aws-sdk-secretsmanager 1.122.0 → 1.123.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ac9387798ab66643c4bb52a92d749460d1259c5b217a4a68f0bcef716352bed
-  data.tar.gz: 4b08ef28323601d8f694444659dcfae993c6c3b83a7d72212461f4810d578ae0
+  metadata.gz: 912160e1a7f4587439c33991739c760d3f965fad20a9eb2c515b21ea763f2499
+  data.tar.gz: 8ffae67768ebea011e1e4c33700d3beb955d4e6484fc736974bb4a5dfa446d30
 SHA512:
-  metadata.gz: 7a541c307113aef51503ed6e9f164bd2a02736353d755a1c438641fc7fc21e1cbbdf2f73487157907a2e7de91be8c2b9b8b28ca19e061cf493d62a0de2c3eda4
-  data.tar.gz: e2ddc12dfdc86dac3bd73faa2b8493b2ecd93f5a78e88b877f15ab28f16813cc589427ac4487ada1c2d7b6f8e7ecd04728860823c8bde8b4ccfa16001fe1dcbf
+  metadata.gz: 7ac67bd7879e195397ce74b7ef42568cf5920660f65c76f746845cef955e120c45b7190c8395dc50d25994194d4d36f86aad2c67604273e5becc9c9a3bdc1b64
+  data.tar.gz: e4d21654c32140380096eefe39ac021256406dff557f1f3e096734eb8a1b51981b15cd4cb37b27a1ee28d1b87af251ec41c91ee95a92453e917288b16d813e58

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.123.0 (2025-11-19)
+------------------
+
+* Feature - Adds support to create, update, retrieve, rotate, and delete managed external secrets.
+
 1.122.0 (2025-10-27)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.122.0
+1.123.0

data/lib/aws-sdk-secretsmanager/client.rb

@@ -947,6 +947,15 @@ module Aws::SecretsManager
     #   Specifies whether to overwrite a secret with the same name in the
     #   destination Region. By default, secrets aren't overwritten.
     #
+    # @option params [String] :type
+    #   The exact string that identifies the partner that holds the external
+    #   secret. For more information, see [Using Secrets Manager managed
+    #   external secrets][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/managed-external-secrets.html
+    #
     # @return [Types::CreateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateSecretResponse#arn #arn} => String
@@ -996,6 +1005,7 @@ module Aws::SecretsManager
     #       },
     #     ],
     #     force_overwrite_replica_secret: false,
+    #     type: "MedeaTypeType",
     #   })
     #
     # @example Response structure
@@ -1257,11 +1267,14 @@ module Aws::SecretsManager
     #
     #   * {Types::DescribeSecretResponse#arn #arn} => String
     #   * {Types::DescribeSecretResponse#name #name} => String
+    #   * {Types::DescribeSecretResponse#type #type} => String
     #   * {Types::DescribeSecretResponse#description #description} => String
     #   * {Types::DescribeSecretResponse#kms_key_id #kms_key_id} => String
     #   * {Types::DescribeSecretResponse#rotation_enabled #rotation_enabled} => Boolean
     #   * {Types::DescribeSecretResponse#rotation_lambda_arn #rotation_lambda_arn} => String
     #   * {Types::DescribeSecretResponse#rotation_rules #rotation_rules} => Types::RotationRulesType
+    #   * {Types::DescribeSecretResponse#external_secret_rotation_metadata #external_secret_rotation_metadata} => Array<Types::ExternalSecretRotationMetadataItem>
+    #   * {Types::DescribeSecretResponse#external_secret_rotation_role_arn #external_secret_rotation_role_arn} => String
     #   * {Types::DescribeSecretResponse#last_rotated_date #last_rotated_date} => Time
     #   * {Types::DescribeSecretResponse#last_changed_date #last_changed_date} => Time
     #   * {Types::DescribeSecretResponse#last_accessed_date #last_accessed_date} => Time
@@ -1330,6 +1343,7 @@ module Aws::SecretsManager
     #
     #   resp.arn #=> String
     #   resp.name #=> String
+    #   resp.type #=> String
     #   resp.description #=> String
     #   resp.kms_key_id #=> String
     #   resp.rotation_enabled #=> Boolean
@@ -1337,6 +1351,10 @@ module Aws::SecretsManager
     #   resp.rotation_rules.automatically_after_days #=> Integer
     #   resp.rotation_rules.duration #=> String
     #   resp.rotation_rules.schedule_expression #=> String
+    #   resp.external_secret_rotation_metadata #=> Array
+    #   resp.external_secret_rotation_metadata[0].key #=> String
+    #   resp.external_secret_rotation_metadata[0].value #=> String
+    #   resp.external_secret_rotation_role_arn #=> String
     #   resp.last_rotated_date #=> Time
     #   resp.last_changed_date #=> Time
     #   resp.last_accessed_date #=> Time
@@ -1916,6 +1934,7 @@ module Aws::SecretsManager
     #   resp.secret_list #=> Array
     #   resp.secret_list[0].arn #=> String
     #   resp.secret_list[0].name #=> String
+    #   resp.secret_list[0].type #=> String
     #   resp.secret_list[0].description #=> String
     #   resp.secret_list[0].kms_key_id #=> String
     #   resp.secret_list[0].rotation_enabled #=> Boolean
@@ -1923,6 +1942,10 @@ module Aws::SecretsManager
     #   resp.secret_list[0].rotation_rules.automatically_after_days #=> Integer
     #   resp.secret_list[0].rotation_rules.duration #=> String
     #   resp.secret_list[0].rotation_rules.schedule_expression #=> String
+    #   resp.secret_list[0].external_secret_rotation_metadata #=> Array
+    #   resp.secret_list[0].external_secret_rotation_metadata[0].key #=> String
+    #   resp.secret_list[0].external_secret_rotation_metadata[0].value #=> String
+    #   resp.secret_list[0].external_secret_rotation_role_arn #=> String
     #   resp.secret_list[0].last_rotated_date #=> Time
     #   resp.secret_list[0].last_changed_date #=> Time
     #   resp.secret_list[0].last_accessed_date #=> Time
@@ -2056,18 +2079,17 @@ module Aws::SecretsManager
       req.send_request(options)
     end
 
