@aws-sdk/client-secrets-manager 3.933.0 → 3.935.0

package/dist-es/schemas/schemas_0.js

@@ -39,6 +39,10 @@ const _EL = "ExcludeLowercase";
 const _EM = "ErrorMessage";
 const _EN = "ExcludeNumbers";
 const _EP = "ExcludePunctuation";
+const _ESRM = "ExternalSecretRotationMetadata";
+const _ESRMI = "ExternalSecretRotationMetadataItem";
+const _ESRMT = "ExternalSecretRotationMetadataType";
+const _ESRRA = "ExternalSecretRotationRoleArn";
 const _EU = "ExcludeUppercase";
 const _F = "Filters";
 const _FDWR = "ForceDeleteWithoutRecovery";
@@ -155,6 +159,7 @@ const _TLT = "TagListType";
 const _TR = "TagResource";
 const _TRR = "TagResourceRequest";
 const _Ta = "Tag";
+const _Ty = "Type";
 const _UR = "UntagResource";
 const _URR = "UntagResourceRequest";
 const _US = "UpdateSecret";
@@ -163,7 +168,7 @@ const _USRp = "UpdateSecretResponse";
 const _USVS = "UpdateSecretVersionStage";
 const _USVSR = "UpdateSecretVersionStageRequest";
 const _USVSRp = "UpdateSecretVersionStageResponse";
-const _V = "Values";
+const _V = "Value";
 const _VE = "ValidationErrors";
 const _VEE = "ValidationErrorsEntry";
 const _VET = "ValidationErrorsType";
@@ -174,7 +179,7 @@ const _VRPR = "ValidateResourcePolicyRequest";
 const _VRPRa = "ValidateResourcePolicyResponse";
 const _VS = "VersionStage";
 const _VSe = "VersionStages";
-const _Va = "Value";
+const _Va = "Values";
 const _Ve = "Versions";
 const _c = "client";
 const _e = "error";
@@ -182,7 +187,7 @@ const _s = "server";
 const _sm = "smithy.ts.sdk.synthetic.com.amazonaws.secretsmanager";
 const n0 = "com.amazonaws.secretsmanager";
 import { TypeRegistry } from "@smithy/core/schema";
-import { DecryptionFailure as __DecryptionFailure, EncryptionFailure as __EncryptionFailure, InternalServiceError as __InternalServiceError, InvalidNextTokenException as __InvalidNextTokenException, InvalidParameterException as __InvalidParameterException, InvalidRequestException as __InvalidRequestException, LimitExceededException as __LimitExceededException, MalformedPolicyDocumentException as __MalformedPolicyDocumentException, PreconditionNotMetException as __PreconditionNotMetException, PublicPolicyException as __PublicPolicyException, ResourceExistsException as __ResourceExistsException, ResourceNotFoundException as __ResourceNotFoundException, } from "../models/index";
+import { DecryptionFailure as __DecryptionFailure, EncryptionFailure as __EncryptionFailure, InternalServiceError as __InternalServiceError, InvalidNextTokenException as __InvalidNextTokenException, InvalidParameterException as __InvalidParameterException, InvalidRequestException as __InvalidRequestException, LimitExceededException as __LimitExceededException, MalformedPolicyDocumentException as __MalformedPolicyDocumentException, PreconditionNotMetException as __PreconditionNotMetException, PublicPolicyException as __PublicPolicyException, ResourceExistsException as __ResourceExistsException, ResourceNotFoundException as __ResourceNotFoundException, } from "../models/errors";
 import { SecretsManagerServiceException as __SecretsManagerServiceException } from "../models/SecretsManagerServiceException";
 export var RandomPasswordType = [0, n0, _RPT, 8, 0];
 export var RotationTokenType = [0, n0, _RTT, 8, 0];
@@ -212,7 +217,7 @@ export var CreateSecretRequest = [
     n0,
     _CSR,
     0,
-    [_N, _CRT, _D, _KKI, _SB, _SS, _T, _ARR, _FORS],
+    [_N, _CRT, _D, _KKI, _SB, _SS, _T, _ARR, _FORS, _Ty],
     [
         0,
         [0, 4],
@@ -223,6 +228,7 @@ export var CreateSecretRequest = [
         () => TagListType,
         () => AddReplicaRegionListType,
         2,
+        0,
     ],
 ];
 export var CreateSecretResponse = [
@@ -254,15 +260,40 @@ export var DescribeSecretResponse = [
