@aws-sdk/client-secrets-manager 3.40.0 → 3.45.0

package/dist-types/SecretsManagerClient.d.ts

@@ -204,7 +204,7 @@ export interface SecretsManagerClientResolvedConfig extends SecretsManagerClient
  *       account and delivers log files to an Amazon S3 bucket. By using information that's collected
  *       by Amazon Web Services CloudTrail, you can determine the requests successfully made to Secrets Manager, who made the
  *       request, when it was made, and so on. For more about Amazon Web Services Secrets Manager and support for Amazon Web Services
- *       CloudTrail, see <a href="http://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail">Logging
+ *       CloudTrail, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail">Logging
  *         Amazon Web Services Secrets Manager Events with Amazon Web Services CloudTrail</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>.
  *       To learn more about CloudTrail, including enabling it and find your log files, see the <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html">Amazon Web Services CloudTrail User Guide</a>.</p>
  */

package/dist-types/commands/CancelRotateSecretCommand.d.ts

@@ -7,59 +7,17 @@ export interface CancelRotateSecretCommandInput extends CancelRotateSecretReques
 export interface CancelRotateSecretCommandOutput extends CancelRotateSecretResponse, __MetadataBearer {
 }
 /**
- * <p>Disables automatic scheduled rotation and cancels the rotation of a secret if currently in
- *       progress.</p>
- *          <p>To re-enable scheduled rotation, call <a>RotateSecret</a> with
- *         <code>AutomaticallyRotateAfterDays</code> set to a value greater than 0. This immediately
- *       rotates your secret and then enables the automatic schedule.</p>
+ * <p>Turns off automatic rotation, and if a rotation is currently in
+ *       progress, cancels the rotation.</p>
+ *          <p>To turn on automatic rotation again, call <a>RotateSecret</a>.</p>
  *          <note>
- *             <p>If you cancel a rotation while in progress, it can leave the <code>VersionStage</code>
+ *             <p>If you cancel a rotation in progress, it can leave the <code>VersionStage</code>
  *         labels in an unexpected state. Depending on the step of the rotation in progress, you might
  *         need to remove the staging label <code>AWSPENDING</code> from the partially created version, specified
- *         by the <code>VersionId</code> response value. You should also evaluate the partially rotated
- *         new version to see if it should be deleted, which you can do by removing all staging labels
- *         from the new version <code>VersionStage</code> field.</p>
+ *         by the <code>VersionId</code> response value. We recommend you also evaluate the partially rotated
+ *         new version to see if it should be deleted. You can delete a version by removing all staging labels
+ *         from it.</p>
  *          </note>
- *          <p>To successfully start a rotation, the staging label <code>AWSPENDING</code> must be in one of the
- *       following states:</p>
- *          <ul>
- *             <li>
- *                <p>Not attached to any version at all</p>
- *             </li>
- *             <li>
- *                <p>Attached to the same version as the staging label <code>AWSCURRENT</code>
- *                </p>
- *             </li>
- *          </ul>
- *          <p>If the staging label <code>AWSPENDING</code> attached to a different version than the version with
- *       <code>AWSCURRENT</code> then the attempt to rotate fails.</p>
- *
- *          <p>
- *             <b>Minimum permissions</b>
- *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:CancelRotateSecret</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To configure rotation for a secret or to manually trigger a rotation, use <a>RotateSecret</a>.</p>
- *             </li>
- *             <li>
- *                <p>To get the rotation configuration details for a secret, use <a>DescribeSecret</a>.</p>
- *             </li>
- *             <li>
- *                <p>To list all of the currently available secrets, use <a>ListSecrets</a>.</p>
- *             </li>
- *             <li>
- *                <p>To list all of the versions currently associated with a secret, use <a>ListSecretVersionIds</a>.</p>
- *             </li>
- *          </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -72,7 +30,7 @@ export interface CancelRotateSecretCommandOutput extends CancelRotateSecretRespo
  *
  * @see {@link CancelRotateSecretCommandInput} for command's `input` shape.
  * @see {@link CancelRotateSecretCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class CancelRotateSecretCommand extends $Command<CancelRotateSecretCommandInput, CancelRotateSecretCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/CreateSecretCommand.d.ts

