@aws-sdk/client-secrets-manager 3.180.0 → 3.183.0

package/dist-es/runtimeConfig.browser.js

@@ -1,4 +1,3 @@
-import { __assign, __awaiter, __generator } from "tslib";
 import packageInfo from "../package.json";
 import { Sha256 } from "@aws-crypto/sha256-browser";
 import { DEFAULT_USE_DUALSTACK_ENDPOINT, DEFAULT_USE_FIPS_ENDPOINT } from "@aws-sdk/config-resolver";
@@ -12,15 +11,30 @@ import { fromUtf8, toUtf8 } from "@aws-sdk/util-utf8-browser";
 import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared";
 import { loadConfigsForDefaultMode } from "@aws-sdk/smithy-client";
 import { resolveDefaultsModeConfig } from "@aws-sdk/util-defaults-mode-browser";
-export var getRuntimeConfig = function (config) {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q;
-    var defaultsMode = resolveDefaultsModeConfig(config);
-    var defaultConfigProvider = function () { return defaultsMode().then(loadConfigsForDefaultMode); };
-    var clientSharedValues = getSharedRuntimeConfig(config);
-    return __assign(__assign(__assign({}, clientSharedValues), config), { runtime: "browser", defaultsMode: defaultsMode, base64Decoder: (_a = config === null || config === void 0 ? void 0 : config.base64Decoder) !== null && _a !== void 0 ? _a : fromBase64, base64Encoder: (_b = config === null || config === void 0 ? void 0 : config.base64Encoder) !== null && _b !== void 0 ? _b : toBase64, bodyLengthChecker: (_c = config === null || config === void 0 ? void 0 : config.bodyLengthChecker) !== null && _c !== void 0 ? _c : calculateBodyLength, credentialDefaultProvider: (_d = config === null || config === void 0 ? void 0 : config.credentialDefaultProvider) !== null && _d !== void 0 ? _d : (function (_) { return function () { return Promise.reject(new Error("Credential is missing")); }; }), defaultUserAgentProvider: (_e = config === null || config === void 0 ? void 0 : config.defaultUserAgentProvider) !== null && _e !== void 0 ? _e : defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), maxAttempts: (_f = config === null || config === void 0 ? void 0 : config.maxAttempts) !== null && _f !== void 0 ? _f : DEFAULT_MAX_ATTEMPTS, region: (_g = config === null || config === void 0 ? void 0 : config.region) !== null && _g !== void 0 ? _g : invalidProvider("Region is missing"), requestHandler: (_h = config === null || config === void 0 ? void 0 : config.requestHandler) !== null && _h !== void 0 ? _h : new RequestHandler(defaultConfigProvider), retryMode: (_j = config === null || config === void 0 ? void 0 : config.retryMode) !== null && _j !== void 0 ? _j : (function () { return __awaiter(void 0, void 0, void 0, function () { return __generator(this, function (_a) {
-            switch (_a.label) {
-                case 0: return [4, defaultConfigProvider()];
-                case 1: return [2, (_a.sent()).retryMode || DEFAULT_RETRY_MODE];
-            }
-        }); }); }), sha256: (_k = config === null || config === void 0 ? void 0 : config.sha256) !== null && _k !== void 0 ? _k : Sha256, streamCollector: (_l = config === null || config === void 0 ? void 0 : config.streamCollector) !== null && _l !== void 0 ? _l : streamCollector, useDualstackEndpoint: (_m = config === null || config === void 0 ? void 0 : config.useDualstackEndpoint) !== null && _m !== void 0 ? _m : (function () { return Promise.resolve(DEFAULT_USE_DUALSTACK_ENDPOINT); }), useFipsEndpoint: (_o = config === null || config === void 0 ? void 0 : config.useFipsEndpoint) !== null && _o !== void 0 ? _o : (function () { return Promise.resolve(DEFAULT_USE_FIPS_ENDPOINT); }), utf8Decoder: (_p = config === null || config === void 0 ? void 0 : config.utf8Decoder) !== null && _p !== void 0 ? _p : fromUtf8, utf8Encoder: (_q = config === null || config === void 0 ? void 0 : config.utf8Encoder) !== null && _q !== void 0 ? _q : toUtf8 });
+export const getRuntimeConfig = (config) => {
+    const defaultsMode = resolveDefaultsModeConfig(config);
+    const defaultConfigProvider = () => defaultsMode().then(loadConfigsForDefaultMode);
+    const clientSharedValues = getSharedRuntimeConfig(config);
+    return {
+        ...clientSharedValues,
+        ...config,
+        runtime: "browser",
+        defaultsMode,
+        base64Decoder: config?.base64Decoder ?? fromBase64,
+        base64Encoder: config?.base64Encoder ?? toBase64,
+        bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
+        credentialDefaultProvider: config?.credentialDefaultProvider ?? ((_) => () => Promise.reject(new Error("Credential is missing"))),
+        defaultUserAgentProvider: config?.defaultUserAgentProvider ??
+            defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
+        maxAttempts: config?.maxAttempts ?? DEFAULT_MAX_ATTEMPTS,
+        region: config?.region ?? invalidProvider("Region is missing"),
+        requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider),
+        retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE),
+        sha256: config?.sha256 ?? Sha256,
+        streamCollector: config?.streamCollector ?? streamCollector,
+        useDualstackEndpoint: config?.useDualstackEndpoint ?? (() => Promise.resolve(DEFAULT_USE_DUALSTACK_ENDPOINT)),
+        useFipsEndpoint: config?.useFipsEndpoint ?? (() => Promise.resolve(DEFAULT_USE_FIPS_ENDPOINT)),
+        utf8Decoder: config?.utf8Decoder ?? fromUtf8,
+        utf8Encoder: config?.utf8Encoder ?? toUtf8,
+    };
 };