-    # Creates a new version with a new encrypted secret value and attaches
-    # it to the secret. The version can contain a new `SecretString` value
-    # or a new `SecretBinary` value.
-    #
-    # We recommend you avoid calling `PutSecretValue` at a sustained rate of
-    # more than once every 10 minutes. When you update the secret value,
-    # Secrets Manager creates a new version of the secret. Secrets Manager
-    # removes outdated versions when there are more than 100, but it does
-    # not remove versions created less than 24 hours ago. If you call
-    # `PutSecretValue` more than once every 10 minutes, you create more
-    # versions than Secrets Manager removes, and you will reach the quota
-    # for secret versions.
+    # Creates a new version of your secret by creating a new encrypted value
+    # and attaching it to the secret. version can contain a new
+    # `SecretString` value or a new `SecretBinary` value.
+    #
+    # Do not call `PutSecretValue` at a sustained rate of more than once
+    # every 10 minutes. When you update the secret value, Secrets Manager
+    # creates a new version of the secret. Secrets Manager keeps 100 of the
+    # most recent versions, but it keeps *all* secret versions created in
+    # the last 24 hours. If you call `PutSecretValue` more than once every
+    # 10 minutes, you will create more versions than Secrets Manager
+    # removes, and you will reach the quota for secret versions.
     #
     # You can specify the staging labels to attach to the new version in
     # `VersionStages`. If you don't include `VersionStages`, then Secrets
@@ -2207,12 +2229,14 @@ module Aws::SecretsManager
     #   automatically moves the staging label `AWSCURRENT` to this version.
     #
     # @option params [String] :rotation_token
-    #   A unique identifier that indicates the source of the request. For
-    #   cross-account rotation (when you rotate a secret in one account by
-    #   using a Lambda rotation function in another account) and the Lambda
-    #   rotation function assumes an IAM role to call Secrets Manager, Secrets
-    #   Manager validates the identity with the rotation token. For more
-    #   information, see [How rotation works][1].
+    #   A unique identifier that indicates the source of the request. Required
+    #   for secret rotations using an IAM assumed role or cross-account
+    #   rotation, in which you rotate a secret in one account by using a
+    #   Lambda rotation function in another account. In both cases, the
+    #   rotation function assumes an IAM role to call Secrets Manager, and
+    #   then Secrets Manager validates the identity using the token. For more
+    #   information, see [How rotation works][1] and [Rotation by Lambda
+    #   functions][2].
     #
     #   Sensitive: This field contains sensitive information, so the service
     #   does not include it in CloudTrail log entries. If you create your own
@@ -2222,6 +2246,7 @@ module Aws::SecretsManager
     #
     #
     #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
+    #   [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda
     #
     # @return [Types::PutSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2596,22 +2621,62 @@ module Aws::SecretsManager
     # @option params [Types::RotationRulesType] :rotation_rules
     #   A structure that defines the rotation configuration for this secret.
     #
+    #   When changing an existing rotation schedule and setting
+    #   `RotateImmediately` to `false`:
+    #
+    #    * If using `AutomaticallyAfterDays` or a `ScheduleExpression` with
+    #     `rate()`, the previously scheduled rotation might still occur.
+    #
+    #   * To prevent unintended rotations, use a `ScheduleExpression` with
+    #     `cron()` for granular control over rotation windows.
+    #
+    # @option params [Array<Types::ExternalSecretRotationMetadataItem>] :external_secret_rotation_metadata
+    #   The metadata needed to successfully rotate a managed external secret.
+    #   A list of key value pairs in JSON format specified by the partner. For
+    #   more information about the required information, see [Using Secrets
+    #   Manager managed external secrets][1]
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/managed-external-secrets.html
+    #
+    # @option params [String] :external_secret_rotation_role_arn
+    #   The Amazon Resource Name (ARN) of the role that allows Secrets Manager
+    #   to rotate a secret held by a third-party partner. For more
+    #   information, see [Security and permissions][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-security.html
+    #
     # @option params [Boolean] :rotate_immediately
     #   Specifies whether to rotate the secret immediately or wait until the
     #   next scheduled rotation window. The rotation schedule is defined in
     #   RotateSecretRequest$RotationRules.
     #
-    #   For secrets that use a Lambda rotation function to rotate, if you
-    #   don't immediately rotate the secret, Secrets Manager tests the
+    #   The default for `RotateImmediately` is `true`. If you don't specify
+    #   this value, Secrets Manager rotates the secret immediately.
+    #
+    #   If you set `RotateImmediately` to `false`, Secrets Manager tests the
     #   rotation configuration by running the [ `testSecret` step][1] of the
-    #   Lambda rotation function. The test creates an `AWSPENDING` version of
+    #   Lambda rotation function. This test creates an `AWSPENDING` version of
     #   the secret and then removes it.
     #
-    #   By default, Secrets Manager rotates the secret immediately.
+    #   When changing an existing rotation schedule and setting
+    #   `RotateImmediately` to `false`:
+    #
+    #   * If using `AutomaticallyAfterDays` or a `ScheduleExpression` with
+    #     `rate()`, the previously scheduled rotation might still occur.
     #
+    #   * To prevent unintended rotations, use a `ScheduleExpression` with
+    #     `cron()` for granular control over rotation windows.
     #
+    #   Rotation is an asynchronous process. For more information, see [How
+    #   rotation works][1].
     #
-    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda-functions.html#rotate-secrets_lambda-functions-code
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
     #
     # @return [Types::RotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2669,6 +2734,13 @@ module Aws::SecretsManager
     #       duration: "DurationType",
     #       schedule_expression: "ScheduleExpressionType",
     #     },
+    #     external_secret_rotation_metadata: [
+    #       {
+    #         key: "ExternalSecretRotationMetadataItemKeyType",
+    #         value: "ExternalSecretRotationMetadataItemValueType",
+    #       },
+    #     ],
+    #     external_secret_rotation_role_arn: "RoleARNType",
     #     rotate_immediately: false,
     #   })
     #
@@ -2710,7 +2782,9 @@ module Aws::SecretsManager
     # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
-    #   The ARN of the primary secret.
+    #   The name of the secret or the replica ARN. The replica ARN is the same
+    #   as the original primary secret ARN expect the Region is changed to the
+    #   replica Region.
     #
     # @return [Types::StopReplicationToReplicaResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -3079,6 +3153,15 @@ module Aws::SecretsManager
     #   log entries, you must also avoid logging the information in this
     #   field.
     #
+    # @option params [String] :type
+    #   The exact string that identifies the third-party partner that holds
+    #   the external secret. For more information, see [Managed external
+    #   secret partners][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html
+    #
     # @return [Types::UpdateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateSecretResponse#arn #arn} => String
@@ -3144,6 +3227,7 @@ module Aws::SecretsManager
     #     kms_key_id: "KmsKeyIdType",
     #     secret_binary: "data",
     #     secret_string: "SecretStringType",
+    #     type: "MedeaTypeType",
     #   })
     #
     # @example Response structure
@@ -3424,7 +3508,7 @@ module Aws::SecretsManager
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.122.0'
+      context[:gem_version] = '1.123.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-secretsmanager/client_api.rb

