@aws-sdk/client-secrets-manager 3.36.1 → 3.37.0

package/CHANGELOG.md

@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.37.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.36.1...v3.37.0) (2021-10-15)
+
+
+### Features
+
+* **clients:** update clients as of 10/15/2021 ([#2902](https://github.com/aws/aws-sdk-js-v3/issues/2902)) ([2730b54](https://github.com/aws/aws-sdk-js-v3/commit/2730b5424377944a5a2ad5e1ad7d3ca4135dae1c))
+
+
+
+
+
 ## [3.36.1](https://github.com/aws/aws-sdk-js-v3/compare/v3.36.0...v3.36.1) (2021-10-12)
 
 

package/dist-cjs/endpoints.js

@@ -64,7 +64,7 @@ const partitionHash = {
         hostname: "secretsmanager.{region}.amazonaws.com.cn",
     },
     "aws-iso": {
-        regions: ["us-iso-east-1"],
+        regions: ["us-iso-east-1", "us-iso-west-1"],
         hostname: "secretsmanager.{region}.c2s.ic.gov",
     },
     "aws-iso-b": {

package/dist-es/endpoints.js

@@ -62,7 +62,7 @@ var partitionHash = {
         hostname: "secretsmanager.{region}.amazonaws.com.cn",
     },
     "aws-iso": {
-        regions: ["us-iso-east-1"],
+        regions: ["us-iso-east-1", "us-iso-west-1"],
         hostname: "secretsmanager.{region}.c2s.ic.gov",
     },
     "aws-iso-b": {

package/dist-types/SecretsManager.d.ts

@@ -546,11 +546,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       creates a new version and attaches it to the secret. The version can contain a new
      *         <code>SecretString</code> value or a new <code>SecretBinary</code> value. You can also
      *       specify the staging labels that are initially attached to the new version.</p>
-     *          <note>
-     *             <p>The Secrets Manager console uses only the <code>SecretString</code> field. To add binary data to a
-     *         secret with the <code>SecretBinary</code> field you must use the Amazon Web Services CLI or one of the
-     *         Amazon Web Services SDKs.</p>
-     *          </note>
+     *          <p>We recommend you avoid calling <code>PutSecretValue</code> at a sustained rate of more than
+     *       once every 10 minutes. When you update the secret value, Secrets Manager creates a new version
+     *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not
+     *       remove versions created less than 24 hours ago. If you call <code>PutSecretValue</code> more
+     *       than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach
+     *       the quota for secret versions.</p>
      *          <ul>
      *             <li>
      *                <p>If this operation creates the first version for the secret then Secrets Manager
@@ -840,12 +841,17 @@ export declare class SecretsManager extends SecretsManagerClient {
     untagResource(args: UntagResourceCommandInput, cb: (err: any, data?: UntagResourceCommandOutput) => void): void;
     untagResource(args: UntagResourceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UntagResourceCommandOutput) => void): void;
     /**
-     * <p>Modifies many of the details of the specified secret. If you include a
-     *         <code>ClientRequestToken</code> and <i>either</i>
-     *             <code>SecretString</code> or <code>SecretBinary</code> then it also creates a new version
-     *       attached to the secret.</p>
-     *          <p>To modify the rotation configuration of a secret, use <a>RotateSecret</a>
+     * <p>Modifies many of the details of the specified secret. </p>
+     *          <p>To change the secret value, you can also use <a>PutSecretValue</a>.</p>
+     *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a>
      *       instead.</p>
+     *
+     *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than
+     *       once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version
+     *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not
+     *       remove versions created less than 24 hours ago. If you update the secret value more
+     *       than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach
+     *       the quota for secret versions.</p>
      *          <note>
      *             <p>The Secrets Manager console uses only the <code>SecretString</code> parameter and therefore limits
      *         you to encrypting and storing only a text string. To encrypt and store binary data as part

