aws-sdk-secretsmanager 1.96.0 → 1.98.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c07259d06cd9a081b31221026760fe2a421ea89a3a0cb3d31f06df8967653d16
-  data.tar.gz: e4099395d84943e48ee35b957076581416f7dfa4461b0610831b26135ecf6e02
+  metadata.gz: f3605effa6a20d18e4f8bb084261b8b85b7301ad82c1146f22821c0117865ced
+  data.tar.gz: 4c41605ee1af01cef296ebe47d4ebd4112ae77ee872f05be93fe4bcf04f4adda
 SHA512:
-  metadata.gz: e027690cf01d4d39b39cb80ce425a781742869bed06f71a899a16ddb6925b6ce079119f64fd9dd6a3773f0b0da74c6f89c70c9886ed049f0cf47e66278e95f43
-  data.tar.gz: 46927511c25aa15c34f24908ab963418a4b76621ea895bf3eeaabe8a5b1ab534717a26bbc7aa7c027b6ecd0b6f3961f4168c66ced0563cc32f3533f087ab0b1e
+  metadata.gz: e2c3b93c3b1cd1191c38833dcc1f60c59f5211ef9f1b2ce2969419a23aca6970cb9eaa42ddfdc7cea474a91fa4eb9b438add0be1805e681b3b7f4d1ecdf30701
+  data.tar.gz: 0d71230afbce25df9748cba9e621912f5183ce9a65b7ea2a6894a0f0a9088883c5e7a8a381061c832b78cda48a415b19f0c541f23147ab39f118ea3989009a8f

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.98.0 (2024-06-17)
+------------------
+
+* Feature - Doc only update for Secrets Manager
+
+1.97.0 (2024-06-12)
+------------------
+
+* Feature - Introducing RotationToken parameter for PutSecretValue API
+
 1.96.0 (2024-06-05)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.96.0
+1.98.0

data/lib/aws-sdk-secretsmanager/client.rb

@@ -706,9 +706,10 @@ module Aws::SecretsManager
     #
     # <b>Required permissions: </b> `secretsmanager:CreateSecret`. If you
     # include tags in the secret, you also need
-    # `secretsmanager:TagResource`. For more information, see [ IAM policy
-    # actions for Secrets Manager][5] and [Authentication and access control
-    # in Secrets Manager][6].
+    # `secretsmanager:TagResource`. To add replica Regions, you must also
+    # have `secretsmanager:ReplicateSecretToRegions`. For more information,
+    # see [ IAM policy actions for Secrets Manager][5] and [Authentication
+    # and access control in Secrets Manager][6].
     #
     # To encrypt the secret with a KMS key other than `aws/secretsmanager`,
     # you need `kms:GenerateDataKey` and `kms:Decrypt` permission to the
@@ -815,6 +816,11 @@ module Aws::SecretsManager
     #
     #   This parameter is not available in the Secrets Manager console.
     #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your own
+    #   log entries, you must also avoid logging the information in this
+    #   field.
+    #
     # @option params [String] :secret_string
     #   The text data to encrypt and store in this new version of the secret.
     #   We recommend you use a JSON structure of key/value pairs for your
@@ -829,6 +835,11 @@ module Aws::SecretsManager
     #   information as a JSON structure of key/value pairs that a Lambda
     #   rotation function can parse.
     #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your own
+    #   log entries, you must also avoid logging the information in this
+    #   field.
+    #
     # @option params [Array<Types::Tag>] :tags
     #   A list of tags to attach to the secret. Each tag is a key and value
     #   pair of strings in a JSON text string, for example:
@@ -1501,7 +1512,8 @@ module Aws::SecretsManager
     # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
-    #   The ARN or name of the secret to retrieve.
+    #   The ARN or name of the secret to retrieve. To retrieve a secret from
+    #   another account, you must use an ARN.
     #
     #   For an ARN, we recommend that you specify a complete ARN rather than a
     #   partial ARN. See [Finding a secret from a partial ARN][1].
@@ -2009,9 +2021,9 @@ module Aws::SecretsManager
     #
     # Secrets Manager generates a CloudTrail log entry when you call this
     # action. Do not include sensitive information in request parameters
-    # except `SecretBinary` or `SecretString` because it might be logged.
-    # For more information, see [Logging Secrets Manager events with
-    # CloudTrail][1].
+    # except `SecretBinary`, `SecretString`, or `RotationToken` because it
+    # might be logged. For more information, see [Logging Secrets Manager
+    # events with CloudTrail][1].
     #
     # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For
     # more information, see [ IAM policy actions for Secrets Manager][2] and
@@ -2087,6 +2099,11 @@ module Aws::SecretsManager
     #
     #   You can't access this value from the Secrets Manager console.
     #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your own
+    #   log entries, you must also avoid logging the information in this
+    #   field.
+    #
     # @option params [String] :secret_string
     #   The text to encrypt and store in the new version of the secret.
     #
@@ -2095,6 +2112,11 @@ module Aws::SecretsManager
     #   We recommend you create the secret string as JSON key/value pairs, as
     #   shown in the example.
     #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your own
+    #   log entries, you must also avoid logging the information in this
+    #   field.
+    #
     # @option params [Array<String>] :version_stages
     #   A list of staging labels to attach to this version of the secret.
     #   Secrets Manager uses staging labels to track versions of a secret
@@ -2110,6 +2132,23 @@ module Aws::SecretsManager
     #   If you don't include `VersionStages`, then Secrets Manager
     #   automatically moves the staging label `AWSCURRENT` to this version.
     #
+    # @option params [String] :rotation_token
+    #   A unique identifier that indicates the source of the request. For
+    #   cross-account rotation (when you rotate a secret in one account by
+    #   using a Lambda rotation function in another account) and the Lambda
+    #   rotation function assumes an IAM role to call Secrets Manager, Secrets
+    #   Manager validates the identity with the rotation token. For more
+    #   information, see [How rotation works][1].
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your own
+    #   log entries, you must also avoid logging the information in this
+    #   field.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
+    #
     # @return [Types::PutSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::PutSecretValueResponse#arn #arn} => String
@@ -2147,6 +2186,7 @@ module Aws::SecretsManager
     #     secret_binary: "data",
     #     secret_string: "SecretStringType",
     #     version_stages: ["SecretVersionStageType"],
+    #     rotation_token: "RotationTokenType",
     #   })
     #
     # @example Response structure
@@ -2497,7 +2537,7 @@ module Aws::SecretsManager
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda-functions.html#rotate-secrets_lambda-functions-code
     #
     # @return [Types::RotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2940,6 +2980,11 @@ module Aws::SecretsManager
     #
     #   You can't access this parameter in the Secrets Manager console.
     #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your own
+    #   log entries, you must also avoid logging the information in this
+    #   field.
+    #
     # @option params [String] :secret_string
     #   The text data to encrypt and store in the new version of the secret.
     #   We recommend you use a JSON structure of key/value pairs for your
@@ -2948,6 +2993,11 @@ module Aws::SecretsManager
     #   Either `SecretBinary` or `SecretString` must have a value, but not
     #   both.
     #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your own
+    #   log entries, you must also avoid logging the information in this
+    #   field.
+    #
     # @return [Types::UpdateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateSecretResponse#arn #arn} => String
@@ -3217,7 +3267,8 @@ module Aws::SecretsManager
     # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [String] :secret_id
-    #   This field is reserved for internal use.
+    #   The ARN or name of the secret with the resource-based policy you want
+    #   to validate.
     #
     # @option params [required, String] :resource_policy
     #   A JSON-formatted string that contains an Amazon Web Services
@@ -3287,7 +3338,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.96.0'
+      context[:gem_version] = '1.98.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-secretsmanager/client_api.rb

