aws-sdk-secretsmanager 1.10.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 56df7596f171de9be5328c26a0317eaf9976801c
-  data.tar.gz: 7e5a87c3519a5b9f3527cf773dc0722d0399ae97
+  metadata.gz: 8e190789f96d22fa81c71669cfd8ec7c404cdd95
+  data.tar.gz: ea781d00cc5fce6a6e82fc4c00cd6cf1f5c3f21a
 SHA512:
-  metadata.gz: 92d17dd26a365cb854f44eae0fcac3138fccb2de31e7048cb86bbdc3a9fae907675bdb5bf17ee9db7e4b960a441ed88126929402afd569e84fb29c4d4d1df620
-  data.tar.gz: f28dbee1cd9b9e6c80a9c451d0d027aff5823da9cea63fe9aa177aefceabffb01a80ff010f348a8b4902771c5fc267808b49a650c230f8b26ebf3885508322ba
+  metadata.gz: '09cae827bd2bb324f21b72d4b59afe7b5412d52812c44c11047f70fb0b04de51ba7036a531531fc595168d4fff32228ca35bd5c0a07a58fe8330ed61735e5eea'
+  data.tar.gz: 713e1f3549fd1ae5af8ee263d3c134426411ee535bc8401645d05b2fd744280ec43e366869e72851bb0c51587772ae5df42291a701e800b710b1d900c9e5c005

data/lib/aws-sdk-secretsmanager.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @service
 module Aws::SecretsManager
 
-  GEM_VERSION = '1.10.0'
+  GEM_VERSION = '1.11.0'
 
 end

data/lib/aws-sdk-secretsmanager/client.rb

@@ -690,6 +690,24 @@ module Aws::SecretsManager
     #
     #   This value can range from 7 to 30 days. The default value is 30.
     #
+    # @option params [Boolean] :force_delete_without_recovery
+    #   (Optional) Specifies that the secret is to be deleted immediately
+    #   without any recovery window. You cannot use both this parameter and
+    #   the `RecoveryWindowInDays` parameter in the same API call.
+    #
+    #   An asynchronous background process performs the actual deletion, so
+    #   there can be a short delay before the operation completes. If you
+    #   write code to delete and then immediately recreate a secret with the
+    #   same name, ensure that your code includes appropriate back off and
+    #   retry logic.
+    #
+    #   Use this parameter with caution. This parameter causes the operation
+    #   to skip the normal waiting period before the permanent deletion that
+    #   AWS would normally impose with the `RecoveryWindowInDays` parameter.
+    #   If you delete a secret with the `ForceDeleteWithouRecovery` parameter,
+    #   then you have no opportunity to recover the secret. It is permanently
+    #   lost.
+    #
     # @return [Types::DeleteSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DeleteSecretResponse#arn #arn} => String
@@ -720,6 +738,7 @@ module Aws::SecretsManager
     #   resp = client.delete_secret({
     #     secret_id: "SecretIdType", # required
     #     recovery_window_in_days: 1,
+    #     force_delete_without_recovery: false,
     #   })
     #
     # @example Response structure
@@ -2125,9 +2144,9 @@ module Aws::SecretsManager
       req.send_request(options)
     end
 