package/dist-types/commands/PutSecretValueCommand.d.ts

@@ -11,11 +11,12 @@ export interface PutSecretValueCommandOutput extends PutSecretValueResponse, __M
  *       creates a new version and attaches it to the secret. The version can contain a new
  *         <code>SecretString</code> value or a new <code>SecretBinary</code> value. You can also
  *       specify the staging labels that are initially attached to the new version.</p>
- *          <note>
- *             <p>The Secrets Manager console uses only the <code>SecretString</code> field. To add binary data to a
- *         secret with the <code>SecretBinary</code> field you must use the Amazon Web Services CLI or one of the
- *         Amazon Web Services SDKs.</p>
- *          </note>
+ *          <p>We recommend you avoid calling <code>PutSecretValue</code> at a sustained rate of more than
+ *       once every 10 minutes. When you update the secret value, Secrets Manager creates a new version
+ *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not
+ *       remove versions created less than 24 hours ago. If you call <code>PutSecretValue</code> more
+ *       than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach
+ *       the quota for secret versions.</p>
  *          <ul>
  *             <li>
  *                <p>If this operation creates the first version for the secret then Secrets Manager

package/dist-types/commands/UpdateSecretCommand.d.ts

@@ -7,12 +7,17 @@ export interface UpdateSecretCommandInput extends UpdateSecretRequest {
 export interface UpdateSecretCommandOutput extends UpdateSecretResponse, __MetadataBearer {
 }
 /**
- * <p>Modifies many of the details of the specified secret. If you include a
- *         <code>ClientRequestToken</code> and <i>either</i>
- *             <code>SecretString</code> or <code>SecretBinary</code> then it also creates a new version
- *       attached to the secret.</p>
- *          <p>To modify the rotation configuration of a secret, use <a>RotateSecret</a>
+ * <p>Modifies many of the details of the specified secret. </p>
+ *          <p>To change the secret value, you can also use <a>PutSecretValue</a>.</p>
+ *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a>
  *       instead.</p>
+ *
+ *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than
+ *       once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version
+ *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not
+ *       remove versions created less than 24 hours ago. If you update the secret value more
+ *       than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach
+ *       the quota for secret versions.</p>
  *          <note>
  *             <p>The Secrets Manager console uses only the <code>SecretString</code> parameter and therefore limits
  *         you to encrypting and storing only a text string. To encrypt and store binary data as part

