
# @return [Array<Types::APIErrorType>]
|
93
|
+
#
|
94
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValueResponse AWS API Documentation
|
95
|
+
#
|
96
|
+
class BatchGetSecretValueResponse < Struct.new(
|
97
|
+
:secret_values,
|
98
|
+
:next_token,
|
99
|
+
:errors)
|
100
|
+
SENSITIVE = []
|
101
|
+
include Aws::Structure
|
102
|
+
end
|
103
|
+
|
13
104
|
# @!attribute [rw] secret_id
|
14
105
|
# The ARN or name of the secret.
|
15
106
|
#
|
@@ -77,14 +168,14 @@ module Aws::SecretsManager
|
|
77
168
|
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
78
169
|
# Services SDKs to call this operation, then you can leave this
|
79
170
|
# parameter empty. The CLI or SDK generates a random UUID for you and
|
80
|
-
# includes it as the value for this parameter in the request.
|
81
|
-
# don't use the SDK and instead generate a raw HTTP request to the
|
82
|
-
# Secrets Manager service endpoint, then you must generate a
|
83
|
-
# `ClientRequestToken` yourself for the new version and include the
|
84
|
-
# value in the request.
|
171
|
+
# includes it as the value for this parameter in the request.
|
85
172
|
#
|
86
173
|
# </note>
|
87
174
|
#
|
175
|
+
# If you generate a raw HTTP request to the Secrets Manager service
|
176
|
+
# endpoint, then you must generate a `ClientRequestToken` and include
|
177
|
+
# it in the request.
|
178
|
+
#
|
88
179
|
# This value helps ensure idempotency. Secrets Manager uses this value
|
89
180
|
# to prevent the accidental creation of duplicate versions if there
|
90
181
|
# are failures and retries during a rotation. We recommend that you
|
@@ -191,32 +282,15 @@ module Aws::SecretsManager
|
|
191
282
|
# parameter, you should use single quotes to avoid confusion with the
|
192
283
|
# double quotes required in the JSON text.
|
193
284
|
#
|
194
|
-
#
|
195
|
-
#
|
196
|
-
# * Maximum number of tags per secret: 50
|
197
|
-
#
|
198
|
-
# * Maximum key length: 127 Unicode characters in UTF-8
|
199
|
-
#
|
200
|
-
# * Maximum value length: 255 Unicode characters in UTF-8
|
201
|
-
#
|
202
|
-
# * Tag keys and values are case sensitive.
|
203
|
-
#
|
204
|
-
# * Do not use the `aws:` prefix in your tag names or values because
|
205
|
-
# Amazon Web Services reserves it for Amazon Web Services use. You
|
206
|
-
# can't edit or delete tag names or values with this prefix. Tags
|
207
|
-
# with this prefix do not count against your tags per secret limit.
|
208
|
-
#
|
209
|
-
# * If you use your tagging schema across multiple services and
|
210
|
-
# resources, other services might have restrictions on allowed
|
211
|
-
# characters. Generally allowed characters: letters, spaces, and
|
212
|
-
# numbers representable in UTF-8, plus the following special
|
213
|
-
# characters: + - = . \_ : / @.
|
285
|
+
# For tag quotas and naming restrictions, see [Service quotas for
|
286
|
+
# Tagging][4] in the *Amazon Web Services General Reference guide*.
|
214
287
|
#
|
215
288
|
#
|
216
289
|
#
|
217
290
|
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac
|
218
291
|
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2
|
219
292
|
# [3]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
|
293
|
+
# [4]: https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas
|
220
294
|
# @return [Array<Types::Tag>]
|
221
295
|
#
|
222
296
|
# @!attribute [rw] add_replica_regions
|
@@ -472,8 +546,8 @@ module Aws::SecretsManager
|
|
472
546
|
#
|
473
547
|
# @!attribute [rw] last_rotated_date
|
474
548
|
# The last date and time that Secrets Manager rotated the secret. If
|
475
|
-
# the secret isn't configured for rotation
|
476
|
-
# null.
|
549
|
+
# the secret isn't configured for rotation or rotation has been
|
550
|
+
# disabled, Secrets Manager returns null.
|
477
551
|
# @return [Time]
|
478
552
|
#
|
479
553
|
# @!attribute [rw] last_changed_date
|