-    # Modifies many of the details of a secret. If you include a
-    # `ClientRequestToken` and either `SecretString` or `SecretBinary` then
-    # it also creates a new version attached to the secret.
+    # Modifies many of the details of the specified secret. If you include a
+    # `ClientRequestToken` and *either* `SecretString` or `SecretBinary`
+    # then it also creates a new version attached to the secret.
     #
     # To modify the rotation configuration of a secret, use RotateSecret
     # instead.
@@ -2140,9 +2159,9 @@ module Aws::SecretsManager
     #  </note>
     #
     # * If a version with a `SecretVersionId` with the same value as the
-    #   `ClientRequestToken` parameter already exists, the operation
-    #   generates an error. You cannot modify an existing version, you can
-    #   only create new ones.
+    #   `ClientRequestToken` parameter already exists, the operation results
+    #   in an error. You cannot modify an existing version, you can only
+    #   create a new version.
     #
     # * If you include `SecretString` or `SecretBinary` to create a new
     #   secret version, Secrets Manager automatically attaches the staging
@@ -2200,7 +2219,7 @@ module Aws::SecretsManager
     #   ListSecretVersionIds.
     #
     # @option params [required, String] :secret_id
-    #   Specifies the secret that you want to update or to which you want to
+    #   Specifies the secret that you want to modify or to which you want to
     #   add a new version. You can specify either the Amazon Resource Name
     #   (ARN) or the friendly name of the secret.
     #
@@ -2249,28 +2268,24 @@ module Aws::SecretsManager
     #   [1]: https://wikipedia.org/wiki/Universally_unique_identifier
     #
     # @option params [String] :description
-    #   (Optional) Specifies a user-provided description of the secret.
+    #   (Optional) Specifies an updated user-provided description of the
+    #   secret.
     #
     # @option params [String] :kms_key_id
-    #   (Optional) Specifies the ARN or alias of the AWS KMS customer master
-    #   key (CMK) to be used to encrypt the protected text in the versions of
-    #   this secret.
-    #
-    #   If you don't specify this value, then Secrets Manager defaults to
-    #   using the default CMK in the account (the one named
-    #   `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't exist,
-    #   then Secrets Manager creates it for you automatically the first time
-    #   it needs to encrypt a version's `Plaintext` or `PlaintextString`
-    #   fields.
+    #   (Optional) Specifies an updated ARN or alias of the AWS KMS customer
+    #   master key (CMK) to be used to encrypt the protected text in new
+    #   versions of this secret.
     #
     #   You can only use the account's default CMK to encrypt and decrypt if
     #   you call this operation using credentials from the same account that
     #   owns the secret. If the secret is in a different account, then you
-    #   must create a custom CMK and provide the ARN in this field.
+    #   must create a custom CMK and provide the ARN of that CMK in this
+    #   field. The user making the call must have permissions to both the
+    #   secret and the CMK in their respective accounts.
     #
     # @option params [String, IO] :secret_binary
-    #   (Optional) Specifies binary data that you want to encrypt and store in
-    #   the new version of the secret. To use this parameter in the
+    #   (Optional) Specifies updated binary data that you want to encrypt and
+    #   store in the new version of the secret. To use this parameter in the
     #   command-line tools, we recommend that you store your binary data in a
     #   file and then use the appropriate technique for your tool to pass the
     #   contents of the file as a parameter. Either `SecretBinary` or
@@ -2280,8 +2295,8 @@ module Aws::SecretsManager
     #   This parameter is not accessible using the Secrets Manager console.
     #
     # @option params [String] :secret_string
-    #   (Optional) Specifies text data that you want to encrypt and store in
-    #   this new version of the secret. Either `SecretBinary` or
+    #   (Optional) Specifies updated text data that you want to encrypt and
+    #   store in this new version of the secret. Either `SecretBinary` or
     #   `SecretString` must have a value, but not both. They cannot both be
     #   empty.
     #
@@ -2301,7 +2316,12 @@ module Aws::SecretsManager
     #
     #   If your command-line tool or SDK requires quotation marks around the
     #   parameter, you should use single quotes to avoid confusion with the
-    #   double quotes required in the JSON text.
+    #   double quotes required in the JSON text. You can also 'escape' the
+    #   double quote character in the embedded JSON text by prefacing each
+    #   with a backslash. For example, the following string is surrounded by
+    #   double-quotes. All of the embedded double quotes are escaped:
+    #
+    #   `"[\{"username":"bob"\},\{"password":"abc123xyz456"\}]"`
     #
     #
     #
@@ -2461,8 +2481,8 @@ module Aws::SecretsManager
     #   labels to.
     #
     #   If any of the staging labels are already attached to a different
-    #   version of the secret, then they are removed from that version before
-    #   adding them to this version.
+    #   version of the secret, then they are automatically removed from that
+    #   version before adding them to this version.
     #
     # @return [Types::UpdateSecretVersionStageResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2560,7 +2580,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.10.0'
+      context[:gem_version] = '1.11.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-secretsmanager/client_api.rb

