@aws-sdk/client-secrets-manager 3.47.2 → 3.51.0

package/dist-types/SecretsManager.d.ts

@@ -34,21 +34,14 @@ import { SecretsManagerClient } from "./SecretsManagerClient";
  *          </p>
  *
  *          <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
- *          <note>
- *             <p>As an alternative to using the API, you can use one of the Amazon Web Services SDKs, which consist of
- *         libraries and sample code for various programming languages and platforms such as Java,
- *         Ruby, .NET, iOS, and Android. The SDKs provide a convenient way to create programmatic
- *         access to Amazon Web Services Secrets Manager. For example, the SDKs provide cryptographically signing requests,
- *         managing errors, and retrying requests automatically. For more information about the Amazon Web Services
- *         SDKs, including downloading and installing them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web Services</a>.</p>
- *          </note>
- *          <p>We recommend you use the Amazon Web Services SDKs to make programmatic API calls to Secrets Manager. However, you
- *       also can use the Secrets Manager HTTP Query API to make direct calls to the Secrets Manager web service. To learn
- *       more about the Secrets Manager HTTP Query API, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/query-requests.html">Making Query Requests</a> in the
- *       <i>Amazon Web Services Secrets Manager User Guide</i>. </p>
- *          <p>Secrets Manager API supports GET and POST requests for all actions, and doesn't require you to use
- *       GET for some actions and POST for others. However, GET requests are subject to the limitation
- *       size of a URL. Therefore, for operations that require larger sizes, use a POST request.</p>
+ *
+ *
+ *
+ *
+ *
+ *
+ *
+ *
  *
  *
  *
@@ -59,24 +52,11 @@ import { SecretsManagerClient } from "./SecretsManagerClient";
  *          <p>
  *             <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
  *          </p>
- *
  *          <p>We welcome your feedback. Send your comments to <a href="mailto:awssecretsmanager-feedback@amazon.com">awssecretsmanager-feedback@amazon.com</a>, or post your feedback and questions in the <a href="http://forums.aws.amazon.com/forum.jspa?forumID=296">Amazon Web Services Secrets Manager Discussion Forum</a>. For more
  *       information about the Amazon Web Services Discussion Forums, see <a href="http://forums.aws.amazon.com/help.jspa">Forums
  *         Help</a>.</p>
  *
  *          <p>
- *             <b>How examples are presented</b>
- *          </p>
- *
- *          <p>The JSON that Amazon Web Services Secrets Manager expects as your request parameters and the service returns as a
- *       response to HTTP query requests contain single, long strings without line breaks or white
- *       space formatting. The JSON shown in the examples displays the code formatted with both line
- *       breaks and white space to improve readability. When example input parameters can also cause
- *       long strings extending beyond the screen, you can insert line breaks to enhance readability.
- *       You should always submit the input as a single JSON text string.</p>
- *
- *
- *          <p>
  *             <b>Logging API Requests</b>
  *          </p>
  *          <p>Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services
@@ -100,6 +80,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *         new version to see if it should be deleted. You can delete a version by removing all staging labels
      *         from it.</p>
      *          </note>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:CancelRotateSecret</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     cancelRotateSecret(args: CancelRotateSecretCommandInput, options?: __HttpHandlerOptions): Promise<CancelRotateSecretCommandOutput>;
     cancelRotateSecret(args: CancelRotateSecretCommandInput, cb: (err: any, data?: CancelRotateSecretCommandOutput) => void): void;
@@ -125,6 +111,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then
      *       you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create
      *       and use a customer managed KMS key. </p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:CreateSecret</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     createSecret(args: CreateSecretCommandInput, options?: __HttpHandlerOptions): Promise<CreateSecretCommandOutput>;
     createSecret(args: CreateSecretCommandInput, cb: (err: any, data?: CreateSecretCommandOutput) => void): void;
@@ -132,6 +124,12 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Deletes the resource-based permission policy attached to the secret. To attach a policy to
      *       a secret, use <a>PutResourcePolicy</a>.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:DeleteResourcePolicy</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     deleteResourcePolicy(args: DeleteResourcePolicyCommandInput, options?: __HttpHandlerOptions): Promise<DeleteResourcePolicyCommandOutput>;
