@aws-sdk/client-secrets-manager 3.241.0 → 3.250.0

package/README.md

@@ -18,6 +18,8 @@ service, see the <a href="https://docs.aws.amazon.com/secretsmanager/latest/user
 <b>API Version</b>
 </p>
 <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
+<p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager
+endpoints</a>.</p>
 <p>
 <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
 </p>

package/dist-types/SecretsManager.d.ts

@@ -31,6 +31,8 @@ import { SecretsManagerClient } from "./SecretsManagerClient";
  *             <b>API Version</b>
  *          </p>
  *          <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
+ *          <p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager
+ *       endpoints</a>.</p>
  *          <p>
  *             <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
  *          </p>
@@ -80,6 +82,9 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       includes the connection information to access a database or other service, which Secrets Manager
      *       doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the
      *       important information needed to manage the secret.</p>
+     *          <p>For secrets that use <i>managed rotation</i>, you need to create the secret through the managing service. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.
+     *
+     *     </p>
      *          <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a secret</a>.</p>
      *          <p>To create a secret, you can provide the secret value to be encrypted in either the
      *       <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both.
@@ -353,31 +358,13 @@ export declare class SecretsManager extends SecretsManagerClient {
     restoreSecret(args: RestoreSecretCommandInput, cb: (err: any, data?: RestoreSecretCommandOutput) => void): void;
     restoreSecret(args: RestoreSecretCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RestoreSecretCommandOutput) => void): void;
     /**
-     * <p>Configures and starts the asynchronous process of rotating the secret. For more information about rotation,
-     *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a>.</p>
-     *          <p>If you include the
-     *       configuration parameters, the operation sets the values for the secret and then immediately
-     *       starts a rotation. If you don't include the configuration parameters, the operation starts a
-     *       rotation with the values already stored in the secret. </p>
-     *          <p>For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must
-     *       make sure the secret value is in the
-     *         <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html"> JSON structure
-     *         of a database secret</a>. In particular, if you want to use the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users"> alternating users strategy</a>, your secret must contain the ARN of a superuser
-     *       secret.</p>
-     *          <p>To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule
-     *       for the rotation. The Lambda rotation function creates a new
-     *       version of the secret and creates or updates the credentials on the database or service to
-     *       match. After testing the new credentials, the function marks the new secret version with the staging
-     *       label <code>AWSCURRENT</code>. Then anyone who retrieves the secret gets the new version. For more
-     *       information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
-     *          <p>You can create the Lambda rotation function based on the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html">rotation function templates</a> that Secrets Manager provides. Choose
-     *       a template that matches your <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html">Rotation strategy</a>.</p>
+     * <p>Configures and starts the asynchronous process of rotating the secret. For information about rotation,
+     *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a> in the <i>Secrets Manager User Guide</i>. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. </p>
      *          <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be attached
      *       to the same version as the <code>AWSCURRENT</code> version, or it might not be attached to any
      *       version. If the <code>AWSPENDING</code> staging label is present but not attached to the same
      *       version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code>
-     *       assumes that a previous rotation request is still in progress and returns an error.</p>
-     *          <p>When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
+     *       assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
      *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
      *          <p>
      *             <b>Required permissions: </b>
@@ -475,6 +462,7 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use <a>PutSecretValue</a>.</p>
      *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p>
+     *          <p>To change a secret so that it is managed by another service, you need to recreate the secret in that service. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.</p>
      *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than
      *       once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version
      *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not

package/dist-types/SecretsManagerClient.d.ts

@@ -153,6 +153,8 @@ export interface SecretsManagerClientResolvedConfig extends SecretsManagerClient
  *             <b>API Version</b>
  *          </p>
  *          <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
+ *          <p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager
+ *       endpoints</a>.</p>
  *          <p>
  *             <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
  *          </p>

package/dist-types/commands/CreateSecretCommand.d.ts

@@ -14,6 +14,9 @@ export interface CreateSecretCommandOutput extends CreateSecretResponse, __Metad
  *       includes the connection information to access a database or other service, which Secrets Manager
  *       doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the
  *       important information needed to manage the secret.</p>
+ *          <p>For secrets that use <i>managed rotation</i>, you need to create the secret through the managing service. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.
+ *
+ *     </p>
  *          <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a secret</a>.</p>
  *          <p>To create a secret, you can provide the secret value to be encrypted in either the
  *       <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both.

