@aws-sdk/client-bedrock-agentcore-control 3.1056.0 → 3.1058.0

package/dist-types/models/models_1.d.ts

@@ -1,5 +1,21 @@
-import type { ActorTokenContentType, ClientAuthenticationMethodType, ContentLevel, ContentType, CredentialProviderVendorType, DescriptorType, FilterOperator, FindingType, MemoryStatus, MemoryStrategyStatus, MemoryStrategyType, MemoryView, MetadataValueType, OnBehalfOfTokenExchangeGrantTypeType, OnlineEvaluationConfigStatus, OnlineEvaluationExecutionStatus, OverrideType, PaymentConnectorStatus, PaymentConnectorType, PaymentCredentialProviderVendorType, PaymentManagerStatus, PaymentsAuthorizerType, PolicyEngineStatus, PolicyGenerationStatus, PolicyStatus, PolicyValidationMode, RegistryAuthorizerType, RegistryRecordCredentialProviderType, RegistryRecordOAuthGrantType, RegistryRecordStatus, RegistryStatus, Status, SynchronizationType } from "./enums";
-import type { A2aDescriptor, AgentSkillsDescriptor, AuthorizerConfiguration, IndexedKey, KmsConfiguration, PrivateEndpoint, PrivateEndpointOverride, Secret, SkillDefinition, SkillMdDefinition, UpdatedAuthorizerConfiguration, WorkloadIdentityDetails } from "./models_0";
+import type { ActorTokenContentType, ClientAuthenticationMethodType, ContentLevel, ContentType, CredentialProviderVendorType, DescriptorType, FilterOperator, FindingType, MemoryStatus, MemoryStrategyStatus, MemoryStrategyType, MemoryView, MetadataValueType, OnBehalfOfTokenExchangeGrantTypeType, OnlineEvaluationConfigStatus, OnlineEvaluationExecutionStatus, OverrideType, PaymentConnectorStatus, PaymentConnectorType, PaymentCredentialProviderVendorType, PaymentManagerStatus, PaymentsAuthorizerType, PolicyEngineStatus, PolicyGenerationStatus, PolicyStatus, PolicyValidationMode, RegistryAuthorizerType, RegistryRecordCredentialProviderType, RegistryRecordOAuthGrantType, RegistryRecordStatus, RegistryStatus, SecretSourceType, Status, SynchronizationType } from "./enums";
+import type { A2aDescriptor, AgentSkillsDescriptor, AuthorizerConfiguration, KmsConfiguration, PrivateEndpoint, PrivateEndpointOverride, Secret, SecretReference, SkillDefinition, SkillMdDefinition, UpdatedAuthorizerConfiguration, WorkloadIdentityDetails } from "./models_0";
+/**
+ * <p>A metadata key indexed for filtering.</p>
+ * @public
+ */
+export interface IndexedKey {
+    /**
+     * <p>The metadata key name to index.</p>
+     * @public
+     */
+    key: string | undefined;
+    /**
+     * <p>The data type of the indexed key.</p>
+     * @public
+     */
+    type: MetadataValueType | undefined;
+}
 /**
  * <p>Configurations for overriding the consolidation step of the episodic memory strategy.</p>
  * @public
@@ -2392,7 +2408,17 @@ export interface AtlassianOauth2ProviderConfigInput {
      * <p>The client secret for the Atlassian OAuth2 provider. This secret is assigned by Atlassian and used along with the client ID to authenticate your application.</p>
      * @public
      */
-    clientSecret: string | undefined;
+    clientSecret?: string | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when <code>clientSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    clientSecretConfig?: SecretReference | undefined;
+    /**
+     * <p>The source type of the client secret for the Atlassian OAuth2 provider. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
 }
 /**
  * <p>Contains the authorization server metadata for an OAuth2 provider.</p>
@@ -2523,15 +2549,15 @@ export interface CustomOauth2ProviderConfigInput {
      */
     clientSecret?: string | undefined;
     /**
-     * <p>The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.</p>
+     * <p>A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when <code>clientSecretSource</code> is set to <code>EXTERNAL</code>.</p>
      * @public
      */
-    privateEndpoint?: PrivateEndpoint | undefined;
+    clientSecretConfig?: SecretReference | undefined;
     /**
-     * <p>The private endpoint overrides for the custom OAuth2 provider configuration.</p>
+     * <p>The source type of the client secret. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
      * @public
      */
-    privateEndpointOverrides?: PrivateEndpointOverride[] | undefined;
+    clientSecretSource?: SecretSourceType | undefined;
     /**
      * <p>The configuration for on-behalf-of token exchange. This enables authentication flows that use RFC 8693 token exchange or RFC 7523 JWT authorization grants.</p>
      * @public
@@ -2542,6 +2568,16 @@ export interface CustomOauth2ProviderConfigInput {
      * @public
      */
     clientAuthenticationMethod?: ClientAuthenticationMethodType | undefined;
+    /**
+     * <p>The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.</p>
+     * @public
+     */
+    privateEndpoint?: PrivateEndpoint | undefined;
+    /**
+     * <p>The private endpoint overrides for the custom OAuth2 provider configuration.</p>
+     * @public
+     */
+    privateEndpointOverrides?: PrivateEndpointOverride[] | undefined;
 }
 /**
  * <p>Input configuration for a GitHub OAuth2 provider.</p>
@@ -2557,7 +2593,17 @@ export interface GithubOauth2ProviderConfigInput {
      * <p>The client secret for the GitHub OAuth2 provider.</p>
      * @public
      */
-    clientSecret: string | undefined;
+    clientSecret?: string | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when <code>clientSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    clientSecretConfig?: SecretReference | undefined;
+    /**
+     * <p>The source type of the client secret. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
 }
 /**
  * <p>Input configuration for a Google OAuth2 provider.</p>
@@ -2573,7 +2619,17 @@ export interface GoogleOauth2ProviderConfigInput {
      * <p>The client secret for the Google OAuth2 provider.</p>
      * @public
      */
-    clientSecret: string | undefined;