package/dist-types/models/models_0.d.ts

@@ -22,20 +22,8 @@ export interface CancelRotateSecretRequest {
     /**
      * <p>Specifies the secret to cancel a rotation request. You can specify either the Amazon
      *       Resource Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
 }
@@ -245,15 +233,9 @@ export interface CreateSecretRequest {
      *       secret text in only the <code>SecretString</code> parameter. The Secrets Manager console stores the
      *       information as a JSON structure of key/value pairs that the Lambda rotation function knows how
      *       to parse.</p>
-     *          <p>For storing multiple values, we recommend that you use a JSON text string argument and
-     *       specify key/value pairs. For information on how to format a JSON parameter for the various
-     *       command line tool environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for
-     *         Parameters</a> in the <i>CLI User Guide</i>. For example:</p>
-     *          <p>
-     *             <code>{"username":"bob","password":"abc123xyz456"}</code>
-     *          </p>
-     *          <p>If your command-line tool or SDK requires quotation marks around the parameter, you should
-     *       use single quotes to avoid confusion with the double quotes required in the JSON text. </p>
+     *          <p>For storing multiple values, we recommend that you use a JSON text
+     *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
+     *     in the Amazon Web Services CLI User Guide.</p>
      */
     SecretString?: string;
     /**
@@ -487,20 +469,8 @@ export interface DeleteResourcePolicyRequest {
     /**
      * <p>Specifies the secret that you want to delete the attached resource-based policy for. You
      *       can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
 }
@@ -530,20 +500,8 @@ export interface DeleteSecretRequest {
     /**
      * <p>Specifies the secret to delete. You can specify either the Amazon Resource Name (ARN) or
      *       the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
@@ -608,20 +566,8 @@ export interface DescribeSecretRequest {
     /**
      * <p>The identifier of the secret whose details you want to retrieve. You can specify either
      *       the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
 }
@@ -685,7 +631,8 @@ export interface DescribeSecretResponse {
      */
     RotationLambdaARN?: string;
     /**
-     * <p>A structure with the rotation configuration for this secret.</p>
+     * <p>A structure with the rotation configuration for this secret. This field is only populated
+     *       if rotation is configured.</p>
      */
     RotationRules?: RotationRulesType;
     /**
@@ -845,20 +792,8 @@ export interface GetResourcePolicyRequest {
     /**
      * <p>Specifies the secret that you want to retrieve the attached resource-based policy for. You
      *       can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
 }
@@ -896,20 +831,8 @@ export interface GetSecretValueRequest {
     /**
      * <p>Specifies the secret containing the version that you want to retrieve. You can specify
      *       either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
@@ -1168,20 +1091,8 @@ export interface ListSecretVersionIdsRequest {
     /**
      * <p>The identifier for the secret containing the versions you want to list. You can specify
      *       either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
@@ -1303,20 +1214,8 @@ export interface PutResourcePolicyRequest {
     /**
      * <p>Specifies the secret that you want to attach the resource-based policy. You can specify
      *       either the ARN or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
@@ -1360,20 +1259,8 @@ export interface PutSecretValueRequest {
      * <p>Specifies the secret to which you want to add a new version. You can specify either the
      *       Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already
      *       exist.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
@@ -1429,16 +1316,9 @@ export interface PutSecretValueRequest {
      *       protected secret text in only the <code>SecretString</code> parameter. The Secrets Manager console
      *       stores the information as a JSON structure of key/value pairs that the default Lambda rotation
      *       function knows how to parse.</p>
-     *          <p>For storing multiple values, we recommend that you use a JSON text string argument and
-     *       specify key/value pairs. For information on how to format a JSON parameter for the various
-     *       command line tool environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for
-     *         Parameters</a> in the <i>CLI User Guide</i>.</p>
-     *          <p> For example:</p>
-     *          <p>
-     *             <code>[{"username":"bob"},{"password":"abc123xyz456"}]</code>
-     *          </p>
-     *          <p>If your command-line tool or SDK requires quotation marks around the parameter, you should
-     *       use single quotes to avoid confusion with the double quotes required in the JSON text.</p>
+     *          <p>For storing multiple values, we recommend that you use a JSON text
+     *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
+     *     in the Amazon Web Services CLI User Guide.</p>
      */
     SecretString?: string;
     /**
@@ -1559,20 +1439,8 @@ export interface RestoreSecretRequest {
     /**
      * <p>Specifies the secret that you want to restore from a previously scheduled deletion. You
      *       can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
 }
@@ -1602,20 +1470,8 @@ export interface RotateSecretRequest {
     /**
      * <p>Specifies the secret that you want to rotate. You can specify either the Amazon Resource
      *       Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
@@ -1699,30 +1555,17 @@ export interface TagResourceRequest {
     /**
      * <p>The identifier for the secret that you want to attach tags to. You can specify either the
      *       Amazon Resource Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
      * <p>The tags to attach to the secret. Each element in the list consists of a <code>Key</code>
      *       and a <code>Value</code>.</p>
-     *          <p>This parameter to the API requires a JSON text string argument. For information on how to
-     *       format a JSON parameter for the various command line tool environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for Parameters</a> in the <i>CLI User Guide</i>. For the
-     *       CLI, you can also use the syntax: <code>--Tags Key="Key1",Value="Value1"
-     *         Key="Key2",Value="Value2"[,…]</code>
-     *          </p>