     deleteResourcePolicy(args: DeleteResourcePolicyCommandInput, cb: (err: any, data?: DeleteResourcePolicyCommandOutput) => void): void;
@@ -150,6 +148,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p>
      *          <p>In a secret scheduled for deletion, you cannot access the encrypted secret value.
      *       To access that information, first cancel the deletion with <a>RestoreSecret</a> and then retrieve the information.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:DeleteSecret</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     deleteSecret(args: DeleteSecretCommandInput, options?: __HttpHandlerOptions): Promise<DeleteSecretCommandOutput>;
     deleteSecret(args: DeleteSecretCommandInput, cb: (err: any, data?: DeleteSecretCommandOutput) => void): void;
@@ -157,6 +161,12 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager
      *       only returns fields that have a value in the response. </p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:DescribeSecret</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     describeSecret(args: DescribeSecretCommandInput, options?: __HttpHandlerOptions): Promise<DescribeSecretCommandOutput>;
     describeSecret(args: DescribeSecretCommandInput, cb: (err: any, data?: DescribeSecretCommandOutput) => void): void;
@@ -165,6 +175,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      * <p>Generates a random password. We recommend that you specify the
      *       maximum length and include every character type that the system you are generating a password
      *       for can support.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:GetRandomPassword</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     getRandomPassword(args: GetRandomPasswordCommandInput, options?: __HttpHandlerOptions): Promise<GetRandomPasswordCommandOutput>;
     getRandomPassword(args: GetRandomPasswordCommandInput, cb: (err: any, data?: GetRandomPasswordCommandOutput) => void): void;
@@ -174,6 +190,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       secret. For more information about permissions policies attached to a secret, see
      *       <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions
      *         policies attached to a secret</a>.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:GetResourcePolicy</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     getResourcePolicy(args: GetResourcePolicyCommandInput, options?: __HttpHandlerOptions): Promise<GetResourcePolicyCommandOutput>;
     getResourcePolicy(args: GetResourcePolicyCommandInput, cb: (err: any, data?: GetResourcePolicyCommandOutput) => void): void;
@@ -182,10 +204,18 @@ export declare class SecretsManager extends SecretsManagerClient {
      * <p>Retrieves the contents of the encrypted fields <code>SecretString</code> or
      *         <code>SecretBinary</code> from the specified version of a secret, whichever contains
      *       content.</p>
-     *          <p>For information about retrieving the secret value in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html">Retrieve secrets</a>. </p>
-     *          <p>To run this command, you must have <code>secretsmanager:GetSecretValue</code> permissions.
+     *          <p>We recommend that you cache your secret values by using client-side caching.
+     *       Caching secrets improves speed and reduces your costs. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html">Cache secrets for
+     *         your applications</a>.</p>
+     *
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:GetSecretValue</code>.
      *       If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key
-     *       <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code> permissions for that key.</p>
+     *       <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code> permissions for that key.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     getSecretValue(args: GetSecretValueCommandInput, options?: __HttpHandlerOptions): Promise<GetSecretValueCommandOutput>;
     getSecretValue(args: GetSecretValueCommandInput, cb: (err: any, data?: GetSecretValueCommandOutput) => void): void;
@@ -198,10 +228,11 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Enhanced search capabilities
      *       for secrets in Secrets Manager</a>.</p>
      *          <p>
-     *             <b>Minimum
-     *         permissions</b>
-     *          </p>
-     *          <p>To run this command, you must have <code>secretsmanager:ListSecrets</code> permissions.</p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:ListSecrets</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     listSecrets(args: ListSecretsCommandInput, options?: __HttpHandlerOptions): Promise<ListSecretsCommandOutput>;
     listSecrets(args: ListSecretsCommandInput, cb: (err: any, data?: ListSecretsCommandOutput) => void): void;