@@ -7,94 +7,26 @@ export interface CreateSecretCommandInput extends CreateSecretRequest {
 export interface CreateSecretCommandOutput extends CreateSecretResponse, __MetadataBearer {
 }
 /**
- * <p>Creates a new secret. A secret in Secrets Manager consists of both the protected secret data and the
+ * <p>Creates a new secret. A <i>secret</i> is a set of credentials, such as a
+ *       user name and password, that you store in an encrypted form in Secrets Manager. The secret also
+ *       includes the connection information to access a database or other service, which Secrets Manager
+ *       doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the
  *       important information needed to manage the secret.</p>
- *          <p>Secrets Manager stores the encrypted secret data in one of a collection of "versions"
- *       associated with the secret. Each version contains a copy of the encrypted secret data. Each
- *       version is associated with one or more "staging labels" that identify where the version is in
- *       the rotation cycle. The <code>SecretVersionsToStages</code> field of the secret contains the
- *       mapping of staging labels to the active versions of the secret. Versions without a staging
- *       label are considered deprecated and not included in the list.</p>
- *          <p>You provide the secret data to be encrypted by putting text in either the
- *         <code>SecretString</code> parameter or binary data in the <code>SecretBinary</code>
- *       parameter, but not both. If you include <code>SecretString</code> or <code>SecretBinary</code>
- *       then Secrets Manager also creates an initial secret version and automatically attaches the staging
- *       label <code>AWSCURRENT</code> to the new version.</p>
- *          <note>
- *             <ul>
- *                <li>
- *                   <p>If you call an operation to encrypt or decrypt the <code>SecretString</code>
- *           or <code>SecretBinary</code> for a secret in the same account as the calling user and that
- *           secret doesn't specify a Amazon Web Services KMS encryption key, Secrets Manager uses the account's default
- *           Amazon Web Services managed customer master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key
- *           doesn't already exist in your account then Secrets Manager creates it for you automatically. All
- *           users and roles in the same Amazon Web Services account automatically have access to use the default CMK.
- *           Note that if an Secrets Manager API call results in Amazon Web Services creating the account's
- *           Amazon Web Services-managed CMK, it can result in a one-time significant delay in returning the
- *           result.</p>
- *                </li>
- *                <li>
- *                   <p>If the secret resides in a different Amazon Web Services account from the credentials calling an API that
- *           requires encryption or decryption of the secret value then you must create and use a custom
- *           Amazon Web Services KMS CMK because you can't access the default CMK for the account using credentials
- *           from a different Amazon Web Services account. Store the ARN of the CMK in the secret when you create the
- *           secret or when you update it by including it in the <code>KMSKeyId</code>. If you call an
- *           API that must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code>
- *           using credentials from a different account then the Amazon Web Services KMS key policy must grant cross-account
- *           access to that other account's user or role for both the kms:GenerateDataKey and
- *           kms:Decrypt operations.</p>
- *                </li>
- *             </ul>
- *          </note>
- *          <p> </p>
- *          <p>
- *             <b>Minimum permissions</b>
- *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:CreateSecret</p>
- *             </li>
- *             <li>
- *                <p>kms:GenerateDataKey - needed only if you use a customer-managed Amazon Web Services KMS key to encrypt
- *           the secret. You do not need this permission to use the account default Amazon Web Services managed CMK
- *           for Secrets Manager.</p>
- *             </li>
- *             <li>
- *                <p>kms:Decrypt - needed only if you use a customer-managed Amazon Web Services KMS key to encrypt the
- *           secret. You do not need this permission to use the account default Amazon Web Services managed CMK for
- *           Secrets Manager.</p>
- *             </li>
- *             <li>
- *                <p>secretsmanager:TagResource - needed only if you include the <code>Tags</code>
- *           parameter. </p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To delete a secret, use <a>DeleteSecret</a>.</p>
- *             </li>
- *             <li>
- *                <p>To modify an existing secret, use <a>UpdateSecret</a>.</p>
- *             </li>
- *             <li>
- *                <p>To create a new version of a secret, use <a>PutSecretValue</a>.</p>
- *             </li>
- *             <li>
- *                <p>To retrieve the encrypted secure string and secure binary values, use <a>GetSecretValue</a>.</p>
- *             </li>
- *             <li>
- *                <p>To retrieve all other details for a secret, use <a>DescribeSecret</a>. This
- *           does not include the encrypted secure string and secure binary values.</p>
- *             </li>
- *             <li>
- *                <p>To retrieve the list of secret versions associated with the current secret, use <a>DescribeSecret</a> and examine the <code>SecretVersionsToStages</code> response
- *           value.</p>
- *             </li>
- *          </ul>
+ *          <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a secret</a>.</p>
+ *          <p>To create a secret, you can provide the secret value to be encrypted in either the
+ *       <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both.
+ *       If you include <code>SecretString</code> or <code>SecretBinary</code>
+ *       then Secrets Manager creates an initial secret version and automatically attaches the staging
+ *       label <code>AWSCURRENT</code> to it.</p>
+ *          <p>If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key
+ *       <code>aws/secretsmanager</code>. If this key
+ *       doesn't already exist in your account, then Secrets Manager creates it for you automatically. All
+ *       users and roles in the Amazon Web Services account automatically have access to use <code>aws/secretsmanager</code>.
+ *       Creating <code>aws/secretsmanager</code> can result in a one-time significant delay in returning the
+ *       result.</p>
+ *          <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then
+ *       you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create
+ *       and use a customer managed KMS key. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -107,7 +39,7 @@ export interface CreateSecretCommandOutput extends CreateSecretResponse, __Metad
  *
  * @see {@link CreateSecretCommandInput} for command's `input` shape.
  * @see {@link CreateSecretCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class CreateSecretCommand extends $Command<CreateSecretCommandInput, CreateSecretCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/DeleteResourcePolicyCommand.d.ts