@@ -499,8 +573,8 @@ module Aws::SecretsManager
|
|
499
573
|
#
|
500
574
|
# @!attribute [rw] next_rotation_date
|
501
575
|
# The next rotation is scheduled to occur on or before this date. If
|
502
|
-
# the secret isn't configured for rotation
|
503
|
-
# null.
|
576
|
+
# the secret isn't configured for rotation or rotation has been
|
577
|
+
# disabled, Secrets Manager returns null.
|
504
578
|
# @return [Time]
|
505
579
|
#
|
506
580
|
# @!attribute [rw] tags
|
@@ -838,18 +912,15 @@ module Aws::SecretsManager
|
|
838
912
|
#
|
839
913
|
# @!attribute [rw] secret_binary
|
840
914
|
# The decrypted secret value, if the secret value was originally
|
841
|
-
# provided as binary data in the form of a byte array.
|
842
|
-
#
|
843
|
-
#
|
915
|
+
# provided as binary data in the form of a byte array. When you
|
916
|
+
# retrieve a `SecretBinary` using the HTTP API, the Python SDK, or the
|
917
|
+
# Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it
|
918
|
+
# is not encoded.
|
844
919
|
#
|
845
920
|
# If the secret was created by using the Secrets Manager console, or
|
846
921
|
# if the secret value was originally provided as a string, then this
|
847
922
|
# field is omitted. The secret value appears in `SecretString`
|
848
923
|
# instead.
|
849
|
-
#
|
850
|
-
#
|
851
|
-
#
|
852
|
-
# [1]: https://tools.ietf.org/html/rfc4648#section-4
|
853
924
|
# @return [String]
|
854
925
|
#
|
855
926
|
# @!attribute [rw] secret_string
|
@@ -1215,19 +1286,20 @@ module Aws::SecretsManager
|
|
1215
1286
|
#
|
1216
1287
|
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
1217
1288
|
# Services SDKs to call this operation, then you can leave this
|
1218
|
-
# parameter empty
|
1219
|
-
#
|
1220
|
-
# Secrets Manager service endpoint, then you must generate a
|
1221
|
-
# `ClientRequestToken` yourself for new versions and include that
|
1222
|
-
# value in the request.
|
1289
|
+
# parameter empty. The CLI or SDK generates a random UUID for you and
|
1290
|
+
# includes it as the value for this parameter in the request.
|
1223
1291
|
#
|
1224
1292
|
# </note>
|
1225
1293
|
#
|
1294
|
+
# If you generate a raw HTTP request to the Secrets Manager service
|
1295
|
+
# endpoint, then you must generate a `ClientRequestToken` and include
|
1296
|
+
# it in the request.
|
1297
|
+
#
|
1226
1298
|
# This value helps ensure idempotency. Secrets Manager uses this value
|
1227
1299
|
# to prevent the accidental creation of duplicate versions if there
|
1228
|
-
# are failures and retries during
|
1229
|
-
#
|
1230
|
-
#
|
1300
|
+
# are failures and retries during a rotation. We recommend that you
|
1301
|
+
# generate a [UUID-type][1] value to ensure uniqueness of your
|
1302
|
+
# versions within the specified secret.
|
1231
1303
|
#
|
1232
1304
|
# * If the `ClientRequestToken` value isn't already associated with a
|
1233
1305
|
# version of the secret then a new version of the secret is created.
|
@@ -1542,26 +1614,27 @@ module Aws::SecretsManager
|
|
1542
1614
|
# @return [String]
|
1543
1615
|
#
|
1544
1616
|
# @!attribute [rw] client_request_token
|
1545
|
-
# A unique identifier for the new version of the secret
|
1546
|
-
#
|
1547
|
-
#
|
1548
|
-
#
|
1549
|
-
# new version.
|
1617
|
+
# A unique identifier for the new version of the secret. You only need
|
1618
|
+
# to specify this value if you implement your own retry logic and you
|
1619
|
+
# want to ensure that Secrets Manager doesn't attempt to create a
|
1620
|
+
# secret version twice.
|
1550
1621
|
#
|
1551
|
-
# If you use the Amazon Web Services CLI or one of the Amazon Web
|
1552
|
-
# Services
|
1622
|
+
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
1623
|
+
# Services SDKs to call this operation, then you can leave this
|
1553
1624
|
# parameter empty. The CLI or SDK generates a random UUID for you and
|
1554
|
-
# includes
|
1555
|