@@ -211,12 +242,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          <p>To list the secrets in the account, use <a>ListSecrets</a>.</p>
      *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
      *       call <a>GetSecretValue</a>.</p>
-     *
      *          <p>
-     *             <b>Minimum
-     *       permissions</b>
-     *          </p>
-     *          <p>To run this command, you must have <code>secretsmanager:ListSecretVersionIds</code> permissions.</p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:ListSecretVersionIds</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     listSecretVersionIds(args: ListSecretVersionIdsCommandInput, options?: __HttpHandlerOptions): Promise<ListSecretVersionIdsCommandOutput>;
     listSecretVersionIds(args: ListSecretVersionIdsCommandInput, cb: (err: any, data?: ListSecretVersionIdsCommandOutput) => void): void;
@@ -227,6 +258,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          </p>
      *          <p>For information about attaching a policy in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html">Attach a
      *       permissions policy to a secret</a>.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:PutResourcePolicy</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     putResourcePolicy(args: PutResourcePolicyCommandInput, options?: __HttpHandlerOptions): Promise<PutResourcePolicyCommandOutput>;
     putResourcePolicy(args: PutResourcePolicyCommandInput, cb: (err: any, data?: PutResourcePolicyCommandOutput) => void): void;
@@ -253,18 +290,36 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       same secret data, the operation succeeds but does nothing. However, if the secret data is
      *       different, then the operation fails because you can't modify an existing version; you can
      *       only create new ones.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:PutSecretValue</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     putSecretValue(args: PutSecretValueCommandInput, options?: __HttpHandlerOptions): Promise<PutSecretValueCommandOutput>;
     putSecretValue(args: PutSecretValueCommandInput, cb: (err: any, data?: PutSecretValueCommandOutput) => void): void;
     putSecretValue(args: PutSecretValueCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: PutSecretValueCommandOutput) => void): void;
     /**
      * <p>For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:RemoveRegionsFromReplication</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     removeRegionsFromReplication(args: RemoveRegionsFromReplicationCommandInput, options?: __HttpHandlerOptions): Promise<RemoveRegionsFromReplicationCommandOutput>;
     removeRegionsFromReplication(args: RemoveRegionsFromReplicationCommandInput, cb: (err: any, data?: RemoveRegionsFromReplicationCommandOutput) => void): void;
     removeRegionsFromReplication(args: RemoveRegionsFromReplicationCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RemoveRegionsFromReplicationCommandOutput) => void): void;
     /**
      * <p>Replicates the secret to a new Regions. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html">Multi-Region secrets</a>.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:ReplicateSecretToRegions</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     replicateSecretToRegions(args: ReplicateSecretToRegionsCommandInput, options?: __HttpHandlerOptions): Promise<ReplicateSecretToRegionsCommandOutput>;
     replicateSecretToRegions(args: ReplicateSecretToRegionsCommandInput, cb: (err: any, data?: ReplicateSecretToRegionsCommandOutput) => void): void;
@@ -272,6 +327,12 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Cancels the scheduled deletion of a secret by removing the <code>DeletedDate</code> time
      *       stamp. You can access a secret again after it has been restored.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:RestoreSecret</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     restoreSecret(args: RestoreSecretCommandInput, options?: __HttpHandlerOptions): Promise<RestoreSecretCommandOutput>;
     restoreSecret(args: RestoreSecretCommandInput, cb: (err: any, data?: RestoreSecretCommandOutput) => void): void;
@@ -294,8 +355,14 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          <p>If the <code>AWSPENDING</code> staging label is present but not attached to the same version as
      *       <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code> assumes that a previous
      *       rotation request is still in progress and returns an error.</p>
-     *          <p>To run this command, you must have <code>secretsmanager:RotateSecret</code> permissions and
-     *       <code>lambda:InvokeFunction</code> permissions on the function specified in the secret's metadata.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:RotateSecret</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. You also need <code>lambda:InvokeFunction</code> permissions on the rotation function.
+     *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html">