package/dist-es/runtimeConfig.js

@@ -1,4 +1,3 @@
-import { __assign, __awaiter, __generator } from "tslib";
 import packageInfo from "../package.json";
 import { decorateDefaultCredentialProvider } from "@aws-sdk/client-sts";
 import { NODE_REGION_CONFIG_FILE_OPTIONS, NODE_REGION_CONFIG_OPTIONS, NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, } from "@aws-sdk/config-resolver";
@@ -15,16 +14,35 @@ import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shar
 import { loadConfigsForDefaultMode } from "@aws-sdk/smithy-client";
 import { resolveDefaultsModeConfig } from "@aws-sdk/util-defaults-mode-node";
 import { emitWarningIfUnsupportedVersion } from "@aws-sdk/smithy-client";
-export var getRuntimeConfig = function (config) {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q;
+export const getRuntimeConfig = (config) => {
     emitWarningIfUnsupportedVersion(process.version);
-    var defaultsMode = resolveDefaultsModeConfig(config);
-    var defaultConfigProvider = function () { return defaultsMode().then(loadConfigsForDefaultMode); };
-    var clientSharedValues = getSharedRuntimeConfig(config);
-    return __assign(__assign(__assign({}, clientSharedValues), config), { runtime: "node", defaultsMode: defaultsMode, base64Decoder: (_a = config === null || config === void 0 ? void 0 : config.base64Decoder) !== null && _a !== void 0 ? _a : fromBase64, base64Encoder: (_b = config === null || config === void 0 ? void 0 : config.base64Encoder) !== null && _b !== void 0 ? _b : toBase64, bodyLengthChecker: (_c = config === null || config === void 0 ? void 0 : config.bodyLengthChecker) !== null && _c !== void 0 ? _c : calculateBodyLength, credentialDefaultProvider: (_d = config === null || config === void 0 ? void 0 : config.credentialDefaultProvider) !== null && _d !== void 0 ? _d : decorateDefaultCredentialProvider(credentialDefaultProvider), defaultUserAgentProvider: (_e = config === null || config === void 0 ? void 0 : config.defaultUserAgentProvider) !== null && _e !== void 0 ? _e : defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), maxAttempts: (_f = config === null || config === void 0 ? void 0 : config.maxAttempts) !== null && _f !== void 0 ? _f : loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS), region: (_g = config === null || config === void 0 ? void 0 : config.region) !== null && _g !== void 0 ? _g : loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS), requestHandler: (_h = config === null || config === void 0 ? void 0 : config.requestHandler) !== null && _h !== void 0 ? _h : new RequestHandler(defaultConfigProvider), retryMode: (_j = config === null || config === void 0 ? void 0 : config.retryMode) !== null && _j !== void 0 ? _j : loadNodeConfig(__assign(__assign({}, NODE_RETRY_MODE_CONFIG_OPTIONS), { default: function () { return __awaiter(void 0, void 0, void 0, function () { return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0: return [4, defaultConfigProvider()];
-                    case 1: return [2, (_a.sent()).retryMode || DEFAULT_RETRY_MODE];
-                }
-            }); }); } })), sha256: (_k = config === null || config === void 0 ? void 0 : config.sha256) !== null && _k !== void 0 ? _k : Hash.bind(null, "sha256"), streamCollector: (_l = config === null || config === void 0 ? void 0 : config.streamCollector) !== null && _l !== void 0 ? _l : streamCollector, useDualstackEndpoint: (_m = config === null || config === void 0 ? void 0 : config.useDualstackEndpoint) !== null && _m !== void 0 ? _m : loadNodeConfig(NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS), useFipsEndpoint: (_o = config === null || config === void 0 ? void 0 : config.useFipsEndpoint) !== null && _o !== void 0 ? _o : loadNodeConfig(NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS), utf8Decoder: (_p = config === null || config === void 0 ? void 0 : config.utf8Decoder) !== null && _p !== void 0 ? _p : fromUtf8, utf8Encoder: (_q = config === null || config === void 0 ? void 0 : config.utf8Encoder) !== null && _q !== void 0 ? _q : toUtf8 });
+    const defaultsMode = resolveDefaultsModeConfig(config);
+    const defaultConfigProvider = () => defaultsMode().then(loadConfigsForDefaultMode);
+    const clientSharedValues = getSharedRuntimeConfig(config);
+    return {
+        ...clientSharedValues,
+        ...config,
+        runtime: "node",
+        defaultsMode,
+        base64Decoder: config?.base64Decoder ?? fromBase64,
+        base64Encoder: config?.base64Encoder ?? toBase64,
+        bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
+        credentialDefaultProvider: config?.credentialDefaultProvider ?? decorateDefaultCredentialProvider(credentialDefaultProvider),
+        defaultUserAgentProvider: config?.defaultUserAgentProvider ??
+            defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
+        maxAttempts: config?.maxAttempts ?? loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS),
+        region: config?.region ?? loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS),
+        requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider),
+        retryMode: config?.retryMode ??
+            loadNodeConfig({
+                ...NODE_RETRY_MODE_CONFIG_OPTIONS,
+                default: async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE,
+            }),
+        sha256: config?.sha256 ?? Hash.bind(null, "sha256"),
+        streamCollector: config?.streamCollector ?? streamCollector,
+        useDualstackEndpoint: config?.useDualstackEndpoint ?? loadNodeConfig(NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS),
+        useFipsEndpoint: config?.useFipsEndpoint ?? loadNodeConfig(NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS),
+        utf8Decoder: config?.utf8Decoder ?? fromUtf8,
+        utf8Encoder: config?.utf8Encoder ?? toUtf8,
+    };
 };

package/dist-es/runtimeConfig.native.js

@@ -1,8 +1,11 @@
-import { __assign } from "tslib";
 import { Sha256 } from "@aws-crypto/sha256-js";
 import { getRuntimeConfig as getBrowserRuntimeConfig } from "./runtimeConfig.browser";
-export var getRuntimeConfig = function (config) {
-    var _a;
-    var browserDefaults = getBrowserRuntimeConfig(config);
-    return __assign(__assign(__assign({}, browserDefaults), config), { runtime: "react-native", sha256: (_a = config === null || config === void 0 ? void 0 : config.sha256) !== null && _a !== void 0 ? _a : Sha256 });
+export const getRuntimeConfig = (config) => {
+    const browserDefaults = getBrowserRuntimeConfig(config);
+    return {
+        ...browserDefaults,
+        ...config,
+        runtime: "react-native",
+        sha256: config?.sha256 ?? Sha256,
+    };
 };