-
#
|
1556
|
-
#
|
1557
|
-
#
|
1558
|
-
#
|
1559
|
-
#
|
1560
|
-
#
|
1561
|
-
#
|
1562
|
-
#
|
1563
|
-
#
|
1564
|
-
#
|
1625
|
+
# includes it as the value for this parameter in the request.
|
1626
|
+
#
|
1627
|
+
# </note>
|
1628
|
+
#
|
1629
|
+
# If you generate a raw HTTP request to the Secrets Manager service
|
1630
|
+
# endpoint, then you must generate a `ClientRequestToken` and include
|
1631
|
+
# it in the request.
|
1632
|
+
#
|
1633
|
+
# This value helps ensure idempotency. Secrets Manager uses this value
|
1634
|
+
# to prevent the accidental creation of duplicate versions if there
|
1635
|
+
# are failures and retries during a rotation. We recommend that you
|
1636
|
+
# generate a [UUID-type][1] value to ensure uniqueness of your
|
1637
|
+
# versions within the specified secret.
|
1565
1638
|
#
|
1566
1639
|
# **A suitable default value is auto-generated.** You should normally
|
1567
1640
|
# not need to pass this option.
|
@@ -1730,10 +1803,7 @@ module Aws::SecretsManager
|
|
1730
1803
|
# @return [String]
|
1731
1804
|
#
|
1732
1805
|
# @!attribute [rw] name
|
1733
|
-
# The friendly name of the secret.
|
1734
|
-
# name to represent a path hierarchy. For example,
|
1735
|
-
# `/prod/databases/dbserver1` could represent the secret for a server
|
1736
|
-
# named `dbserver1` in the folder `databases` in the folder `prod`.
|
1806
|
+
# The friendly name of the secret.
|
1737
1807
|
# @return [String]
|
1738
1808
|
#
|
1739
1809
|
# @!attribute [rw] description
|
@@ -1794,8 +1864,8 @@ module Aws::SecretsManager
|
|
1794
1864
|
#
|
1795
1865
|
# @!attribute [rw] next_rotation_date
|
1796
1866
|
# The next rotation is scheduled to occur on or before this date. If
|
1797
|
-
# the secret isn't configured for rotation
|
1798
|
-
# null.
|
1867
|
+
# the secret isn't configured for rotation or rotation has been
|
1868
|
+
# disabled, Secrets Manager returns null.
|
1799
1869
|
# @return [Time]
|
1800
1870
|
#
|
1801
1871
|
# @!attribute [rw] tags
|
@@ -1858,6 +1928,59 @@ module Aws::SecretsManager
|
|
1858
1928
|
include Aws::Structure
|
1859
1929
|
end
|
1860
1930
|
|
1931
|
+
# A structure that contains the secret value and other details for a
|
1932
|
+
# secret.
|
1933
|
+
#
|
1934
|
+
# @!attribute [rw] arn
|
1935
|
+
# The Amazon Resource Name (ARN) of the secret.
|
1936
|
+
# @return [String]
|
1937
|
+
#
|
1938
|
+
# @!attribute [rw] name
|
1939
|
+
# The friendly name of the secret.
|
1940
|
+
# @return [String]
|
1941
|
+
#
|
1942
|
+
# @!attribute [rw] version_id
|
1943
|
+
# The unique version identifier of this version of the secret.
|
1944
|
+
# @return [String]
|
1945
|
+
#
|
1946
|
+
# @!attribute [rw] secret_binary
|
1947
|
+
# The decrypted secret value, if the secret value was originally
|
1948
|
+
# provided as binary data in the form of a byte array. The parameter
|
1949
|
+
# represents the binary data as a [base64-encoded][1] string.
|
1950
|
+
#
|
1951
|
+
#
|
1952
|
+
#
|
1953
|
+
# [1]: https://tools.ietf.org/html/rfc4648#section-4
|
1954
|
+
# @return [String]
|
1955
|
+
#
|
1956
|
+
# @!attribute [rw] secret_string
|
1957
|
+
# The decrypted secret value, if the secret value was originally
|
1958
|
+
# provided as a string or through the Secrets Manager console.
|
1959
|
+
# @return [String]
|
1960
|
+
#
|
1961
|
+
# @!attribute [rw] version_stages
|
1962
|
+
# A list of all of the staging labels currently attached to this
|
1963
|
+
# version of the secret.
|
1964
|
+
# @return [Array<String>]
|
1965
|
+
#
|
1966
|
+
# @!attribute [rw] created_date
|
1967
|
+
# The date the secret was created.
|
1968
|
+
# @return [Time]
|
1969
|
+
#
|
1970
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretValueEntry AWS API Documentation
|
1971
|
+
#
|
1972
|
+
class SecretValueEntry < Struct.new(
|
1973
|
+
:arn,
|
1974
|
+
:name,
|
1975
|
+
:version_id,
|
1976