+    clientSecret?: string | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when <code>clientSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    clientSecretConfig?: SecretReference | undefined;
+    /**
+     * <p>The source type of the client secret. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
 }
 /**
  * <p>Configuration settings for connecting to a supported OAuth2 provider. This includes client credentials and OAuth2 discovery information for providers that have built-in support.</p>
@@ -2589,7 +2645,17 @@ export interface IncludedOauth2ProviderConfigInput {
      * <p>The client secret for the supported OAuth2 provider. This secret is assigned by the OAuth2 provider and used along with the client ID to authenticate your application.</p>
      * @public
      */
-    clientSecret: string | undefined;
+    clientSecret?: string | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when <code>clientSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    clientSecretConfig?: SecretReference | undefined;
+    /**
+     * <p>The source type of the client secret. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
     /**
      * <p>Token issuer of your isolated OAuth2 application tenant. This URL identifies the authorization server that issues tokens for this provider.</p>
      * @public
@@ -2620,7 +2686,17 @@ export interface LinkedinOauth2ProviderConfigInput {
      * <p>The client secret for the LinkedIn OAuth2 provider. This secret is assigned by LinkedIn and used along with the client ID to authenticate your application.</p>
      * @public
      */
-    clientSecret: string | undefined;
+    clientSecret?: string | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when <code>clientSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    clientSecretConfig?: SecretReference | undefined;
+    /**
+     * <p>The source type of the client secret. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
 }
 /**
  * <p>Input configuration for a Microsoft OAuth2 provider.</p>
@@ -2636,7 +2712,17 @@ export interface MicrosoftOauth2ProviderConfigInput {
      * <p>The client secret for the Microsoft OAuth2 provider.</p>
      * @public
      */
-    clientSecret: string | undefined;
+    clientSecret?: string | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when <code>clientSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    clientSecretConfig?: SecretReference | undefined;
+    /**
+     * <p>The source type of the client secret. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
     /**
      * <p>The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft's identity platform where your application is registered.</p>
      * @public
@@ -2657,7 +2743,17 @@ export interface SalesforceOauth2ProviderConfigInput {
      * <p>The client secret for the Salesforce OAuth2 provider.</p>
      * @public
      */
-    clientSecret: string | undefined;
+    clientSecret?: string | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when <code>clientSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    clientSecretConfig?: SecretReference | undefined;
+    /**
+     * <p>The source type of the client secret. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
 }
 /**
  * <p>Input configuration for a Slack OAuth2 provider.</p>
@@ -2673,7 +2769,17 @@ export interface SlackOauth2ProviderConfigInput {
      * <p>The client secret for the Slack OAuth2 provider.</p>
      * @public
      */
-    clientSecret: string | undefined;
+    clientSecret?: string | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when <code>clientSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    clientSecretConfig?: SecretReference | undefined;
+    /**
+     * <p>The source type of the client secret. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
 }
 /**
  * <p>Contains the input configuration for an OAuth2 provider.</p>
@@ -3243,6 +3349,16 @@ export interface CreateOauth2CredentialProviderResponse {
      * @public
      */
     clientSecretArn: Secret | undefined;
+    /**
+     * <p>The JSON key used to extract the client secret value from the AWS Secrets Manager secret.</p>
+     * @public
+     */
+    clientSecretJsonKey?: string | undefined;
+    /**
+     * <p>The source type of the client secret. Either <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if managed by the user in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
     /**
      * <p>The name of the OAuth2 credential provider.</p>
      * @public
@@ -3303,6 +3419,16 @@ export interface GetOauth2CredentialProviderResponse {
      * @public
      */
     clientSecretArn: Secret | undefined;
+    /**
+     * <p>The JSON key used to extract the client secret value from the AWS Secrets Manager secret.</p>
+     * @public
+     */
+    clientSecretJsonKey?: string | undefined;
+    /**
+     * <p>The source type of the client secret. Either <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if managed by the user in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
     /**
      * <p>The name of the OAuth2 credential provider.</p>
      * @public
@@ -3439,6 +3565,16 @@ export interface UpdateOauth2CredentialProviderResponse {
      * @public
      */
     clientSecretArn: Secret | undefined;
+    /**
+     * <p>The JSON key used to extract the client secret value from the AWS Secrets Manager secret.</p>
+     * @public
+     */
+    clientSecretJsonKey?: string | undefined;
+    /**
+     * <p>The source type of the client secret. Either <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if managed by the user in AWS Secrets Manager.</p>
+     * @public
+     */
+    clientSecretSource?: SecretSourceType | undefined;
     /**
      * <p>The name of the OAuth2 credential provider.</p>
      * @public
@@ -4087,12 +4223,32 @@ export interface CoinbaseCdpConfigurationInput {
      * <p>The API key secret provided by Coinbase Developer Platform.</p>
      * @public
      */
-    apiKeySecret: string | undefined;
