@aws-sdk/client-secrets-manager 3.236.0 → 3.238.0

package/README.md

@@ -12,23 +12,20 @@ AWS SDK for JavaScript SecretsManager Client for Node.js, Browser and React Nati
 <fullname>Amazon Web Services Secrets Manager</fullname>
 
 <p>Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.</p>
-
 <p>This guide provides descriptions of the Secrets Manager API. For more information about using this
 service, see the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html">Amazon Web Services Secrets Manager User Guide</a>.</p>
-
 <p>
 <b>API Version</b>
 </p>
-
 <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
-
+<p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager
+endpoints</a>.</p>
 <p>
 <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
 </p>
 <p>We welcome your feedback. Send your comments to <a href="mailto:awssecretsmanager-feedback@amazon.com">awssecretsmanager-feedback@amazon.com</a>, or post your feedback and questions in the <a href="http://forums.aws.amazon.com/forum.jspa?forumID=296">Amazon Web Services Secrets Manager Discussion Forum</a>. For more
 information about the Amazon Web Services Discussion Forums, see <a href="http://forums.aws.amazon.com/help.jspa">Forums
 Help</a>.</p>
-
 <p>
 <b>Logging API Requests</b>
 </p>

package/dist-cjs/endpoint/ruleset.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ruleSet = void 0;
-const p = "required", q = "fn", r = "argv", s = "ref";
-const a = "PartitionResult", b = "tree", c = "error", d = "endpoint", e = { [p]: false, "type": "String" }, f = { [p]: true, "default": false, "type": "Boolean" }, g = { [s]: "Endpoint" }, h = { [q]: "booleanEquals", [r]: [{ [s]: "UseFIPS" }, true] }, i = { [q]: "booleanEquals", [r]: [{ [s]: "UseDualStack" }, true] }, j = {}, k = { [q]: "booleanEquals", [r]: [true, { [q]: "getAttr", [r]: [{ [s]: a }, "supportsFIPS"] }] }, l = { [q]: "booleanEquals", [r]: [true, { [q]: "getAttr", [r]: [{ [s]: a }, "supportsDualStack"] }] }, m = [g], n = [h], o = [i];
-const _data = { version: "1.0", parameters: { Region: e, UseDualStack: f, UseFIPS: f, Endpoint: e }, rules: [{ conditions: [{ [q]: "aws.partition", [r]: [{ [s]: "Region" }], assign: a }], type: b, rules: [{ conditions: [{ [q]: "isSet", [r]: m }, { [q]: "parseURL", [r]: m, assign: "url" }], type: b, rules: [{ conditions: n, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, { type: b, rules: [{ conditions: o, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: c }, { endpoint: { url: g, properties: j, headers: j }, type: d }] }] }, { conditions: [h, i], type: b, rules: [{ conditions: [k, l], type: b, rules: [{ endpoint: { url: "https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: j, headers: j }, type: d }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: c }] }, { conditions: n, type: b, rules: [{ conditions: [k], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}", properties: j, headers: j }, type: d }] }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: c }] }, { conditions: o, type: b, rules: [{ conditions: [l], type: b, rules: [{ endpoint: { url: "https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: j, headers: j }, type: d }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: c }] }, { endpoint: { url: "https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}", properties: j, headers: j }, type: d }] }] };
+const q = "fn", r = "argv", s = "ref";
+const a = true, b = false, c = "String", d = "PartitionResult", e = "tree", f = "error", g = "endpoint", h = { "required": true, "default": false, "type": "Boolean" }, i = { [s]: "Endpoint" }, j = { [q]: "booleanEquals", [r]: [{ [s]: "UseFIPS" }, true] }, k = { [q]: "booleanEquals", [r]: [{ [s]: "UseDualStack" }, true] }, l = {}, m = { [q]: "booleanEquals", [r]: [true, { [q]: "getAttr", [r]: [{ [s]: d }, "supportsFIPS"] }] }, n = { [q]: "booleanEquals", [r]: [true, { [q]: "getAttr", [r]: [{ [s]: d }, "supportsDualStack"] }] }, o = [j], p = [k];
+const _data = { version: "1.0", parameters: { Region: { required: a, type: c }, UseDualStack: h, UseFIPS: h, Endpoint: { required: b, type: c } }, rules: [{ conditions: [{ [q]: "aws.partition", [r]: [{ [s]: "Region" }], assign: d }], type: e, rules: [{ conditions: [{ [q]: "isSet", [r]: [i] }], type: e, rules: [{ conditions: o, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: f }, { type: e, rules: [{ conditions: p, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: f }, { endpoint: { url: i, properties: l, headers: l }, type: g }] }] }, { conditions: [j, k], type: e, rules: [{ conditions: [m, n], type: e, rules: [{ endpoint: { url: "https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: l, headers: l }, type: g }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: f }] }, { conditions: o, type: e, rules: [{ conditions: [m], type: e, rules: [{ type: e, rules: [{ endpoint: { url: "https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}", properties: l, headers: l }, type: g }] }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: f }] }, { conditions: p, type: e, rules: [{ conditions: [n], type: e, rules: [{ endpoint: { url: "https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: l, headers: l }, type: g }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: f }] }, { endpoint: { url: "https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}", properties: l, headers: l }, type: g }] }] };
 exports.ruleSet = _data;