+     *         Permissions for rotation</a>.</p>
      */
     rotateSecret(args: RotateSecretCommandInput, options?: __HttpHandlerOptions): Promise<RotateSecretCommandOutput>;
     rotateSecret(args: RotateSecretCommandInput, cb: (err: any, data?: RotateSecretCommandOutput) => void): void;
@@ -303,6 +370,12 @@ export declare class SecretsManager extends SecretsManagerClient {
     /**
      * <p>Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region.</p>
      *          <p>You must call this operation from the Region in which you want to promote the replica to a primary secret.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:StopReplicationToReplica</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     stopReplicationToReplica(args: StopReplicationToReplicaCommandInput, options?: __HttpHandlerOptions): Promise<StopReplicationToReplicaCommandOutput>;
     stopReplicationToReplica(args: StopReplicationToReplicaCommandInput, cb: (err: any, data?: StopReplicationToReplicaCommandOutput) => void): void;
@@ -343,6 +416,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *         your permissions for this secret, then the operation is blocked and returns an Access Denied
      *         error.</p>
      *          </important>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:TagResource</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     tagResource(args: TagResourceCommandInput, options?: __HttpHandlerOptions): Promise<TagResourceCommandOutput>;
     tagResource(args: TagResourceCommandInput, cb: (err: any, data?: TagResourceCommandOutput) => void): void;
@@ -357,6 +436,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *         permissions for this secret, then the operation is blocked and returns an Access Denied
      *         error.</p>
      *          </important>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:UntagResource</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     untagResource(args: UntagResourceCommandInput, options?: __HttpHandlerOptions): Promise<UntagResourceCommandOutput>;
     untagResource(args: UntagResourceCommandInput, cb: (err: any, data?: UntagResourceCommandOutput) => void): void;
@@ -385,9 +470,15 @@ export declare class SecretsManager extends SecretsManagerClient {
      *       significant delay in returning the result.  </p>
      *          <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then you can't
      *       use <code>aws/secretsmanager</code> to encrypt the secret, and you must create and use a customer managed key. </p>
-     *
-     *          <p>To run this command, you must have <code>secretsmanager:UpdateSecret</code> permissions. If you use a
-     *       customer managed key, you must also have <code>kms:GenerateDataKey</code> and <code>kms:Decrypt</code> permissions .</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:UpdateSecret</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>.
+     *       If you use a customer managed key, you must also have <code>kms:GenerateDataKey</code> and
+     *       <code>kms:Decrypt</code> permissions on the key. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html">
+     *         Secret encryption and decryption</a>.</p>
      */
     updateSecret(args: UpdateSecretCommandInput, options?: __HttpHandlerOptions): Promise<UpdateSecretCommandOutput>;
     updateSecret(args: UpdateSecretCommandInput, cb: (err: any, data?: UpdateSecretCommandOutput) => void): void;
@@ -408,6 +499,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *          </note>
      *          <p>If this action results in the last label being removed from a version, then the version is
      *       considered to be 'deprecated' and can be deleted by Secrets Manager.</p>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:UpdateSecretVersionStage</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     updateSecretVersionStage(args: UpdateSecretVersionStageCommandInput, options?: __HttpHandlerOptions): Promise<UpdateSecretVersionStageCommandOutput>;
     updateSecretVersionStage(args: UpdateSecretVersionStageCommandInput, cb: (err: any, data?: UpdateSecretVersionStageCommandOutput) => void): void;
@@ -428,6 +525,12 @@ export declare class SecretsManager extends SecretsManagerClient {
      *                <p>Verifies the policy does not lock out a caller.</p>
      *             </li>
      *          </ul>
+     *          <p>
+     *             <b>Required permissions: </b>
+     *             <code>secretsmanager:ValidateResourcePolicy</code>.
+     *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+     *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+     *       and access control in Secrets Manager</a>. </p>
      */
     validateResourcePolicy(args: ValidateResourcePolicyCommandInput, options?: __HttpHandlerOptions): Promise<ValidateResourcePolicyCommandOutput>;
     validateResourcePolicy(args: ValidateResourcePolicyCommandInput, cb: (err: any, data?: ValidateResourcePolicyCommandOutput) => void): void;

