aws-sdk-secretsmanager 1.70.0 → 1.71.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-secretsmanager/client.rb +62 -64
- data/lib/aws-sdk-secretsmanager/types.rb +31 -8
- data/lib/aws-sdk-secretsmanager.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 57aa3f7873ac9bdbfeab9e585e5d90ce0da5f1170e5367555323012e841511d4
|
4
|
+
data.tar.gz: 36b358d85fdc3522202dafcf0534cd6ab3561f4c4117f2e3bb6ff6eb6153e70f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '07826e1ecc352ea266888a8dd7b8e82b5221659430181e87ff48b91336050edd47d2997cd0c837231b54297f1eea44904b597eb5934b0d944ab26a88e92eea74'
|
7
|
+
data.tar.gz: 5d3b7edbc38068dfe5be2c2e42dde7e9dc4fa33bc3b24a2a067ff1f10a40fe533951fe1ca8911da007a9e8f774d3d0d6a15c6f009261ff03e233dd1c3287e912
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.71.0
|
@@ -471,8 +471,12 @@ module Aws::SecretsManager
|
|
471
471
|
# secret in Secrets Manager consists of both the protected secret data
|
472
472
|
# and the important information needed to manage the secret.
|
473
473
|
#
|
474
|
+
# For secrets that use *managed rotation*, you need to create the secret
|
475
|
+
# through the managing service. For more information, see [Secrets
|
476
|
+
# Manager secrets managed by other Amazon Web Services services][1].
|
477
|
+
#
|
474
478
|
# For information about creating a secret in the console, see [Create a
|
475
|
-
# secret][
|
479
|
+
# secret][2].
|
476
480
|
#
|
477
481
|
# To create a secret, you can provide the secret value to be encrypted
|
478
482
|
# in either the `SecretString` parameter or the `SecretBinary`
|
@@ -483,7 +487,7 @@ module Aws::SecretsManager
|
|
483
487
|
# For database credentials you want to rotate, for Secrets Manager to be
|
484
488
|
# able to rotate the secret, you must make sure the JSON you store in
|
485
489
|
# the `SecretString` matches the [JSON structure of a database
|
486
|
-
# secret][
|
490
|
+
# secret][3].
|
487
491
|
#
|
488
492
|
# If you don't specify an KMS encryption key, Secrets Manager uses the
|
489
493
|
# Amazon Web Services managed key `aws/secretsmanager`. If this key
|
@@ -502,13 +506,13 @@ module Aws::SecretsManager
|
|
502
506
|
# action. Do not include sensitive information in request parameters
|
503
507
|
# except `SecretBinary` or `SecretString` because it might be logged.
|
504
508
|
# For more information, see [Logging Secrets Manager events with
|
505
|
-
# CloudTrail][
|
509
|
+
# CloudTrail][4].
|
506
510
|
#
|
507
511
|
# <b>Required permissions: </b> `secretsmanager:CreateSecret`. If you
|
508
512
|
# include tags in the secret, you also need
|
509
513
|
# `secretsmanager:TagResource`. For more information, see [ IAM policy
|
510
|
-
# actions for Secrets Manager][
|
511
|
-
# in Secrets Manager][
|
514
|
+
# actions for Secrets Manager][5] and [Authentication and access control
|
515
|
+
# in Secrets Manager][6].
|
512
516
|
#
|
513
517
|
# To encrypt the secret with a KMS key other than `aws/secretsmanager`,
|
514
518
|
# you need `kms:GenerateDataKey` and `kms:Decrypt` permission to the
|
@@ -516,11 +520,12 @@ module Aws::SecretsManager
|
|
516
520
|
#
|
517
521
|
#
|
518
522
|
#
|
519
|
-
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
520
|
-
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
521
|
-
# [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
522
|
-
# [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
523
|
-
# [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
523
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html
|
524
|
+
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html
|
525
|
+
# [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html
|
526
|
+
# [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
|
527
|
+
# [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
|
528
|
+
# [6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
|
524
529
|
#
|
525
530
|
# @option params [required, String] :name
|
526
531
|
# The name of the new secret.
|
@@ -1027,6 +1032,7 @@ module Aws::SecretsManager
|
|
1027
1032
|
# last_changed_date: Time.parse(1523477145.729),
|
1028
1033
|
# last_rotated_date: Time.parse(1525747253.72),
|
1029
1034
|
# name: "MyTestDatabaseSecret",
|
1035
|
+
# next_rotation_date: Time.parse("1665165599"),
|
1030
1036
|
# rotation_enabled: true,
|
1031
1037
|
# rotation_lambda_arn: "arn:aws:lambda:us-west-2:123456789012:function:MyTestRotationLambda",
|
1032
1038
|
# rotation_rules: {
|
@@ -1562,6 +1568,7 @@ module Aws::SecretsManager
|
|
1562
1568
|
# [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
|
1563
1569
|
#
|
1564
1570
|
# @option params [Boolean] :include_planned_deletion
|
1571
|
+
# Specifies whether to include secrets scheduled for deletion.
|
1565
1572
|
#
|
1566
1573
|
# @option params [Integer] :max_results
|
1567
1574
|
# The number of results to include in the response.
|
@@ -2145,66 +2152,42 @@ module Aws::SecretsManager
|
|
2145
2152
|
end
|
2146
2153
|
|
2147
2154
|
# Configures and starts the asynchronous process of rotating the secret.
|
2148
|
-
# For
|
2149
|
-
#
|
2150
|
-
#
|
2151
|
-
#
|
2152
|
-
#
|
2153
|
-
#
|
2154
|
-
#
|
2155
|
-
# For database credentials you want to rotate, for Secrets Manager to be
|
2156
|
-
# able to rotate the secret, you must make sure the secret value is in
|
2157
|
-
# the [ JSON structure of a database secret][2]. In particular, if you
|
2158
|
-
# want to use the [ alternating users strategy][3], your secret must
|
2159
|
-
# contain the ARN of a superuser secret.
|
2160
|
-
#
|
2161
|
-
# To configure rotation, you also need the ARN of an Amazon Web Services
|
2162
|
-
# Lambda function and the schedule for the rotation. The Lambda rotation
|
2163
|
-
# function creates a new version of the secret and creates or updates
|
2164
|
-
# the credentials on the database or service to match. After testing the
|
2165
|
-
# new credentials, the function marks the new secret version with the
|
2166
|
-
# staging label `AWSCURRENT`. Then anyone who retrieves the secret gets
|
2167
|
-
# the new version. For more information, see [How rotation works][4].
|
2168
|
-
#
|
2169
|
-
# You can create the Lambda rotation function based on the [rotation
|
2170
|
-
# function templates][5] that Secrets Manager provides. Choose a
|
2171
|
-
# template that matches your [Rotation strategy][6].
|
2155
|
+
# For information about rotation, see [Rotate secrets][1] in the
|
2156
|
+
# *Secrets Manager User Guide*. If you include the configuration
|
2157
|
+
# parameters, the operation sets the values for the secret and then
|
2158
|
+
# immediately starts a rotation. If you don't include the configuration
|
2159
|
+
# parameters, the operation starts a rotation with the values already
|
2160
|
+
# stored in the secret.
|
2172
2161
|
#
|
2173
2162
|
# When rotation is successful, the `AWSPENDING` staging label might be
|
2174
2163
|
# attached to the same version as the `AWSCURRENT` version, or it might
|
2175
2164
|
# not be attached to any version. If the `AWSPENDING` staging label is
|
2176
2165
|
# present but not attached to the same version as `AWSCURRENT`, then any
|
2177
2166
|
# later invocation of `RotateSecret` assumes that a previous rotation
|
2178
|
-
# request is still in progress and returns an error.
|
2179
|
-
#
|
2180
|
-
#
|
2181
|
-
#
|
2182
|
-
# [Troubleshoot rotation][7] in the *Secrets Manager User Guide*.
|
2167
|
+
# request is still in progress and returns an error. When rotation is
|
2168
|
+
# unsuccessful, the `AWSPENDING` staging label might be attached to an
|
2169
|
+
# empty secret version. For more information, see [Troubleshoot
|
2170
|
+
# rotation][2] in the *Secrets Manager User Guide*.
|
2183
2171
|
#
|
2184
2172
|
# Secrets Manager generates a CloudTrail log entry when you call this
|
2185
2173
|
# action. Do not include sensitive information in request parameters
|
2186
2174
|
# because it might be logged. For more information, see [Logging Secrets
|
2187
|
-
# Manager events with CloudTrail][
|
2175
|
+
# Manager events with CloudTrail][3].
|
2188
2176
|
#
|
2189
2177
|
# <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more
|
2190
|
-
# information, see [ IAM policy actions for Secrets Manager][
|
2191
|
-
# [Authentication and access control in Secrets Manager][
|
2178
|
+
# information, see [ IAM policy actions for Secrets Manager][4] and
|
2179
|
+
# [Authentication and access control in Secrets Manager][5]. You also
|
2192
2180
|
# need `lambda:InvokeFunction` permissions on the rotation function. For
|
2193
|
-
# more information, see [ Permissions for rotation][
|
2181
|
+
# more information, see [ Permissions for rotation][6].
|
2194
2182
|
#
|
2195
2183
|
#
|
2196
2184
|
#
|
2197
2185
|
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
|
2198
|
-
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2199
|
-
# [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2200
|
-
# [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2201
|
-
# [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2202
|
-
# [6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-
|
2203
|
-
# [7]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html
|
2204
|
-
# [8]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
|
2205
|
-
# [9]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
|
2206
|
-
# [10]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
|
2207
|
-
# [11]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
|
2186
|
+
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html
|
2187
|
+
# [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
|
2188
|
+
# [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
|
2189
|
+
# [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
|
2190
|
+
# [6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
|
2208
2191
|
#
|
2209
2192
|
# @option params [required, String] :secret_id
|
2210
2193
|
# The ARN or name of the secret to rotate.
|
@@ -2244,7 +2227,16 @@ module Aws::SecretsManager
|
|
2244
2227
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
2245
2228
|
#
|
2246
2229
|
# @option params [String] :rotation_lambda_arn
|
2247
|
-
#
|
2230
|
+
# For secrets that use a Lambda rotation function to rotate, the ARN of
|
2231
|
+
# the Lambda rotation function.
|
2232
|
+
#
|
2233
|
+
# For secrets that use *managed rotation*, omit this field. For more
|
2234
|
+
# information, see [Managed rotation][1] in the *Secrets Manager User
|
2235
|
+
# Guide*.
|
2236
|
+
#
|
2237
|
+
#
|
2238
|
+
#
|
2239
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html
|
2248
2240
|
#
|
2249
2241
|
# @option params [Types::RotationRulesType] :rotation_rules
|
2250
2242
|
# A structure that defines the rotation configuration for this secret.
|
@@ -2254,7 +2246,8 @@ module Aws::SecretsManager
|
|
2254
2246
|
# next scheduled rotation window. The rotation schedule is defined in
|
2255
2247
|
# RotateSecretRequest$RotationRules.
|
2256
2248
|
#
|
2257
|
-
#
|
2249
|
+
# For secrets that use a Lambda rotation function to rotate, if you
|
2250
|
+
# don't immediately rotate the secret, Secrets Manager tests the
|
2258
2251
|
# rotation configuration by running the [ `testSecret` step][1] of the
|
2259
2252
|
# Lambda rotation function. The test creates an `AWSPENDING` version of
|
2260
2253
|
# the secret and then removes it.
|
@@ -2590,6 +2583,10 @@ module Aws::SecretsManager
|
|
2590
2583
|
# To change the rotation configuration of a secret, use RotateSecret
|
2591
2584
|
# instead.
|
2592
2585
|
#
|
2586
|
+
# To change a secret so that it is managed by another service, you need
|
2587
|
+
# to recreate the secret in that service. See [Secrets Manager secrets
|
2588
|
+
# managed by other Amazon Web Services services][1].
|
2589
|
+
#
|
2593
2590
|
# We recommend you avoid calling `UpdateSecret` at a sustained rate of
|
2594
2591
|
# more than once every 10 minutes. When you call `UpdateSecret` to
|
2595
2592
|
# update the secret value, Secrets Manager creates a new version of the
|
@@ -2614,21 +2611,22 @@ module Aws::SecretsManager
|
|
2614
2611
|
# action. Do not include sensitive information in request parameters
|
2615
2612
|
# except `SecretBinary` or `SecretString` because it might be logged.
|
2616
2613
|
# For more information, see [Logging Secrets Manager events with
|
2617
|
-
# CloudTrail][
|
2614
|
+
# CloudTrail][2].
|
2618
2615
|
#
|
2619
2616
|
# <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more
|
2620
|
-
# information, see [ IAM policy actions for Secrets Manager][
|
2621
|
-
# [Authentication and access control in Secrets Manager][
|
2617
|
+
# information, see [ IAM policy actions for Secrets Manager][3] and
|
2618
|
+
# [Authentication and access control in Secrets Manager][4]. If you use
|
2622
2619
|
# a customer managed key, you must also have `kms:GenerateDataKey` and
|
2623
2620
|
# `kms:Decrypt` permissions on the key. For more information, see [
|
2624
|
-
# Secret encryption and decryption][
|
2621
|
+
# Secret encryption and decryption][5].
|
2625
2622
|
#
|
2626
2623
|
#
|
2627
2624
|
#
|
2628
|
-
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2629
|
-
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2630
|
-
# [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2631
|
-
# [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/
|
2625
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html
|
2626
|
+
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html
|
2627
|
+
# [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
|
2628
|
+
# [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
|
2629
|
+
# [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html
|
2632
2630
|
#
|
2633
2631
|
# @option params [required, String] :secret_id
|
2634
2632
|
# The ARN or name of the secret.
|
@@ -3052,7 +3050,7 @@ module Aws::SecretsManager
|
|
3052
3050
|
params: params,
|
3053
3051
|
config: config)
|
3054
3052
|
context[:gem_name] = 'aws-sdk-secretsmanager'
|
3055
|
-
context[:gem_version] = '1.
|
3053
|
+
context[:gem_version] = '1.71.0'
|
3056
3054
|
Seahorse::Client::Request.new(handlers, context)
