npm - @aws-sdk/client-secrets-manager - Versions diffs - 3.40.0 → 3.45.0 - Mend

@aws-sdk/client-secrets-manager 3.40.0 → 3.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/CHANGELOG.md +38 -0
package/README.md +1 -1
package/dist-cjs/endpoints.js +9 -0
package/dist-es/endpoints.js +9 -0
package/dist-types/SecretsManager.d.ts +142 -727
package/dist-types/SecretsManagerClient.d.ts +1 -1
package/dist-types/commands/CancelRotateSecretCommand.d.ts +8 -50
package/dist-types/commands/CreateSecretCommand.d.ts +20 -88
package/dist-types/commands/DeleteResourcePolicyCommand.d.ts +3 -25
package/dist-types/commands/DeleteSecretCommand.d.ts +10 -43
package/dist-types/commands/DescribeSecretCommand.d.ts +3 -29
package/dist-types/commands/GetRandomPasswordCommand.d.ts +2 -12
package/dist-types/commands/GetResourcePolicyCommand.d.ts +5 -28
package/dist-types/commands/GetSecretValueCommand.d.ts +5 -26
package/dist-types/commands/ListSecretVersionIdsCommand.d.ts +7 -26
package/dist-types/commands/ListSecretsCommand.d.ts +8 -27
package/dist-types/commands/PutResourcePolicyCommand.d.ts +5 -32
package/dist-types/commands/PutSecretValueCommand.d.ts +16 -84
package/dist-types/commands/RemoveRegionsFromReplicationCommand.d.ts +2 -2
package/dist-types/commands/ReplicateSecretToRegionsCommand.d.ts +2 -3
package/dist-types/commands/RestoreSecretCommand.d.ts +2 -19
package/dist-types/commands/RotateSecretCommand.d.ts +18 -61
package/dist-types/commands/StopReplicationToReplicaCommand.d.ts +3 -2
package/dist-types/commands/TagResourceCommand.d.ts +9 -30
package/dist-types/commands/UntagResourceCommand.d.ts +2 -22
package/dist-types/commands/UpdateSecretCommand.d.ts +20 -84
package/dist-types/commands/UpdateSecretVersionStageCommand.d.ts +7 -29
package/dist-types/commands/ValidateResourcePolicyCommand.d.ts +6 -26
package/dist-types/models/models_0.d.ts +400 -479
package/package.json +6 -6

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -1,14 +1,14 @@
 import { MetadataBearer as $MetadataBearer, SmithyException as __SmithyException } from "@aws-sdk/types";
 /**
- * <p>(Optional) Custom type consisting of a <code>Region</code> (required) and the <code>KmsKeyId</code> which can be an <code>ARN</code>, <code>Key ID</code>, or <code>Alias</code>.</p>
+ * <p>A custom type that specifies a <code>Region</code> and the <code>KmsKeyId</code> for a replica secret.</p>
  */
 export interface ReplicaRegionType {
     /**
-     * <p>Describes a single instance of Region objects.</p>
+     * <p>A Region code. For a list of Region codes, see <a href="https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints">Name and code of Regions</a>.</p>
      */
     Region?: string;
     /**
-     * <p>Can be an <code>ARN</code>, <code>Key ID</code>, or <code>Alias</code>. </p>
+     * <p>The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses <code>aws/secretsmanager</code>.</p>
      */
     KmsKeyId?: string;
 }
@@ -20,8 +20,7 @@ export declare namespace ReplicaRegionType {
 }
 export interface CancelRotateSecretRequest {
     /**
-     * <p>Specifies the secret to cancel a rotation request. You can specify either the Amazon
-     *       Resource Name (ARN) or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
@@ -35,19 +34,19 @@ export declare namespace CancelRotateSecretRequest {
 }
 export interface CancelRotateSecretResponse {
     /**
-     * <p>The ARN of the secret for which rotation was canceled.</p>
+     * <p>The ARN of the secret.</p>
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret for which rotation was canceled.</p>
+     * <p>The name of the secret.</p>
      */
     Name?: string;
     /**
      * <p>The unique identifier of the version of the secret created during the rotation. This
-     *       version might not be complete, and should be evaluated for possible deletion. At the very
-     *       least, you should remove the <code>VersionStage</code> value <code>AWSPENDING</code> to enable this
-     *       version to be deleted. Failing to clean up a cancelled rotation can block you from
-     *       successfully starting future rotations.</p>
+     *       version might not be complete, and should be evaluated for possible deletion. We recommend
+     *       that you remove the <code>VersionStage</code> value <code>AWSPENDING</code> from this version so that
+     *       Secrets Manager can delete it. Failing to clean up a cancelled rotation can block you from
+     *       starting future rotations.</p>
      */
     VersionId?: string;
 }
@@ -72,7 +71,7 @@ export declare namespace InternalServiceError {
     const filterSensitiveLog: (obj: InternalServiceError) => any;
 }
 /**
- * <p>You provided an invalid value for a parameter.</p>
+ * <p>The parameter name is invalid value.</p>
  */
 export interface InvalidParameterException extends __SmithyException, $MetadataBearer {
     name: "InvalidParameterException";
@@ -86,12 +85,12 @@ export declare namespace InvalidParameterException {
     const filterSensitiveLog: (obj: InvalidParameterException) => any;
 }
 /**
- * <p>You provided a parameter value that is not valid for the current state of the
+ * <p>A parameter value is not valid for the current state of the
  *       resource.</p>
  *          <p>Possible causes:</p>
  *          <ul>
  *             <li>
- *                <p>You tried to perform the operation on a secret that's currently marked deleted.</p>
+ *                <p>The secret is scheduled for deletion.</p>
  *             </li>
  *             <li>
  *                <p>You tried to enable rotation on a secret that doesn't already have a Lambda function
@@ -111,7 +110,7 @@ export declare namespace InvalidRequestException {
     const filterSensitiveLog: (obj: InvalidRequestException) => any;
 }
 /**
- * <p>We can't find the resource that you asked for.</p>
+ * <p>Secrets Manager can't find the resource that you asked for.</p>
  */
 export interface ResourceNotFoundException extends __SmithyException, $MetadataBearer {
     name: "ResourceNotFoundException";
@@ -145,26 +144,25 @@ export declare namespace Tag {
 }
 export interface CreateSecretRequest {
     /**
-     * <p>Specifies the friendly name of the new secret.</p>
-     *          <p>The secret name must be ASCII letters, digits, or the following characters :
+     * <p>The name of the new secret.</p>
+     *          <p>The secret name can contain ASCII letters, numbers, and the following characters:
      *       /_+=.@-</p>
-     *          <note>
-     *             <p>Do not end your secret name with a hyphen followed by six characters. If you do so, you
+     *
+     *          <p>Do not end your secret name with a hyphen followed by six characters. If you do so, you
      *         risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager
-     *         automatically adds a hyphen and six random characters at the end of the ARN.</p>
-     *          </note>
+     *         automatically adds a hyphen and six random characters after the secret name at the end of the ARN.</p>
      */
     Name: string | undefined;
     /**
-     * <p>(Optional) If you include <code>SecretString</code> or <code>SecretBinary</code>, then an
-     *       initial version is created as part of the secret, and this parameter specifies a unique
+     * <p>If you include <code>SecretString</code> or <code>SecretBinary</code>, then
+     *       Secrets Manager creates an initial version for the secret, and this parameter specifies the unique
      *       identifier for the new version. </p>
      *          <note>
-     *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can
+     *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can
      *         leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it
      *         as the value for this parameter in the request. If you don't use the SDK and instead
      *         generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a
-     *           <code>ClientRequestToken</code> yourself for the new version and include the value in the
+     *         <code>ClientRequestToken</code> yourself for the new version and include the value in the
      *         request.</p>
      *          </note>
      *          <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental
@@ -183,7 +181,7 @@ export interface CreateSecretRequest {
      *             </li>
      *             <li>
      *                <p>If a version with this value already exists and that version's
-     *             <code>SecretString</code> and <code>SecretBinary</code> values are different from those
+     *           <code>SecretString</code> and <code>SecretBinary</code> values are different from those
      *           in the request, then the request fails because you cannot modify an existing version.
      *           Instead, use <a>PutSecretValue</a> to create a new version.</p>
      *             </li>
@@ -192,89 +190,68 @@ export interface CreateSecretRequest {
      */
     ClientRequestToken?: string;
     /**
-     * <p>(Optional) Specifies a user-provided description of the secret.</p>
+     * <p>The description of the secret.</p>
      */
     Description?: string;
     /**
-     * <p>(Optional) Specifies the ARN, Key ID, or alias of the Amazon Web Services KMS customer master key (CMK) to
-     *       be used to encrypt the <code>SecretString</code> or <code>SecretBinary</code> values in the
-     *       versions stored in this secret.</p>
-     *          <p>You can specify any of the supported ways to identify a Amazon Web Services KMS key ID. If you need to
-     *       reference a CMK in a different account, you can use only the key ARN or the alias ARN.</p>
-     *          <p>If you don't specify this value, then Secrets Manager defaults to using the Amazon Web Services account's
-     *       default CMK (the one named <code>aws/secretsmanager</code>). If a Amazon Web Services KMS CMK with that name doesn't yet
-     *       exist, then Secrets Manager creates it for you automatically the first time it needs to encrypt a
-     *       version's <code>SecretString</code> or <code>SecretBinary</code> fields.</p>
-     *          <important>
-     *             <p>You can use the account default CMK to encrypt and decrypt only if you call this
-     *         operation using credentials from the same account that owns the secret. If the secret
-     *         resides in a different account, then you must create a custom CMK and specify the ARN in
-     *         this field. </p>
-     *          </important>
+     * <p>The ARN, key ID, or alias of the KMS key that Secrets Manager uses to
+     *       encrypt the secret value in the secret.</p>
+     *          <p>To use a KMS key in a different account, use the key ARN or the alias ARN.</p>
+     *          <p>If you don't specify this value, then Secrets Manager uses the key <code>aws/secretsmanager</code>.