@@ -7,30 +7,8 @@ export interface DeleteResourcePolicyCommandInput extends DeleteResourcePolicyRe
 export interface DeleteResourcePolicyCommandOutput extends DeleteResourcePolicyResponse, __MetadataBearer {
 }
 /**
- * <p>Deletes the resource-based permission policy attached to the secret.</p>
- *          <p>
- *             <b>Minimum permissions</b>
- *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:DeleteResourcePolicy</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To attach a resource policy to a secret, use <a>PutResourcePolicy</a>.</p>
- *             </li>
- *             <li>
- *                <p>To retrieve the current resource-based policy attached to a secret, use <a>GetResourcePolicy</a>.</p>
- *             </li>
- *             <li>
- *                <p>To list all of the currently available secrets, use <a>ListSecrets</a>.</p>
- *             </li>
- *          </ul>
+ * <p>Deletes the resource-based permission policy attached to the secret. To attach a policy to
+ *       a secret, use <a>PutResourcePolicy</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -43,7 +21,7 @@ export interface DeleteResourcePolicyCommandOutput extends DeleteResourcePolicyR
  *
  * @see {@link DeleteResourcePolicyCommandInput} for command's `input` shape.
  * @see {@link DeleteResourcePolicyCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class DeleteResourcePolicyCommand extends $Command<DeleteResourcePolicyCommandInput, DeleteResourcePolicyCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/DeleteSecretCommand.d.ts