package/dist-es/runtimeConfig.shared.js

@@ -1,13 +1,10 @@
 import { parseUrl } from "@aws-sdk/url-parser";
 import { defaultRegionInfoProvider } from "./endpoints";
-export var getRuntimeConfig = function (config) {
-    var _a, _b, _c, _d, _e;
-    return ({
-        apiVersion: "2017-10-17",
-        disableHostPrefix: (_a = config === null || config === void 0 ? void 0 : config.disableHostPrefix) !== null && _a !== void 0 ? _a : false,
-        logger: (_b = config === null || config === void 0 ? void 0 : config.logger) !== null && _b !== void 0 ? _b : {},
-        regionInfoProvider: (_c = config === null || config === void 0 ? void 0 : config.regionInfoProvider) !== null && _c !== void 0 ? _c : defaultRegionInfoProvider,
-        serviceId: (_d = config === null || config === void 0 ? void 0 : config.serviceId) !== null && _d !== void 0 ? _d : "Secrets Manager",
-        urlParser: (_e = config === null || config === void 0 ? void 0 : config.urlParser) !== null && _e !== void 0 ? _e : parseUrl,
-    });
-};
+export const getRuntimeConfig = (config) => ({
+    apiVersion: "2017-10-17",
+    disableHostPrefix: config?.disableHostPrefix ?? false,
+    logger: config?.logger ?? {},
+    regionInfoProvider: config?.regionInfoProvider ?? defaultRegionInfoProvider,
+    serviceId: config?.serviceId ?? "Secrets Manager",
+    urlParser: config?.urlParser ?? parseUrl,
+});

package/dist-types/SecretsManager.d.ts

@@ -81,6 +81,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *      <a>UpdateSecretVersionStage</a> to change staging labels.
      *      For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
      *          <p>To turn on automatic rotation again, call <a>RotateSecret</a>.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:CancelRotateSecret</code>.
@@ -116,6 +117,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then
      *       you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create
      *       and use a customer managed KMS key. </p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except <code>SecretBinary</code> or <code>SecretString</code> because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:CreateSecret</code>. If you
@@ -131,6 +133,7 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Deletes the resource-based permission policy attached to the secret. To attach a policy to
      *       a secret, use <a>PutResourcePolicy</a>.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:DeleteResourcePolicy</code>.
@@ -164,6 +167,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p>
      *          <p>When a secret is scheduled for deletion, you cannot retrieve the secret value.
      *       You must first cancel the deletion with <a>RestoreSecret</a> and then you can retrieve the secret.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:DeleteSecret</code>.
@@ -177,6 +181,7 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager
      *       only returns fields that have a value in the response. </p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:DescribeSecret</code>.
@@ -191,6 +196,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      * <p>Generates a random password. We recommend that you specify the
      *       maximum length and include every character type that the system you are generating a password
      *       for can support.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:GetRandomPassword</code>.
@@ -206,6 +212,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       secret. For more information about permissions policies attached to a secret, see
      *       <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions
      *         policies attached to a secret</a>.</p>
+     *         <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:GetResourcePolicy</code>.
@@ -226,6 +233,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          <p>To retrieve the previous version of a secret, use <code>VersionStage</code> and specify
      *       AWSPREVIOUS. To revert to the previous version of a secret, call <a href="https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html">UpdateSecretVersionStage</a>.</p>
      *
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:GetSecretValue</code>.
@@ -247,6 +255,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
      *       call <a>GetSecretValue</a>.</p>
      *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Find secrets in Secrets Manager</a>.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:ListSecrets</code>.
@@ -262,6 +271,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *     of a secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">
      *     Secrets Manager concepts: Versions</a>.</p>
      *          <p>To list the secrets in the account, use <a>ListSecrets</a>.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:ListSecretVersionIds</code>.
@@ -278,6 +288,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          </p>
      *          <p>For information about attaching a policy in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html">Attach a
      *       permissions policy to a secret</a>.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:PutResourcePolicy</code>.
@@ -301,8 +312,8 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       If you don't include <code>VersionStages</code>, then Secrets Manager automatically
      *       moves the staging label <code>AWSCURRENT</code> to this version. If this operation creates
      *       the first version for the secret, then Secrets Manager
-     *         automatically attaches the staging label <code>AWSCURRENT</code> to it .</p>
-     *          <p>If this operation moves the staging label <code>AWSCURRENT</code> from another version to this
+     *         automatically attaches the staging label <code>AWSCURRENT</code> to it.
+     *     If this operation moves the staging label <code>AWSCURRENT</code> from another version to this
      *       version, then Secrets Manager also automatically moves the staging label <code>AWSPREVIOUS</code> to
      *       the version that <code>AWSCURRENT</code> was removed from.</p>
      *          <p>This operation is idempotent. If you call this operation with a <code>ClientRequestToken</code>
@@ -310,6 +321,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       same secret data, the operation succeeds but does nothing. However, if the secret data is
      *       different, then the operation fails because you can't modify an existing version; you can
      *       only create new ones.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except <code>SecretBinary</code> or <code>SecretString</code> because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:PutSecretValue</code>.
@@ -322,6 +334,7 @@ export declare class SecretsManager extends SecretsManagerClient {
     putSecretValue(args: PutSecretValueCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: PutSecretValueCommandOutput) => void): void;
     /**
      * <p>For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:RemoveRegionsFromReplication</code>.
@@ -334,6 +347,7 @@ export declare class SecretsManager extends SecretsManagerClient {
     removeRegionsFromReplication(args: RemoveRegionsFromReplicationCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RemoveRegionsFromReplicationCommandOutput) => void): void;
     /**
      * <p>Replicates the secret to a new Regions. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html">Multi-Region secrets</a>.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:ReplicateSecretToRegions</code>.
@@ -347,6 +361,7 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Cancels the scheduled deletion of a secret by removing the <code>DeletedDate</code> time
      *       stamp. You can access a secret again after it has been restored.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:RestoreSecret</code>.
@@ -383,6 +398,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       version. If the <code>AWSPENDING</code> staging label is present but not attached to the same
      *       version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code>
      *       assumes that a previous rotation request is still in progress and returns an error.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:RotateSecret</code>.
@@ -398,6 +414,7 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region.</p>
      *          <p>You must call this operation from the Region in which you want to promote the replica to a primary secret.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:StopReplicationToReplica</code>.
@@ -444,6 +461,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *         your permissions for this secret, then the operation is blocked and returns an Access Denied
      *         error.</p>
      *          </important>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:TagResource</code>.
@@ -464,6 +482,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *         permissions for this secret, then the operation is blocked and returns an Access Denied
      *         error.</p>
      *          </important>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:UntagResource</code>.
@@ -485,12 +504,15 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach
      *       the quota for secret versions.</p>
      *          <p>If you include <code>SecretString</code> or <code>SecretBinary</code> to create a new
-     *       secret version, Secrets Manager automatically attaches the staging label <code>AWSCURRENT</code> to the new
-     *       version. </p>
+     *       secret version, Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to the new
+     *       version. Then it attaches the label <code>AWSPREVIOUS</code>
+     *         to the version that <code>AWSCURRENT</code> was removed from.</p>
+     *
      *          <p>If you call this operation with a <code>ClientRequestToken</code> that matches an existing version's
      *       <code>VersionId</code>, the operation results in an error. You can't modify an existing
      *       version, you can only create a new version. To remove a version, remove all staging labels from it. See
      *     <a>UpdateSecretVersionStage</a>.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except <code>SecretBinary</code> or <code>SecretString</code> because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:UpdateSecret</code>.
@@ -520,6 +542,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          </note>
      *          <p>If this action results in the last label being removed from a version, then the version is
      *       considered to be 'deprecated' and can be deleted by Secrets Manager.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:UpdateSecretVersionStage</code>.
@@ -546,6 +569,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *                <p>Verifies the policy does not lock out a caller.</p>
      *             </li>
      *          </ul>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:ValidateResourcePolicy</code>.

package/dist-types/commands/CancelRotateSecretCommand.d.ts

@@ -19,6 +19,7 @@ export interface CancelRotateSecretCommandOutput extends CancelRotateSecretRespo
  *      <a>UpdateSecretVersionStage</a> to change staging labels.
  *      For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
  *          <p>To turn on automatic rotation again, call <a>RotateSecret</a>.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:CancelRotateSecret</code>.

package/dist-types/commands/CreateSecretCommand.d.ts

@@ -31,6 +31,7 @@ export interface CreateSecretCommandOutput extends CreateSecretResponse, __Metad
  *          <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then
  *       you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create
  *       and use a customer managed KMS key. </p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except <code>SecretBinary</code> or <code>SecretString</code> because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:CreateSecret</code>. If you

package/dist-types/commands/DeleteResourcePolicyCommand.d.ts

@@ -9,6 +9,7 @@ export interface DeleteResourcePolicyCommandOutput extends DeleteResourcePolicyR
 /**
  * <p>Deletes the resource-based permission policy attached to the secret. To attach a policy to
  *       a secret, use <a>PutResourcePolicy</a>.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:DeleteResourcePolicy</code>.

package/dist-types/commands/DeleteSecretCommand.d.ts

@@ -29,6 +29,7 @@ export interface DeleteSecretCommandOutput extends DeleteSecretResponse, __Metad
  *       remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p>
  *          <p>When a secret is scheduled for deletion, you cannot retrieve the secret value.
  *       You must first cancel the deletion with <a>RestoreSecret</a> and then you can retrieve the secret.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:DeleteSecret</code>.

package/dist-types/commands/DescribeSecretCommand.d.ts

@@ -9,6 +9,7 @@ export interface DescribeSecretCommandOutput extends DescribeSecretResponse, __M
 /**
  * <p>Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager
  *       only returns fields that have a value in the response. </p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:DescribeSecret</code>.

package/dist-types/commands/GetRandomPasswordCommand.d.ts

@@ -10,6 +10,7 @@ export interface GetRandomPasswordCommandOutput extends GetRandomPasswordRespons
  * <p>Generates a random password. We recommend that you specify the
  *       maximum length and include every character type that the system you are generating a password
  *       for can support.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:GetRandomPassword</code>.

package/dist-types/commands/GetResourcePolicyCommand.d.ts

@@ -11,6 +11,7 @@ export interface GetResourcePolicyCommandOutput extends GetResourcePolicyRespons
  *       secret. For more information about permissions policies attached to a secret, see
  *       <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions
  *         policies attached to a secret</a>.</p>
+ *         <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:GetResourcePolicy</code>.

package/dist-types/commands/GetSecretValueCommand.d.ts

@@ -16,6 +16,7 @@ export interface GetSecretValueCommandOutput extends GetSecretValueResponse, __M
  *          <p>To retrieve the previous version of a secret, use <code>VersionStage</code> and specify
  *       AWSPREVIOUS. To revert to the previous version of a secret, call <a href="https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html">UpdateSecretVersionStage</a>.</p>
  *
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:GetSecretValue</code>.

package/dist-types/commands/ListSecretVersionIdsCommand.d.ts

@@ -11,6 +11,7 @@ export interface ListSecretVersionIdsCommandOutput extends ListSecretVersionIdsR
  *     of a secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">
  *     Secrets Manager concepts: Versions</a>.</p>
  *          <p>To list the secrets in the account, use <a>ListSecrets</a>.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:ListSecretVersionIds</code>.

package/dist-types/commands/ListSecretsCommand.d.ts

@@ -15,6 +15,7 @@ export interface ListSecretsCommandOutput extends ListSecretsResponse, __Metadat
  *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
  *       call <a>GetSecretValue</a>.</p>
  *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Find secrets in Secrets Manager</a>.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:ListSecrets</code>.

package/dist-types/commands/PutResourcePolicyCommand.d.ts

@@ -12,6 +12,7 @@ export interface PutResourcePolicyCommandOutput extends PutResourcePolicyRespons
  *          </p>
  *          <p>For information about attaching a policy in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html">Attach a
  *       permissions policy to a secret</a>.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:PutResourcePolicy</code>.

package/dist-types/commands/PutSecretValueCommand.d.ts

@@ -19,8 +19,8 @@ export interface PutSecretValueCommandOutput extends PutSecretValueResponse, __M
  *       If you don't include <code>VersionStages</code>, then Secrets Manager automatically
  *       moves the staging label <code>AWSCURRENT</code> to this version. If this operation creates
  *       the first version for the secret, then Secrets Manager
- *         automatically attaches the staging label <code>AWSCURRENT</code> to it .</p>
- *          <p>If this operation moves the staging label <code>AWSCURRENT</code> from another version to this
+ *         automatically attaches the staging label <code>AWSCURRENT</code> to it.
+ *     If this operation moves the staging label <code>AWSCURRENT</code> from another version to this
  *       version, then Secrets Manager also automatically moves the staging label <code>AWSPREVIOUS</code> to
  *       the version that <code>AWSCURRENT</code> was removed from.</p>
  *          <p>This operation is idempotent. If you call this operation with a <code>ClientRequestToken</code>
@@ -28,6 +28,7 @@ export interface PutSecretValueCommandOutput extends PutSecretValueResponse, __M
  *       same secret data, the operation succeeds but does nothing. However, if the secret data is
  *       different, then the operation fails because you can't modify an existing version; you can
  *       only create new ones.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except <code>SecretBinary</code> or <code>SecretString</code> because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:PutSecretValue</code>.

package/dist-types/commands/RemoveRegionsFromReplicationCommand.d.ts

@@ -8,6 +8,7 @@ export interface RemoveRegionsFromReplicationCommandOutput extends RemoveRegions
 }
 /**
  * <p>For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:RemoveRegionsFromReplication</code>.

package/dist-types/commands/ReplicateSecretToRegionsCommand.d.ts

@@ -8,6 +8,7 @@ export interface ReplicateSecretToRegionsCommandOutput extends ReplicateSecretTo
 }
 /**
  * <p>Replicates the secret to a new Regions. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html">Multi-Region secrets</a>.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:ReplicateSecretToRegions</code>.

package/dist-types/commands/RestoreSecretCommand.d.ts

@@ -9,6 +9,7 @@ export interface RestoreSecretCommandOutput extends RestoreSecretResponse, __Met
 /**
  * <p>Cancels the scheduled deletion of a secret by removing the <code>DeletedDate</code> time
  *       stamp. You can access a secret again after it has been restored.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:RestoreSecret</code>.

package/dist-types/commands/RotateSecretCommand.d.ts

@@ -32,6 +32,7 @@ export interface RotateSecretCommandOutput extends RotateSecretResponse, __Metad
  *       version. If the <code>AWSPENDING</code> staging label is present but not attached to the same
  *       version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code>
  *       assumes that a previous rotation request is still in progress and returns an error.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:RotateSecret</code>.

package/dist-types/commands/StopReplicationToReplicaCommand.d.ts

@@ -9,6 +9,7 @@ export interface StopReplicationToReplicaCommandOutput extends StopReplicationTo
 /**
  * <p>Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region.</p>
  *          <p>You must call this operation from the Region in which you want to promote the replica to a primary secret.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:StopReplicationToReplica</code>.

package/dist-types/commands/TagResourceCommand.d.ts

@@ -42,6 +42,7 @@ export interface TagResourceCommandOutput extends __MetadataBearer {
  *         your permissions for this secret, then the operation is blocked and returns an Access Denied
  *         error.</p>
  *          </important>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:TagResource</code>.

package/dist-types/commands/UntagResourceCommand.d.ts

@@ -16,6 +16,7 @@ export interface UntagResourceCommandOutput extends __MetadataBearer {
  *         permissions for this secret, then the operation is blocked and returns an Access Denied
  *         error.</p>
  *          </important>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:UntagResource</code>.

package/dist-types/commands/UpdateSecretCommand.d.ts

@@ -17,12 +17,15 @@ export interface UpdateSecretCommandOutput extends UpdateSecretResponse, __Metad
  *       than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach
  *       the quota for secret versions.</p>
  *          <p>If you include <code>SecretString</code> or <code>SecretBinary</code> to create a new
- *       secret version, Secrets Manager automatically attaches the staging label <code>AWSCURRENT</code> to the new
- *       version. </p>
+ *       secret version, Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to the new
+ *       version. Then it attaches the label <code>AWSPREVIOUS</code>
+ *         to the version that <code>AWSCURRENT</code> was removed from.</p>
+ *
  *          <p>If you call this operation with a <code>ClientRequestToken</code> that matches an existing version's
  *       <code>VersionId</code>, the operation results in an error. You can't modify an existing
  *       version, you can only create a new version. To remove a version, remove all staging labels from it. See
  *     <a>UpdateSecretVersionStage</a>.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except <code>SecretBinary</code> or <code>SecretString</code> because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:UpdateSecret</code>.

package/dist-types/commands/UpdateSecretVersionStageCommand.d.ts

@@ -22,6 +22,7 @@ export interface UpdateSecretVersionStageCommandOutput extends UpdateSecretVersi
  *          </note>
  *          <p>If this action results in the last label being removed from a version, then the version is
  *       considered to be 'deprecated' and can be deleted by Secrets Manager.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:UpdateSecretVersionStage</code>.

package/dist-types/commands/ValidateResourcePolicyCommand.d.ts

@@ -22,6 +22,7 @@ export interface ValidateResourcePolicyCommandOutput extends ValidateResourcePol
  *                <p>Verifies the policy does not lock out a caller.</p>
  *             </li>
  *          </ul>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:ValidateResourcePolicy</code>.