+     *          <p>This parameter to the API requires a JSON text string argument.</p>
+     *          <p>For storing multiple values, we recommend that you use a JSON text
+     *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
+     *     in the Amazon Web Services CLI User Guide.</p>
      */
     Tags: Tag[] | undefined;
 }
@@ -1736,27 +1579,17 @@ export interface UntagResourceRequest {
     /**
      * <p>The identifier for the secret that you want to remove tags from. You can specify either
      *       the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
      * <p>A list of tag key names to remove from the secret. You don't specify the value. Both the
      *       key and its associated value are removed.</p>
-     *          <p>This parameter to the API requires a JSON text string argument. For information on how to
-     *       format a JSON parameter for the various command line tool environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for Parameters</a> in the <i>CLI User Guide</i>.</p>
+     *          <p>This parameter to the API requires a JSON text string argument.</p>
+     *          <p>For storing multiple values, we recommend that you use a JSON text
+     *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
+     *     in the Amazon Web Services CLI User Guide.</p>
      */
     TagKeys: string[] | undefined;
 }
@@ -1771,20 +1604,8 @@ export interface UpdateSecretRequest {
      * <p>Specifies the secret that you want to modify or to which you want to add a new version.
      *       You can specify either the Amazon Resource Name (ARN) or the friendly name of the
      *       secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
@@ -1825,8 +1646,9 @@ export interface UpdateSecretRequest {
      */
     Description?: string;
     /**
-     * <p>(Optional) Specifies an updated ARN or alias of the Amazon Web Services KMS customer master key (CMK) to be
-     *       used to encrypt the protected text in new versions of this secret.</p>
+     * <p>(Optional) Specifies an updated ARN or alias of the Amazon Web Services KMS customer master key (CMK) that Secrets Manager
+     *       uses to encrypt the protected text in new versions of this secret as well as any existing versions of this secret that have the staging labels AWSCURRENT, AWSPENDING, or AWSPREVIOUS. For more information about staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label">Staging
+     *         Labels</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>.</p>
      *          <important>
      *             <p>You can only use the account's default CMK to encrypt and decrypt if you call this
      *         operation using credentials from the same account that owns the secret. If the secret is in
@@ -1853,21 +1675,9 @@ export interface UpdateSecretRequest {
      *       protected secret text in only the <code>SecretString</code> parameter. The Secrets Manager console
      *       stores the information as a JSON structure of key/value pairs that the default Lambda rotation
      *       function knows how to parse.</p>
-     *          <p>For storing multiple values, we recommend that you use a JSON text string argument and
-     *       specify key/value pairs. For information on how to format a JSON parameter for the various
-     *       command line tool environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for
-     *         Parameters</a> in the <i>CLI User Guide</i>. For example:</p>
-     *          <p>
-     *             <code>[{"username":"bob"},{"password":"abc123xyz456"}]</code>
-     *          </p>
-     *          <p>If your command-line tool or SDK requires quotation marks around the parameter, you should
-     *       use single quotes to avoid confusion with the double quotes required in the JSON text. You can
-     *       also 'escape' the double quote character in the embedded JSON text by prefacing each with a
-     *       backslash. For example, the following string is surrounded by double-quotes. All of the
-     *       embedded double quotes are escaped:</p>
-     *          <p>
-     *             <code>"[{\"username\":\"bob\"},{\"password\":\"abc123xyz456\"}]"</code>
-     *          </p>
+     *          <p>For storing multiple values, we recommend that you use a JSON text
+     *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
+     *     in the Amazon Web Services CLI User Guide.</p>
      */
     SecretString?: string;
 }
@@ -1910,20 +1720,8 @@ export interface UpdateSecretVersionStageRequest {
      * <p>Specifies the secret with the version with the list of staging labels you want to modify.
      *       You can specify either the Amazon Resource Name (ARN) or the friendly name of the
      *       secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
@@ -1973,20 +1771,8 @@ export interface ValidateResourcePolicyRequest {
      * <p> (Optional) The identifier of the secret with the resource-based policy you want to
      *       validate. You can specify either the Amazon Resource Name (ARN) or the friendly name of the
      *       secret.</p>
-     *          <note>
-     *             <p>If you specify an ARN, we generally recommend that you specify a complete ARN. You can
-     *         specify a partial ARN too—for example, if you don’t include the final hyphen and six random
-     *         characters that Secrets Manager adds at the end of the ARN when you created the secret. A partial ARN
-     *         match can work as long as it uniquely matches only one secret. However, if your secret has a
-     *         name that ends in a hyphen followed by six characters (before Secrets Manager adds the hyphen and six
-     *         characters to the ARN) and you try to use that as a partial ARN, then those characters cause
-     *         Secrets Manager to assume that you’re specifying a complete ARN. This confusion can cause unexpected
-     *         results. To avoid this situation, we recommend that you don’t create secret names ending
-     *         with a hyphen followed by six characters.</p>
-     *             <p>If you specify an incomplete ARN without the random suffix, and instead provide the
-     *         'friendly name', you <i>must</i> not include the random suffix. If you do include the random suffix added by Secrets Manager,
-     *         you receive either a <i>ResourceNotFoundException</i> or an <i>AccessDeniedException</i> error, depending on your permissions.</p>
-     *         </note>
+     *          <p>For an ARN, we recommend that you specify a complete ARN rather
+     *       than a partial ARN.</p>
      */
     SecretId?: string;
     /**

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-secrets-manager",
   "description": "AWS SDK for JavaScript Secrets Manager Client for Node.js, Browser and React Native",
-  "version": "3.36.1",
+  "version": "3.37.0",
   "scripts": {
     "build": "yarn build:cjs && yarn build:es && yarn build:types",
     "build:cjs": "tsc -p tsconfig.json",
@@ -21,39 +21,39 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "^1.0.0",
     "@aws-crypto/sha256-js": "^1.0.0",
-    "@aws-sdk/client-sts": "3.36.1",
-    "@aws-sdk/config-resolver": "3.36.0",
-    "@aws-sdk/credential-provider-node": "3.36.1",
-    "@aws-sdk/fetch-http-handler": "3.36.0",
-    "@aws-sdk/hash-node": "3.36.0",
-    "@aws-sdk/invalid-dependency": "3.36.0",
-    "@aws-sdk/middleware-content-length": "3.36.0",
-    "@aws-sdk/middleware-host-header": "3.36.0",
-    "@aws-sdk/middleware-logger": "3.36.0",
-    "@aws-sdk/middleware-retry": "3.36.0",
-    "@aws-sdk/middleware-serde": "3.36.0",
-    "@aws-sdk/middleware-signing": "3.36.0",
-    "@aws-sdk/middleware-stack": "3.36.0",
-    "@aws-sdk/middleware-user-agent": "3.36.0",
-    "@aws-sdk/node-config-provider": "3.36.0",
-    "@aws-sdk/node-http-handler": "3.36.0",
-    "@aws-sdk/protocol-http": "3.36.0",
-    "@aws-sdk/smithy-client": "3.36.0",
-    "@aws-sdk/types": "3.36.0",
-    "@aws-sdk/url-parser": "3.36.0",
-    "@aws-sdk/util-base64-browser": "3.36.0",
-    "@aws-sdk/util-base64-node": "3.36.0",
-    "@aws-sdk/util-body-length-browser": "3.36.0",
-    "@aws-sdk/util-body-length-node": "3.36.0",
-    "@aws-sdk/util-user-agent-browser": "3.36.0",
-    "@aws-sdk/util-user-agent-node": "3.36.0",
-    "@aws-sdk/util-utf8-browser": "3.36.0",
-    "@aws-sdk/util-utf8-node": "3.36.0",
+    "@aws-sdk/client-sts": "3.37.0",
+    "@aws-sdk/config-resolver": "3.37.0",
+    "@aws-sdk/credential-provider-node": "3.37.0",
+    "@aws-sdk/fetch-http-handler": "3.37.0",
+    "@aws-sdk/hash-node": "3.37.0",
+    "@aws-sdk/invalid-dependency": "3.37.0",
+    "@aws-sdk/middleware-content-length": "3.37.0",
+    "@aws-sdk/middleware-host-header": "3.37.0",
+    "@aws-sdk/middleware-logger": "3.37.0",
+    "@aws-sdk/middleware-retry": "3.37.0",
+    "@aws-sdk/middleware-serde": "3.37.0",
+    "@aws-sdk/middleware-signing": "3.37.0",
+    "@aws-sdk/middleware-stack": "3.37.0",
+    "@aws-sdk/middleware-user-agent": "3.37.0",
+    "@aws-sdk/node-config-provider": "3.37.0",
+    "@aws-sdk/node-http-handler": "3.37.0",
+    "@aws-sdk/protocol-http": "3.37.0",
+    "@aws-sdk/smithy-client": "3.37.0",
+    "@aws-sdk/types": "3.37.0",
+    "@aws-sdk/url-parser": "3.37.0",
+    "@aws-sdk/util-base64-browser": "3.37.0",
+    "@aws-sdk/util-base64-node": "3.37.0",
+    "@aws-sdk/util-body-length-browser": "3.37.0",
+    "@aws-sdk/util-body-length-node": "3.37.0",
+    "@aws-sdk/util-user-agent-browser": "3.37.0",
+    "@aws-sdk/util-user-agent-node": "3.37.0",
+    "@aws-sdk/util-utf8-browser": "3.37.0",
+    "@aws-sdk/util-utf8-node": "3.37.0",
     "tslib": "^2.3.0",
     "uuid": "^8.3.2"
   },
   "devDependencies": {
-    "@aws-sdk/client-documentation-generator": "3.36.0",
+    "@aws-sdk/client-documentation-generator": "3.37.0",
     "@types/node": "^12.7.5",
     "@types/uuid": "^8.3.0",
     "downlevel-dts": "0.7.0",