@@ -135,6 +135,7 @@ module Aws::SecretsManager
 
     DeleteSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
     DeleteSecretRequest.add_member(:recovery_window_in_days, Shapes::ShapeRef.new(shape: RecoveryWindowInDaysType, location_name: "RecoveryWindowInDays", metadata: {"box"=>true}))
+    DeleteSecretRequest.add_member(:force_delete_without_recovery, Shapes::ShapeRef.new(shape: BooleanType, location_name: "ForceDeleteWithoutRecovery", metadata: {"box"=>true}))
     DeleteSecretRequest.struct_class = Types::DeleteSecretRequest
 
     DeleteSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))

data/lib/aws-sdk-secretsmanager/types.rb

@@ -335,6 +335,7 @@ module Aws::SecretsManager
     #       {
     #         secret_id: "SecretIdType", # required
     #         recovery_window_in_days: 1,
+    #         force_delete_without_recovery: false,
     #       }
     #
     # @!attribute [rw] secret_id
@@ -349,11 +350,31 @@ module Aws::SecretsManager
     #   This value can range from 7 to 30 days. The default value is 30.
     #   @return [Integer]
     #
+    # @!attribute [rw] force_delete_without_recovery
+    #   (Optional) Specifies that the secret is to be deleted immediately
+    #   without any recovery window. You cannot use both this parameter and
+    #   the `RecoveryWindowInDays` parameter in the same API call.
+    #
+    #   An asynchronous background process performs the actual deletion, so
+    #   there can be a short delay before the operation completes. If you
+    #   write code to delete and then immediately recreate a secret with the
+    #   same name, ensure that your code includes appropriate back off and
+    #   retry logic.
+    #
+    #   Use this parameter with caution. This parameter causes the operation
+    #   to skip the normal waiting period before the permanent deletion that
+    #   AWS would normally impose with the `RecoveryWindowInDays` parameter.
+    #   If you delete a secret with the `ForceDeleteWithouRecovery`
+    #   parameter, then you have no opportunity to recover the secret. It is
+    #   permanently lost.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretRequest AWS API Documentation
     #
     class DeleteSecretRequest < Struct.new(
       :secret_id,
-      :recovery_window_in_days)
+      :recovery_window_in_days,
+      :force_delete_without_recovery)
       include Aws::Structure
     end
 