     n0,
     _DSResc,
     0,
-    [_ARN, _N, _D, _KKI, _RE, _RLARN, _RR, _LRD, _LCD, _LAD, _DDe, _NRD, _T, _VITS, _OS, _CD, _PR, _RS],
+    [
+        _ARN,
+        _N,
+        _Ty,
+        _D,
+        _KKI,
+        _RE,
+        _RLARN,
+        _RR,
+        _ESRM,
+        _ESRRA,
+        _LRD,
+        _LCD,
+        _LAD,
+        _DDe,
+        _NRD,
+        _T,
+        _VITS,
+        _OS,
+        _CD,
+        _PR,
+        _RS,
+    ],
     [
         0,
         0,
         0,
         0,
+        0,
         2,
         0,
         () => RotationRulesType,
+        () => ExternalSecretRotationMetadataType,
+        0,
         4,
         4,
         4,
@@ -287,7 +318,8 @@ export var EncryptionFailure = [
     [0],
 ];
 TypeRegistry.for(n0).registerError(EncryptionFailure, __EncryptionFailure);
-export var Filter = [3, n0, _Fi, 0, [_K, _V], [0, 64 | 0]];
+export var ExternalSecretRotationMetadataItem = [3, n0, _ESRMI, 0, [_K, _V], [0, 0]];
+export var Filter = [3, n0, _Fi, 0, [_K, _Va], [0, 64 | 0]];
 export var GetRandomPasswordRequest = [
     3,
     n0,
@@ -488,8 +520,8 @@ export var RotateSecretRequest = [
     n0,
     _RSRo,
     0,
-    [_SI, _CRT, _RLARN, _RR, _RI],
-    [0, [0, 4], 0, () => RotationRulesType, 2],
+    [_SI, _CRT, _RLARN, _RR, _ESRM, _ESRRA, _RI],
+    [0, [0, 4], 0, () => RotationRulesType, () => ExternalSecretRotationMetadataType, 0, 2],
 ];
 export var RotateSecretResponse = [3, n0, _RSRot, 0, [_ARN, _N, _VI], [0, 0, 0]];
 export var RotationRulesType = [3, n0, _RRTo, 0, [_AAD, _Du, _SE], [1, 0, 0]];
@@ -498,15 +530,18 @@ export var SecretListEntry = [
     n0,
     _SLE,
     0,
-    [_ARN, _N, _D, _KKI, _RE, _RLARN, _RR, _LRD, _LCD, _LAD, _DDe, _NRD, _T, _SVTS, _OS, _CD, _PR],
+    [_ARN, _N, _Ty, _D, _KKI, _RE, _RLARN, _RR, _ESRM, _ESRRA, _LRD, _LCD, _LAD, _DDe, _NRD, _T, _SVTS, _OS, _CD, _PR],
     [
         0,
         0,
         0,
         0,
+        0,
         2,
         0,
         () => RotationRulesType,
+        () => ExternalSecretRotationMetadataType,
+        0,
         4,
         4,
         4,
@@ -537,7 +572,7 @@ export var SecretVersionsListEntry = [
 ];
 export var StopReplicationToReplicaRequest = [3, n0, _SRTRR, 0, [_SI], [0]];
 export var StopReplicationToReplicaResponse = [3, n0, _SRTRRt, 0, [_ARN], [0]];
-export var Tag = [3, n0, _Ta, 0, [_K, _Va], [0, 0]];
+export var Tag = [3, n0, _Ta, 0, [_K, _V], [0, 0]];
 export var TagResourceRequest = [3, n0, _TRR, 0, [_SI, _T], [0, () => TagListType]];
 export var UntagResourceRequest = [3, n0, _URR, 0, [_SI, _TK], [0, 64 | 0]];
 export var UpdateSecretRequest = [
@@ -545,8 +580,8 @@ export var UpdateSecretRequest = [
     n0,
     _USR,
     0,
-    [_SI, _CRT, _D, _KKI, _SB, _SS],
-    [0, [0, 4], 0, 0, [() => SecretBinaryType, 0], [() => SecretStringType, 0]],
+    [_SI, _CRT, _D, _KKI, _SB, _SS, _Ty],
+    [0, [0, 4], 0, 0, [() => SecretBinaryType, 0], [() => SecretStringType, 0], 0],
 ];
 export var UpdateSecretResponse = [3, n0, _USRp, 0, [_ARN, _N, _VI], [0, 0, 0]];
 export var UpdateSecretVersionStageRequest = [
@@ -573,6 +608,13 @@ export var SecretsManagerServiceException = [-3, _sm, "SecretsManagerServiceExce
 TypeRegistry.for(_sm).registerError(SecretsManagerServiceException, __SecretsManagerServiceException);
 export var AddReplicaRegionListType = [1, n0, _ARRLT, 0, () => ReplicaRegionType];
 export var APIErrorListType = [1, n0, _APIELT, 0, () => APIErrorType];
+export var ExternalSecretRotationMetadataType = [
+    1,
+    n0,
+    _ESRMT,
+    0,
+    () => ExternalSecretRotationMetadataItem,
+];
 export var FiltersListType = [1, n0, _FLT, 0, () => Filter];
 export var FilterValuesStringList = 64 | 0;
 export var KmsKeyIdListType = 64 | 0;