|
+
:secret_binary,
|
1977
|
+
:secret_string,
|
1978
|
+
:version_stages,
|
1979
|
+
:created_date)
|
1980
|
+
SENSITIVE = [:secret_binary, :secret_string]
|
1981
|
+
include Aws::Structure
|
1982
|
+
end
|
1983
|
+
|
1861
1984
|
# A structure that contains information about one version of a secret.
|
1862
1985
|
#
|
1863
1986
|
# @!attribute [rw] version_id
|
@@ -2031,18 +2154,26 @@ module Aws::SecretsManager
|
|
2031
2154
|
# <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web
|
2032
2155
|
# Services SDKs to call this operation, then you can leave this
|
2033
2156
|
# parameter empty. The CLI or SDK generates a random UUID for you and
|
2034
|
-
# includes it as the value for this parameter in the request.
|
2035
|
-
# don't use the SDK and instead generate a raw HTTP request to the
|
2036
|
-
# Secrets Manager service endpoint, then you must generate a
|
2037
|
-
# `ClientRequestToken` yourself for the new version and include the
|
2038
|
-
# value in the request.
|
2157
|
+
# includes it as the value for this parameter in the request.
|
2039
2158
|
#
|
2040
2159
|
# </note>
|
2041
2160
|
#
|
2042
|
-
#
|
2161
|
+
# If you generate a raw HTTP request to the Secrets Manager service
|
2162
|
+
# endpoint, then you must generate a `ClientRequestToken` and include
|
2163
|
+
# it in the request.
|
2164
|
+
#
|
2165
|
+
# This value helps ensure idempotency. Secrets Manager uses this value
|
2166
|
+
# to prevent the accidental creation of duplicate versions if there
|
2167
|
+
# are failures and retries during a rotation. We recommend that you
|
2168
|
+
# generate a [UUID-type][1] value to ensure uniqueness of your
|
2169
|
+
# versions within the specified secret.
|
2043
2170
|
#
|
2044
2171
|
# **A suitable default value is auto-generated.** You should normally
|
2045
2172
|
# not need to pass this option.
|
2173
|
+
#
|
2174
|
+
#
|
2175
|
+
#
|
2176
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
2046
2177
|
# @return [String]
|
2047
2178
|
#
|
2048
2179
|
# @!attribute [rw] description
|
@@ -32,7 +32,7 @@ require_relative 'aws-sdk-secretsmanager/customizations'
|
|
32
32
|
# structure.
|
33
33
|
#
|
34
34
|
# secrets_manager = Aws::SecretsManager::Client.new
|
35
|
-
# resp = secrets_manager.
|
35
|
+
# resp = secrets_manager.batch_get_secret_value(params)
|
36
36
|
#
|
37
37
|
# See {Client} for more information.
|
38
38
|
#
|
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
|
|
52
52
|
# @!group service
|
53
53
|
module Aws::SecretsManager
|
54
54
|
|
55
|
-
GEM_VERSION = '1.
|
55
|
+
GEM_VERSION = '1.89.0'
|
56
56
|
|
57
57
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-secretsmanager
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.89.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.188.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.188.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
@@ -72,7 +72,7 @@ licenses:
|
|
72
72
|
metadata:
|
73
73
|
source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-secretsmanager
|
74
74
|
changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-secretsmanager/CHANGELOG.md
|
75
|
-
post_install_message:
|
75
|
+
post_install_message:
|
76
76
|
rdoc_options: []
|
77
77
|
require_paths:
|
78
78
|
- lib
|
@@ -80,15 +80,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
80
80
|
requirements:
|
81
81
|
- - ">="
|
82
82
|
- !ruby/object:Gem::Version
|
83
|
-
version: '2.
|
83
|
+
version: '2.5'
|
84
84
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
85
85
|
requirements:
|
86
86
|
- - ">="
|
87
87
|
- !ruby/object:Gem::Version
|
88
88
|
version: '0'
|
89
89
|
requirements: []
|
90
|
-
rubygems_version: 3.
|
91
|
-
signing_key:
|
90
|
+
rubygems_version: 3.4.10
|
91
|
+
signing_key:
|
92
92
|
specification_version: 4
|
93
93
|
summary: AWS SDK for Ruby - AWS Secrets Manager
|
94
94
|
test_files: []
|