+     *       If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it
+     *       encrypts the secret value.</p>
+     *          <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then
+     *       you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create
+     *       and use a customer managed KMS key. </p>
      */
     KmsKeyId?: string;
     /**
-     * <p>(Optional) Specifies binary data that you want to encrypt and store in the new version of
-     *       the secret. To use this parameter in the command-line tools, we recommend that you store your
-     *       binary data in a file and then use the appropriate technique for your tool to pass the
+     * <p>The binary data to encrypt and store in the new version of
+     *       the secret. We recommend that you store your binary data in a file and then pass the
      *       contents of the file as a parameter.</p>
      *          <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but not
-     *       both. They cannot both be empty.</p>
-     *          <p>This parameter is not available using the Secrets Manager console. It can be accessed only by
-     *       using the Amazon Web Services CLI or one of the Amazon Web Services SDKs.</p>
+     *       both.</p>
+     *          <p>This parameter is not available in the Secrets Manager console.</p>
      */
     SecretBinary?: Uint8Array;
     /**
-     * <p>(Optional) Specifies text data that you want to encrypt and store in this new version of
-     *       the secret.</p>
+     * <p>The text data to encrypt and store in this new version of
+     *       the secret. We recommend you use a JSON structure of key/value pairs for your secret value.</p>
      *          <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but not
-     *       both. They cannot both be empty.</p>
+     *       both.</p>
      *          <p>If you create a secret by using the Secrets Manager console then Secrets Manager puts the protected
      *       secret text in only the <code>SecretString</code> parameter. The Secrets Manager console stores the
-     *       information as a JSON structure of key/value pairs that the Lambda rotation function knows how
-     *       to parse.</p>
-     *          <p>For storing multiple values, we recommend that you use a JSON text
-     *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
-     *     in the Amazon Web Services CLI User Guide.</p>
+     *       information as a JSON structure of key/value pairs that a Lambda rotation function can parse.</p>
      */
     SecretString?: string;
     /**
-     * <p>(Optional) Specifies a list of user-defined tags that are attached to the secret. Each tag
-     *       is a "Key" and "Value" pair of strings. This operation only appends tags to the existing list
-     *       of tags. To remove tags, you must use <a>UntagResource</a>.</p>
-     *          <important>
-     *             <ul>
-     *                <li>
-     *                   <p>Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag
-     *             from one with key "abc".</p>
-     *                </li>
-     *                <li>
-     *                   <p>If you check tags in IAM policy <code>Condition</code> elements as part of your
-     *             security strategy, then adding or removing a tag can change permissions. If the
-     *             successful completion of this operation would result in you losing your permissions for
-     *             this secret, then this operation is blocked and returns an <code>Access Denied</code>
-     *             error.</p>
-     *                </li>
-     *             </ul>
-     *          </important>
-     *          <p>This parameter requires a JSON text string argument. For information on how to format a
-     *       JSON parameter for the various command line tool environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for
-     *         Parameters</a> in the <i>CLI User Guide</i>. For example:</p>
+     * <p>A list of tags to attach to the secret. Each tag
+     *       is a key and value pair of strings in a JSON text string, for example:</p>
      *          <p>
      *             <code>[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]</code>
      *          </p>
-     *          <p>If your command-line tool or SDK requires quotation marks around the parameter, you should
-     *       use single quotes to avoid confusion with the double quotes required in the JSON text. </p>
-     *             <p>The following basic restrictions apply to tags:</p>
+     *          <p>Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag
+     *       from one with key "abc".</p>
+     *          <p>If you check tags in permissions policies as part of your
+     *       security strategy, then adding or removing a tag can change permissions. If the
+     *       completion of this operation would result in you losing your permissions for
+     *       this secret, then Secrets Manager blocks the operation and returns an <code>Access Denied</code>
+     *       error. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac">Control
+     *         access to secrets using tags</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2">Limit access to identities with tags that match secrets' tags</a>.</p>
+     *          <p>For information about how to format a
+     *       JSON parameter for the various command line tool environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for
+     *         Parameters</a>. If your command-line tool or SDK requires quotation marks around the parameter, you should
+     *       use single quotes to avoid confusion with the double quotes required in the JSON text.</p>
+     *             <p>The following restrictions apply to tags:</p>
      *         <ul>
      *             <li>
-     *                <p>Maximum number of tags per secret—50</p>
+     *                <p>Maximum number of tags per secret: 50</p>
      *             </li>
      *             <li>
-     *                <p>Maximum key length—127 Unicode characters in UTF-8</p>
+     *                <p>Maximum key length: 127 Unicode characters in UTF-8</p>
      *             </li>
      *             <li>
-     *                <p>Maximum value length—255 Unicode characters in UTF-8</p>
+     *                <p>Maximum value length: 255 Unicode characters in UTF-8</p>
      *             </li>
      *             <li>
      *                <p>Tag keys and values are case sensitive.</p>
@@ -286,7 +263,7 @@ export interface CreateSecretRequest {
      *             </li>
      *             <li>
      *                <p>If you use your tagging schema across multiple services and resources,
-     *               remember other services might have restrictions on allowed characters. Generally
+     *               other services might have restrictions on allowed characters. Generally
      *               allowed characters: letters, spaces, and numbers representable in UTF-8, plus the
      *               following special characters: + - = . _ : / @.</p>
      *             </li>
@@ -294,13 +271,12 @@ export interface CreateSecretRequest {
      */
     Tags?: Tag[];
     /**
-     * <p>(Optional) Add a list of regions to replicate secrets. Secrets Manager replicates the KMSKeyID objects to the list of regions specified in
-     *       the parameter.</p>
+     * <p>A list of Regions and KMS keys to replicate secrets.</p>
      */
     AddReplicaRegions?: ReplicaRegionType[];
     /**
-     * <p>(Optional) If set, the replication overwrites a secret with the same name in the
-     *       destination region.</p>
+     * <p>Specifies whether to overwrite a secret with the same name in the
+     *       destination Region.</p>
      */
     ForceOverwriteReplicaSecret?: boolean;
 }
@@ -333,7 +309,7 @@ export interface ReplicationStatusType {
     Status?: StatusType | string;
     /**
      * <p>Status message such as "<i>Secret with this name already exists in this
-     *         region</i>".</p>
+     *       region</i>".</p>
      */
     StatusMessage?: string;
     /**
@@ -349,26 +325,36 @@ export declare namespace ReplicationStatusType {
 }
 export interface CreateSecretResponse {
     /**
-     * <p>The Amazon Resource Name (ARN) of the secret that you just created.</p>
-     *          <note>
-     *             <p>Secrets Manager automatically adds several random characters to the name at the end of the ARN when
-     *         you initially create a secret. This affects only the ARN and not the actual friendly name.