+    apiKeySecret?: string | undefined;
+    /**
+     * <p>The source type of the API key secret for the Coinbase Developer Platform. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    apiKeySecretSource?: SecretSourceType | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the API key secret. This includes the secret ID and the JSON key used to extract the API key secret value from the secret. Required when <code>apiKeySecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    apiKeySecretConfig?: SecretReference | undefined;
     /**
      * <p>The wallet secret provided by Coinbase Developer Platform.</p>
      * @public
      */
-    walletSecret: string | undefined;
+    walletSecret?: string | undefined;
+    /**
+     * <p>The source type of the wallet secret for the Coinbase Developer Platform. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    walletSecretSource?: SecretSourceType | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the wallet secret. This includes the secret ID and the JSON key used to extract the wallet secret value from the secret. Required when <code>walletSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    walletSecretConfig?: SecretReference | undefined;
 }
 /**
  * <p>Stripe Privy configuration — credentials provided by Stripe and Privy.</p>
@@ -4108,12 +4264,32 @@ export interface StripePrivyConfigurationInput {
      * <p>The app secret provided by Privy.</p>
      * @public
      */
-    appSecret: string | undefined;
+    appSecret?: string | undefined;
+    /**
+     * <p>The source type of the app secret. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    appSecretSource?: SecretSourceType | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the app secret. This includes the secret ID and the JSON key used to extract the app secret value from the secret. Required when <code>appSecretSource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    appSecretConfig?: SecretReference | undefined;
     /**
      * <p>The authorization private key for the Stripe Privy integration.</p>
      * @public
      */
-    authorizationPrivateKey: string | undefined;
+    authorizationPrivateKey?: string | undefined;
+    /**
+     * <p>The source type of the authorization private key. Use <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if you manage the secret yourself in AWS Secrets Manager.</p>
+     * @public
+     */
+    authorizationPrivateKeySource?: SecretSourceType | undefined;
+    /**
+     * <p>A reference to the AWS Secrets Manager secret that stores the authorization private key. This includes the secret ID and the JSON key used to extract the authorization private key value from the secret. Required when <code>authorizationPrivateKeySource</code> is set to <code>EXTERNAL</code>.</p>
+     * @public
+     */
+    authorizationPrivateKeyConfig?: SecretReference | undefined;
     /**
      * <p>The authorization ID for the Stripe Privy integration.</p>
      * @public
@@ -4205,11 +4381,31 @@ export interface CoinbaseCdpConfigurationOutput {
      * @public
      */
     apiKeySecretArn: Secret | undefined;
+    /**
+     * <p>The JSON key used to extract the API key secret value from the AWS Secrets Manager secret.</p>
+     * @public
+     */
+    apiKeySecretJsonKey?: string | undefined;
+    /**
+     * <p>The source type of the API key secret. Either <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if managed by the user in AWS Secrets Manager.</p>
+     * @public
+     */
+    apiKeySecretSource?: SecretSourceType | undefined;
     /**
      * <p>Contains information about a secret in AWS Secrets Manager.</p>
      * @public
      */
     walletSecretArn: Secret | undefined;
+    /**
+     * <p>The JSON key used to extract the wallet secret value from the AWS Secrets Manager secret.</p>
+     * @public
+     */
+    walletSecretJsonKey?: string | undefined;
+    /**
+     * <p>The source type of the wallet secret. Either <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if managed by the user in AWS Secrets Manager.</p>
+     * @public
+     */
+    walletSecretSource?: SecretSourceType | undefined;
 }
 /**
  * <p>Stripe Privy configuration output with secret ARNs.</p>
@@ -4226,11 +4422,31 @@ export interface StripePrivyConfigurationOutput {
      * @public
      */
     appSecretArn: Secret | undefined;
+    /**
+     * <p>The JSON key used to extract the app secret value from the AWS Secrets Manager secret.</p>
+     * @public
+     */
+    appSecretJsonKey?: string | undefined;
+    /**
+     * <p>The source type of the app secret. Either <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if managed by the user in AWS Secrets Manager.</p>
+     * @public
+     */
+    appSecretSource?: SecretSourceType | undefined;
     /**
      * <p>Contains information about a secret in AWS Secrets Manager.</p>
      * @public
      */
     authorizationPrivateKeyArn: Secret | undefined;
+    /**
+     * <p>The JSON key used to extract the authorization private key value from the AWS Secrets Manager secret.</p>
+     * @public
+     */
+    authorizationPrivateKeyJsonKey?: string | undefined;
+    /**
+     * <p>The source type of the authorization private key. Either <code>MANAGED</code> if the secret is managed by the service, or <code>EXTERNAL</code> if managed by the user in AWS Secrets Manager.</p>
+     * @public
+     */
+    authorizationPrivateKeySource?: SecretSourceType | undefined;
     /**
      * <p>The authorization ID for the Stripe Privy integration.</p>
      * @public
@@ -8251,13 +8467,3 @@ export interface CreateWorkloadIdentityResponse {
      */
     allowedResourceOauth2ReturnUrls?: string[] | undefined;
 }
-/**
- * @public
- */
-export interface DeleteWorkloadIdentityRequest {
-    /**
-     * <p>The name of the workload identity to delete.</p>
-     * @public
-     */
-    name: string | undefined;
-}