|
3057
3055
|
end
|
3058
3056
|
|
@@ -494,6 +494,9 @@ module Aws::SecretsManager
|
|
494
494
|
# @return [Time]
|
495
495
|
#
|
496
496
|
# @!attribute [rw] next_rotation_date
|
497
|
+
# The next date and time that Secrets Manager will rotate the secret,
|
498
|
+
# rounded to the nearest hour. If the secret isn't configured for
|
499
|
+
# rotation, Secrets Manager returns null.
|
497
500
|
# @return [Time]
|
498
501
|
#
|
499
502
|
# @!attribute [rw] tags
|
@@ -627,6 +630,8 @@ module Aws::SecretsManager
|
|
627
630
|
#
|
628
631
|
# * **primary-region**\: Prefix match, case-sensitive.
|
629
632
|
#
|
633
|
+
# * **owning-service**\: Prefix match, case-sensitive.
|
634
|
+
#
|
630
635
|
# * **all**\: Breaks the filter value string into words and then
|
631
636
|
# searches all attributes for matches. Not case-sensitive.
|
632
637
|
# @return [String]
|
@@ -1034,6 +1039,7 @@ module Aws::SecretsManager
|
|
1034
1039
|
end
|
1035
1040
|
|
1036
1041
|
# @!attribute [rw] include_planned_deletion
|
1042
|
+
# Specifies whether to include secrets scheduled for deletion.
|
1037
1043
|
# @return [Boolean]
|
1038
1044
|
#
|
1039
1045
|
# @!attribute [rw] max_results
|
@@ -1560,7 +1566,16 @@ module Aws::SecretsManager
|
|
1560
1566
|
# @return [String]
|
1561
1567
|
#
|
1562
1568
|
# @!attribute [rw] rotation_lambda_arn
|
1563
|
-
#
|
1569
|
+
# For secrets that use a Lambda rotation function to rotate, the ARN
|
1570
|
+
# of the Lambda rotation function.
|
1571
|
+
#
|
1572
|
+
# For secrets that use *managed rotation*, omit this field. For more
|
1573
|
+
# information, see [Managed rotation][1] in the *Secrets Manager User
|
1574
|
+
# Guide*.
|
1575
|
+
#
|
1576
|
+
#
|
1577
|
+
#
|
1578
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html
|
1564
1579
|
# @return [String]
|
1565
1580
|
#
|
1566
1581
|
# @!attribute [rw] rotation_rules
|
@@ -1572,10 +1587,11 @@ module Aws::SecretsManager
|
|
1572
1587
|
# next scheduled rotation window. The rotation schedule is defined in
|
1573
1588
|
# RotateSecretRequest$RotationRules.
|
1574
1589
|
#
|
1575
|
-
#
|
1576
|
-
#
|
1577
|
-
#
|
1578
|
-
#
|
1590
|
+
# For secrets that use a Lambda rotation function to rotate, if you
|
1591
|
+
# don't immediately rotate the secret, Secrets Manager tests the
|
1592
|
+
# rotation configuration by running the [ `testSecret` step][1] of the
|
1593
|
+
# Lambda rotation function. The test creates an `AWSPENDING` version
|
1594
|
+
# of the secret and then removes it.
|
1579
1595
|
#
|
1580
1596
|
# If you don't specify this value, then by default, Secrets Manager
|
1581
1597
|
# rotates the secret immediately.
|
@@ -1622,9 +1638,13 @@ module Aws::SecretsManager
|
|
1622
1638
|
# A structure that defines the rotation configuration for the secret.
|
1623
1639
|
#
|
1624
1640
|
# @!attribute [rw] automatically_after_days
|
1625
|
-
# The number of days between
|
1626
|
-
#
|
1627
|
-
#
|
1641
|
+
# The number of days between rotations of the secret. You can use this
|
1642
|
+
# value to check that your secret meets your compliance guidelines for
|
1643
|
+
# how often secrets must be rotated. If you use this field to set the
|
1644
|
+
# rotation schedule, Secrets Manager calculates the next rotation date
|
1645
|
+
# based on the previous rotation. Manually updating the secret value
|
1646
|
+
# by calling `PutSecretValue` or `UpdateSecret` is considered a valid
|
1647
|
+
# rotation.
|
1628
1648
|
#
|
1629
1649
|
# In `DescribeSecret` and `ListSecrets`, this value is calculated from
|
1630
1650
|
# the rotation schedule after every successful rotation. In
|
@@ -1768,6 +1788,9 @@ module Aws::SecretsManager
|
|
1768
1788
|
# @return [Time]
|
1769
1789
|
#
|
1770
1790
|
# @!attribute [rw] next_rotation_date
|
1791
|
+
# The next date and time that Secrets Manager will attempt to rotate
|
1792
|
+
# the secret, rounded to the nearest hour. This value is null if the
|
1793
|
+
# secret is not set up for rotation.
|
1771
1794
|
# @return [Time]
|
1772
1795
|
#
|
1773
1796
|
# @!attribute [rw] tags
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-secretsmanager
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.71.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|