aws-sdk-secretsmanager 1.84.0 → 1.110.0

data/lib/aws-sdk-secretsmanager/types.rb

@@ -10,6 +10,98 @@
 module Aws::SecretsManager
   module Types
 
+    # The error Secrets Manager encountered while retrieving an individual
+    # secret as part of BatchGetSecretValue.
+    #
+    # @!attribute [rw] secret_id
+    #   The ARN or name of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_code
+    #   The error Secrets Manager encountered while retrieving an individual
+    #   secret as part of BatchGetSecretValue, for example
+    #   `ResourceNotFoundException`,`InvalidParameterException`,
+    #   `InvalidRequestException`, `DecryptionFailure`, or
+    #   `AccessDeniedException`.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   A message describing the error.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/APIErrorType AWS API Documentation
+    #
+    class APIErrorType < Struct.new(
+      :secret_id,
+      :error_code,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] secret_id_list
+    #   The ARN or names of the secrets to retrieve. You must include
+    #   `Filters` or `SecretIdList`, but not both.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] filters
+    #   The filters to choose which secrets to retrieve. You must include
+    #   `Filters` or `SecretIdList`, but not both.
+    #   @return [Array<Types::Filter>]
+    #
+    # @!attribute [rw] max_results
+    #   The number of results to include in the response.
+    #
+    #   If there are more results available, in the response, Secrets
+    #   Manager includes `NextToken`. To get the next results, call
+    #   `BatchGetSecretValue` again with the value from `NextToken`. To use
+    #   this parameter, you must also use the `Filters` parameter.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   A token that indicates where the output should continue from, if a
+    #   previous call did not show all results. To get the next results,
+    #   call `BatchGetSecretValue` again with this value.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValueRequest AWS API Documentation
+    #
+    class BatchGetSecretValueRequest < Struct.new(
+      :secret_id_list,
+      :filters,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] secret_values
+    #   A list of secret values.
+    #   @return [Array<Types::SecretValueEntry>]
+    #
+    # @!attribute [rw] next_token
+    #   Secrets Manager includes this value if there's more output
+    #   available than what is included in the current response. This can
+    #   occur even when the response includes no values at all, such as when
+    #   you ask for a filtered view of a long list. To get the next results,
+    #   call `BatchGetSecretValue` again with this value.
+    #   @return [String]
+    #
+    # @!attribute [rw] errors
+    #   A list of errors Secrets Manager encountered while attempting to
+    #   retrieve individual secrets.
+    #   @return [Array<Types::APIErrorType>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValueResponse AWS API Documentation
+    #
+    class BatchGetSecretValueResponse < Struct.new(
+      :secret_values,
+      :next_token,
+      :errors)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] secret_id
     #   The ARN or name of the secret.
     #
@@ -151,6 +243,11 @@ module Aws::SecretsManager
     #   both.
     #
     #   This parameter is not available in the Secrets Manager console.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -166,13 +263,18 @@ module Aws::SecretsManager
     #   `SecretString` parameter. The Secrets Manager console stores the
     #   information as a JSON structure of key/value pairs that a Lambda
     #   rotation function can parse.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] tags
     #   A list of tags to attach to the secret. Each tag is a key and value
     #   pair of strings in a JSON text string, for example:
     #
-    #   `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]`
+    #   `[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]`
     #
     #   Secrets Manager tag key names are case sensitive. A tag with the key
     #   "ABC" is a different tag from one with key "abc".
@@ -435,6 +537,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] rotation_enabled
     #   Specifies whether automatic rotation is turned on for this secret.
+    #   If the secret has never been configured for rotation, Secrets
+    #   Manager returns null.
     #
     #   To turn on rotation, use RotateSecret. To turn off rotation, use
     #   CancelRotateSecret.
@@ -455,8 +559,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] last_rotated_date
     #   The last date and time that Secrets Manager rotated the secret. If
-    #   the secret isn't configured for rotation, Secrets Manager returns
-    #   null.
+    #   the secret isn't configured for rotation or rotation has been
+    #   disabled, Secrets Manager returns null.
     #   @return [Time]
     #
     # @!attribute [rw] last_changed_date
@@ -482,8 +586,15 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] next_rotation_date
     #   The next rotation is scheduled to occur on or before this date. If
-    #   the secret isn't configured for rotation, Secrets Manager returns
-    #   null.
+    #   the secret isn't configured for rotation or rotation has been
+    #   disabled, Secrets Manager returns null. If rotation fails, Secrets
+    #   Manager retries the entire rotation process multiple times. If
+    #   rotation is unsuccessful, this date may be in the past.
+    #
+    #   This date represents the latest date that rotation will occur, but
+    #   it is not an approximate rotation date. In some cases, for example
+    #   if you turn off automatic rotation and then turn it back on, the
+    #   next rotation may occur much sooner than this date.
     #   @return [Time]
     #
     # @!attribute [rw] tags
@@ -656,7 +767,7 @@ module Aws::SecretsManager
     # @!attribute [rw] exclude_punctuation
     #   Specifies whether to exclude the following punctuation characters
     #   from the password: `` ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [
-    #   \ ] ^ _ ` \{ | \} ~ ``. If you don't include this switch, the
+    #   \ ] ^ _ ` { | } ~ ``. If you don't include this switch, the
     #   password can contain punctuation.
     #   @return [Boolean]
     #
@@ -762,7 +873,8 @@ module Aws::SecretsManager
     end
 