package/dist-es/endpoint/ruleset.js

@@ -1,4 +1,4 @@
-const p = "required", q = "fn", r = "argv", s = "ref";
-const a = "PartitionResult", b = "tree", c = "error", d = "endpoint", e = { [p]: false, "type": "String" }, f = { [p]: true, "default": false, "type": "Boolean" }, g = { [s]: "Endpoint" }, h = { [q]: "booleanEquals", [r]: [{ [s]: "UseFIPS" }, true] }, i = { [q]: "booleanEquals", [r]: [{ [s]: "UseDualStack" }, true] }, j = {}, k = { [q]: "booleanEquals", [r]: [true, { [q]: "getAttr", [r]: [{ [s]: a }, "supportsFIPS"] }] }, l = { [q]: "booleanEquals", [r]: [true, { [q]: "getAttr", [r]: [{ [s]: a }, "supportsDualStack"] }] }, m = [g], n = [h], o = [i];
-const _data = { version: "1.0", parameters: { Region: e, UseDualStack: f, UseFIPS: f, Endpoint: e }, rules: [{ conditions: [{ [q]: "aws.partition", [r]: [{ [s]: "Region" }], assign: a }], type: b, rules: [{ conditions: [{ [q]: "isSet", [r]: m }, { [q]: "parseURL", [r]: m, assign: "url" }], type: b, rules: [{ conditions: n, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, { type: b, rules: [{ conditions: o, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: c }, { endpoint: { url: g, properties: j, headers: j }, type: d }] }] }, { conditions: [h, i], type: b, rules: [{ conditions: [k, l], type: b, rules: [{ endpoint: { url: "https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: j, headers: j }, type: d }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: c }] }, { conditions: n, type: b, rules: [{ conditions: [k], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}", properties: j, headers: j }, type: d }] }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: c }] }, { conditions: o, type: b, rules: [{ conditions: [l], type: b, rules: [{ endpoint: { url: "https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: j, headers: j }, type: d }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: c }] }, { endpoint: { url: "https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}", properties: j, headers: j }, type: d }] }] };
+const q = "fn", r = "argv", s = "ref";
+const a = true, b = false, c = "String", d = "PartitionResult", e = "tree", f = "error", g = "endpoint", h = { "required": true, "default": false, "type": "Boolean" }, i = { [s]: "Endpoint" }, j = { [q]: "booleanEquals", [r]: [{ [s]: "UseFIPS" }, true] }, k = { [q]: "booleanEquals", [r]: [{ [s]: "UseDualStack" }, true] }, l = {}, m = { [q]: "booleanEquals", [r]: [true, { [q]: "getAttr", [r]: [{ [s]: d }, "supportsFIPS"] }] }, n = { [q]: "booleanEquals", [r]: [true, { [q]: "getAttr", [r]: [{ [s]: d }, "supportsDualStack"] }] }, o = [j], p = [k];
+const _data = { version: "1.0", parameters: { Region: { required: a, type: c }, UseDualStack: h, UseFIPS: h, Endpoint: { required: b, type: c } }, rules: [{ conditions: [{ [q]: "aws.partition", [r]: [{ [s]: "Region" }], assign: d }], type: e, rules: [{ conditions: [{ [q]: "isSet", [r]: [i] }], type: e, rules: [{ conditions: o, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: f }, { type: e, rules: [{ conditions: p, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: f }, { endpoint: { url: i, properties: l, headers: l }, type: g }] }] }, { conditions: [j, k], type: e, rules: [{ conditions: [m, n], type: e, rules: [{ endpoint: { url: "https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: l, headers: l }, type: g }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: f }] }, { conditions: o, type: e, rules: [{ conditions: [m], type: e, rules: [{ type: e, rules: [{ endpoint: { url: "https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}", properties: l, headers: l }, type: g }] }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: f }] }, { conditions: p, type: e, rules: [{ conditions: [n], type: e, rules: [{ endpoint: { url: "https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: l, headers: l }, type: g }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: f }] }, { endpoint: { url: "https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}", properties: l, headers: l }, type: g }] }] };
 export const ruleSet = _data;

package/dist-types/SecretsManager.d.ts

@@ -25,37 +25,20 @@ import { SecretsManagerClient } from "./SecretsManagerClient";
 /**
  * <fullname>Amazon Web Services Secrets Manager</fullname>
  *          <p>Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.</p>
- *
  *          <p>This guide provides descriptions of the Secrets Manager API. For more information about using this
  *       service, see the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html">Amazon Web Services Secrets Manager User Guide</a>.</p>
- *
  *          <p>
  *             <b>API Version</b>
  *          </p>
- *
  *          <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
+ *          <p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager
+ *       endpoints</a>.</p>
  *          <p>
  *             <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
  *          </p>
  *          <p>We welcome your feedback. Send your comments to <a href="mailto:awssecretsmanager-feedback@amazon.com">awssecretsmanager-feedback@amazon.com</a>, or post your feedback and questions in the <a href="http://forums.aws.amazon.com/forum.jspa?forumID=296">Amazon Web Services Secrets Manager Discussion Forum</a>. For more
  *       information about the Amazon Web Services Discussion Forums, see <a href="http://forums.aws.amazon.com/help.jspa">Forums
  *         Help</a>.</p>
- *
  *          <p>
  *             <b>Logging API Requests</b>
  *          </p>
@@ -99,6 +82,9 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       includes the connection information to access a database or other service, which Secrets Manager
      *       doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the
      *       important information needed to manage the secret.</p>
+     *          <p>For secrets that use <i>managed rotation</i>, you need to create the secret through the managing service. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.
+     *
+     *     </p>
      *          <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a secret</a>.</p>
      *          <p>To create a secret, you can provide the secret value to be encrypted in either the
      *       <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both.
@@ -212,7 +198,7 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       secret. For more information about permissions policies attached to a secret, see
      *       <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions
      *         policies attached to a secret</a>.</p>
-     *         <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
+     *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
      *             <code>secretsmanager:GetResourcePolicy</code>.
@@ -232,7 +218,6 @@ export declare class SecretsManager extends SecretsManagerClient {
      *         your applications</a>.</p>
      *          <p>To retrieve the previous version of a secret, use <code>VersionStage</code> and specify
      *       AWSPREVIOUS. To revert to the previous version of a secret, call <a href="https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html">UpdateSecretVersionStage</a>.</p>
-     *
      *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
@@ -373,32 +358,13 @@ export declare class SecretsManager extends SecretsManagerClient {
     restoreSecret(args: RestoreSecretCommandInput, cb: (err: any, data?: RestoreSecretCommandOutput) => void): void;
     restoreSecret(args: RestoreSecretCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RestoreSecretCommandOutput) => void): void;
     /**
-     * <p>Configures and starts the asynchronous process of rotating the secret. For more information about rotation,
-     *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a>.</p>
-     *          <p>If you include the
-     *       configuration parameters, the operation sets the values for the secret and then immediately
-     *       starts a rotation. If you don't include the configuration parameters, the operation starts a
-     *       rotation with the values already stored in the secret. </p>
-     *          <p>For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must
-     *       make sure the secret value is in the
-     *         <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html"> JSON structure
-     *         of a database secret</a>. In particular, if you want to use the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users"> alternating users strategy</a>, your secret must contain the ARN of a superuser
-     *       secret.</p>
-     *
-     *          <p>To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule
-     *       for the rotation. The Lambda rotation function creates a new
-     *       version of the secret and creates or updates the credentials on the database or service to
-     *       match. After testing the new credentials, the function marks the new secret version with the staging
-     *       label <code>AWSCURRENT</code>. Then anyone who retrieves the secret gets the new version. For more
-     *       information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
-     *          <p>You can create the Lambda rotation function based on the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html">rotation function templates</a> that Secrets Manager provides. Choose
-     *       a template that matches your <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html">Rotation strategy</a>.</p>
+     * <p>Configures and starts the asynchronous process of rotating the secret. For information about rotation,
+     *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a> in the <i>Secrets Manager User Guide</i>. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. </p>
      *          <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be attached
      *       to the same version as the <code>AWSCURRENT</code> version, or it might not be attached to any
      *       version. If the <code>AWSPENDING</code> staging label is present but not attached to the same
      *       version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code>
-     *       assumes that a previous rotation request is still in progress and returns an error.</p>
-     *          <p>When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
+     *       assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
      *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
@@ -429,8 +395,8 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the
      *       secret's metadata. They are not associated with specific versions of the secret. This operation appends tags to the existing list of tags.</p>
-     *             <p>The following restrictions apply to tags:</p>
-     *         <ul>
+     *          <p>The following restrictions apply to tags:</p>
+     *          <ul>
      *             <li>
      *                <p>Maximum number of tags per secret: 50</p>
      *             </li>
@@ -455,7 +421,6 @@ export declare class SecretsManager extends SecretsManagerClient {
      *               following special characters: + - = . _ : / @.</p>
      *             </li>
      *          </ul>
-     *
      *          <important>
      *             <p>If you use tags as part of your security strategy, then adding or removing a tag can
      *         change permissions. If successfully completing this operation would result in you losing
@@ -497,7 +462,7 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use <a>PutSecretValue</a>.</p>
      *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p>
-     *
+     *          <p>To change a secret so that it is managed by another service, you need to recreate the secret in that service. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.</p>
      *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than
      *       once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version
      *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not
@@ -508,7 +473,6 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       secret version, Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to the new
      *       version. Then it attaches the label <code>AWSPREVIOUS</code>
      *         to the version that <code>AWSCURRENT</code> was removed from.</p>
-     *
      *          <p>If you call this operation with a <code>ClientRequestToken</code> that matches an existing version's
      *       <code>VersionId</code>, the operation results in an error. You can't modify an existing
      *       version, you can only create a new version. To remove a version, remove all staging labels from it. See