@@ -107,6 +107,7 @@ module Aws::SecretsManager
     RotationEnabledType = Shapes::BooleanShape.new(name: 'RotationEnabledType')
     RotationLambdaARNType = Shapes::StringShape.new(name: 'RotationLambdaARNType')
     RotationRulesType = Shapes::StructureShape.new(name: 'RotationRulesType')
+    RotationTokenType = Shapes::StringShape.new(name: 'RotationTokenType')
     ScheduleExpressionType = Shapes::StringShape.new(name: 'ScheduleExpressionType')
     SecretARNType = Shapes::StringShape.new(name: 'SecretARNType')
     SecretBinaryType = Shapes::BlobShape.new(name: 'SecretBinaryType')
@@ -343,6 +344,7 @@ module Aws::SecretsManager
     PutSecretValueRequest.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
     PutSecretValueRequest.add_member(:secret_string, Shapes::ShapeRef.new(shape: SecretStringType, location_name: "SecretString"))
     PutSecretValueRequest.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
+    PutSecretValueRequest.add_member(:rotation_token, Shapes::ShapeRef.new(shape: RotationTokenType, location_name: "RotationToken"))
     PutSecretValueRequest.struct_class = Types::PutSecretValueRequest
 
     PutSecretValueResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -528,6 +530,7 @@ module Aws::SecretsManager
 
       api.metadata = {
         "apiVersion" => "2017-10-17",
+        "auth" => ["aws.auth#sigv4"],
         "endpointPrefix" => "secretsmanager",
         "jsonVersion" => "1.1",
         "protocol" => "json",

data/lib/aws-sdk-secretsmanager/types.rb

@@ -243,6 +243,11 @@ module Aws::SecretsManager
     #   both.
     #
     #   This parameter is not available in the Secrets Manager console.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -258,6 +263,11 @@ module Aws::SecretsManager
     #   `SecretString` parameter. The Secrets Manager console stores the
     #   information as a JSON structure of key/value pairs that a Lambda
     #   rotation function can parse.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] tags
@@ -527,6 +537,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] rotation_enabled
     #   Specifies whether automatic rotation is turned on for this secret.
+    #   If the secret has never been configured for rotation, Secrets
+    #   Manager returns null.
     #
     #   To turn on rotation, use RotateSecret. To turn off rotation, use
     #   CancelRotateSecret.
@@ -861,7 +873,8 @@ module Aws::SecretsManager
     end
 