package/dist-types/commands/RotateSecretCommand.d.ts

@@ -8,31 +8,13 @@ export interface RotateSecretCommandInput extends RotateSecretRequest {
 export interface RotateSecretCommandOutput extends RotateSecretResponse, __MetadataBearer {
 }
 /**
- * <p>Configures and starts the asynchronous process of rotating the secret. For more information about rotation,
- *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a>.</p>
- *          <p>If you include the
- *       configuration parameters, the operation sets the values for the secret and then immediately
- *       starts a rotation. If you don't include the configuration parameters, the operation starts a
- *       rotation with the values already stored in the secret. </p>
- *          <p>For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must
- *       make sure the secret value is in the
- *         <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html"> JSON structure
- *         of a database secret</a>. In particular, if you want to use the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users"> alternating users strategy</a>, your secret must contain the ARN of a superuser
- *       secret.</p>
- *          <p>To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule
- *       for the rotation. The Lambda rotation function creates a new
- *       version of the secret and creates or updates the credentials on the database or service to
- *       match. After testing the new credentials, the function marks the new secret version with the staging
- *       label <code>AWSCURRENT</code>. Then anyone who retrieves the secret gets the new version. For more
- *       information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
- *          <p>You can create the Lambda rotation function based on the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html">rotation function templates</a> that Secrets Manager provides. Choose
- *       a template that matches your <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html">Rotation strategy</a>.</p>
+ * <p>Configures and starts the asynchronous process of rotating the secret. For information about rotation,
+ *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a> in the <i>Secrets Manager User Guide</i>. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. </p>
  *          <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be attached
  *       to the same version as the <code>AWSCURRENT</code> version, or it might not be attached to any
  *       version. If the <code>AWSPENDING</code> staging label is present but not attached to the same
  *       version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code>
- *       assumes that a previous rotation request is still in progress and returns an error.</p>
- *          <p>When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
+ *       assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>

package/dist-types/commands/UpdateSecretCommand.d.ts

@@ -10,6 +10,7 @@ export interface UpdateSecretCommandOutput extends UpdateSecretResponse, __Metad
 /**
  * <p>Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use <a>PutSecretValue</a>.</p>
  *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p>
+ *          <p>To change a secret so that it is managed by another service, you need to recreate the secret in that service. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.</p>
  *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than
  *       once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version
  *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not