@@ -46,6 +46,10 @@ module Aws::SecretsManager
     ExcludeNumbersType = Shapes::BooleanShape.new(name: 'ExcludeNumbersType')
     ExcludePunctuationType = Shapes::BooleanShape.new(name: 'ExcludePunctuationType')
     ExcludeUppercaseType = Shapes::BooleanShape.new(name: 'ExcludeUppercaseType')
+    ExternalSecretRotationMetadataItem = Shapes::StructureShape.new(name: 'ExternalSecretRotationMetadataItem')
+    ExternalSecretRotationMetadataItemKeyType = Shapes::StringShape.new(name: 'ExternalSecretRotationMetadataItemKeyType')
+    ExternalSecretRotationMetadataItemValueType = Shapes::StringShape.new(name: 'ExternalSecretRotationMetadataItemValueType')
+    ExternalSecretRotationMetadataType = Shapes::ListShape.new(name: 'ExternalSecretRotationMetadataType')
     Filter = Shapes::StructureShape.new(name: 'Filter')
     FilterNameStringType = Shapes::StringShape.new(name: 'FilterNameStringType')
     FilterValueStringType = Shapes::StringShape.new(name: 'FilterValueStringType')
@@ -75,6 +79,7 @@ module Aws::SecretsManager
     MalformedPolicyDocumentException = Shapes::StructureShape.new(name: 'MalformedPolicyDocumentException')
     MaxResultsBatchType = Shapes::IntegerShape.new(name: 'MaxResultsBatchType')
     MaxResultsType = Shapes::IntegerShape.new(name: 'MaxResultsType')
+    MedeaTypeType = Shapes::StringShape.new(name: 'MedeaTypeType')
     NameType = Shapes::StringShape.new(name: 'NameType')
     NextRotationDateType = Shapes::TimestampShape.new(name: 'NextRotationDateType')
     NextTokenType = Shapes::StringShape.new(name: 'NextTokenType')
@@ -103,6 +108,7 @@ module Aws::SecretsManager
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     RestoreSecretRequest = Shapes::StructureShape.new(name: 'RestoreSecretRequest')
     RestoreSecretResponse = Shapes::StructureShape.new(name: 'RestoreSecretResponse')
+    RoleARNType = Shapes::StringShape.new(name: 'RoleARNType')
     RotateSecretRequest = Shapes::StructureShape.new(name: 'RotateSecretRequest')
     RotateSecretResponse = Shapes::StructureShape.new(name: 'RotateSecretResponse')
     RotationEnabledType = Shapes::BooleanShape.new(name: 'RotationEnabledType')
@@ -185,6 +191,7 @@ module Aws::SecretsManager
     CreateSecretRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagListType, location_name: "Tags"))
     CreateSecretRequest.add_member(:add_replica_regions, Shapes::ShapeRef.new(shape: AddReplicaRegionListType, location_name: "AddReplicaRegions"))
     CreateSecretRequest.add_member(:force_overwrite_replica_secret, Shapes::ShapeRef.new(shape: BooleanType, location_name: "ForceOverwriteReplicaSecret"))
+    CreateSecretRequest.add_member(:type, Shapes::ShapeRef.new(shape: MedeaTypeType, location_name: "Type"))
     CreateSecretRequest.struct_class = Types::CreateSecretRequest
 
     CreateSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -218,11 +225,14 @@ module Aws::SecretsManager
 
     DescribeSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
     DescribeSecretResponse.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
+    DescribeSecretResponse.add_member(:type, Shapes::ShapeRef.new(shape: MedeaTypeType, location_name: "Type"))
     DescribeSecretResponse.add_member(:description, Shapes::ShapeRef.new(shape: DescriptionType, location_name: "Description"))
     DescribeSecretResponse.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyIdType, location_name: "KmsKeyId"))
     DescribeSecretResponse.add_member(:rotation_enabled, Shapes::ShapeRef.new(shape: RotationEnabledType, location_name: "RotationEnabled", metadata: {"box" => true}))
     DescribeSecretResponse.add_member(:rotation_lambda_arn, Shapes::ShapeRef.new(shape: RotationLambdaARNType, location_name: "RotationLambdaARN"))
     DescribeSecretResponse.add_member(:rotation_rules, Shapes::ShapeRef.new(shape: RotationRulesType, location_name: "RotationRules"))
+    DescribeSecretResponse.add_member(:external_secret_rotation_metadata, Shapes::ShapeRef.new(shape: ExternalSecretRotationMetadataType, location_name: "ExternalSecretRotationMetadata"))
+    DescribeSecretResponse.add_member(:external_secret_rotation_role_arn, Shapes::ShapeRef.new(shape: RoleARNType, location_name: "ExternalSecretRotationRoleArn"))
     DescribeSecretResponse.add_member(:last_rotated_date, Shapes::ShapeRef.new(shape: LastRotatedDateType, location_name: "LastRotatedDate", metadata: {"box" => true}))
     DescribeSecretResponse.add_member(:last_changed_date, Shapes::ShapeRef.new(shape: LastChangedDateType, location_name: "LastChangedDate", metadata: {"box" => true}))
     DescribeSecretResponse.add_member(:last_accessed_date, Shapes::ShapeRef.new(shape: LastAccessedDateType, location_name: "LastAccessedDate", metadata: {"box" => true}))
@@ -239,6 +249,12 @@ module Aws::SecretsManager
     EncryptionFailure.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     EncryptionFailure.struct_class = Types::EncryptionFailure
 
+    ExternalSecretRotationMetadataItem.add_member(:key, Shapes::ShapeRef.new(shape: ExternalSecretRotationMetadataItemKeyType, location_name: "Key"))
+    ExternalSecretRotationMetadataItem.add_member(:value, Shapes::ShapeRef.new(shape: ExternalSecretRotationMetadataItemValueType, location_name: "Value"))
+    ExternalSecretRotationMetadataItem.struct_class = Types::ExternalSecretRotationMetadataItem
+
+    ExternalSecretRotationMetadataType.member = Shapes::ShapeRef.new(shape: ExternalSecretRotationMetadataItem)
+
     Filter.add_member(:key, Shapes::ShapeRef.new(shape: FilterNameStringType, location_name: "Key"))
     Filter.add_member(:values, Shapes::ShapeRef.new(shape: FilterValuesStringList, location_name: "Values"))
     Filter.struct_class = Types::Filter
@@ -403,6 +419,8 @@ module Aws::SecretsManager
     RotateSecretRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: ClientRequestTokenType, location_name: "ClientRequestToken", metadata: {"idempotencyToken" => true}))
     RotateSecretRequest.add_member(:rotation_lambda_arn, Shapes::ShapeRef.new(shape: RotationLambdaARNType, location_name: "RotationLambdaARN"))
     RotateSecretRequest.add_member(:rotation_rules, Shapes::ShapeRef.new(shape: RotationRulesType, location_name: "RotationRules"))
+    RotateSecretRequest.add_member(:external_secret_rotation_metadata, Shapes::ShapeRef.new(shape: ExternalSecretRotationMetadataType, location_name: "ExternalSecretRotationMetadata"))
+    RotateSecretRequest.add_member(:external_secret_rotation_role_arn, Shapes::ShapeRef.new(shape: RoleARNType, location_name: "ExternalSecretRotationRoleArn"))
     RotateSecretRequest.add_member(:rotate_immediately, Shapes::ShapeRef.new(shape: BooleanType, location_name: "RotateImmediately", metadata: {"box" => true}))
     RotateSecretRequest.struct_class = Types::RotateSecretRequest
 
@@ -420,11 +438,14 @@ module Aws::SecretsManager
 
     SecretListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
     SecretListEntry.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
+    SecretListEntry.add_member(:type, Shapes::ShapeRef.new(shape: MedeaTypeType, location_name: "Type"))
     SecretListEntry.add_member(:description, Shapes::ShapeRef.new(shape: DescriptionType, location_name: "Description"))
     SecretListEntry.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyIdType, location_name: "KmsKeyId"))
     SecretListEntry.add_member(:rotation_enabled, Shapes::ShapeRef.new(shape: RotationEnabledType, location_name: "RotationEnabled", metadata: {"box" => true}))
     SecretListEntry.add_member(:rotation_lambda_arn, Shapes::ShapeRef.new(shape: RotationLambdaARNType, location_name: "RotationLambdaARN"))
     SecretListEntry.add_member(:rotation_rules, Shapes::ShapeRef.new(shape: RotationRulesType, location_name: "RotationRules"))
+    SecretListEntry.add_member(:external_secret_rotation_metadata, Shapes::ShapeRef.new(shape: ExternalSecretRotationMetadataType, location_name: "ExternalSecretRotationMetadata"))
+    SecretListEntry.add_member(:external_secret_rotation_role_arn, Shapes::ShapeRef.new(shape: RoleARNType, location_name: "ExternalSecretRotationRoleArn"))
     SecretListEntry.add_member(:last_rotated_date, Shapes::ShapeRef.new(shape: LastRotatedDateType, location_name: "LastRotatedDate", metadata: {"box" => true}))
     SecretListEntry.add_member(:last_changed_date, Shapes::ShapeRef.new(shape: LastChangedDateType, location_name: "LastChangedDate", metadata: {"box" => true}))
     SecretListEntry.add_member(:last_accessed_date, Shapes::ShapeRef.new(shape: LastAccessedDateType, location_name: "LastAccessedDate", metadata: {"box" => true}))
@@ -492,6 +513,7 @@ module Aws::SecretsManager
     UpdateSecretRequest.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyIdType, location_name: "KmsKeyId"))
     UpdateSecretRequest.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
     UpdateSecretRequest.add_member(:secret_string, Shapes::ShapeRef.new(shape: SecretStringType, location_name: "SecretString"))
+    UpdateSecretRequest.add_member(:type, Shapes::ShapeRef.new(shape: MedeaTypeType, location_name: "Type"))
     UpdateSecretRequest.struct_class = Types::UpdateSecretRequest
 
     UpdateSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))

data/lib/aws-sdk-secretsmanager/types.rb

@@ -313,6 +313,16 @@ module Aws::SecretsManager
     #   destination Region. By default, secrets aren't overwritten.
     #   @return [Boolean]
     #
+    # @!attribute [rw] type
+    #   The exact string that identifies the partner that holds the external
+    #   secret. For more information, see [Using Secrets Manager managed
+    #   external secrets][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/managed-external-secrets.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretRequest AWS API Documentation
     #
     class CreateSecretRequest < Struct.new(
@@ -324,7 +334,8 @@ module Aws::SecretsManager
       :secret_string,
       :tags,
       :add_replica_regions,
-      :force_overwrite_replica_secret)
+      :force_overwrite_replica_secret,
+      :type)
       SENSITIVE = [:secret_binary, :secret_string]
       include Aws::Structure
     end
@@ -524,6 +535,16 @@ module Aws::SecretsManager
     #   The name of the secret.
     #   @return [String]
     #
+    # @!attribute [rw] type
+    #   The exact string that identifies the partner that holds the external
+    #   secret. For more information, see [Using Secrets Manager managed
+    #   external secrets][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/managed-external-secrets.html
+    #   @return [String]
+    #
     # @!attribute [rw] description
     #   The description of the secret.
     #   @return [String]
@@ -557,6 +578,27 @@ module Aws::SecretsManager
     #   omitted.
     #   @return [Types::RotationRulesType]
     #
+    # @!attribute [rw] external_secret_rotation_metadata
+    #   The metadata needed to successfully rotate a managed external
+    #   secret. A list of key value pairs in JSON format specified by the
+    #   partner. For more information about the required information, see
+    #   [Managed external secrets partners][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html
+    #   @return [Array<Types::ExternalSecretRotationMetadataItem>]
+    #
+    # @!attribute [rw] external_secret_rotation_role_arn
+    #   The Amazon Resource Name (ARN) of the role that allows Secrets
+    #   Manager to rotate a secret held by a third-party partner. For more
+    #   information, see [Security and permissions][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-security.html
+    #   @return [String]
+    #
     # @!attribute [rw] last_rotated_date
     #   The last date and time that Secrets Manager rotated the secret. If
     #   the secret isn't configured for rotation or rotation has been
@@ -667,11 +709,14 @@ module Aws::SecretsManager
     class DescribeSecretResponse < Struct.new(
       :arn,
       :name,
+      :type,
       :description,
       :kms_key_id,
       :rotation_enabled,
       :rotation_lambda_arn,
       :rotation_rules,
+      :external_secret_rotation_metadata,
+      :external_secret_rotation_role_arn,
       :last_rotated_date,
       :last_changed_date,
       :last_accessed_date,
@@ -707,6 +752,31 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
+    # The metadata needed to successfully rotate a managed external secret.
+    # A list of key value pairs in JSON format specified by the partner. For
+    # more information, see [Managed external secret partners][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html
+    #
+    # @!attribute [rw] key
+    #   The key that identifies the item.
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The value of the specified item.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ExternalSecretRotationMetadataItem AWS API Documentation
+    #
+    class ExternalSecretRotationMetadataItem < Struct.new(
+      :key,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Allows you to add filters when you use the search function in Secrets
     # Manager. For more information, see [Find secrets in Secrets
     # Manager][1].
@@ -1424,12 +1494,14 @@ module Aws::SecretsManager
     #   @return [Array<String>]
     #
     # @!attribute [rw] rotation_token
-    #   A unique identifier that indicates the source of the request. For
-    #   cross-account rotation (when you rotate a secret in one account by
-    #   using a Lambda rotation function in another account) and the Lambda
-    #   rotation function assumes an IAM role to call Secrets Manager,
-    #   Secrets Manager validates the identity with the rotation token. For
-    #   more information, see [How rotation works][1].
+    #   A unique identifier that indicates the source of the request.
+    #   Required for secret rotations using an IAM assumed role or
+    #   cross-account rotation, in which you rotate a secret in one account
+    #   by using a Lambda rotation function in another account. In both
+    #   cases, the rotation function assumes an IAM role to call Secrets
+    #   Manager, and then Secrets Manager validates the identity using the
+    #   token. For more information, see [How rotation works][1] and
+    #   [Rotation by Lambda functions][2].
     #
     #   Sensitive: This field contains sensitive information, so the service
     #   does not include it in CloudTrail log entries. If you create your
@@ -1439,6 +1511,7 @@ module Aws::SecretsManager
     #
     #
     #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
+    #   [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueRequest AWS API Documentation
@@ -1740,24 +1813,66 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] rotation_rules
     #   A structure that defines the rotation configuration for this secret.
+    #
+    #   When changing an existing rotation schedule and setting
+    #   `RotateImmediately` to `false`:
+    #
+    #    * If using `AutomaticallyAfterDays` or a `ScheduleExpression` with
+    #     `rate()`, the previously scheduled rotation might still occur.
+    #
+    #   * To prevent unintended rotations, use a `ScheduleExpression` with
+    #     `cron()` for granular control over rotation windows.
     #   @return [Types::RotationRulesType]
     #
+    # @!attribute [rw] external_secret_rotation_metadata
+    #   The metadata needed to successfully rotate a managed external
+    #   secret. A list of key value pairs in JSON format specified by the
+    #   partner. For more information about the required information, see
+    #   [Using Secrets Manager managed external secrets][1]
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/managed-external-secrets.html
+    #   @return [Array<Types::ExternalSecretRotationMetadataItem>]
+    #
+    # @!attribute [rw] external_secret_rotation_role_arn
+    #   The Amazon Resource Name (ARN) of the role that allows Secrets
+    #   Manager to rotate a secret held by a third-party partner. For more
+    #   information, see [Security and permissions][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-security.html
+    #   @return [String]
+    #
     # @!attribute [rw] rotate_immediately
     #   Specifies whether to rotate the secret immediately or wait until the
     #   next scheduled rotation window. The rotation schedule is defined in
     #   RotateSecretRequest$RotationRules.
     #
-    #   For secrets that use a Lambda rotation function to rotate, if you
-    #   don't immediately rotate the secret, Secrets Manager tests the
+    #   The default for `RotateImmediately` is `true`. If you don't specify
+    #   this value, Secrets Manager rotates the secret immediately.
+    #
+    #   If you set `RotateImmediately` to `false`, Secrets Manager tests the
     #   rotation configuration by running the [ `testSecret` step][1] of the
-    #   Lambda rotation function. The test creates an `AWSPENDING` version
+    #   Lambda rotation function. This test creates an `AWSPENDING` version
     #   of the secret and then removes it.
     #
-    #   By default, Secrets Manager rotates the secret immediately.
+    #   When changing an existing rotation schedule and setting
+    #   `RotateImmediately` to `false`:
+    #
+    #   * If using `AutomaticallyAfterDays` or a `ScheduleExpression` with
+    #     `rate()`, the previously scheduled rotation might still occur.
     #
+    #   * To prevent unintended rotations, use a `ScheduleExpression` with
+    #     `cron()` for granular control over rotation windows.
+    #
+    #   Rotation is an asynchronous process. For more information, see [How
+    #   rotation works][1].
     #
     #
-    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda-functions.html#rotate-secrets_lambda-functions-code
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation
@@ -1767,6 +1882,8 @@ module Aws::SecretsManager
       :client_request_token,
       :rotation_lambda_arn,
       :rotation_rules,
+      :external_secret_rotation_metadata,
+      :external_secret_rotation_role_arn,
       :rotate_immediately)
       SENSITIVE = []
       include Aws::Structure
@@ -1887,6 +2004,16 @@ module Aws::SecretsManager
     #   The friendly name of the secret.
     #   @return [String]
     #
+    # @!attribute [rw] type
+    #   The exact string that identifies the third-party partner that holds
+    #   the external secret. For more information, see [Managed external
+    #   secret partners][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html
+    #   @return [String]
+    #
     # @!attribute [rw] description
     #   The user-provided description of the secret.
     #   @return [String]
@@ -1916,6 +2043,27 @@ module Aws::SecretsManager
     #   A structure that defines the rotation configuration for the secret.
     #   @return [Types::RotationRulesType]
     #
+    # @!attribute [rw] external_secret_rotation_metadata
+    #   The metadata needed to successfully rotate a managed external
+    #   secret. A list of key value pairs in JSON format specified by the
+    #   partner. For more information about the required information, see
+    #   [Managed external secrets partners][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html
+    #   @return [Array<Types::ExternalSecretRotationMetadataItem>]
+    #
+    # @!attribute [rw] external_secret_rotation_role_arn
+    #   The role that Secrets Manager assumes to call APIs required to
+    #   perform the rotation. For more information about the required
+    #   information, see [Managed external secrets partners][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html
+    #   @return [String]
+    #
     # @!attribute [rw] last_rotated_date
     #   The most recent date and time that the Secrets Manager rotation
     #   process was successfully completed. This value is null if the secret
@@ -1990,11 +2138,14 @@ module Aws::SecretsManager
     class SecretListEntry < Struct.new(
       :arn,
       :name,
+      :type,
       :description,
       :kms_key_id,
       :rotation_enabled,
       :rotation_lambda_arn,
       :rotation_rules,
+      :external_secret_rotation_metadata,
+      :external_secret_rotation_role_arn,
       :last_rotated_date,
       :last_changed_date,
       :last_accessed_date,
@@ -2100,7 +2251,9 @@ module Aws::SecretsManager
     end
 
     # @!attribute [rw] secret_id
-    #   The ARN of the primary secret.
+    #   The name of the secret or the replica ARN. The replica ARN is the
+    #   same as the original primary secret ARN expect the Region is changed
+    #   to the replica Region.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplicaRequest AWS API Documentation
@@ -2326,6 +2479,16 @@ module Aws::SecretsManager
     #   field.
     #   @return [String]
     #
+    # @!attribute [rw] type
+    #   The exact string that identifies the third-party partner that holds
+    #   the external secret. For more information, see [Managed external
+    #   secret partners][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest AWS API Documentation
     #
     class UpdateSecretRequest < Struct.new(
@@ -2334,7 +2497,8 @@ module Aws::SecretsManager
       :description,
       :kms_key_id,
       :secret_binary,
-      :secret_string)
+      :secret_string,
+      :type)
       SENSITIVE = [:secret_binary, :secret_string]
       include Aws::Structure
     end

data/lib/aws-sdk-secretsmanager.rb

@@ -54,7 +54,7 @@ module Aws::SecretsManager
   autoload :EndpointProvider, 'aws-sdk-secretsmanager/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-secretsmanager/endpoints'
 
-  GEM_VERSION = '1.122.0'
+  GEM_VERSION = '1.123.0'
 
 end
 

data/sig/client.rbs

@@ -138,7 +138,8 @@ module Aws
                                kms_key_id: ::String?
                              },
                            ],
-                           ?force_overwrite_replica_secret: bool
+                           ?force_overwrite_replica_secret: bool,
+                           ?type: ::String
                          ) -> _CreateSecretResponseSuccess
                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateSecretResponseSuccess
 