@@ -1555,7 +1576,7 @@ module Aws::SecretsManager
     #       }
     #
     # @!attribute [rw] secret_id
-    #   Specifies the secret that you want to update or to which you want to
+    #   Specifies the secret that you want to modify or to which you want to
     #   add a new version. You can specify either the Amazon Resource Name
     #   (ARN) or the friendly name of the secret.
     #   @return [String]
@@ -1606,42 +1627,38 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] description
-    #   (Optional) Specifies a user-provided description of the secret.
+    #   (Optional) Specifies an updated user-provided description of the
+    #   secret.
     #   @return [String]
     #
     # @!attribute [rw] kms_key_id
-    #   (Optional) Specifies the ARN or alias of the AWS KMS customer master
-    #   key (CMK) to be used to encrypt the protected text in the versions
-    #   of this secret.
-    #
-    #   If you don't specify this value, then Secrets Manager defaults to
-    #   using the default CMK in the account (the one named
-    #   `aws/secretsmanager`). If a AWS KMS CMK with that name doesn't
-    #   exist, then Secrets Manager creates it for you automatically the
-    #   first time it needs to encrypt a version's `Plaintext` or
-    #   `PlaintextString` fields.
+    #   (Optional) Specifies an updated ARN or alias of the AWS KMS customer
+    #   master key (CMK) to be used to encrypt the protected text in new
+    #   versions of this secret.
     #
     #   You can only use the account's default CMK to encrypt and decrypt
     #   if you call this operation using credentials from the same account
     #   that owns the secret. If the secret is in a different account, then
-    #   you must create a custom CMK and provide the ARN in this field.
+    #   you must create a custom CMK and provide the ARN of that CMK in this
+    #   field. The user making the call must have permissions to both the
+    #   secret and the CMK in their respective accounts.
     #   @return [String]
     #
     # @!attribute [rw] secret_binary
-    #   (Optional) Specifies binary data that you want to encrypt and store
-    #   in the new version of the secret. To use this parameter in the
-    #   command-line tools, we recommend that you store your binary data in
-    #   a file and then use the appropriate technique for your tool to pass
-    #   the contents of the file as a parameter. Either `SecretBinary` or
-    #   `SecretString` must have a value, but not both. They cannot both be
-    #   empty.
+    #   (Optional) Specifies updated binary data that you want to encrypt
+    #   and store in the new version of the secret. To use this parameter in
+    #   the command-line tools, we recommend that you store your binary data
+    #   in a file and then use the appropriate technique for your tool to
+    #   pass the contents of the file as a parameter. Either `SecretBinary`
+    #   or `SecretString` must have a value, but not both. They cannot both
+    #   be empty.
     #
     #   This parameter is not accessible using the Secrets Manager console.
     #   @return [String]
     #
     # @!attribute [rw] secret_string
-    #   (Optional) Specifies text data that you want to encrypt and store in
-    #   this new version of the secret. Either `SecretBinary` or
+    #   (Optional) Specifies updated text data that you want to encrypt and
+    #   store in this new version of the secret. Either `SecretBinary` or
     #   `SecretString` must have a value, but not both. They cannot both be
     #   empty.
     #
@@ -1661,7 +1678,12 @@ module Aws::SecretsManager
     #
     #   If your command-line tool or SDK requires quotation marks around the
     #   parameter, you should use single quotes to avoid confusion with the
-    #   double quotes required in the JSON text.
+    #   double quotes required in the JSON text. You can also 'escape' the
+    #   double quote character in the embedded JSON text by prefacing each
+    #   with a backslash. For example, the following string is surrounded by
+    #   double-quotes. All of the embedded double quotes are escaped:
+    #
+    #   `"[\{"username":"bob"\},\{"password":"abc123xyz456"\}]"`
     #
     #
     #
@@ -1681,7 +1703,7 @@ module Aws::SecretsManager
     end
 
     # @!attribute [rw] arn
-    #   The ARN of this secret.
+    #   The ARN of the secret that was updated.
     #
     #   <note markdown="1"> Secrets Manager automatically adds several random characters to the
     #   name at the end of the ARN when you initially create a secret. This
@@ -1695,12 +1717,12 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The friendly name of this secret.
+    #   The friendly name of the secret that was updated.
     #   @return [String]
     #
     # @!attribute [rw] version_id
-    #   If a version of the secret was created or updated by this operation,
-    #   then its unique identifier is returned.
+    #   If a new version of the secret was created by this operation, then
+    #   `VersionId` contains the unique identifier of the new version.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretResponse AWS API Documentation
@@ -1751,8 +1773,8 @@ module Aws::SecretsManager
     #   labels to.
     #
     #   If any of the staging labels are already attached to a different
-    #   version of the secret, then they are removed from that version
-    #   before adding them to this version.
+    #   version of the secret, then they are automatically removed from that
+    #   version before adding them to this version.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageRequest AWS API Documentation

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.11.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-29 00:00:00.000000000 Z
+date: 2018-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core