-     *         This ensures that if you create a new secret with the same name as an old secret that you
-     *         previously deleted, then users with access to the old secret <i>don't</i>
-     *         automatically get access to the new secret because the ARNs are different.</p>
-     *          </note>
+     * <p>The ARN of the new secret. The ARN includes the name of the secret followed by six random
+     *       characters. This ensures that if you create a new secret with the same name as a deleted secret,
+     *       then users with access to the old secret don't get access to the new secret because the ARNs
+     *       are different.</p>
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret that you just created.</p>
+     * <p>The name of the new secret.</p>
      */
     Name?: string;
     /**
-     * <p>The unique identifier associated with the version of the secret you just created.</p>
+     * <p>The unique identifier associated with the version of the new secret.</p>
      */
     VersionId?: string;
     /**
-     * <p>Describes a list of replication status objects as <code>InProgress</code>, <code>Failed</code> or <code>InSync</code>.</p>
+     * <p>A list of the replicas of this secret and their status:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>Failed</code>, which indicates that the replica was not created.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>InProgress</code>, which indicates that Secrets Manager is in the process of creating the replica.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>InSync</code>, which indicates that the replica was created.</p>
+     *             </li>
+     *          </ul>
      */
     ReplicationStatus?: ReplicationStatusType[];
 }
@@ -380,9 +366,8 @@ export declare namespace CreateSecretResponse {
 }
 /**
  * <p>Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the
- *       customer master key (CMK) is available, enabled, and not in an invalid state. For more
- *       information, see <a href="http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">How Key State Affects Use of a
- *         Customer Master Key</a>.</p>
+ *       KMS key is available, enabled, and not in an invalid state. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a>.</p>
  */
 export interface EncryptionFailure extends __SmithyException, $MetadataBearer {
     name: "EncryptionFailure";
@@ -396,7 +381,7 @@ export declare namespace EncryptionFailure {
     const filterSensitiveLog: (obj: EncryptionFailure) => any;
 }
 /**
- * <p>The request failed because it would exceed one of the Secrets Manager internal limits.</p>
+ * <p>The request failed because it would exceed one of the Secrets Manager quotas.</p>
  */
 export interface LimitExceededException extends __SmithyException, $MetadataBearer {
     name: "LimitExceededException";
@@ -410,7 +395,7 @@ export declare namespace LimitExceededException {
     const filterSensitiveLog: (obj: LimitExceededException) => any;
 }
 /**
- * <p>You provided a resource-based policy with syntax errors.</p>
+ * <p>The resource policy has syntax errors.</p>
  */
 export interface MalformedPolicyDocumentException extends __SmithyException, $MetadataBearer {
     name: "MalformedPolicyDocumentException";
@@ -467,8 +452,7 @@ export declare namespace DecryptionFailure {
 }
 export interface DeleteResourcePolicyRequest {
     /**
-     * <p>Specifies the secret that you want to delete the attached resource-based policy for. You
-     *       can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret to delete the attached resource-based policy for.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
@@ -486,7 +470,7 @@ export interface DeleteResourcePolicyResponse {
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret that the resource-based policy was deleted for.</p>
+     * <p>The name of the secret that the resource-based policy was deleted for.</p>
      */
     Name?: string;
 }
@@ -498,39 +482,31 @@ export declare namespace DeleteResourcePolicyResponse {
 }
 export interface DeleteSecretRequest {
     /**
-     * <p>Specifies the secret to delete. You can specify either the Amazon Resource Name (ARN) or
-     *       the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret to delete.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>(Optional) Specifies the number of days that Secrets Manager waits before Secrets Manager can delete the
-     *       secret. You can't use both this parameter and the <code>ForceDeleteWithoutRecovery</code>
-     *       parameter in the same API call.</p>
-     *          <p>This value can range from 7 to 30 days with a default value of 30.</p>
+     * <p>The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the
+     *       secret. You can't use both this parameter and <code>ForceDeleteWithoutRecovery</code>
+     *       in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window.</p>
      */
     RecoveryWindowInDays?: number;
     /**
-     * <p>(Optional) Specifies that the secret is to be deleted without any recovery window. You
-     *       can't use both this parameter and the <code>RecoveryWindowInDays</code> parameter in the same
-     *       API call.</p>
-     *          <p>An asynchronous background process performs the actual deletion, so there can be a short
-     *       delay before the operation completes. If you write code to delete and then immediately
-     *       recreate a secret with the same name, ensure that your code includes appropriate back off and
-     *       retry logic.</p>
+     * <p>Specifies whether to delete the secret without any recovery window. You
+     *       can't use both this parameter and <code>RecoveryWindowInDays</code> in the same
+     *       call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window.</p>
+     *          <p>Secrets Manager performs the actual deletion with an asynchronous background process, so there might
+     *       be a short delay before the secret is permanently deleted. If you delete a secret and then
+     *       immediately create a secret with the same name, use appropriate back off and retry logic.</p>
      *          <important>
      *             <p>Use this parameter with caution. This parameter causes the operation to skip the normal
-     *         waiting period before the permanent deletion that Amazon Web Services would normally impose with the
+     *         recovery window before the permanent deletion that Secrets Manager would normally impose with the
      *           <code>RecoveryWindowInDays</code> parameter. If you delete a secret with the
      *           <code>ForceDeleteWithouRecovery</code> parameter, then you have no opportunity to recover
      *         the secret. You lose the secret permanently.</p>
      *          </important>
-     *          <important>
-     *             <p>If you use this parameter and include a previously deleted or nonexistent secret, the
-     *         operation does not return the error <code>ResourceNotFoundException</code> in order to
-     *         correctly handle retries.</p>
-     *          </important>
      */
     ForceDeleteWithoutRecovery?: boolean;
 }
@@ -542,17 +518,17 @@ export declare namespace DeleteSecretRequest {
 }
 export interface DeleteSecretResponse {
     /**
-     * <p>The ARN of the secret that is now scheduled for deletion.</p>
+     * <p>The ARN of the secret.</p>
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret currently scheduled for deletion.</p>
+     * <p>The name of the secret.</p>
      */
     Name?: string;
     /**
-     * <p>The date and time after which this secret can be deleted by Secrets Manager and can no longer be
-     *       restored. This value is the date and time of the delete request plus the number of days
-     *       specified in <code>RecoveryWindowInDays</code>.</p>
+     * <p>The date and time after which this secret Secrets Manager can permanently delete this secret,
+     *       and it can no longer be restored. This value is the date and time of the delete request
+     *       plus the number of days in <code>RecoveryWindowInDays</code>.</p>
      */
     DeletionDate?: Date;
 }
@@ -564,8 +540,7 @@ export declare namespace DeleteSecretResponse {
 }
 export interface DescribeSecretRequest {
     /**
-     * <p>The identifier of the secret whose details you want to retrieve. You can specify either
-     *       the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret. </p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
@@ -584,10 +559,10 @@ export interface RotationRulesType {
     /**
      * <p>Specifies the number of days between automatic scheduled rotations of the secret.</p>
      *          <p>Secrets Manager schedules the next rotation when the previous
-     *     one is complete. Secrets Manager schedules the date by adding the rotation interval (number of days) to the
-     *     actual date of the last rotation. The service chooses the hour within that 24-hour date window
-     *     randomly. The minute is also chosen somewhat randomly, but weighted towards the top of the hour
-     *     and influenced by a variety of factors that help distribute load.</p>
+     *       one is complete. Secrets Manager schedules the date by adding the rotation interval (number of days) to the
+     *       actual date of the last rotation. The service chooses the hour within that 24-hour date window
+     *       randomly. The minute is also chosen somewhat randomly, but weighted towards the top of the hour
+     *       and influenced by a variety of factors that help distribute load.</p>
      */
     AutomaticallyAfterDays?: number;
 }
@@ -603,42 +578,38 @@ export interface DescribeSecretResponse {
      */
     ARN?: string;
     /**
-     * <p>The user-provided friendly name of the secret.</p>
+     * <p>The name of the secret.</p>
      */
     Name?: string;
     /**
-     * <p>The user-provided description of the secret.</p>
+     * <p>The description of the secret.</p>
      */
     Description?: string;
     /**
-     * <p>The ARN or alias of the Amazon Web Services KMS customer master key (CMK) that's used to encrypt the
-     *         <code>SecretString</code> or <code>SecretBinary</code> fields in each version of the secret.
-     *       If you don't provide a key, then Secrets Manager defaults to encrypting the secret fields with the
-     *       default Amazon Web Services KMS CMK (the one named <code>awssecretsmanager</code>) for this account.</p>
+     * <p>The ARN of the KMS key that Secrets Manager uses to encrypt the secret value. If the secret is encrypted with
+     *       the Amazon Web Services managed key <code>aws/secretsmanager</code>, this field is omitted.</p>
      */
     KmsKeyId?: string;
     /**
-     * <p>Specifies whether automatic rotation is enabled for this secret.</p>
-     *          <p>To enable rotation, use <a>RotateSecret</a> with
-     *         <code>AutomaticallyRotateAfterDays</code> set to a value greater than 0. To disable
+     * <p>Specifies whether automatic rotation is turned on for this secret.</p>
+     *          <p>To turn on rotation, use <a>RotateSecret</a>. To turn off
      *       rotation, use <a>CancelRotateSecret</a>.</p>
      */
     RotationEnabled?: boolean;
     /**
-     * <p>The ARN of a Lambda function that's invoked by Secrets Manager to rotate the
-     *       secret either automatically per the schedule or manually by a call to
-     *         <code>RotateSecret</code>.</p>
+     * <p>The ARN of the Lambda function that Secrets Manager invokes to rotate the
+     *       secret. </p>
      */
     RotationLambdaARN?: string;
     /**
-     * <p>A structure with the rotation configuration for this secret. This field is only populated
-     *       if rotation is configured.</p>
+     * <p>The rotation schedule and Lambda function for this secret. If the secret previously had rotation turned on, but
+     *       it is now turned off, this field shows the previous rotation schedule and rotation function. If the secret never had
+     *     rotation turned on, this field is omitted.</p>
      */
     RotationRules?: RotationRulesType;
     /**
-     * <p>The last date and time that the rotation process for this secret was invoked.</p>
-     *          <p>The most recent date and time that the Secrets Manager rotation process successfully
-     *       completed. If the secret doesn't rotate, Secrets Manager returns a null value.</p>
+     * <p>The last date and time that Secrets Manager rotated the secret.
+     *       If the secret isn't configured for rotation, Secrets Manager returns null.</p>
      */
     LastRotatedDate?: Date;
     /**
@@ -646,49 +617,81 @@ export interface DescribeSecretResponse {
      */
     LastChangedDate?: Date;
     /**
-     * <p>The last date that this secret was accessed. This value is truncated to midnight of the
-     *       date and therefore shows only the date, not the time.</p>
+     * <p>The last date that the secret value was retrieved. This value does not include the time. This field is omitted if the secret has never been retrieved.</p>
      */
     LastAccessedDate?: Date;
     /**
-     * <p>This value exists if the secret is scheduled for deletion. Some time after the specified
-     *       date and time, Secrets Manager deletes the secret and all of its versions.</p>
+     * <p>The date the secret is scheduled for deletion. If it is not scheduled for deletion, this
+     *       field is omitted. When you delete a secret, Secrets Manager requires a
+     *       recovery window of at least 7 days before deleting the secret. Some time after the deleted date,
+     *       Secrets Manager deletes the secret, including all of its versions.</p>
      *          <p>If a secret is scheduled for deletion, then its details, including the encrypted secret
-     *       information, is not accessible. To cancel a scheduled deletion and restore access, use <a>RestoreSecret</a>.</p>
+     *       value, is not accessible. To cancel a scheduled deletion and restore access to the secret, use <a>RestoreSecret</a>.</p>
      */
     DeletedDate?: Date;
     /**
-     * <p>The list of user-defined tags that are associated with the secret. To add tags to a
+     * <p>The list of tags attached to the secret. To add tags to a
      *       secret, use <a>TagResource</a>. To remove tags, use <a>UntagResource</a>.</p>
      */
     Tags?: Tag[];
     /**
-     * <p>A list of all of the currently assigned <code>VersionStage</code> staging labels and the
-     *         <code>VersionId</code> that each is attached to. Staging labels are used to keep track of
-     *       the different versions during the rotation process.</p>
-     *          <note>
-     *             <p>A version that does not have any staging labels attached is considered deprecated and
-     *         subject to deletion. Such versions are not included in this list.</p>
-     *          </note>
+     * <p>A list of the versions of the secret that have staging labels attached.