package/dist-types/SecretsManagerClient.d.ts

@@ -159,21 +159,14 @@ export interface SecretsManagerClientResolvedConfig extends SecretsManagerClient
  *          </p>
  *
  *          <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
- *          <note>
- *             <p>As an alternative to using the API, you can use one of the Amazon Web Services SDKs, which consist of
- *         libraries and sample code for various programming languages and platforms such as Java,
- *         Ruby, .NET, iOS, and Android. The SDKs provide a convenient way to create programmatic
- *         access to Amazon Web Services Secrets Manager. For example, the SDKs provide cryptographically signing requests,
- *         managing errors, and retrying requests automatically. For more information about the Amazon Web Services
- *         SDKs, including downloading and installing them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web Services</a>.</p>
- *          </note>
- *          <p>We recommend you use the Amazon Web Services SDKs to make programmatic API calls to Secrets Manager. However, you
- *       also can use the Secrets Manager HTTP Query API to make direct calls to the Secrets Manager web service. To learn
- *       more about the Secrets Manager HTTP Query API, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/query-requests.html">Making Query Requests</a> in the
- *       <i>Amazon Web Services Secrets Manager User Guide</i>. </p>
- *          <p>Secrets Manager API supports GET and POST requests for all actions, and doesn't require you to use
- *       GET for some actions and POST for others. However, GET requests are subject to the limitation
- *       size of a URL. Therefore, for operations that require larger sizes, use a POST request.</p>
+ *
+ *
+ *
+ *
+ *
+ *
+ *
+ *
  *
  *
  *
@@ -184,24 +177,11 @@ export interface SecretsManagerClientResolvedConfig extends SecretsManagerClient
  *          <p>
  *             <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
  *          </p>
- *
  *          <p>We welcome your feedback. Send your comments to <a href="mailto:awssecretsmanager-feedback@amazon.com">awssecretsmanager-feedback@amazon.com</a>, or post your feedback and questions in the <a href="http://forums.aws.amazon.com/forum.jspa?forumID=296">Amazon Web Services Secrets Manager Discussion Forum</a>. For more
  *       information about the Amazon Web Services Discussion Forums, see <a href="http://forums.aws.amazon.com/help.jspa">Forums
  *         Help</a>.</p>
  *
  *          <p>
- *             <b>How examples are presented</b>
- *          </p>
- *
- *          <p>The JSON that Amazon Web Services Secrets Manager expects as your request parameters and the service returns as a
- *       response to HTTP query requests contain single, long strings without line breaks or white
- *       space formatting. The JSON shown in the examples displays the code formatted with both line
- *       breaks and white space to improve readability. When example input parameters can also cause
- *       long strings extending beyond the screen, you can insert line breaks to enhance readability.
- *       You should always submit the input as a single JSON text string.</p>
- *
- *
- *          <p>
  *             <b>Logging API Requests</b>
  *          </p>
  *          <p>Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services

package/dist-types/commands/CancelRotateSecretCommand.d.ts

@@ -18,6 +18,12 @@ export interface CancelRotateSecretCommandOutput extends CancelRotateSecretRespo
  *         new version to see if it should be deleted. You can delete a version by removing all staging labels
  *         from it.</p>
  *          </note>
+ *          <p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:CancelRotateSecret</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/CreateSecretCommand.d.ts

@@ -27,6 +27,12 @@ export interface CreateSecretCommandOutput extends CreateSecretResponse, __Metad
  *          <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then
  *       you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create
  *       and use a customer managed KMS key. </p>
+ *          <p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:CreateSecret</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DeleteResourcePolicyCommand.d.ts

@@ -9,6 +9,12 @@ export interface DeleteResourcePolicyCommandOutput extends DeleteResourcePolicyR
 /**
  * <p>Deletes the resource-based permission policy attached to the secret. To attach a policy to
  *       a secret, use <a>PutResourcePolicy</a>.</p>
+ *          <p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:DeleteResourcePolicy</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DeleteSecretCommand.d.ts