     # @!attribute [rw] secret_id
-    #   The ARN or name of the secret to retrieve.
+    #   The ARN or name of the secret to retrieve. To retrieve a secret from
+    #   another account, you must use an ARN.
     #
     #   For an ARN, we recommend that you specify a complete ARN rather than
     #   a partial ARN. See [Finding a secret from a partial ARN][1].
@@ -929,6 +942,11 @@ module Aws::SecretsManager
     #   if the secret value was originally provided as a string, then this
     #   field is omitted. The secret value appears in `SecretString`
     #   instead.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -938,6 +956,11 @@ module Aws::SecretsManager
     #   If this secret was created by using the console, then Secrets
     #   Manager stores the information as a JSON structure of key/value
     #   pairs.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] version_stages
@@ -1363,6 +1386,11 @@ module Aws::SecretsManager
     #   You must include `SecretBinary` or `SecretString`, but not both.
     #
     #   You can't access this value from the Secrets Manager console.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -1372,6 +1400,11 @@ module Aws::SecretsManager
     #
     #   We recommend you create the secret string as JSON key/value pairs,
     #   as shown in the example.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] version_stages
@@ -1390,6 +1423,24 @@ module Aws::SecretsManager
     #   automatically moves the staging label `AWSCURRENT` to this version.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] rotation_token
+    #   A unique identifier that indicates the source of the request. For
+    #   cross-account rotation (when you rotate a secret in one account by
+    #   using a Lambda rotation function in another account) and the Lambda
+    #   rotation function assumes an IAM role to call Secrets Manager,
+    #   Secrets Manager validates the identity with the rotation token. For
+    #   more information, see [How rotation works][1].
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueRequest AWS API Documentation
     #
     class PutSecretValueRequest < Struct.new(
@@ -1397,8 +1448,9 @@ module Aws::SecretsManager
       :client_request_token,
       :secret_binary,
       :secret_string,
-      :version_stages)
-      SENSITIVE = [:secret_binary, :secret_string]
+      :version_stages,
+      :rotation_token)
+      SENSITIVE = [:secret_binary, :secret_string, :rotation_token]
       include Aws::Structure
     end
 
@@ -1705,7 +1757,7 @@ module Aws::SecretsManager
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda-functions.html#rotate-secrets_lambda-functions-code
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation
@@ -2253,6 +2305,11 @@ module Aws::SecretsManager
     #   both.
     #
     #   You can't access this parameter in the Secrets Manager console.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
@@ -2262,6 +2319,11 @@ module Aws::SecretsManager
     #
     #   Either `SecretBinary` or `SecretString` must have a value, but not
     #   both.
+    #
+    #   Sensitive: This field contains sensitive information, so the service
+    #   does not include it in CloudTrail log entries. If you create your
+    #   own log entries, you must also avoid logging the information in this
+    #   field.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest AWS API Documentation
@@ -2365,7 +2427,8 @@ module Aws::SecretsManager
     end
 
     # @!attribute [rw] secret_id
-    #   This field is reserved for internal use.
+    #   The ARN or name of the secret with the resource-based policy you
+    #   want to validate.
     #   @return [String]
     #
     # @!attribute [rw] resource_policy

data/lib/aws-sdk-secretsmanager.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @!group service
 module Aws::SecretsManager
 
-  GEM_VERSION = '1.96.0'
+  GEM_VERSION = '1.98.0'
 
 end

data/sig/client.rbs

@@ -297,7 +297,8 @@ module Aws
                               ?client_request_token: ::String,
                               ?secret_binary: ::String,
                               ?secret_string: ::String,
-                              ?version_stages: Array[::String]
+                              ?version_stages: Array[::String],
+                              ?rotation_token: ::String
                             ) -> _PutSecretValueResponseSuccess
                           | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutSecretValueResponseSuccess
 

data/sig/types.rbs

@@ -268,7 +268,8 @@ module Aws::SecretsManager
       attr_accessor secret_binary: ::String
       attr_accessor secret_string: ::String
       attr_accessor version_stages: ::Array[::String]
-      SENSITIVE: [:secret_binary, :secret_string]
+      attr_accessor rotation_token: ::String
+      SENSITIVE: [:secret_binary, :secret_string, :rotation_token]
     end
 
     class PutSecretValueResponse

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.96.0
+  version: 1.98.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-05 00:00:00.000000000 Z
+date: 2024-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core