+     *       Versions that don't have staging labels are considered deprecated and Secrets Manager
+     *       can delete them.</p>
+     *          <p>Secrets Manager uses staging labels to indicate the status of a secret version during rotation. The three
+     *     staging labels for rotation are: </p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>AWSCURRENT</code>, which indicates the current version of the secret.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>AWSPENDING</code>, which indicates the version of the secret that contains new
+     *         secret information that will become the next current version when rotation finishes.</p>
+     *                <p>During
+     *           rotation, Secrets Manager creates an <code>AWSPENDING</code> version ID before creating the new secret version.
+     *         To check if a secret version exists, call <a>GetSecretValue</a>.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>AWSPREVIOUS</code>, which indicates the previous current version of the secret.
+     *       You can use this as the <i>last known good</i> version.</p>
+     *             </li>
+     *          </ul>
+     *          <p>For more information about rotation and staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
      */
     VersionIdsToStages?: {
         [key: string]: string[];
     };
     /**
-     * <p>Returns the name of the service that created this secret.</p>
+     * <p>The name of the service that created this secret.</p>
      */
     OwningService?: string;
     /**
-     * <p>The date you created the secret.</p>
+     * <p>The date the secret was created.</p>
      */
     CreatedDate?: Date;
     /**
-     * <p>Specifies the primary region for secret replication. </p>
+     * <p>The Region the secret is in. If a secret is replicated to other Regions, the replicas are listed in <code>ReplicationStatus</code>. </p>
      */
     PrimaryRegion?: string;
     /**
-     * <p>Describes a list of replication status objects as <code>InProgress</code>, <code>Failed</code> or <code>InSync</code>.<code>P</code>
-     *          </p>
+     * <p>A list of the replicas of this secret and their status: </p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>Failed</code>, which indicates that the replica was not created.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>InProgress</code>, which indicates that Secrets Manager is in the process of creating the replica.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>InSync</code>, which indicates that the replica was created.</p>
+     *             </li>
+     *          </ul>
      */
     ReplicationStatus?: ReplicationStatusType[];
 }
@@ -700,15 +703,41 @@ export declare namespace DescribeSecretResponse {
 }
 export declare type FilterNameStringType = "all" | "description" | "name" | "primary-region" | "tag-key" | "tag-value";
 /**
- * <p>Allows you to add filters when you use the search function in Secrets Manager.</p>
+ * <p>Allows you to add filters when you use the search function in Secrets Manager. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Find secrets in Secrets Manager</a>.</p>
  */
 export interface Filter {
     /**
-     * <p>Filters your list of secrets by a specific key.</p>
+     * <p>The following are keys you can use:</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <b>description</b>: Prefix match, not case-sensitive.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>name</b>: Prefix match, case-sensitive.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>tag-key</b>: Prefix match, case-sensitive.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>tag-value</b>: Prefix match, case-sensitive.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>primary-region</b>: Prefix match, case-sensitive.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>all</b>: Breaks the filter value string into words and then searches all attributes for matches. Not case-sensitive.</p>
+     *             </li>
+     *          </ul>
      */
     Key?: FilterNameStringType | string;
     /**
-     * <p>Filters your list of secrets by a specific value.</p>
+     * <p>The keyword to filter for.</p>
      *          <p>You can prefix your search value with an exclamation mark (<code>!</code>) in order to perform negation filters. </p>
      */
     Values?: string[];
@@ -721,52 +750,43 @@ export declare namespace Filter {
 }
 export interface GetRandomPasswordRequest {
     /**
-     * <p>The desired length of the generated password. The default value if you do not include this
-     *       parameter is 32 characters.</p>
+     * <p>The length of the password. If you don't include this parameter, the
+     *       default length is 32 characters.</p>
      */
     PasswordLength?: number;
     /**
-     * <p>A string that includes characters that should not be included in the generated password.
-     *       The default is that all characters from the included sets can be used.</p>
+     * <p>A string of the characters that you don't want in the password.</p>
      */
     ExcludeCharacters?: string;
     /**
-     * <p>Specifies that the generated password should not include digits. The default if you do not
-     *       include this switch parameter is that digits can be included.</p>
+     * <p>Specifies whether to exclude numbers from the password. If you don't
+     *       include this switch, the password can contain numbers.</p>
      */
     ExcludeNumbers?: boolean;
     /**
-     * <p>Specifies that the generated password should not include punctuation characters. The
-     *       default if you do not include this switch parameter is that punctuation characters can be
-     *       included.</p>
-     *          <p>The following are the punctuation characters that <i>can</i> be included in
-     *       the generated password if you don't explicitly exclude them with
-     *         <code>ExcludeCharacters</code> or <code>ExcludePunctuation</code>:</p>
-     *          <p>
-     *             <code>! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | }
-     *       ~</code>
-     *          </p>
+     * <p>Specifies whether to exclude the following punctuation characters from the password:
+     *       <code>! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~</code>.
+     *       If you don't include this switch, the password can contain punctuation.</p>
      */
     ExcludePunctuation?: boolean;
     /**
-     * <p>Specifies that the generated password should not include uppercase letters. The default if
-     *       you do not include this switch parameter is that uppercase letters can be included.</p>
+     * <p>Specifies whether to exclude uppercase letters from the password. If you
+     *       don't include this switch, the password can contain uppercase letters.</p>
      */
     ExcludeUppercase?: boolean;
     /**
-     * <p>Specifies that the generated password should not include lowercase letters. The default if
-     *       you do not include this switch parameter is that lowercase letters can be included.</p>
+     * <p>Specifies whether to exclude lowercase letters from the password. If
+     *       you don't include this switch, the password can contain lowercase letters.</p>
      */
     ExcludeLowercase?: boolean;
     /**
-     * <p>Specifies that the generated password can include the space character. The default if you
-     *       do not include this switch parameter is that the space character is not included.</p>
+     * <p>Specifies whether to include the space character. If you
+     *       include this switch, the password can contain space characters.</p>
      */
     IncludeSpace?: boolean;
     /**
-     * <p>A boolean value that specifies whether the generated password must include at least one of
-     *       every allowed character type. The default value is <code>True</code> and the operation
-     *       requires at least one of every character type.</p>
+     * <p>Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation.
+     *       If you don't include this switch, the password contains at least one of every character type.</p>
      */
     RequireEachIncludedType?: boolean;
 }
@@ -778,7 +798,7 @@ export declare namespace GetRandomPasswordRequest {
 }
 export interface GetRandomPasswordResponse {
     /**
-     * <p>A string with the generated password.</p>
+     * <p>A string with the password.</p>
      */
     RandomPassword?: string;
 }
@@ -790,8 +810,7 @@ export declare namespace GetRandomPasswordResponse {
 }
 export interface GetResourcePolicyRequest {
     /**
-     * <p>Specifies the secret that you want to retrieve the attached resource-based policy for. You
-     *       can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret to retrieve the attached resource-based policy for.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
@@ -809,15 +828,13 @@ export interface GetResourcePolicyResponse {
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret that the resource-based policy was retrieved for.</p>
+     * <p>The name of the secret that the resource-based policy was retrieved for.</p>
      */
     Name?: string;
     /**
-     * <p>A JSON-formatted string that describes the permissions that are associated with the
-     *       attached secret. These permissions are combined with any permissions that are associated with
-     *       the user or role that attempts to access this secret. The combined permissions specify who can
-     *       access the secret and what actions they can perform. For more information, see <a href="http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication and Access Control for
-     *         Amazon Web Services Secrets Manager</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>.</p>
+     * <p>A JSON-formatted string that contains the permissions policy
+     *       attached to the secret. For more information about permissions policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication and access control for
+     *         Secrets Manager</a>.</p>
      */
     ResourcePolicy?: string;
 }
@@ -829,30 +846,26 @@ export declare namespace GetResourcePolicyResponse {
 }
 export interface GetSecretValueRequest {
     /**
-     * <p>Specifies the secret containing the version that you want to retrieve. You can specify
-     *       either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret to retrieve.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>Specifies the unique identifier of the version of the secret that you want to retrieve. If
-     *       you specify both this parameter and <code>VersionStage</code>,  the two parameters must refer
+     * <p>The unique identifier of the version of the secret to retrieve. If
+     *       you include both this parameter and <code>VersionStage</code>, the two parameters must refer
      *       to the same secret version. If you don't specify either a <code>VersionStage</code> or
-     *         <code>VersionId</code> then the default is to perform the operation on the version with the
-     *         <code>VersionStage</code> value of <code>AWSCURRENT</code>.</p>
+     *         <code>VersionId</code>, then Secrets Manager returns the <code>AWSCURRENT</code> version.</p>
      *          <p>This value is typically a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value with
      *       32 hexadecimal digits.</p>
      */
     VersionId?: string;
     /**
-     * <p>Specifies the secret version that you want to retrieve by the staging label attached to
-     *       the version.</p>
-     *          <p>Staging labels are used to keep track of different versions during the rotation process.
-     *       If you specify both this parameter and <code>VersionId</code>,  the two parameters must refer
-     *       to the same secret version . If you don't specify either a <code>VersionStage</code> or
-     *         <code>VersionId</code>, then the default is to perform the operation on the version with the
-     *         <code>VersionStage</code> value of <code>AWSCURRENT</code>.</p>
+     * <p>The staging label of the version of the secret to retrieve. </p>
+     *          <p>Secrets Manager uses staging labels to keep track of different versions during the rotation process.
+     *       If you include both this parameter and <code>VersionId</code>, the two parameters must refer
+     *       to the same secret version. If you don't specify either a <code>VersionStage</code> or
+     *       <code>VersionId</code>, Secrets Manager returns the <code>AWSCURRENT</code> version.</p>
      */
     VersionStage?: string;
 }
@@ -876,27 +889,20 @@ export interface GetSecretValueResponse {
      */
     VersionId?: string;
     /**
-     * <p>The decrypted part of the protected secret information that was originally provided as
+     * <p>The decrypted secret value, if the secret value was originally provided as
      *       binary data in the form of a byte array. The response parameter represents the binary data as
      *       a <a href="https://tools.ietf.org/html/rfc4648#section-4">base64-encoded</a>
      *       string.</p>
-     *          <p>This parameter is not used if the secret is created by the Secrets Manager console.</p>
-     *          <p>If you store custom information in this field of the secret, then you must code your
-     *       Lambda rotation function to parse and interpret whatever you store in the
-     *         <code>SecretString</code> or <code>SecretBinary</code> fields.</p>
+     *          <p>If the secret was created by using the Secrets Manager console, or if the secret value was
+     *       originally provided as a string, then this field is omitted. The secret value appears in
+     *       <code>SecretString</code> instead.</p>
      */
     SecretBinary?: Uint8Array;
     /**
-     * <p>The decrypted part of the protected secret information that was originally provided as a
-     *       string.</p>
-     *          <p>If you create this secret by using the Secrets Manager console then only the
-     *         <code>SecretString</code> parameter contains data. Secrets Manager stores the information as a
-     *       JSON structure of key/value pairs that the Lambda rotation function knows how to parse.</p>
-     *          <p>If you store custom information in the secret by using the <a>CreateSecret</a>,
-     *         <a>UpdateSecret</a>, or <a>PutSecretValue</a> API operations instead
-     *       of the Secrets Manager console, or by using the <b>Other secret type</b> in
-     *       the console, then you must code your Lambda rotation function to parse and interpret those
-     *       values.</p>
+     * <p>The decrypted secret value, if the secret value was originally provided as a string or
+     *       through the Secrets Manager console.</p>
+     *          <p>If this secret was created by using the console, then Secrets Manager stores the information as a
+     *       JSON structure of key/value pairs. </p>
      */
     SecretString?: string;
     /**
@@ -905,7 +911,9 @@ export interface GetSecretValueResponse {
      */
     VersionStages?: string[];
     /**
-     * <p>The date and time that this version of the secret was created.</p>
+     * <p>The date and time that this version of the secret was created. If you don't specify
+     *       which version in <code>VersionId</code> or <code>VersionStage</code>, then Secrets Manager uses the
+     *       <code>AWSCURRENT</code> version.</p>
      */
     CreatedDate?: Date;
 }
@@ -916,7 +924,7 @@ export declare namespace GetSecretValueResponse {
     const filterSensitiveLog: (obj: GetSecretValueResponse) => any;
 }
 /**
- * <p>You provided an invalid <code>NextToken</code> value.</p>
+ * <p>The <code>NextToken</code> value is invalid.</p>
  */
 export interface InvalidNextTokenException extends __SmithyException, $MetadataBearer {
     name: "InvalidNextTokenException";
@@ -935,25 +943,20 @@ export declare enum SortOrderType {
 }
 export interface ListSecretsRequest {
     /**
-     * <p>(Optional) Limits the number of results you want to include in
-     *     the response. If you don't include this parameter, it defaults to a value that's
-     *     specific to the operation. If additional items exist beyond the maximum you specify, the
-     *     <code>NextToken</code> response element is present and has a value (isn't null). Include
-     *     that value as the <code>NextToken</code> request parameter in the next call to the operation to
-     *     get the next part of the results. Note that Secrets Manager might return fewer results than the maximum
-     *     even when there are more results available. You should check <code>NextToken</code> after every
-     *     operation to ensure that you receive all of the results.</p>
+     * <p>The number of results to include in the response.</p>
+     *          <p>If there are more results available, in the response, Secrets Manager includes <code>NextToken</code>.
+     *       To get the next results, call <code>ListSecrets</code> again with the value from
+     *       <code>NextToken</code>.</p>
      */
     MaxResults?: number;
     /**
-     * <p>(Optional) Use this parameter in a request if you receive a
-     *     <code>NextToken</code> response in a previous request indicating there's more
-     *     output available. In a subsequent call, set it to the value of the previous call
-     *     <code>NextToken</code> response to indicate where the output should continue from.</p>
+     * <p>A token that indicates where the output should continue from, if a
+     *       previous call did not show all results. To get the next results, call <code>ListSecrets</code> again
+     *       with this value.</p>
      */
     NextToken?: string;
     /**
-     * <p>Lists the secret request filters.</p>
+     * <p>The filters to apply to the list of secrets.</p>
      */
     Filters?: Filter[];
     /**
@@ -975,15 +978,13 @@ export declare namespace ListSecretsRequest {
 export interface SecretListEntry {
     /**
      * <p>The Amazon Resource Name (ARN) of the secret.</p>
-     *          <p>For more information about ARNs in Secrets Manager, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources">Policy Resources</a> in the
-     *     <i>Amazon Web Services Secrets Manager User Guide</i>.</p>
      */
     ARN?: string;
     /**
      * <p>The friendly name of the secret. You can use forward slashes in the name to represent a
      *       path hierarchy. For example, <code>/prod/databases/dbserver1</code> could represent the secret
      *       for a server named <code>dbserver1</code> in the folder <code>databases</code> in the folder
-     *         <code>prod</code>. </p>
+     *       <code>prod</code>. </p>
      */
     Name?: string;
     /**
@@ -991,10 +992,8 @@ export interface SecretListEntry {
      */
     Description?: string;
     /**
-     * <p>The ARN or alias of the Amazon Web Services KMS customer master key (CMK) used to encrypt the
-     *         <code>SecretString</code> and <code>SecretBinary</code> fields in each version of the
-     *       secret. If you don't provide a key, then Secrets Manager defaults to encrypting the secret fields with
-     *       the default KMS CMK, the key named <code>awssecretsmanager</code>, for this account.</p>
+     * <p>The ARN of the KMS key that Secrets Manager uses to encrypt the secret value. If the secret is encrypted with
+     *       the Amazon Web Services managed key <code>aws/secretsmanager</code>, this field is omitted.</p>
      */
     KmsKeyId?: string;
     /**
@@ -1071,13 +1070,11 @@ export interface ListSecretsResponse {
      */
     SecretList?: SecretListEntry[];
     /**
-     * <p>If present in the response, this value indicates that
-     *     there's more output available than included in the current response. This can
-     *     occur even when the response includes no values at all, such as when you ask for a filtered view
-     *     of a very long list. Use this value in the <code>NextToken</code> request parameter in a
-     *     subsequent call to the operation to continue processing and get the next part of the output. You
-     *     should repeat this until the <code>NextToken</code> response element comes back empty (as
-     *     <code>null</code>).</p>
+     * <p>Secrets Manager includes this value if
+     *       there's more output available than what is included in the current response. This can
+     *       occur even when the response includes no values at all, such as when you ask for a filtered view
+     *       of a long list. To get the next results, call <code>ListSecrets</code> again
+     *       with this value.</p>
      */
     NextToken?: string;
 }
@@ -1089,34 +1086,27 @@ export declare namespace ListSecretsResponse {
 }
 export interface ListSecretVersionIdsRequest {
     /**
-     * <p>The identifier for the secret containing the versions you want to list. You can specify
-     *       either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret whose versions you want to list.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>(Optional) Limits the number of results you want to include in
-     *     the response. If you don't include this parameter, it defaults to a value that's
-     *     specific to the operation. If additional items exist beyond the maximum you specify, the
-     *     <code>NextToken</code> response element is present and has a value (isn't null). Include
-     *     that value as the <code>NextToken</code> request parameter in the next call to the operation to
-     *     get the next part of the results. Note that Secrets Manager might return fewer results than the maximum
-     *     even when there are more results available. You should check <code>NextToken</code> after every
-     *     operation to ensure that you receive all of the results.</p>
+     * <p>The number of results to include in the response.</p>
+     *          <p>If there are more results available, in the response, Secrets Manager includes <code>NextToken</code>.
+     *       To get the next results, call <code>ListSecretVersionIds</code> again with the value from <code>NextToken</code>. </p>
      */
     MaxResults?: number;
     /**
-     * <p>(Optional) Use this parameter in a request if you receive a
-     *     <code>NextToken</code> response in a previous request indicating there's more
-     *     output available. In a subsequent call, set it to the value of the previous call
-     *     <code>NextToken</code> response to indicate where the output should continue from.</p>
+     * <p>A token that indicates where the output should continue from, if a previous call
+     *       did not show all results. To get the next results, call <code>ListSecretVersionIds</code> again with
+     *       this value.</p>
      */
     NextToken?: string;
     /**
-     * <p>(Optional) Specifies that you want the results to include versions that do not have any
-     *       staging labels attached to them. Such versions are considered deprecated and are subject to
-     *       deletion by Secrets Manager as needed.</p>
+     * <p>Specifies whether to include versions of secrets that don't have any
+     *       staging labels attached to them. Versions without staging labels are considered deprecated and are subject to
+     *       deletion by Secrets Manager.</p>
      */
     IncludeDeprecated?: boolean;
 }
@@ -1161,32 +1151,22 @@ export declare namespace SecretVersionsListEntry {
 }
 export interface ListSecretVersionIdsResponse {
     /**
-     * <p>The list of the currently available versions of the specified secret.</p>
+     * <p>A list of the versions of the secret.</p>
      */
     Versions?: SecretVersionsListEntry[];
     /**
-     * <p>If present in the response, this value indicates that
-     *     there's more output available than included in the current response. This can
-     *     occur even when the response includes no values at all, such as when you ask for a filtered view
-     *     of a very long list. Use this value in the <code>NextToken</code> request parameter in a
-     *     subsequent call to the operation to continue processing and get the next part of the output. You
-     *     should repeat this until the <code>NextToken</code> response element comes back empty (as
-     *     <code>null</code>).</p>
+     * <p>Secrets Manager includes this value if there's more output available than what is included
+     *       in the current response. This can occur even when the response includes no values at all,
+     *       such as when you ask for a filtered view of a long list. To get the next results,
+     *       call <code>ListSecretVersionIds</code> again with this value. </p>
      */
     NextToken?: string;
     /**
-     * <p>The Amazon Resource Name (ARN) for the secret.</p>
-     *          <note>
-     *             <p>Secrets Manager automatically adds several random characters to the name at the end of the ARN when
-     *         you initially create a secret. This affects only the ARN and not the actual friendly name.
-     *         This ensures that if you create a new secret with the same name as an old secret that you
-     *         previously deleted, then users with access to the old secret <i>don't</i>
-     *         automatically get access to the new secret because the ARNs are different.</p>
-     *          </note>
+     * <p>The ARN of the secret.</p>
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret.</p>
+     * <p>The name of the secret.</p>
      */
     Name?: string;
 }
@@ -1197,7 +1177,7 @@ export declare namespace ListSecretVersionIdsResponse {
     const filterSensitiveLog: (obj: ListSecretVersionIdsResponse) => any;
 }
 /**
- * <p>The BlockPublicPolicy parameter is set to true and the resource policy did not prevent broad access to the secret.</p>
+ * <p>The <code>BlockPublicPolicy</code> parameter is set to true, and the resource policy did not prevent broad access to the secret.</p>
  */
 export interface PublicPolicyException extends __SmithyException, $MetadataBearer {
     name: "PublicPolicyException";
@@ -1212,23 +1192,19 @@ export declare namespace PublicPolicyException {
 }
 export interface PutResourcePolicyRequest {
     /**
-     * <p>Specifies the secret that you want to attach the resource-based policy. You can specify
-     *       either the ARN or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret to attach the resource-based policy.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>A JSON-formatted string constructed according to the grammar and syntax for an Amazon Web Services
-     *       resource-based policy. The policy in the string identifies who can access or manage this
-     *       secret and its versions. For information on how to format a JSON parameter for the various
-     *       command line tool environments, see <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using
-     *         JSON for Parameters</a> in the <i>CLI User Guide</i>.</p>
+     * <p>A JSON-formatted string for an Amazon Web Services
+     *       resource-based policy. For example policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html">Permissions
+     *         policy examples</a>.</p>
      */
     ResourcePolicy: string | undefined;
     /**
-     * <p>(Optional) If you set the parameter, <code>BlockPublicPolicy</code> to true, then you
-     *       block resource-based policies that allow broad access to the secret.</p>
+     * <p>Specifies whether to block resource-based policies that allow broad access to the secret. By default, Secrets Manager blocks policies that allow broad access, for example those that use a wildcard for the principal.</p>
      */
     BlockPublicPolicy?: boolean;
 }
@@ -1240,11 +1216,11 @@ export declare namespace PutResourcePolicyRequest {
 }
 export interface PutResourcePolicyResponse {
     /**
-     * <p>The ARN of the secret retrieved by the resource-based policy.</p>
+     * <p>The ARN of the secret.</p>
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret retrieved by the resource-based policy.</p>
+     * <p>The name of the secret.</p>
      */
     Name?: string;
 }
@@ -1256,25 +1232,24 @@ export declare namespace PutResourcePolicyResponse {
 }
 export interface PutSecretValueRequest {
     /**
-     * <p>Specifies the secret to which you want to add a new version. You can specify either the
-     *       Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already
-     *       exist.</p>
+     * <p>The ARN or name of the secret to add a new version to.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
+     *          <p>If the secret doesn't already exist, use <code>CreateSecret</code> instead.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>(Optional) Specifies a unique identifier for the new version of the secret. </p>
+     * <p>A unique identifier for the new version of the secret. </p>
      *          <note>
-     *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can
-     *         leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that
-     *         in the request. If you don't use the SDK and instead generate a raw HTTP request to the
+     *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can
+     *         leave this parameter empty because they generate a random UUID for you. If you don't
+     *         use the SDK and instead generate a raw HTTP request to the
      *         Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself
      *         for new versions and include that value in the request. </p>
      *          </note>
      *          <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental
      *       creation of duplicate versions if there are failures and retries during the Lambda rotation
-     *       function's processing. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to
+     *       function processing. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to
      *       ensure uniqueness within the specified secret. </p>
      *          <ul>
      *             <li>
@@ -1283,13 +1258,13 @@ export interface PutSecretValueRequest {
      *             </li>
      *             <li>
      *                <p>If a version with this value already exists and that version's
-     *             <code>SecretString</code> or <code>SecretBinary</code> values are the same as those in
-     *           the request then the request is ignored (the operation is idempotent). </p>
+     *           <code>SecretString</code> or <code>SecretBinary</code> values are the same as those in
+     *           the request then the request is ignored. The operation is idempotent. </p>
      *             </li>
      *             <li>
      *                <p>If a version with this value already exists and the version of the
-     *             <code>SecretString</code> and <code>SecretBinary</code> values are different from those
-     *           in the request then the request fails because you cannot modify an existing secret
+     *           <code>SecretString</code> and <code>SecretBinary</code> values are different from those
+     *           in the request, then the request fails because you can't modify a secret
      *           version. You can only create new versions to store new secret values.</p>
      *             </li>
      *          </ul>
@@ -1297,39 +1272,31 @@ export interface PutSecretValueRequest {
      */
     ClientRequestToken?: string;
     /**
-     * <p>(Optional) Specifies binary data that you want to encrypt and store in the new version of
+     * <p>The binary data to encrypt and store in the new version of
      *       the secret. To use this parameter in the command-line tools, we recommend that you store your
-     *       binary data in a file and then use the appropriate technique for your tool to pass the
-     *       contents of the file as a parameter. Either <code>SecretBinary</code> or
-     *         <code>SecretString</code> must have a value, but not both. They cannot both be empty.</p>
-     *
-     *          <p>This parameter is not accessible if the secret using the Secrets Manager console.</p>
-     *          <p></p>
+     *       binary data in a file and then pass the
+     *       contents of the file as a parameter. </p>
+     *          <p>You must include <code>SecretBinary</code> or <code>SecretString</code>, but not both.</p>
+     *          <p>You can't access this value from the Secrets Manager console.</p>
      */
     SecretBinary?: Uint8Array;
     /**
-     * <p>(Optional) Specifies text data that you want to encrypt and store in this new version of
-     *       the secret. Either <code>SecretString</code> or <code>SecretBinary</code> must have a value,
-     *       but not both. They cannot both be empty.</p>
-     *
-     *          <p>If you create this secret by using the Secrets Manager console then Secrets Manager puts the
-     *       protected secret text in only the <code>SecretString</code> parameter. The Secrets Manager console
-     *       stores the information as a JSON structure of key/value pairs that the default Lambda rotation
-     *       function knows how to parse.</p>
-     *          <p>For storing multiple values, we recommend that you use a JSON text
-     *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
-     *     in the Amazon Web Services CLI User Guide.</p>
+     * <p>The text to encrypt and store in the new version of the secret. </p>
+     *          <p>You must include <code>SecretBinary</code> or <code>SecretString</code>, but not both.</p>
+     *          <p>We recommend you create the secret string as JSON key/value pairs, as shown in the example.</p>
      */
     SecretString?: string;
     /**
-     * <p>(Optional) Specifies a list of staging labels that are attached to this version of the
-     *       secret. These staging labels are used to track the versions through the rotation process by
-     *       the Lambda rotation function.</p>
-     *          <p>A staging label must be unique to a single version of the secret. If you specify a staging
-     *       label that's already associated with a different version of the same secret then that staging
-     *       label is automatically removed from the other version and attached to this version.</p>
-     *          <p>If you do not specify a value for <code>VersionStages</code> then Secrets Manager automatically
-     *       moves the staging label <code>AWSCURRENT</code> to this new version.</p>
+     * <p>A list of staging labels to attach to this version of the
+     *       secret. Secrets Manager uses staging labels to track versions of a secret through the rotation process.</p>
+     *          <p>If you specify a staging
+     *       label that's already associated with a different version of the same secret, then Secrets Manager
+     *       removes the label from the other version and attaches it to this version.
+     *       If you specify
+     *       <code>AWSCURRENT</code>, and it is already attached to another version, then Secrets Manager also
+     *       moves the staging label <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed from.</p>
+     *          <p>If you don't include <code>VersionStages</code>, then Secrets Manager automatically
+     *       moves the staging label <code>AWSCURRENT</code> to this version.</p>
      */
     VersionStages?: string[];
 }
@@ -1341,20 +1308,20 @@ export declare namespace PutSecretValueRequest {
 }
 export interface PutSecretValueResponse {
     /**
-     * <p>The Amazon Resource Name (ARN) for the secret for which you just created a version.</p>
+     * <p>The ARN of the secret.</p>
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret for which you just created or updated a version.</p>
+     * <p>The name of the secret.</p>
      */
     Name?: string;
     /**
-     * <p>The unique identifier of the version of the secret you just created or updated.</p>
+     * <p>The unique identifier of the version of the secret.</p>
      */
     VersionId?: string;
     /**
      * <p>The list of staging labels that are currently attached to this version of the secret.
-     *       Staging labels are used to track a version as it progresses through the secret rotation
+     *       Secrets Manager uses staging labels to track a version as it progresses through the secret rotation
      *       process.</p>
      */
     VersionStages?: string[];
@@ -1367,11 +1334,11 @@ export declare namespace PutSecretValueResponse {
 }
 export interface RemoveRegionsFromReplicationRequest {
     /**
-     * <p>Remove a secret by <code>SecretId</code> from replica Regions.</p>
+     * <p>The ARN or name of the secret.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>Remove replication from specific Regions.</p>
+     * <p>The Regions of the replicas to remove.</p>
      */
     RemoveReplicaRegions: string[] | undefined;
 }
@@ -1383,11 +1350,11 @@ export declare namespace RemoveRegionsFromReplicationRequest {
 }
 export interface RemoveRegionsFromReplicationResponse {
     /**
-     * <p>The secret <code>ARN</code> removed from replication regions.</p>
+     * <p>The ARN of the primary secret.</p>
      */
     ARN?: string;
     /**
-     * <p>Describes the remaining replication status after you remove regions from the replication list.</p>
+     * <p>The status of replicas for this secret after you remove Regions.</p>
      */
     ReplicationStatus?: ReplicationStatusType[];
 }
@@ -1399,16 +1366,15 @@ export declare namespace RemoveRegionsFromReplicationResponse {
 }
 export interface ReplicateSecretToRegionsRequest {
     /**
-     * <p>Use the <code>Secret Id</code> to replicate a secret to regions.</p>
+     * <p>The ARN or name of the secret to replicate.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>Add Regions to replicate the secret.</p>
+     * <p>A list of Regions in which to replicate the secret.</p>
      */
     AddReplicaRegions: ReplicaRegionType[] | undefined;
     /**
-     * <p>(Optional) If set, Secrets Manager replication overwrites a secret with the same name in the
-     *       destination region.</p>
+     * <p>Specifies whether to overwrite a secret with the same name in the destination Region.</p>
      */
     ForceOverwriteReplicaSecret?: boolean;
 }
@@ -1420,12 +1386,11 @@ export declare namespace ReplicateSecretToRegionsRequest {
 }
 export interface ReplicateSecretToRegionsResponse {
     /**
-     * <p>Replicate a secret based on the <code>ReplicaRegionType</code>> consisting of a
-     *       Region(required) and a KMSKeyId (optional) which can be the ARN, KeyID, or Alias. </p>
+     * <p>The ARN of the primary secret.</p>
      */
     ARN?: string;
     /**
-     * <p>Describes the secret replication status as <code>PENDING</code>, <code>SUCCESS</code> or <code>FAIL</code>.</p>
+     * <p>The status of replication.</p>
      */
     ReplicationStatus?: ReplicationStatusType[];
 }
@@ -1437,8 +1402,7 @@ export declare namespace ReplicateSecretToRegionsResponse {
 }
 export interface RestoreSecretRequest {
     /**
-     * <p>Specifies the secret that you want to restore from a previously scheduled deletion. You
-     *       can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret to restore.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
@@ -1456,7 +1420,7 @@ export interface RestoreSecretResponse {
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret that was restored.</p>
+     * <p>The name of the secret that was restored.</p>
      */
     Name?: string;
 }
@@ -1468,31 +1432,29 @@ export declare namespace RestoreSecretResponse {
 }
 export interface RotateSecretRequest {
     /**
-     * <p>Specifies the secret that you want to rotate. You can specify either the Amazon Resource
-     *       Name (ARN) or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret to rotate.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>(Optional) Specifies a unique identifier for the new version of the secret that helps
-     *       ensure idempotency. </p>
+     * <p>A unique identifier for the new version of the secret that helps
+     *     ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if
+     *     there are failures and retries during rotation. This value becomes the
+     *     <code>VersionId</code> of the new version.</p>
      *          <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can
-     *       leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that
-     *       in the request for this parameter. If you don't use the SDK and instead generate a raw HTTP
-     *       request to the Secrets Manager service endpoint, then you must generate a
-     *         <code>ClientRequestToken</code> yourself for new versions and include that value in the
-     *       request.</p>
-     *          <p>You only need to specify your own value if you implement your own retry logic and want to
-     *       ensure that a given secret is not created twice. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to
-     *       ensure uniqueness within the specified secret. </p>
-     *          <p>Secrets Manager uses this value to prevent the accidental creation of duplicate versions if
-     *       there are failures and retries during the function's processing. This value becomes the
-     *         <code>VersionId</code> of the new version.</p>
+     *     leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that
+     *     in the request for this parameter. If you don't use the SDK and instead generate a raw HTTP
+     *     request to the Secrets Manager service endpoint, then you must generate a
+     *     <code>ClientRequestToken</code> yourself for new versions and include that value in the
+     *     request.</p>
+     *          <p>You only need to specify this value if you implement your own retry logic and you want to
+     *     ensure that Secrets Manager doesn't attempt to create a secret version twice. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to
+     *     ensure uniqueness within the specified secret. </p>
      */
     ClientRequestToken?: string;
     /**
-     * <p>(Optional) Specifies the ARN of the Lambda function that can rotate the secret.</p>
+     * <p>The ARN of the Lambda rotation function that can rotate the secret.</p>
      */
     RotationLambdaARN?: string;
     /**
@@ -1512,12 +1474,11 @@ export interface RotateSecretResponse {
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret.</p>
+     * <p>The name of the secret.</p>
      */
     Name?: string;
     /**
-     * <p>The ID of the new version of the secret created by the rotation started by this
-     *       request.</p>
+     * <p>The ID of the new version of the secret.</p>
      */
     VersionId?: string;
 }
@@ -1529,7 +1490,7 @@ export declare namespace RotateSecretResponse {
 }
 export interface StopReplicationToReplicaRequest {
     /**
-     * <p>Response to <code>StopReplicationToReplica</code> of a secret, based on the <code>SecretId</code>.</p>
+     * <p>The ARN of the primary secret. </p>
      */
     SecretId: string | undefined;
 }
@@ -1541,7 +1502,7 @@ export declare namespace StopReplicationToReplicaRequest {
 }
 export interface StopReplicationToReplicaResponse {
     /**
-     * <p>Response <code>StopReplicationToReplica</code> of a secret, based on the <code>ARN,</code>.</p>
+     * <p>The ARN of the promoted secret. The ARN is the same as the original primary secret except the Region is changed.</p>
      */
     ARN?: string;
 }
@@ -1553,16 +1514,16 @@ export declare namespace StopReplicationToReplicaResponse {
 }
 export interface TagResourceRequest {
     /**
-     * <p>The identifier for the secret that you want to attach tags to. You can specify either the
+     * <p>The identifier for the secret to attach tags to. You can specify either the
      *       Amazon Resource Name (ARN) or the friendly name of the secret.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>The tags to attach to the secret. Each element in the list consists of a <code>Key</code>
+     * <p>The tags to attach to the secret as a JSON text string argument. Each element in the list consists of a <code>Key</code>
      *       and a <code>Value</code>.</p>
-     *          <p>This parameter to the API requires a JSON text string argument.</p>
+     *
      *          <p>For storing multiple values, we recommend that you use a JSON text
      *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
      *     in the Amazon Web Services CLI User Guide.</p>
@@ -1577,8 +1538,7 @@ export declare namespace TagResourceRequest {
 }
 export interface UntagResourceRequest {
     /**
-     * <p>The identifier for the secret that you want to remove tags from. You can specify either
-     *       the Amazon Resource Name (ARN) or the friendly name of the secret.</p>
+     * <p>The ARN or name of the secret.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
@@ -1586,7 +1546,7 @@ export interface UntagResourceRequest {
     /**
      * <p>A list of tag key names to remove from the secret. You don't specify the value. Both the
      *       key and its associated value are removed.</p>
-     *          <p>This parameter to the API requires a JSON text string argument.</p>
+     *          <p>This parameter requires a JSON text string argument.</p>
      *          <p>For storing multiple values, we recommend that you use a JSON text
      *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
      *     in the Amazon Web Services CLI User Guide.</p>
@@ -1601,83 +1561,59 @@ export declare namespace UntagResourceRequest {
 }
 export interface UpdateSecretRequest {
     /**
-     * <p>Specifies the secret that you want to modify or to which you want to add a new version.
-     *       You can specify either the Amazon Resource Name (ARN) or the friendly name of the
-     *       secret.</p>
+     * <p>The ARN or name of the secret.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
     SecretId: string | undefined;
     /**
-     * <p>(Optional) If you want to add a new version to the secret, this parameter specifies a
-     *       unique identifier for the new version that helps ensure idempotency. </p>
-     *          <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can
-     *       leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that
-     *       in the request. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager
-     *       service endpoint, then you must generate a <code>ClientRequestToken</code> yourself for new
-     *       versions and include that value in the request.</p>
-     *          <p>You typically only need to interact with this value if you implement your own retry logic
-     *       and want to ensure that a given secret is not created twice. We recommend that you generate a
-     *         <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a>
-     *       value to ensure uniqueness within the specified secret. </p>
-     *          <p>Secrets Manager uses this value to prevent the accidental creation of duplicate versions if
-     *       there are failures and retries during the Lambda rotation function's processing.</p>
-     *          <ul>
-     *             <li>
-     *                <p>If the <code>ClientRequestToken</code> value isn't already associated with a version
-     *           of the secret then a new version of the secret is created. </p>
-     *             </li>
-     *             <li>
-     *                <p>If a version with this value already exists and that version's
-     *             <code>SecretString</code> and <code>SecretBinary</code> values are the same as those in
-     *           the request then the request is ignored (the operation is idempotent). </p>
-     *             </li>
-     *             <li>
-     *                <p>If a version with this value already exists and that version's
-     *             <code>SecretString</code> and <code>SecretBinary</code> values are different from the
-     *           request then an error occurs because you cannot modify an existing secret value.</p>
-     *             </li>
-     *          </ul>
+     * <p>If you include <code>SecretString</code> or <code>SecretBinary</code>, then Secrets Manager creates
+     *     a new version for the secret, and this parameter specifies the unique identifier for the new
+     *     version.</p>
+     *          <note>
+     *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can
+     *         leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it
+     *         as the value for this parameter in the request. If you don't use the SDK and instead
+     *         generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a
+     *         <code>ClientRequestToken</code> yourself for the new version and include the value in the
+     *         request.</p>
+     *          </note>
      *          <p>This value becomes the <code>VersionId</code> of the new version.</p>
      */
     ClientRequestToken?: string;
     /**
-     * <p>(Optional) Specifies an updated user-provided description of the secret.</p>
+     * <p>The description of the secret.</p>
      */
     Description?: string;
     /**
-     * <p>(Optional) Specifies an updated ARN or alias of the Amazon Web Services KMS customer master key (CMK) that Secrets Manager
-     *       uses to encrypt the protected text in new versions of this secret as well as any existing versions of this secret that have the staging labels AWSCURRENT, AWSPENDING, or AWSPREVIOUS. For more information about staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label">Staging
-     *         Labels</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>.</p>
+     * <p>The ARN, key ID, or alias of the KMS key that Secrets Manager
+     *       uses to encrypt new secret versions as well as any existing versions the staging labels
+     *       <code>AWSCURRENT</code>, <code>AWSPENDING</code>, or <code>AWSPREVIOUS</code>.
+     *       For more information about versions and staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">Concepts: Version</a>.</p>
      *          <important>
-     *             <p>You can only use the account's default CMK to encrypt and decrypt if you call this
-     *         operation using credentials from the same account that owns the secret. If the secret is in
-     *         a different account, then you must create a custom CMK and provide the ARN of that CMK in
-     *         this field. The user making the call must have permissions to both the secret and the CMK in
+     *             <p>You can only use the Amazon Web Services managed key <code>aws/secretsmanager</code> if you call this
+     *         operation using credentials from the same Amazon Web Services account that owns the secret. If the secret is in
+     *         a different account, then you must use a customer managed key and provide the ARN of that KMS key in
+     *         this field. The user making the call must have permissions to both the secret and the KMS key in
      *         their respective accounts.</p>
      *          </important>
      */
     KmsKeyId?: string;
     /**
-     * <p>(Optional) Specifies updated binary data that you want to encrypt and store in the new
-     *       version of the secret. To use this parameter in the command-line tools, we recommend that you
-     *       store your binary data in a file and then use the appropriate technique for your tool to pass
-     *       the contents of the file as a parameter. Either <code>SecretBinary</code> or
-     *         <code>SecretString</code> must have a value, but not both. They cannot both be empty.</p>
-     *          <p>This parameter is not accessible using the Secrets Manager console.</p>
+     * <p>The binary data to encrypt and store in the new
+     *       version of the secret. We recommend that you
+     *       store your binary data in a file and then pass
+     *       the contents of the file as a parameter. </p>
+     *          <p>Either <code>SecretBinary</code> or
+     *         <code>SecretString</code> must have a value, but not both.</p>
+     *          <p>You can't access this parameter in the Secrets Manager console.</p>
      */
     SecretBinary?: Uint8Array;
     /**
-     * <p>(Optional) Specifies updated text data that you want to encrypt and store in this new
-     *       version of the secret. Either <code>SecretBinary</code> or <code>SecretString</code> must have
-     *       a value, but not both. They cannot both be empty.</p>
-     *          <p>If you create this secret by using the Secrets Manager console then Secrets Manager puts the
-     *       protected secret text in only the <code>SecretString</code> parameter. The Secrets Manager console
-     *       stores the information as a JSON structure of key/value pairs that the default Lambda rotation
-     *       function knows how to parse.</p>
-     *          <p>For storing multiple values, we recommend that you use a JSON text
-     *     string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
-     *     in the Amazon Web Services CLI User Guide.</p>
+     * <p>The text data to encrypt and store in the new
+     *       version of the secret. We recommend you use a JSON structure of key/value pairs for your secret value. </p>
+     *          <p>Either <code>SecretBinary</code> or <code>SecretString</code> must have
+     *       a value, but not both. </p>
      */
     SecretString?: string;
 }
@@ -1690,21 +1626,14 @@ export declare namespace UpdateSecretRequest {
 export interface UpdateSecretResponse {
     /**
      * <p>The ARN of the secret that was updated.</p>
-     *          <note>
-     *             <p>Secrets Manager automatically adds several random characters to the name at the end of the ARN when
-     *         you initially create a secret. This affects only the ARN and not the actual friendly name.
-     *         This ensures that if you create a new secret with the same name as an old secret that you
-     *         previously deleted, then users with access to the old secret <i>don't</i>
-     *         automatically get access to the new secret because the ARNs are different.</p>
-     *          </note>
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret that was updated.</p>
+     * <p>The name of the secret that was updated.</p>
      */
     Name?: string;
     /**
-     * <p>If a new version of the secret was created by this operation, then <code>VersionId</code>
+     * <p>If Secrets Manager created a new version of the secret during this operation, then <code>VersionId</code>
      *       contains the unique identifier of the new version.</p>
      */
     VersionId?: string;
@@ -1717,9 +1646,7 @@ export declare namespace UpdateSecretResponse {
 }
 export interface UpdateSecretVersionStageRequest {
     /**
-     * <p>Specifies the secret with the version with the list of staging labels you want to modify.
-     *       You can specify either the Amazon Resource Name (ARN) or the friendly name of the
-     *       secret.</p>
+     * <p>The ARN or the name of the secret with the version and staging labelsto modify.</p>
      *          <p>For an ARN, we recommend that you specify a complete ARN rather
      *       than a partial ARN.</p>
      */
@@ -1729,7 +1656,7 @@ export interface UpdateSecretVersionStageRequest {
      */
     VersionStage: string | undefined;
     /**
-     * <p>Specifies the secret version ID of the version that the staging label is to be removed
+     * <p>The ID of the version that the staging label is to be removed
      *       from. If the staging label you are trying to attach to one version is already attached to a
      *       different version, then you must include this parameter and specify the version that the label
      *       is to be removed from. If the label is attached and you either do not specify this parameter,
@@ -1737,7 +1664,7 @@ export interface UpdateSecretVersionStageRequest {
      */
     RemoveFromVersionId?: string;
     /**
-     * <p>(Optional) The secret version ID that you want to add the staging label. If you want to
+     * <p>The ID of the version to add the staging label to. To
      *       remove a label from a version, then do not specify this parameter.</p>
      *          <p>If the staging label is already attached to a different version of the secret, then you
      *       must also specify the <code>RemoveFromVersionId</code> parameter. </p>
@@ -1752,11 +1679,11 @@ export declare namespace UpdateSecretVersionStageRequest {
 }
 export interface UpdateSecretVersionStageResponse {
     /**
-     * <p>The ARN of the secret with the modified staging label.</p>
+     * <p>The ARN of the secret that was updated.</p>
      */
     ARN?: string;
     /**
-     * <p>The friendly name of the secret with the modified staging label.</p>
+     * <p>The name of the secret that was updated.</p>
      */
     Name?: string;
 }
@@ -1768,19 +1695,13 @@ export declare namespace UpdateSecretVersionStageResponse {
 }
 export interface ValidateResourcePolicyRequest {
     /**
-     * <p> (Optional) The identifier of the secret with the resource-based policy you want to
-     *       validate. You can specify either the Amazon Resource Name (ARN) or the friendly name of the
-     *       secret.</p>
-     *          <p>For an ARN, we recommend that you specify a complete ARN rather
-     *       than a partial ARN.</p>
+     * <p>This field is reserved for internal use.</p>
      */
     SecretId?: string;
     /**
-     * <p>A JSON-formatted string constructed according to the grammar and syntax for an Amazon Web Services
+     * <p>A JSON-formatted string that contains an Amazon Web Services
      *       resource-based policy. The policy in the string identifies who can access or manage this
-     *       secret and its versions. For information on how to format a JSON parameter for the various
-     *       command line tool environments, see <a href="http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using
-     *         JSON for Parameters</a> in the <i>CLI User Guide</i>.publi</p>
+     *       secret and its versions. For example policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html">Permissions policy examples</a>.</p>
      */
     ResourcePolicy: string | undefined;
 }
@@ -1811,11 +1732,11 @@ export declare namespace ValidationErrorsEntry {
 }
 export interface ValidateResourcePolicyResponse {
     /**
-     * <p>Returns a message stating that your Reource Policy passed validation. </p>
+     * <p>True if your policy passes validation, otherwise false.</p>
      */
     PolicyValidationPassed?: boolean;
     /**
-     * <p>Returns an error message if your policy doesn't pass validatation.</p>
+     * <p>Validation errors if your policy didn't pass validation.</p>
      */
     ValidationErrors?: ValidationErrorsEntry[];
 }