package/dist-types/models/models_0.d.ts

@@ -470,9 +470,11 @@ export interface DescribeSecretRequest {
  */
 export interface RotationRulesType {
     /**
-     * <p>The number of days between automatic scheduled rotations of the secret. You can use this
+     * <p>The number of days between rotations of the secret. You can use this
      *       value to check that your secret meets your compliance guidelines for how often secrets must
-     *       be rotated.</p>
+     *       be rotated. If you use this field to set the rotation schedule, Secrets Manager calculates the next rotation
+     *       date based on the previous rotation. Manually updating the secret value by calling
+     *       <code>PutSecretValue</code> or <code>UpdateSecret</code> is considered a valid rotation.</p>
      *          <p>In <code>DescribeSecret</code> and <code>ListSecrets</code>, this value is calculated from
      *       the rotation schedule after every successful rotation. In <code>RotateSecret</code>, you can
      *       set the rotation schedule in <code>RotationRules</code> with <code>AutomaticallyAfterDays</code>
@@ -571,6 +573,9 @@ export interface DescribeSecretResponse {
      *       value, is not accessible. To cancel a scheduled deletion and restore access to the secret, use <a>RestoreSecret</a>.</p>
      */
     DeletedDate?: Date;
+    /**
+     * <p>The next date and time that Secrets Manager will rotate the secret, rounded to the nearest hour. If the secret isn't configured for rotation, Secrets Manager returns null.</p>
+     */
     NextRotationDate?: Date;
     /**
      * <p>The list of tags attached to the secret. To add tags to a
@@ -674,6 +679,10 @@ export interface Filter {
      *             </li>
      *             <li>
      *                <p>
+     *                   <b>owning-service</b>: Prefix match, case-sensitive.</p>
+     *             </li>
+     *             <li>
+     *                <p>
      *                   <b>all</b>: Breaks the filter value string into words and then searches all attributes for matches. Not case-sensitive.</p>
      *             </li>
      *          </ul>
@@ -841,6 +850,9 @@ export declare enum SortOrderType {
     desc = "desc"
 }
 export interface ListSecretsRequest {
+    /**
+     * <p>Specifies whether to include secrets scheduled for deletion.</p>
+     */
     IncludePlannedDeletion?: boolean;
     /**
      * <p>The number of results to include in the response.</p>
@@ -926,6 +938,9 @@ export interface SecretListEntry {
      *             </a> operation.</p>
      */
     DeletedDate?: Date;
+    /**
+     * <p>The next date and time that Secrets Manager will attempt to rotate the secret, rounded to the nearest hour. This value is null if the secret is not set up for rotation.</p>
+     */
     NextRotationDate?: Date;
     /**
      * <p>The list of user-defined tags associated with the secret. To add tags to a
@@ -1264,7 +1279,8 @@ export interface RotateSecretRequest {
      */
     ClientRequestToken?: string;
     /**
-     * <p>The ARN of the Lambda rotation function that can rotate the secret.</p>
+     * <p>For secrets that use a Lambda rotation function to rotate, the ARN of the Lambda rotation function. </p>
+     *          <p>For secrets that use <i>managed rotation</i>, omit this field. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html">Managed rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
      */
     RotationLambdaARN?: string;
     /**
@@ -1274,7 +1290,7 @@ export interface RotateSecretRequest {
     /**
      * <p>Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
      *     The rotation schedule is defined in <a>RotateSecretRequest$RotationRules</a>.</p>
-     *          <p>If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the
+     *          <p>For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the
      *     <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">
      *                <code>testSecret</code>
      *       step</a> of the Lambda rotation function. The test creates an <code>AWSPENDING</code> version of the secret and then removes it.</p>

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-secrets-manager",
   "description": "AWS SDK for JavaScript Secrets Manager Client for Node.js, Browser and React Native",
-  "version": "3.241.0",
+  "version": "3.250.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "tsc -p tsconfig.cjs.json",
@@ -20,9 +20,9 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "2.0.0",
     "@aws-crypto/sha256-js": "2.0.0",
-    "@aws-sdk/client-sts": "3.241.0",
+    "@aws-sdk/client-sts": "3.245.0",
     "@aws-sdk/config-resolver": "3.234.0",
-    "@aws-sdk/credential-provider-node": "3.241.0",
+    "@aws-sdk/credential-provider-node": "3.245.0",
     "@aws-sdk/fetch-http-handler": "3.226.0",
     "@aws-sdk/hash-node": "3.226.0",
     "@aws-sdk/invalid-dependency": "3.226.0",
@@ -47,7 +47,7 @@
     "@aws-sdk/util-body-length-node": "3.208.0",
     "@aws-sdk/util-defaults-mode-browser": "3.234.0",
     "@aws-sdk/util-defaults-mode-node": "3.234.0",
-    "@aws-sdk/util-endpoints": "3.241.0",
+    "@aws-sdk/util-endpoints": "3.245.0",
     "@aws-sdk/util-retry": "3.229.0",
     "@aws-sdk/util-user-agent-browser": "3.226.0",
     "@aws-sdk/util-user-agent-node": "3.226.0",