package/dist-types/SecretsManagerClient.d.ts

@@ -147,37 +147,20 @@ export interface SecretsManagerClientResolvedConfig extends SecretsManagerClient
 /**
  * <fullname>Amazon Web Services Secrets Manager</fullname>
  *          <p>Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.</p>
- *
  *          <p>This guide provides descriptions of the Secrets Manager API. For more information about using this
  *       service, see the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html">Amazon Web Services Secrets Manager User Guide</a>.</p>
- *
  *          <p>
  *             <b>API Version</b>
  *          </p>
- *
  *          <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
+ *          <p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager
+ *       endpoints</a>.</p>
  *          <p>
  *             <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
  *          </p>
  *          <p>We welcome your feedback. Send your comments to <a href="mailto:awssecretsmanager-feedback@amazon.com">awssecretsmanager-feedback@amazon.com</a>, or post your feedback and questions in the <a href="http://forums.aws.amazon.com/forum.jspa?forumID=296">Amazon Web Services Secrets Manager Discussion Forum</a>. For more
  *       information about the Amazon Web Services Discussion Forums, see <a href="http://forums.aws.amazon.com/help.jspa">Forums
  *         Help</a>.</p>
- *
  *          <p>
  *             <b>Logging API Requests</b>
  *          </p>

package/dist-types/commands/CreateSecretCommand.d.ts

@@ -14,6 +14,9 @@ export interface CreateSecretCommandOutput extends CreateSecretResponse, __Metad
  *       includes the connection information to access a database or other service, which Secrets Manager
  *       doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the
  *       important information needed to manage the secret.</p>
+ *          <p>For secrets that use <i>managed rotation</i>, you need to create the secret through the managing service. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.
+ *
+ *     </p>
  *          <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a secret</a>.</p>
  *          <p>To create a secret, you can provide the secret value to be encrypted in either the
  *       <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both.

package/dist-types/commands/GetResourcePolicyCommand.d.ts

@@ -12,7 +12,7 @@ export interface GetResourcePolicyCommandOutput extends GetResourcePolicyRespons
  *       secret. For more information about permissions policies attached to a secret, see
  *       <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions
  *         policies attached to a secret</a>.</p>
- *         <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:GetResourcePolicy</code>.

package/dist-types/commands/GetSecretValueCommand.d.ts

@@ -16,7 +16,6 @@ export interface GetSecretValueCommandOutput extends GetSecretValueResponse, __M
  *         your applications</a>.</p>
  *          <p>To retrieve the previous version of a secret, use <code>VersionStage</code> and specify
  *       AWSPREVIOUS. To revert to the previous version of a secret, call <a href="https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html">UpdateSecretVersionStage</a>.</p>
- *
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>

package/dist-types/commands/RotateSecretCommand.d.ts

@@ -8,32 +8,13 @@ export interface RotateSecretCommandInput extends RotateSecretRequest {
 export interface RotateSecretCommandOutput extends RotateSecretResponse, __MetadataBearer {
 }
 /**
- * <p>Configures and starts the asynchronous process of rotating the secret. For more information about rotation,
- *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a>.</p>
- *          <p>If you include the
- *       configuration parameters, the operation sets the values for the secret and then immediately
- *       starts a rotation. If you don't include the configuration parameters, the operation starts a
- *       rotation with the values already stored in the secret. </p>
- *          <p>For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must
- *       make sure the secret value is in the
- *         <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html"> JSON structure
- *         of a database secret</a>. In particular, if you want to use the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users"> alternating users strategy</a>, your secret must contain the ARN of a superuser
- *       secret.</p>
- *
- *          <p>To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule
- *       for the rotation. The Lambda rotation function creates a new
- *       version of the secret and creates or updates the credentials on the database or service to
- *       match. After testing the new credentials, the function marks the new secret version with the staging
- *       label <code>AWSCURRENT</code>. Then anyone who retrieves the secret gets the new version. For more
- *       information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
- *          <p>You can create the Lambda rotation function based on the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html">rotation function templates</a> that Secrets Manager provides. Choose
- *       a template that matches your <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html">Rotation strategy</a>.</p>
+ * <p>Configures and starts the asynchronous process of rotating the secret. For information about rotation,
+ *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a> in the <i>Secrets Manager User Guide</i>. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. </p>
  *          <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be attached
  *       to the same version as the <code>AWSCURRENT</code> version, or it might not be attached to any
  *       version. If the <code>AWSPENDING</code> staging label is present but not attached to the same
  *       version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code>
- *       assumes that a previous rotation request is still in progress and returns an error.</p>
- *          <p>When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
+ *       assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>

package/dist-types/commands/TagResourceCommand.d.ts

@@ -10,8 +10,8 @@ export interface TagResourceCommandOutput extends __MetadataBearer {
 /**
  * <p>Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the
  *       secret's metadata. They are not associated with specific versions of the secret. This operation appends tags to the existing list of tags.</p>
- *             <p>The following restrictions apply to tags:</p>
- *         <ul>
+ *          <p>The following restrictions apply to tags:</p>
+ *          <ul>
  *             <li>
  *                <p>Maximum number of tags per secret: 50</p>
  *             </li>
@@ -36,7 +36,6 @@ export interface TagResourceCommandOutput extends __MetadataBearer {
  *               following special characters: + - = . _ : / @.</p>
  *             </li>
  *          </ul>
- *
  *          <important>
  *             <p>If you use tags as part of your security strategy, then adding or removing a tag can
  *         change permissions. If successfully completing this operation would result in you losing

package/dist-types/commands/UpdateSecretCommand.d.ts

@@ -10,7 +10,7 @@ export interface UpdateSecretCommandOutput extends UpdateSecretResponse, __Metad
 /**
  * <p>Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use <a>PutSecretValue</a>.</p>
  *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p>
- *
+ *          <p>To change a secret so that it is managed by another service, you need to recreate the secret in that service. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.</p>
  *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than
  *       once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version
  *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not
@@ -21,7 +21,6 @@ export interface UpdateSecretCommandOutput extends UpdateSecretResponse, __Metad
  *       secret version, Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to the new
  *       version. Then it attaches the label <code>AWSPREVIOUS</code>
  *         to the version that <code>AWSCURRENT</code> was removed from.</p>
- *
  *          <p>If you call this operation with a <code>ClientRequestToken</code> that matches an existing version's
  *       <code>VersionId</code>, the operation results in an error. You can't modify an existing
  *       version, you can only create a new version. To remove a version, remove all staging labels from it. See

package/dist-types/endpoint/EndpointParameters.d.ts

@@ -12,7 +12,7 @@ export declare const resolveClientEndpointParameters: <T>(options: T & ClientInp
     defaultSigningName: string;
 };
 export interface EndpointParameters extends __EndpointParameters {
-    Region?: string;
+    Region: string;
     UseDualStack?: boolean;
     UseFIPS?: boolean;
     Endpoint?: string;

package/dist-types/models/models_0.d.ts

@@ -120,7 +120,6 @@ export interface CreateSecretRequest {
      * <p>The name of the new secret.</p>
      *          <p>The secret name can contain ASCII letters, numbers, and the following characters:
      *       /_+=.@-</p>
-     *
      *          <p>Do not end your secret name with a hyphen followed by six characters. If you do so, you
      *         risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager
      *         automatically adds a hyphen and six random characters after the secret name at the end of the ARN.</p>
@@ -216,8 +215,8 @@ export interface CreateSecretRequest {
      *       JSON parameter for the various command line tool environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for
      *         Parameters</a>. If your command-line tool or SDK requires quotation marks around the parameter, you should
      *       use single quotes to avoid confusion with the double quotes required in the JSON text.</p>
-     *             <p>The following restrictions apply to tags:</p>
-     *         <ul>
+     *          <p>The following restrictions apply to tags:</p>
+     *          <ul>
      *             <li>
      *                <p>Maximum number of tags per secret: 50</p>
      *             </li>
@@ -1261,7 +1260,8 @@ export interface RotateSecretRequest {
      */
     ClientRequestToken?: string;
     /**
-     * <p>The ARN of the Lambda rotation function that can rotate the secret.</p>
+     * <p>For secrets that use a Lambda rotation function to rotate, the ARN of the Lambda rotation function. </p>
+     *          <p>For secrets that use <i>managed rotation</i>, omit this field. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html">Managed rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
      */
     RotationLambdaARN?: string;
     /**
@@ -1271,7 +1271,7 @@ export interface RotateSecretRequest {
     /**
      * <p>Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
      *     The rotation schedule is defined in <a>RotateSecretRequest$RotationRules</a>.</p>
-     *          <p>If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the
+     *          <p>For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the
      *     <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">
      *                <code>testSecret</code>
      *       step</a> of the Lambda rotation function. The test creates an <code>AWSPENDING</code> version of the secret and then removes it.</p>
@@ -1316,7 +1316,6 @@ export interface TagResourceRequest {
     /**
      * <p>The tags to attach to the secret as a JSON text string argument. Each element in the list consists of a <code>Key</code>
      *       and a <code>Value</code>.</p>
-     *
      *          <p>For storing multiple values, we recommend that you use a JSON text
      *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
      *     in the Amazon Web Services CLI User Guide.</p>
@@ -1371,9 +1370,9 @@ export interface UpdateSecretRequest {
      *       uses to encrypt new secret versions as well as any existing versions with the staging labels
      *       <code>AWSCURRENT</code>, <code>AWSPENDING</code>, or <code>AWSPREVIOUS</code>.
      *       For more information about versions and staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">Concepts: Version</a>.</p>
-     *         <p>A key alias is always prefixed by <code>alias/</code>, for example <code>alias/aws/secretsmanager</code>.
+     *          <p>A key alias is always prefixed by <code>alias/</code>, for example <code>alias/aws/secretsmanager</code>.
      *           For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html">About aliases</a>.</p>
-     *           <p>If you set this to an empty string, Secrets Manager uses the Amazon Web Services managed key
+     *          <p>If you set this to an empty string, Secrets Manager uses the Amazon Web Services managed key
      *           <code>aws/secretsmanager</code>. If this key doesn't already exist in your account, then Secrets Manager
      *           creates it for you automatically. All users and roles in the Amazon Web Services account automatically have access
      *           to use <code>aws/secretsmanager</code>. Creating <code>aws/secretsmanager</code> can result in a one-time

package/dist-types/ts3.4/endpoint/EndpointParameters.d.ts

@@ -27,7 +27,7 @@ export declare const resolveClientEndpointParameters: <T>(
     defaultSigningName: string;
   };
 export interface EndpointParameters extends __EndpointParameters {
-  Region?: string;
+  Region: string;
   UseDualStack?: boolean;
   UseFIPS?: boolean;
   Endpoint?: string;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-secrets-manager",
   "description": "AWS SDK for JavaScript Secrets Manager Client for Node.js, Browser and React Native",
-  "version": "3.236.0",
+  "version": "3.238.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "tsc -p tsconfig.cjs.json",
@@ -10,7 +10,8 @@
     "build:include:deps": "lerna run --scope $npm_package_name --include-dependencies build",
     "build:types": "tsc -p tsconfig.types.json",
     "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
-    "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo"
+    "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo",
+    "generate:client": "(cd ../../ && yarn generate-clients -g ./codegen/sdk-codegen/aws-models/secrets-manager.json --keepFiles)"
   },
   "main": "./dist-cjs/index.js",
   "types": "./dist-types/index.d.ts",
@@ -19,9 +20,9 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "2.0.0",
     "@aws-crypto/sha256-js": "2.0.0",
-    "@aws-sdk/client-sts": "3.236.0",
+    "@aws-sdk/client-sts": "3.238.0",
     "@aws-sdk/config-resolver": "3.234.0",
-    "@aws-sdk/credential-provider-node": "3.236.0",
+    "@aws-sdk/credential-provider-node": "3.238.0",
     "@aws-sdk/fetch-http-handler": "3.226.0",
     "@aws-sdk/hash-node": "3.226.0",
     "@aws-sdk/invalid-dependency": "3.226.0",