package/dist-types/models/models_2.d.ts

@@ -1,5 +1,15 @@
 import type { SchemaType, TargetProtocolType, TargetStatus } from "./enums";
 import type { ApiGatewayTargetConfiguration, ApiSchemaConfiguration, AuthorizationData, CredentialProviderConfiguration, HttpTargetConfiguration, ManagedResourceDetails, McpServerTargetConfiguration, MetadataConfiguration, PrivateEndpoint, S3Configuration } from "./models_0";
+/**
+ * @public
+ */
+export interface DeleteWorkloadIdentityRequest {
+    /**
+     * <p>The name of the workload identity to delete.</p>
+     * @public
+     */
+    name: string | undefined;
+}
 /**
  * @public
  */

package/dist-types/schemas/schemas_0.d.ts

@@ -436,6 +436,7 @@ export declare var SalesforceOauth2ProviderConfigOutput$: StaticStructureSchema;
 export declare var SamplingConfig$: StaticStructureSchema;
 export declare var SchemaDefinition$: StaticStructureSchema;
 export declare var Secret$: StaticStructureSchema;
+export declare var SecretReference$: StaticStructureSchema;
 export declare var SecretsManagerLocation$: StaticStructureSchema;
 export declare var SelfManagedConfiguration$: StaticStructureSchema;
 export declare var SelfManagedConfigurationInput$: StaticStructureSchema;

package/dist-types/ts3.4/commands/DeleteWorkloadIdentityCommand.d.ts

@@ -5,8 +5,10 @@ import {
   ServiceInputTypes,
   ServiceOutputTypes,
 } from "../BedrockAgentCoreControlClient";
-import { DeleteWorkloadIdentityRequest } from "../models/models_1";
-import { DeleteWorkloadIdentityResponse } from "../models/models_2";
+import {
+  DeleteWorkloadIdentityRequest,
+  DeleteWorkloadIdentityResponse,
+} from "../models/models_2";
 export { __MetadataBearer };
 export { $Command };
 export interface DeleteWorkloadIdentityCommandInput

package/dist-types/ts3.4/models/enums.d.ts

@@ -86,6 +86,12 @@ export declare const AgentRuntimeStatus: {
 };
 export type AgentRuntimeStatus =
   (typeof AgentRuntimeStatus)[keyof typeof AgentRuntimeStatus];
+export declare const SecretSourceType: {
+  readonly EXTERNAL: "EXTERNAL";
+  readonly MANAGED: "MANAGED";
+};
+export type SecretSourceType =
+  (typeof SecretSourceType)[keyof typeof SecretSourceType];
 export declare const BrowserProfileStatus: {
   readonly DELETED: "DELETED";
   readonly DELETING: "DELETING";

package/dist-types/ts3.4/models/models_0.d.ts

@@ -36,13 +36,13 @@ import {
   IncludedData,
   KeyType,
   ListingMode,
-  MetadataValueType,
   NetworkMode,
   OAuthGrantType,
   PrincipalMatchOperator,
   ResourceType,
   RestApiMethod,
   SearchType,
+  SecretSourceType,
   ServerProtocol,
   TargetStatus,
 } from "./enums";
@@ -667,9 +667,15 @@ export interface AgentSkillsDescriptor {
   skillMd?: SkillMdDefinition | undefined;
   skillDefinition?: SkillDefinition | undefined;
 }
+export interface SecretReference {
+  secretId: string | undefined;
+  jsonKey: string | undefined;
+}
 export interface CreateApiKeyCredentialProviderRequest {
   name: string | undefined;
-  apiKey: string | undefined;
+  apiKey?: string | undefined;
+  apiKeySecretConfig?: SecretReference | undefined;
+  apiKeySecretSource?: SecretSourceType | undefined;
   tags?: Record<string, string> | undefined;
 }
 export interface Secret {
@@ -677,6 +683,8 @@ export interface Secret {
 }
 export interface CreateApiKeyCredentialProviderResponse {
   apiKeySecretArn: Secret | undefined;
+  apiKeySecretJsonKey?: string | undefined;
+  apiKeySecretSource?: SecretSourceType | undefined;
   name: string | undefined;
   credentialProviderArn: string | undefined;
 }
@@ -689,6 +697,8 @@ export interface GetApiKeyCredentialProviderRequest {
 }
 export interface GetApiKeyCredentialProviderResponse {
   apiKeySecretArn: Secret | undefined;
+  apiKeySecretJsonKey?: string | undefined;
+  apiKeySecretSource?: SecretSourceType | undefined;
   name: string | undefined;
   credentialProviderArn: string | undefined;
   createdTime: Date | undefined;
@@ -710,10 +720,14 @@ export interface ListApiKeyCredentialProvidersResponse {
 }
 export interface UpdateApiKeyCredentialProviderRequest {
   name: string | undefined;
-  apiKey: string | undefined;
+  apiKey?: string | undefined;
+  apiKeySecretConfig?: SecretReference | undefined;
+  apiKeySecretSource?: SecretSourceType | undefined;
 }
 export interface UpdateApiKeyCredentialProviderResponse {
   apiKeySecretArn: Secret | undefined;
+  apiKeySecretJsonKey?: string | undefined;
+  apiKeySecretSource?: SecretSourceType | undefined;
   name: string | undefined;
   credentialProviderArn: string | undefined;
   createdTime: Date | undefined;
@@ -2513,7 +2527,3 @@ export interface ListTagsForResourceRequest {
 export interface ListTagsForResourceResponse {
   tags?: Record<string, string> | undefined;
 }
-export interface IndexedKey {
-  key: string | undefined;
-  type: MetadataValueType | undefined;
-}