     # @!attribute [rw] secret_id
-    #   The ARN or name of the secret to retrieve.
+    #   The ARN or name of the secret to retrieve. To retrieve a secret from
+    #   another account, you must use an ARN.
     #
     #   For an ARN, we recommend that you specify a complete ARN rather than
     #   a partial ARN. See [Finding a secret from a partial ARN][1].
@@ -821,18 +933,20 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] secret_binary
     #   The decrypted secret value, if the secret value was originally
-    #   provided as binary data in the form of a byte array. The response
-    #   parameter represents the binary data as a [base64-encoded][1]
-    #   string.
+    #   provided as binary data in the form of a byte array. When you
+    #   retrieve a `SecretBinary` using the HTTP API, the Python SDK, or the
+    #   Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it
+    #   is not encoded.
     #
     #   If the secret was created by using the Secrets Manager console, or
     #   if the secret value was originally provided as a string, then this
     #   field is omitted. The secret value appears in `SecretString`
     #   instead.
     #
-    #
-    #
-    #   [1]: https://tools.ietf.org/html/rfc4648#section-4
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -842,6 +956,11 @@ module Aws::SecretsManager
     #   If this secret was created by using the console, then Secrets
     #   Manager stores the information as a JSON structure of key/value
     #   pairs.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] version_stages
@@ -1151,6 +1270,27 @@ module Aws::SecretsManager
     #   Specifies whether to block resource-based policies that allow broad
     #   access to the secret, for example those that use a wildcard for the
     #   principal. By default, public policies aren't blocked.
+    #
+    #   Resource policy validation and the BlockPublicPolicy parameter help
+    #   protect your resources by preventing public access from being
+    #   granted through the resource policies that are directly attached to
+    #   your secrets. In addition to using these features, carefully inspect
+    #   the following policies to confirm that they do not grant public
+    #   access:
+    #
+    #    * Identity-based policies attached to associated Amazon Web
+    #   Services
+    #     principals (for example, IAM roles)
+    #
+    #   * Resource-based policies attached to associated Amazon Web Services
+    #     resources (for example, Key Management Service (KMS) keys)
+    #
+    #    To review permissions to your secrets, see [Determine who has
+    #   permissions to your secrets][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/determine-acccess_examine-iam-policies.html
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyRequest AWS API Documentation
@@ -1246,6 +1386,11 @@ module Aws::SecretsManager
     #   You must include `SecretBinary` or `SecretString`, but not both.
     #
     #   You can't access this value from the Secrets Manager console.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -1255,6 +1400,11 @@ module Aws::SecretsManager
     #
     #   We recommend you create the secret string as JSON key/value pairs,
     #   as shown in the example.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] version_stages
@@ -1273,6 +1423,24 @@ module Aws::SecretsManager
     #   automatically moves the staging label `AWSCURRENT` to this version.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] rotation_token
+    #   A unique identifier that indicates the source of the request. For
+    #   cross-account rotation (when you rotate a secret in one account by
+    #   using a Lambda rotation function in another account) and the Lambda
+    #   rotation function assumes an IAM role to call Secrets Manager,
+    #   Secrets Manager validates the identity with the rotation token. For
+    #   more information, see [How rotation works][1].
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueRequest AWS API Documentation
     #
     class PutSecretValueRequest < Struct.new(
@@ -1280,8 +1448,9 @@ module Aws::SecretsManager
       :client_request_token,
       :secret_binary,
       :secret_string,
-      :version_stages)
-      SENSITIVE = [:secret_binary, :secret_string]
+      :version_stages,
+      :rotation_token)
+      SENSITIVE = [:secret_binary, :secret_string, :rotation_token]
       include Aws::Structure
     end
 
@@ -1588,7 +1757,7 @@ module Aws::SecretsManager
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda-functions.html#rotate-secrets_lambda-functions-code
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation
@@ -1715,10 +1884,7 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The friendly name of the secret. You can use forward slashes in the
-    #   name to represent a path hierarchy. For example,
-    #   `/prod/databases/dbserver1` could represent the secret for a server
-    #   named `dbserver1` in the folder `databases` in the folder `prod`.
+    #   The friendly name of the secret.
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -1779,8 +1945,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] next_rotation_date
     #   The next rotation is scheduled to occur on or before this date. If
-    #   the secret isn't configured for rotation, Secrets Manager returns
-    #   null.
+    #   the secret isn't configured for rotation or rotation has been
+    #   disabled, Secrets Manager returns null.
     #   @return [Time]
     #
     # @!attribute [rw] tags
@@ -1843,6 +2009,59 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
+    # A structure that contains the secret value and other details for a
+    # secret.
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The friendly name of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] version_id
+    #   The unique version identifier of this version of the secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_binary
+    #   The decrypted secret value, if the secret value was originally
+    #   provided as binary data in the form of a byte array. The parameter
+    #   represents the binary data as a [base64-encoded][1] string.
+    #
+    #
+    #
+    #   [1]: https://tools.ietf.org/html/rfc4648#section-4
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_string
+    #   The decrypted secret value, if the secret value was originally
+    #   provided as a string or through the Secrets Manager console.
+    #   @return [String]
+    #
+    # @!attribute [rw] version_stages
+    #   A list of all of the staging labels currently attached to this
+    #   version of the secret.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] created_date
+    #   The date the secret was created.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretValueEntry AWS API Documentation
+    #
+    class SecretValueEntry < Struct.new(
+      :arn,
+      :name,
+      :version_id,
+      :secret_binary,
+      :secret_string,
+      :version_stages,
+      :created_date)
+      SENSITIVE = [:secret_binary, :secret_string]
+      include Aws::Structure
+    end
+
     # A structure that contains information about one version of a secret.
     #
     # @!attribute [rw] version_id
@@ -2047,7 +2266,7 @@ module Aws::SecretsManager
     #   to encrypt new secret versions as well as any existing versions with
     #   the staging labels `AWSCURRENT`, `AWSPENDING`, or `AWSPREVIOUS`. If
     #   you don't have `kms:Encrypt` permission to the new key, Secrets
-    #   Manager does not re-ecrypt existing secret versions with the new
+    #   Manager does not re-encrypt existing secret versions with the new
     #   key. For more information about versions and staging labels, see
     #   [Concepts: Version][1].
     #
@@ -2086,6 +2305,11 @@ module Aws::SecretsManager
     #   both.
     #
     #   You can't access this parameter in the Secrets Manager console.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -2095,6 +2319,11 @@ module Aws::SecretsManager
     #
     #   Either `SecretBinary` or `SecretString` must have a value, but not
     #   both.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest AWS API Documentation
@@ -2198,7 +2427,8 @@ module Aws::SecretsManager
     end
 
     # @!attribute [rw] secret_id
-    #   This field is reserved for internal use.
+    #   The ARN or name of the secret with the resource-based policy you
+    #   want to validate.
     #   @return [String]
     #
     # @!attribute [rw] resource_policy
@@ -2261,3 +2491,4 @@ module Aws::SecretsManager
 
   end
 end
+

data/lib/aws-sdk-secretsmanager.rb

@@ -11,16 +11,7 @@
 require 'aws-sdk-core'
 require 'aws-sigv4'
 
-require_relative 'aws-sdk-secretsmanager/types'
-require_relative 'aws-sdk-secretsmanager/client_api'
-require_relative 'aws-sdk-secretsmanager/plugins/endpoints.rb'
-require_relative 'aws-sdk-secretsmanager/client'
-require_relative 'aws-sdk-secretsmanager/errors'
-require_relative 'aws-sdk-secretsmanager/resource'
-require_relative 'aws-sdk-secretsmanager/endpoint_parameters'
-require_relative 'aws-sdk-secretsmanager/endpoint_provider'
-require_relative 'aws-sdk-secretsmanager/endpoints'
-require_relative 'aws-sdk-secretsmanager/customizations'
+Aws::Plugins::GlobalConfiguration.add_identifier(:secretsmanager)
 
 # This module provides support for AWS Secrets Manager. This module is available in the
 # `aws-sdk-secretsmanager` gem.
@@ -32,7 +23,7 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # structure.
 #
 #     secrets_manager = Aws::SecretsManager::Client.new
-#     resp = secrets_manager.cancel_rotate_secret(params)
+#     resp = secrets_manager.batch_get_secret_value(params)
 #
 # See {Client} for more information.
 #
@@ -51,7 +42,20 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 #
 # @!group service
 module Aws::SecretsManager
+  autoload :Types, 'aws-sdk-secretsmanager/types'
+  autoload :ClientApi, 'aws-sdk-secretsmanager/client_api'
+  module Plugins
+    autoload :Endpoints, 'aws-sdk-secretsmanager/plugins/endpoints.rb'
+  end
+  autoload :Client, 'aws-sdk-secretsmanager/client'
+  autoload :Errors, 'aws-sdk-secretsmanager/errors'
+  autoload :Resource, 'aws-sdk-secretsmanager/resource'
+  autoload :EndpointParameters, 'aws-sdk-secretsmanager/endpoint_parameters'
+  autoload :EndpointProvider, 'aws-sdk-secretsmanager/endpoint_provider'
+  autoload :Endpoints, 'aws-sdk-secretsmanager/endpoints'
 
-  GEM_VERSION = '1.84.0'
+  GEM_VERSION = '1.110.0'
 
 end
+
+require_relative 'aws-sdk-secretsmanager/customizations'