@@ -7,52 +7,19 @@ export interface DeleteSecretCommandInput extends DeleteSecretRequest {
 export interface DeleteSecretCommandOutput extends DeleteSecretResponse, __MetadataBearer {
 }
 /**
- * <p>Deletes an entire secret and all of the versions. You can optionally include a recovery
- *       window during which you can restore the secret. If you don't specify a recovery window value,
- *       the operation defaults to 30 days. Secrets Manager attaches a <code>DeletionDate</code> stamp to
+ * <p>Deletes a secret and all of its versions. You can specify a recovery
+ *       window during which you can restore the secret. The minimum recovery window is 7 days.
+ *       The default recovery window is 30 days. Secrets Manager attaches a <code>DeletionDate</code> stamp to
  *       the secret that specifies the end of the recovery window. At the end of the recovery window,
  *       Secrets Manager deletes the secret permanently.</p>
+ *          <p>For information about deleting a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html">https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html</a>. </p>
+ *          <p>Secrets Manager performs the permanent secret deletion at the end of the waiting period as a
+ *         background task with low priority. There is no guarantee of a specific time after the
+ *         recovery window for the permanent delete to occur.</p>
  *          <p>At any time before recovery window ends, you can use <a>RestoreSecret</a> to
  *       remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p>
- *          <p>You cannot access the encrypted secret information in any secret scheduled for deletion.
- *       If you need to access that information, you must cancel the deletion with <a>RestoreSecret</a> and then retrieve the information.</p>
- *          <note>
- *             <ul>
- *                <li>
- *                   <p>There is no explicit operation to delete a version of a secret. Instead, remove all
- *             staging labels from the <code>VersionStage</code> field of a version. That marks the
- *             version as deprecated and allows Secrets Manager to delete it as needed. Versions without any
- *             staging labels do not show up in <a>ListSecretVersionIds</a> unless you
- *             specify <code>IncludeDeprecated</code>.</p>
- *                </li>
- *                <li>
- *                   <p>The permanent secret deletion at the end of the waiting period is performed as a
- *             background task with low priority. There is no guarantee of a specific time after the
- *             recovery window for the actual delete operation to occur.</p>
- *                </li>
- *             </ul>
- *          </note>
- *          <p>
- *             <b>Minimum permissions</b>
- *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:DeleteSecret</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To create a secret, use <a>CreateSecret</a>.</p>
- *             </li>
- *             <li>
- *                <p>To cancel deletion of a version of a secret before the recovery window has expired,
- *           use <a>RestoreSecret</a>.</p>
- *             </li>
- *          </ul>
+ *          <p>In a secret scheduled for deletion, you cannot access the encrypted secret value.
+ *       To access that information, first cancel the deletion with <a>RestoreSecret</a> and then retrieve the information.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -65,7 +32,7 @@ export interface DeleteSecretCommandOutput extends DeleteSecretResponse, __Metad
  *
  * @see {@link DeleteSecretCommandInput} for command's `input` shape.
  * @see {@link DeleteSecretCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class DeleteSecretCommand extends $Command<DeleteSecretCommandInput, DeleteSecretCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/DescribeSecretCommand.d.ts

@@ -7,34 +7,8 @@ export interface DescribeSecretCommandInput extends DescribeSecretRequest {
 export interface DescribeSecretCommandOutput extends DescribeSecretResponse, __MetadataBearer {
 }
 /**
- * <p>Retrieves the details of a secret. It does not include the encrypted fields. Secrets
- *       Manager only returns fields populated with a value in the response. </p>
- *          <p>
- *             <b>Minimum permissions</b>
- *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:DescribeSecret</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To create a secret, use <a>CreateSecret</a>.</p>
- *             </li>
- *             <li>
- *                <p>To modify a secret, use <a>UpdateSecret</a>.</p>
- *             </li>
- *             <li>
- *                <p>To retrieve the encrypted secret information in a version of the secret, use <a>GetSecretValue</a>.</p>
- *             </li>
- *             <li>
- *                <p>To list all of the secrets in the Amazon Web Services account, use <a>ListSecrets</a>.</p>
- *             </li>
- *          </ul>
+ * <p>Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager
+ *       only returns fields that have a value in the response. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -47,7 +21,7 @@ export interface DescribeSecretCommandOutput extends DescribeSecretResponse, __M
  *
  * @see {@link DescribeSecretCommandInput} for command's `input` shape.
  * @see {@link DescribeSecretCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class DescribeSecretCommand extends $Command<DescribeSecretCommandInput, DescribeSecretCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/GetRandomPasswordCommand.d.ts

@@ -7,19 +7,9 @@ export interface GetRandomPasswordCommandInput extends GetRandomPasswordRequest
 export interface GetRandomPasswordCommandOutput extends GetRandomPasswordResponse, __MetadataBearer {
 }
 /**
- * <p>Generates a random password of the specified complexity. This operation is intended for
- *       use in the Lambda rotation function. Per best practice, we recommend that you specify the
+ * <p>Generates a random password. We recommend that you specify the
  *       maximum length and include every character type that the system you are generating a password
  *       for can support.</p>
- *          <p>
- *             <b>Minimum permissions</b>
- *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:GetRandomPassword</p>
- *             </li>
- *          </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -32,7 +22,7 @@ export interface GetRandomPasswordCommandOutput extends GetRandomPasswordRespons
  *
  * @see {@link GetRandomPasswordCommandInput} for command's `input` shape.
  * @see {@link GetRandomPasswordCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class GetRandomPasswordCommand extends $Command<GetRandomPasswordCommandInput, GetRandomPasswordCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/GetResourcePolicyCommand.d.ts

@@ -7,33 +7,10 @@ export interface GetResourcePolicyCommandInput extends GetResourcePolicyRequest
 export interface GetResourcePolicyCommandOutput extends GetResourcePolicyResponse, __MetadataBearer {
 }
 /**
- * <p>Retrieves the JSON text of the resource-based policy document attached to the specified
- *       secret. The JSON request string input and response output displays formatted code
- *       with white space and line breaks for better readability. Submit your input as a single line
- *       JSON string.</p>
- *          <p>
- *             <b>Minimum permissions</b>
- *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:GetResourcePolicy</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To attach a resource policy to a secret, use <a>PutResourcePolicy</a>.</p>
- *             </li>
- *             <li>
- *                <p>To delete the resource-based policy attached to a secret, use <a>DeleteResourcePolicy</a>.</p>
- *             </li>
- *             <li>
- *                <p>To list all of the currently available secrets, use <a>ListSecrets</a>.</p>
- *             </li>
- *          </ul>
+ * <p>Retrieves the JSON text of the resource-based policy document attached to the
+ *       secret. For more information about permissions policies attached to a secret, see
+ *       <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions
+ *         policies attached to a secret</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -46,7 +23,7 @@ export interface GetResourcePolicyCommandOutput extends GetResourcePolicyRespons
  *
  * @see {@link GetResourcePolicyCommandInput} for command's `input` shape.
  * @see {@link GetResourcePolicyCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class GetResourcePolicyCommand extends $Command<GetResourcePolicyCommandInput, GetResourcePolicyCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/GetSecretValueCommand.d.ts

@@ -10,31 +10,10 @@ export interface GetSecretValueCommandOutput extends GetSecretValueResponse, __M
  * <p>Retrieves the contents of the encrypted fields <code>SecretString</code> or
  *         <code>SecretBinary</code> from the specified version of a secret, whichever contains
  *       content.</p>
- *          <p>
- *             <b>Minimum permissions</b>
- *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:GetSecretValue</p>
- *             </li>
- *             <li>
- *                <p>kms:Decrypt - required only if you use a customer-managed Amazon Web Services KMS key to encrypt the
- *           secret. You do not need this permission to use the account's default Amazon Web Services managed CMK for
- *           Secrets Manager.</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To create a new version of the secret with different encrypted information, use <a>PutSecretValue</a>.</p>
- *             </li>
- *             <li>
- *                <p>To retrieve the non-encrypted details for the secret, use <a>DescribeSecret</a>.</p>
- *             </li>
- *          </ul>
+ *          <p>For information about retrieving the secret value in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html">Retrieve secrets</a>. </p>
+ *          <p>To run this command, you must have <code>secretsmanager:GetSecretValue</code> permissions.
+ *       If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key
+ *       <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code> permissions for that key.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -47,7 +26,7 @@ export interface GetSecretValueCommandOutput extends GetSecretValueResponse, __M
  *
  * @see {@link GetSecretValueCommandInput} for command's `input` shape.
  * @see {@link GetSecretValueCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class GetSecretValueCommand extends $Command<GetSecretValueCommandInput, GetSecretValueCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/ListSecretVersionIdsCommand.d.ts

@@ -7,35 +7,16 @@ export interface ListSecretVersionIdsCommandInput extends ListSecretVersionIdsRe
 export interface ListSecretVersionIdsCommandOutput extends ListSecretVersionIdsResponse, __MetadataBearer {
 }
 /**
- * <p>Lists all of the versions attached to the specified secret. The output does not include
- *       the <code>SecretString</code> or <code>SecretBinary</code> fields. By default, the list
- *       includes only versions that have at least one staging label in <code>VersionStage</code>
- *       attached.</p>
- *          <note>
- *             <p>Always check the <code>NextToken</code> response parameter
- *     when calling any of the <code>List*</code> operations. These operations can occasionally return
- *     an empty or shorter than expected list of results even when there more results become available.
- *     When this happens, the <code>NextToken</code> response parameter contains a value to pass to the
- *     next call to the same API to request the next part of the list.</p>
- *          </note>
+ * <p>Lists the versions for a secret. </p>
+ *          <p>To list the secrets in the account, use <a>ListSecrets</a>.</p>
+ *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
+ *       call <a>GetSecretValue</a>.</p>
+ *
  *          <p>
  *             <b>Minimum
  *       permissions</b>
  *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:ListSecretVersionIds</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To list the secrets in an account, use <a>ListSecrets</a>.</p>
- *             </li>
- *          </ul>
+ *          <p>To run this command, you must have <code>secretsmanager:ListSecretVersionIds</code> permissions.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -48,7 +29,7 @@ export interface ListSecretVersionIdsCommandOutput extends ListSecretVersionIdsR
  *
  * @see {@link ListSecretVersionIdsCommandInput} for command's `input` shape.
  * @see {@link ListSecretVersionIdsCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class ListSecretVersionIdsCommand extends $Command<ListSecretVersionIdsCommandInput, ListSecretVersionIdsCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/ListSecretsCommand.d.ts

@@ -7,36 +7,17 @@ export interface ListSecretsCommandInput extends ListSecretsRequest {
 export interface ListSecretsCommandOutput extends ListSecretsResponse, __MetadataBearer {
 }
 /**
- * <p>Lists all of the secrets that are stored by Secrets Manager in the Amazon Web Services account. To list the
- *       versions currently stored for a specific secret, use <a>ListSecretVersionIds</a>.
- *       The encrypted fields <code>SecretString</code> and <code>SecretBinary</code> are not included
- *       in the output. To get that information, call the <a>GetSecretValue</a>
- *       operation.</p>
- *          <note>
- *             <p>Always check the <code>NextToken</code> response parameter
- *     when calling any of the <code>List*</code> operations. These operations can occasionally return
- *     an empty or shorter than expected list of results even when there more results become available.
- *     When this happens, the <code>NextToken</code> response parameter contains a value to pass to the
- *     next call to the same API to request the next part of the list.</p>
- *          </note>
+ * <p>Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account. </p>
+ *          <p>To list the versions of a secret, use <a>ListSecretVersionIds</a>.</p>
+ *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
+ *       call <a>GetSecretValue</a>.</p>
+ *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Enhanced search capabilities
+ *       for secrets in Secrets Manager</a>.</p>
  *          <p>
  *             <b>Minimum
  *         permissions</b>
  *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:ListSecrets</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To list the versions attached to a secret, use <a>ListSecretVersionIds</a>.</p>
- *             </li>
- *          </ul>
+ *          <p>To run this command, you must have <code>secretsmanager:ListSecrets</code> permissions.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -49,7 +30,7 @@ export interface ListSecretsCommandOutput extends ListSecretsResponse, __Metadat
  *
  * @see {@link ListSecretsCommandInput} for command's `input` shape.
  * @see {@link ListSecretsCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class ListSecretsCommand extends $Command<ListSecretsCommandInput, ListSecretsCommandOutput, SecretsManagerClientResolvedConfig> {