@@ -20,6 +20,12 @@ export interface DeleteSecretCommandOutput extends DeleteSecretResponse, __Metad
  *       remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p>
  *          <p>In a secret scheduled for deletion, you cannot access the encrypted secret value.
  *       To access that information, first cancel the deletion with <a>RestoreSecret</a> and then retrieve the information.</p>
+ *          <p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:DeleteSecret</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DescribeSecretCommand.d.ts

@@ -9,6 +9,12 @@ export interface DescribeSecretCommandOutput extends DescribeSecretResponse, __M
 /**
  * <p>Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager
  *       only returns fields that have a value in the response. </p>
+ *          <p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:DescribeSecret</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetRandomPasswordCommand.d.ts

@@ -10,6 +10,12 @@ export interface GetRandomPasswordCommandOutput extends GetRandomPasswordRespons
  * <p>Generates a random password. We recommend that you specify the
  *       maximum length and include every character type that the system you are generating a password
  *       for can support.</p>
+ *          <p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:GetRandomPassword</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetResourcePolicyCommand.d.ts

@@ -11,6 +11,12 @@ export interface GetResourcePolicyCommandOutput extends GetResourcePolicyRespons
  *       secret. For more information about permissions policies attached to a secret, see
  *       <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions
  *         policies attached to a secret</a>.</p>
+ *          <p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:GetResourcePolicy</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetSecretValueCommand.d.ts

@@ -10,10 +10,18 @@ export interface GetSecretValueCommandOutput extends GetSecretValueResponse, __M
  * <p>Retrieves the contents of the encrypted fields <code>SecretString</code> or
  *         <code>SecretBinary</code> from the specified version of a secret, whichever contains
  *       content.</p>
- *          <p>For information about retrieving the secret value in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html">Retrieve secrets</a>. </p>
- *          <p>To run this command, you must have <code>secretsmanager:GetSecretValue</code> permissions.
+ *          <p>We recommend that you cache your secret values by using client-side caching.
+ *       Caching secrets improves speed and reduces your costs. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html">Cache secrets for
+ *         your applications</a>.</p>
+ *
+ *          <p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:GetSecretValue</code>.
  *       If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key
- *       <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code> permissions for that key.</p>
+ *       <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code> permissions for that key.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListSecretVersionIdsCommand.d.ts

@@ -11,12 +11,12 @@ export interface ListSecretVersionIdsCommandOutput extends ListSecretVersionIdsR
  *          <p>To list the secrets in the account, use <a>ListSecrets</a>.</p>
  *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
  *       call <a>GetSecretValue</a>.</p>
- *
  *          <p>
- *             <b>Minimum
- *       permissions</b>
- *          </p>
- *          <p>To run this command, you must have <code>secretsmanager:ListSecretVersionIds</code> permissions.</p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:ListSecretVersionIds</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListSecretsCommand.d.ts

@@ -14,10 +14,11 @@ export interface ListSecretsCommandOutput extends ListSecretsResponse, __Metadat
  *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Enhanced search capabilities
  *       for secrets in Secrets Manager</a>.</p>
  *          <p>
- *             <b>Minimum
- *         permissions</b>
- *          </p>
- *          <p>To run this command, you must have <code>secretsmanager:ListSecrets</code> permissions.</p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:ListSecrets</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/PutResourcePolicyCommand.d.ts

@@ -12,6 +12,12 @@ export interface PutResourcePolicyCommandOutput extends PutResourcePolicyRespons
  *          </p>
  *          <p>For information about attaching a policy in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html">Attach a
  *       permissions policy to a secret</a>.</p>
+ *          <p>
+ *             <b>Required permissions: </b>
+ *             <code>secretsmanager:PutResourcePolicy</code>.
+ *       For more information, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions">
+ *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
+ *       and access control in Secrets Manager</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript