aws-sdk-secretsmanager 1.96.0 → 1.98.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c07259d06cd9a081b31221026760fe2a421ea89a3a0cb3d31f06df8967653d16
4
- data.tar.gz: e4099395d84943e48ee35b957076581416f7dfa4461b0610831b26135ecf6e02
3
+ metadata.gz: f3605effa6a20d18e4f8bb084261b8b85b7301ad82c1146f22821c0117865ced
4
+ data.tar.gz: 4c41605ee1af01cef296ebe47d4ebd4112ae77ee872f05be93fe4bcf04f4adda
5
5
  SHA512:
6
- metadata.gz: e027690cf01d4d39b39cb80ce425a781742869bed06f71a899a16ddb6925b6ce079119f64fd9dd6a3773f0b0da74c6f89c70c9886ed049f0cf47e66278e95f43
7
- data.tar.gz: 46927511c25aa15c34f24908ab963418a4b76621ea895bf3eeaabe8a5b1ab534717a26bbc7aa7c027b6ecd0b6f3961f4168c66ced0563cc32f3533f087ab0b1e
6
+ metadata.gz: e2c3b93c3b1cd1191c38833dcc1f60c59f5211ef9f1b2ce2969419a23aca6970cb9eaa42ddfdc7cea474a91fa4eb9b438add0be1805e681b3b7f4d1ecdf30701
7
+ data.tar.gz: 0d71230afbce25df9748cba9e621912f5183ce9a65b7ea2a6894a0f0a9088883c5e7a8a381061c832b78cda48a415b19f0c541f23147ab39f118ea3989009a8f
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.98.0 (2024-06-17)
5
+ ------------------
6
+
7
+ * Feature - Doc only update for Secrets Manager
8
+
9
+ 1.97.0 (2024-06-12)
10
+ ------------------
11
+
12
+ * Feature - Introducing RotationToken parameter for PutSecretValue API
13
+
4
14
  1.96.0 (2024-06-05)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.96.0
1
+ 1.98.0
@@ -706,9 +706,10 @@ module Aws::SecretsManager
706
706
  #
707
707
  # <b>Required permissions: </b> `secretsmanager:CreateSecret`. If you
708
708
  # include tags in the secret, you also need
709
- # `secretsmanager:TagResource`. For more information, see [ IAM policy
710
- # actions for Secrets Manager][5] and [Authentication and access control
711
- # in Secrets Manager][6].
709
+ # `secretsmanager:TagResource`. To add replica Regions, you must also
710
+ # have `secretsmanager:ReplicateSecretToRegions`. For more information,
711
+ # see [ IAM policy actions for Secrets Manager][5] and [Authentication
712
+ # and access control in Secrets Manager][6].
712
713
  #
713
714
  # To encrypt the secret with a KMS key other than `aws/secretsmanager`,
714
715
  # you need `kms:GenerateDataKey` and `kms:Decrypt` permission to the
@@ -815,6 +816,11 @@ module Aws::SecretsManager
815
816
  #
816
817
  # This parameter is not available in the Secrets Manager console.
817
818
  #
819
+ # Sensitive: This field contains sensitive information, so the service
820
+ # does not include it in CloudTrail log entries. If you create your own
821
+ # log entries, you must also avoid logging the information in this
822
+ # field.
823
+ #
818
824
  # @option params [String] :secret_string
819
825
  # The text data to encrypt and store in this new version of the secret.
820
826
  # We recommend you use a JSON structure of key/value pairs for your
@@ -829,6 +835,11 @@ module Aws::SecretsManager
829
835
  # information as a JSON structure of key/value pairs that a Lambda
830
836
  # rotation function can parse.
831
837
  #
838
+ # Sensitive: This field contains sensitive information, so the service
839
+ # does not include it in CloudTrail log entries. If you create your own
840
+ # log entries, you must also avoid logging the information in this
841
+ # field.
842
+ #
832
843
  # @option params [Array<Types::Tag>] :tags
833
844
  # A list of tags to attach to the secret. Each tag is a key and value
834
845
  # pair of strings in a JSON text string, for example:
@@ -1501,7 +1512,8 @@ module Aws::SecretsManager
1501
1512
  # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1502
1513
  #
1503
1514
  # @option params [required, String] :secret_id
1504
- # The ARN or name of the secret to retrieve.
1515
+ # The ARN or name of the secret to retrieve. To retrieve a secret from
1516
+ # another account, you must use an ARN.
1505
1517
  #
1506
1518
  # For an ARN, we recommend that you specify a complete ARN rather than a
1507
1519
  # partial ARN. See [Finding a secret from a partial ARN][1].
@@ -2009,9 +2021,9 @@ module Aws::SecretsManager
2009
2021
  #
2010
2022
  # Secrets Manager generates a CloudTrail log entry when you call this
2011
2023
  # action. Do not include sensitive information in request parameters
2012
- # except `SecretBinary` or `SecretString` because it might be logged.
2013
- # For more information, see [Logging Secrets Manager events with
2014
- # CloudTrail][1].
2024
+ # except `SecretBinary`, `SecretString`, or `RotationToken` because it
2025
+ # might be logged. For more information, see [Logging Secrets Manager
2026
+ # events with CloudTrail][1].
2015
2027
  #
2016
2028
  # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For
2017
2029
  # more information, see [ IAM policy actions for Secrets Manager][2] and
@@ -2087,6 +2099,11 @@ module Aws::SecretsManager
2087
2099
  #
2088
2100
  # You can't access this value from the Secrets Manager console.
2089
2101
  #
2102
+ # Sensitive: This field contains sensitive information, so the service
2103
+ # does not include it in CloudTrail log entries. If you create your own
2104
+ # log entries, you must also avoid logging the information in this
2105
+ # field.
2106
+ #
2090
2107
  # @option params [String] :secret_string
2091
2108
  # The text to encrypt and store in the new version of the secret.
2092
2109
  #
@@ -2095,6 +2112,11 @@ module Aws::SecretsManager
2095
2112
  # We recommend you create the secret string as JSON key/value pairs, as
2096
2113
  # shown in the example.
2097
2114
  #
2115
+ # Sensitive: This field contains sensitive information, so the service
2116
+ # does not include it in CloudTrail log entries. If you create your own
2117
+ # log entries, you must also avoid logging the information in this
2118
+ # field.
2119
+ #
2098
2120
  # @option params [Array<String>] :version_stages
2099
2121
  # A list of staging labels to attach to this version of the secret.
2100
2122
  # Secrets Manager uses staging labels to track versions of a secret
@@ -2110,6 +2132,23 @@ module Aws::SecretsManager
2110
2132
  # If you don't include `VersionStages`, then Secrets Manager
2111
2133
  # automatically moves the staging label `AWSCURRENT` to this version.
2112
2134
  #
2135
+ # @option params [String] :rotation_token
2136
+ # A unique identifier that indicates the source of the request. For
2137
+ # cross-account rotation (when you rotate a secret in one account by
2138
+ # using a Lambda rotation function in another account) and the Lambda
2139
+ # rotation function assumes an IAM role to call Secrets Manager, Secrets
2140
+ # Manager validates the identity with the rotation token. For more
2141
+ # information, see [How rotation works][1].
2142
+ #
2143
+ # Sensitive: This field contains sensitive information, so the service
2144
+ # does not include it in CloudTrail log entries. If you create your own
2145
+ # log entries, you must also avoid logging the information in this
2146
+ # field.
2147
+ #
2148
+ #
2149
+ #
2150
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
2151
+ #
2113
2152
  # @return [Types::PutSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2114
2153
  #
2115
2154
  # * {Types::PutSecretValueResponse#arn #arn} => String
@@ -2147,6 +2186,7 @@ module Aws::SecretsManager
2147
2186
  # secret_binary: "data",
2148
2187
  # secret_string: "SecretStringType",
2149
2188
  # version_stages: ["SecretVersionStageType"],
2189
+ # rotation_token: "RotationTokenType",
2150
2190
  # })
2151
2191
  #
2152
2192
  # @example Response structure
@@ -2497,7 +2537,7 @@ module Aws::SecretsManager
2497
2537
  #
2498
2538
  #
2499
2539
  #
2500
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
2540
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda-functions.html#rotate-secrets_lambda-functions-code
2501
2541
  #
2502
2542
  # @return [Types::RotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2503
2543
  #
@@ -2940,6 +2980,11 @@ module Aws::SecretsManager
2940
2980
  #
2941
2981
  # You can't access this parameter in the Secrets Manager console.
2942
2982
  #
2983
+ # Sensitive: This field contains sensitive information, so the service
2984
+ # does not include it in CloudTrail log entries. If you create your own
2985
+ # log entries, you must also avoid logging the information in this
2986
+ # field.
2987
+ #
2943
2988
  # @option params [String] :secret_string
2944
2989
  # The text data to encrypt and store in the new version of the secret.
2945
2990
  # We recommend you use a JSON structure of key/value pairs for your
@@ -2948,6 +2993,11 @@ module Aws::SecretsManager
2948
2993
  # Either `SecretBinary` or `SecretString` must have a value, but not
2949
2994
  # both.
2950
2995
  #
2996
+ # Sensitive: This field contains sensitive information, so the service
2997
+ # does not include it in CloudTrail log entries. If you create your own
2998
+ # log entries, you must also avoid logging the information in this
2999
+ # field.
3000
+ #
2951
3001
  # @return [Types::UpdateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2952
3002
  #
2953
3003
  # * {Types::UpdateSecretResponse#arn #arn} => String
@@ -3217,7 +3267,8 @@ module Aws::SecretsManager
3217
3267
  # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
3218
3268
  #
3219
3269
  # @option params [String] :secret_id
3220
- # This field is reserved for internal use.
3270
+ # The ARN or name of the secret with the resource-based policy you want
3271
+ # to validate.
3221
3272
  #
3222
3273
  # @option params [required, String] :resource_policy
3223
3274
  # A JSON-formatted string that contains an Amazon Web Services
@@ -3287,7 +3338,7 @@ module Aws::SecretsManager
3287
3338
  params: params,
3288
3339
  config: config)
3289
3340
  context[:gem_name] = 'aws-sdk-secretsmanager'
3290
- context[:gem_version] = '1.96.0'
3341
+ context[:gem_version] = '1.98.0'
3291
3342
  Seahorse::Client::Request.new(handlers, context)
3292
3343
  end
3293
3344
 
@@ -107,6 +107,7 @@ module Aws::SecretsManager
107
107
  RotationEnabledType = Shapes::BooleanShape.new(name: 'RotationEnabledType')
108
108
  RotationLambdaARNType = Shapes::StringShape.new(name: 'RotationLambdaARNType')
109
109
  RotationRulesType = Shapes::StructureShape.new(name: 'RotationRulesType')
110
+ RotationTokenType = Shapes::StringShape.new(name: 'RotationTokenType')
110
111
  ScheduleExpressionType = Shapes::StringShape.new(name: 'ScheduleExpressionType')
111
112
  SecretARNType = Shapes::StringShape.new(name: 'SecretARNType')
112
113
  SecretBinaryType = Shapes::BlobShape.new(name: 'SecretBinaryType')
@@ -343,6 +344,7 @@ module Aws::SecretsManager
343
344
  PutSecretValueRequest.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
344
345
  PutSecretValueRequest.add_member(:secret_string, Shapes::ShapeRef.new(shape: SecretStringType, location_name: "SecretString"))
345
346
  PutSecretValueRequest.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
347
+ PutSecretValueRequest.add_member(:rotation_token, Shapes::ShapeRef.new(shape: RotationTokenType, location_name: "RotationToken"))
346
348
  PutSecretValueRequest.struct_class = Types::PutSecretValueRequest
347
349
 
348
350
  PutSecretValueResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -528,6 +530,7 @@ module Aws::SecretsManager
528
530
 
529
531
  api.metadata = {
530
532
  "apiVersion" => "2017-10-17",
533
+ "auth" => ["aws.auth#sigv4"],
531
534
  "endpointPrefix" => "secretsmanager",
532
535
  "jsonVersion" => "1.1",
533
536
  "protocol" => "json",
@@ -243,6 +243,11 @@ module Aws::SecretsManager
243
243
  # both.
244
244
  #
245
245
  # This parameter is not available in the Secrets Manager console.
246
+ #
247
+ # Sensitive: This field contains sensitive information, so the service
248
+ # does not include it in CloudTrail log entries. If you create your
249
+ # own log entries, you must also avoid logging the information in this
250
+ # field.
246
251
  # @return [String]
247
252
  #
248
253
  # @!attribute [rw] secret_string
@@ -258,6 +263,11 @@ module Aws::SecretsManager
258
263
  # `SecretString` parameter. The Secrets Manager console stores the
259
264
  # information as a JSON structure of key/value pairs that a Lambda
260
265
  # rotation function can parse.
266
+ #
267
+ # Sensitive: This field contains sensitive information, so the service
268
+ # does not include it in CloudTrail log entries. If you create your
269
+ # own log entries, you must also avoid logging the information in this
270
+ # field.
261
271
  # @return [String]
262
272
  #
263
273
  # @!attribute [rw] tags
@@ -527,6 +537,8 @@ module Aws::SecretsManager
527
537
  #
528
538
  # @!attribute [rw] rotation_enabled
529
539
  # Specifies whether automatic rotation is turned on for this secret.
540
+ # If the secret has never been configured for rotation, Secrets
541
+ # Manager returns null.
530
542
  #
531
543
  # To turn on rotation, use RotateSecret. To turn off rotation, use
532
544
  # CancelRotateSecret.
@@ -861,7 +873,8 @@ module Aws::SecretsManager
861
873
  end
862
874
 
863
875
  # @!attribute [rw] secret_id
864
- # The ARN or name of the secret to retrieve.
876
+ # The ARN or name of the secret to retrieve. To retrieve a secret from
877
+ # another account, you must use an ARN.
865
878
  #
866
879
  # For an ARN, we recommend that you specify a complete ARN rather than
867
880
  # a partial ARN. See [Finding a secret from a partial ARN][1].
@@ -929,6 +942,11 @@ module Aws::SecretsManager
929
942
  # if the secret value was originally provided as a string, then this
930
943
  # field is omitted. The secret value appears in `SecretString`
931
944
  # instead.
945
+ #
946
+ # Sensitive: This field contains sensitive information, so the service
947
+ # does not include it in CloudTrail log entries. If you create your
948
+ # own log entries, you must also avoid logging the information in this
949
+ # field.
932
950
  # @return [String]
933
951
  #
934
952
  # @!attribute [rw] secret_string
@@ -938,6 +956,11 @@ module Aws::SecretsManager
938
956
  # If this secret was created by using the console, then Secrets
939
957
  # Manager stores the information as a JSON structure of key/value
940
958
  # pairs.
959
+ #
960
+ # Sensitive: This field contains sensitive information, so the service
961
+ # does not include it in CloudTrail log entries. If you create your
962
+ # own log entries, you must also avoid logging the information in this
963
+ # field.
941
964
  # @return [String]
942
965
  #
943
966
  # @!attribute [rw] version_stages
@@ -1363,6 +1386,11 @@ module Aws::SecretsManager
1363
1386
  # You must include `SecretBinary` or `SecretString`, but not both.
1364
1387
  #
1365
1388
  # You can't access this value from the Secrets Manager console.
1389
+ #
1390
+ # Sensitive: This field contains sensitive information, so the service
1391
+ # does not include it in CloudTrail log entries. If you create your
1392
+ # own log entries, you must also avoid logging the information in this
1393
+ # field.
1366
1394
  # @return [String]
1367
1395
  #
1368
1396
  # @!attribute [rw] secret_string
@@ -1372,6 +1400,11 @@ module Aws::SecretsManager
1372
1400
  #
1373
1401
  # We recommend you create the secret string as JSON key/value pairs,
1374
1402
  # as shown in the example.
1403
+ #
1404
+ # Sensitive: This field contains sensitive information, so the service
1405
+ # does not include it in CloudTrail log entries. If you create your
1406
+ # own log entries, you must also avoid logging the information in this
1407
+ # field.
1375
1408
  # @return [String]
1376
1409
  #
1377
1410
  # @!attribute [rw] version_stages
@@ -1390,6 +1423,24 @@ module Aws::SecretsManager
1390
1423
  # automatically moves the staging label `AWSCURRENT` to this version.
1391
1424
  # @return [Array<String>]
1392
1425
  #
1426
+ # @!attribute [rw] rotation_token
1427
+ # A unique identifier that indicates the source of the request. For
1428
+ # cross-account rotation (when you rotate a secret in one account by
1429
+ # using a Lambda rotation function in another account) and the Lambda
1430
+ # rotation function assumes an IAM role to call Secrets Manager,
1431
+ # Secrets Manager validates the identity with the rotation token. For
1432
+ # more information, see [How rotation works][1].
1433
+ #
1434
+ # Sensitive: This field contains sensitive information, so the service
1435
+ # does not include it in CloudTrail log entries. If you create your
1436
+ # own log entries, you must also avoid logging the information in this
1437
+ # field.
1438
+ #
1439
+ #
1440
+ #
1441
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
1442
+ # @return [String]
1443
+ #
1393
1444
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueRequest AWS API Documentation
1394
1445
  #
1395
1446
  class PutSecretValueRequest < Struct.new(
@@ -1397,8 +1448,9 @@ module Aws::SecretsManager
1397
1448
  :client_request_token,
1398
1449
  :secret_binary,
1399
1450
  :secret_string,
1400
- :version_stages)
1401
- SENSITIVE = [:secret_binary, :secret_string]
1451
+ :version_stages,
1452
+ :rotation_token)
1453
+ SENSITIVE = [:secret_binary, :secret_string, :rotation_token]
1402
1454
  include Aws::Structure
1403
1455
  end
1404
1456
 
@@ -1705,7 +1757,7 @@ module Aws::SecretsManager
1705
1757
  #
1706
1758
  #
1707
1759
  #
1708
- # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
1760
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda-functions.html#rotate-secrets_lambda-functions-code
1709
1761
  # @return [Boolean]
1710
1762
  #
1711
1763
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation
@@ -2253,6 +2305,11 @@ module Aws::SecretsManager
2253
2305
  # both.
2254
2306
  #
2255
2307
  # You can't access this parameter in the Secrets Manager console.
2308
+ #
2309
+ # Sensitive: This field contains sensitive information, so the service
2310
+ # does not include it in CloudTrail log entries. If you create your
2311
+ # own log entries, you must also avoid logging the information in this
2312
+ # field.
2256
2313
  # @return [String]
2257
2314
  #
2258
2315
  # @!attribute [rw] secret_string
@@ -2262,6 +2319,11 @@ module Aws::SecretsManager
2262
2319
  #
2263
2320
  # Either `SecretBinary` or `SecretString` must have a value, but not
2264
2321
  # both.
2322
+ #
2323
+ # Sensitive: This field contains sensitive information, so the service
2324
+ # does not include it in CloudTrail log entries. If you create your
2325
+ # own log entries, you must also avoid logging the information in this
2326
+ # field.
2265
2327
  # @return [String]
2266
2328
  #
2267
2329
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest AWS API Documentation
@@ -2365,7 +2427,8 @@ module Aws::SecretsManager
2365
2427
  end
2366
2428
 
2367
2429
  # @!attribute [rw] secret_id
2368
- # This field is reserved for internal use.
2430
+ # The ARN or name of the secret with the resource-based policy you
2431
+ # want to validate.
2369
2432
  # @return [String]
2370
2433
  #
2371
2434
  # @!attribute [rw] resource_policy
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
52
52
  # @!group service
53
53
  module Aws::SecretsManager
54
54
 
55
- GEM_VERSION = '1.96.0'
55
+ GEM_VERSION = '1.98.0'
56
56
 
57
57
  end
data/sig/client.rbs CHANGED
@@ -297,7 +297,8 @@ module Aws
297
297
  ?client_request_token: ::String,
298
298
  ?secret_binary: ::String,
299
299
  ?secret_string: ::String,
300
- ?version_stages: Array[::String]
300
+ ?version_stages: Array[::String],
301
+ ?rotation_token: ::String
301
302
  ) -> _PutSecretValueResponseSuccess
302
303
  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutSecretValueResponseSuccess
303
304
 
data/sig/types.rbs CHANGED
@@ -268,7 +268,8 @@ module Aws::SecretsManager
268
268
  attr_accessor secret_binary: ::String
269
269
  attr_accessor secret_string: ::String
270
270
  attr_accessor version_stages: ::Array[::String]
271
- SENSITIVE: [:secret_binary, :secret_string]
271
+ attr_accessor rotation_token: ::String
272
+ SENSITIVE: [:secret_binary, :secret_string, :rotation_token]
272
273
  end
273
274
 
274
275
  class PutSecretValueResponse
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-secretsmanager
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.96.0
4
+ version: 1.98.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-05 00:00:00.000000000 Z
11
+ date: 2024-06-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core