@@ -171,11 +172,14 @@ module Aws
         include ::Seahorse::Client::_ResponseSuccess[Types::DescribeSecretResponse]
         def arn: () -> ::String
         def name: () -> ::String
+        def type: () -> ::String
         def description: () -> ::String
         def kms_key_id: () -> ::String
         def rotation_enabled: () -> bool
         def rotation_lambda_arn: () -> ::String
         def rotation_rules: () -> Types::RotationRulesType
+        def external_secret_rotation_metadata: () -> ::Array[Types::ExternalSecretRotationMetadataItem]
+        def external_secret_rotation_role_arn: () -> ::String
         def last_rotated_date: () -> ::Time
         def last_changed_date: () -> ::Time
         def last_accessed_date: () -> ::Time
@@ -365,6 +369,13 @@ module Aws
                              duration: ::String?,
                              schedule_expression: ::String?
                            },
+                           ?external_secret_rotation_metadata: Array[
+                             {
+                               key: ::String?,
+                               value: ::String?
+                             },
+                           ],
+                           ?external_secret_rotation_role_arn: ::String,
                            ?rotate_immediately: bool
                          ) -> _RotateSecretResponseSuccess
                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _RotateSecretResponseSuccess
@@ -411,7 +422,8 @@ module Aws
                            ?description: ::String,
                            ?kms_key_id: ::String,
                            ?secret_binary: ::String,
-                           ?secret_string: ::String
+                           ?secret_string: ::String,
+                           ?type: ::String
                          ) -> _UpdateSecretResponseSuccess
                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateSecretResponseSuccess
 

data/sig/types.rbs

@@ -52,6 +52,7 @@ module Aws::SecretsManager
       attr_accessor tags: ::Array[Types::Tag]
       attr_accessor add_replica_regions: ::Array[Types::ReplicaRegionType]
       attr_accessor force_overwrite_replica_secret: bool
+      attr_accessor type: ::String
       SENSITIVE: [:secret_binary, :secret_string]
     end
 
@@ -101,11 +102,14 @@ module Aws::SecretsManager
     class DescribeSecretResponse
       attr_accessor arn: ::String
       attr_accessor name: ::String
+      attr_accessor type: ::String
       attr_accessor description: ::String
       attr_accessor kms_key_id: ::String
       attr_accessor rotation_enabled: bool
       attr_accessor rotation_lambda_arn: ::String
       attr_accessor rotation_rules: Types::RotationRulesType
+      attr_accessor external_secret_rotation_metadata: ::Array[Types::ExternalSecretRotationMetadataItem]
+      attr_accessor external_secret_rotation_role_arn: ::String
       attr_accessor last_rotated_date: ::Time
       attr_accessor last_changed_date: ::Time
       attr_accessor last_accessed_date: ::Time
@@ -125,6 +129,12 @@ module Aws::SecretsManager
       SENSITIVE: []
     end
 
+    class ExternalSecretRotationMetadataItem
+      attr_accessor key: ::String
+      attr_accessor value: ::String
+      SENSITIVE: []
+    end
+
     class Filter
       attr_accessor key: ("description" | "name" | "tag-key" | "tag-value" | "primary-region" | "owning-service" | "all")
       attr_accessor values: ::Array[::String]
@@ -346,6 +356,8 @@ module Aws::SecretsManager
       attr_accessor client_request_token: ::String
       attr_accessor rotation_lambda_arn: ::String
       attr_accessor rotation_rules: Types::RotationRulesType
+      attr_accessor external_secret_rotation_metadata: ::Array[Types::ExternalSecretRotationMetadataItem]
+      attr_accessor external_secret_rotation_role_arn: ::String
       attr_accessor rotate_immediately: bool
       SENSITIVE: []
     end
@@ -367,11 +379,14 @@ module Aws::SecretsManager
     class SecretListEntry
       attr_accessor arn: ::String
       attr_accessor name: ::String
+      attr_accessor type: ::String
       attr_accessor description: ::String
       attr_accessor kms_key_id: ::String
       attr_accessor rotation_enabled: bool
       attr_accessor rotation_lambda_arn: ::String
       attr_accessor rotation_rules: Types::RotationRulesType
+      attr_accessor external_secret_rotation_metadata: ::Array[Types::ExternalSecretRotationMetadataItem]
+      attr_accessor external_secret_rotation_role_arn: ::String
       attr_accessor last_rotated_date: ::Time
       attr_accessor last_changed_date: ::Time
       attr_accessor last_accessed_date: ::Time
@@ -440,6 +455,7 @@ module Aws::SecretsManager
       attr_accessor kms_key_id: ::String
       attr_accessor secret_binary: ::String
       attr_accessor secret_string: ::String
+      attr_accessor type: ::String
       SENSITIVE: [:secret_binary, :secret_string]
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.122.0
+  version: 1.123.0
 platform: ruby
 authors:
 - Amazon Web Services