package/dist-types/commands/BatchGetSecretValueCommand.d.ts

@@ -27,14 +27,25 @@ declare const BatchGetSecretValueCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves the contents of the encrypted fields <code>SecretString</code> or <code>SecretBinary</code> for up to 20 secrets.  To retrieve a single secret, call <a>GetSecretValue</a>. </p>
- *          <p>To choose which secrets to retrieve, you can specify a list of secrets by name or ARN, or you can use filters. If Secrets Manager encounters errors such as <code>AccessDeniedException</code> while attempting to retrieve any of the secrets, you can see the errors in <code>Errors</code> in the response.</p>
- *          <p>Secrets Manager generates CloudTrail <code>GetSecretValue</code> log entries for each secret you request when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
+ * <p>Retrieves the contents of the encrypted fields <code>SecretString</code> or
+ *                 <code>SecretBinary</code> for up to 20 secrets. To retrieve a single secret, call
+ *                 <a>GetSecretValue</a>. </p>
+ *          <p>To choose which secrets to retrieve, you can specify a list of secrets by name or ARN,
+ *             or you can use filters. If Secrets Manager encounters errors such as
+ *                 <code>AccessDeniedException</code> while attempting to retrieve any of the secrets,
+ *             you can see the errors in <code>Errors</code> in the response.</p>
+ *          <p>Secrets Manager generates CloudTrail
+ *             <code>GetSecretValue</code> log entries for each secret you request when you call this
+ *             action. Do not include sensitive information in request parameters because it might be
+ *             logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
- *             <code>secretsmanager:BatchGetSecretValue</code>, and you must have <code>secretsmanager:GetSecretValue</code> for each secret. If you use filters, you must also have <code>secretsmanager:ListSecrets</code>. If the secrets are encrypted using customer-managed keys instead of the Amazon Web Services managed key
- *       <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code> permissions for the keys.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <code>secretsmanager:BatchGetSecretValue</code>, and you must have
+ *                 <code>secretsmanager:GetSecretValue</code> for each secret. If you use filters, you
+ *             must also have <code>secretsmanager:ListSecrets</code>. If the secrets are encrypted
+ *             using customer-managed keys instead of the Amazon Web Services managed key
+ *                 <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code>
+ *             permissions for the keys. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/CancelRotateSecretCommand.d.ts

@@ -27,23 +27,21 @@ declare const CancelRotateSecretCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Turns off automatic rotation, and if a rotation is currently in
- *       progress, cancels the rotation.</p>
+ * <p>Turns off automatic rotation, and if a rotation is currently in progress, cancels the
+ *             rotation.</p>
  *          <p>If you cancel a rotation in progress, it can leave the <code>VersionStage</code>
- *       labels in an unexpected state. You might
- *       need to remove the staging label <code>AWSPENDING</code> from the partially created version.
- *       You also need to determine whether to roll back to the previous version of the secret
- *       by moving the staging label <code>AWSCURRENT</code> to the version that has <code>AWSPENDING</code>.
- *       To determine
- *       which version has a specific staging label, call <a>ListSecretVersionIds</a>. Then use
- *      <a>UpdateSecretVersionStage</a> to change staging labels.
- *      For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
+ *             labels in an unexpected state. You might need to remove the staging label
+ *                 <code>AWSPENDING</code> from the partially created version. You also need to
+ *             determine whether to roll back to the previous version of the secret by moving the
+ *             staging label <code>AWSCURRENT</code> to the version that has <code>AWSPENDING</code>.
+ *             To determine which version has a specific staging label, call <a>ListSecretVersionIds</a>. Then use <a>UpdateSecretVersionStage</a> to change staging labels. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation
+ *                 works</a>.</p>
  *          <p>To turn on automatic rotation again, call <a>RotateSecret</a>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:CancelRotateSecret</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:CancelRotateSecret</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/CreateSecretCommand.d.ts

@@ -28,41 +28,50 @@ declare const CreateSecretCommand_base: {
 };
 /**
  * <p>Creates a new secret. A <i>secret</i> can be a password, a set of
- *       credentials such as a user name and password, an OAuth token, or other secret information
- *       that you store in an encrypted form in Secrets Manager. The secret also
- *       includes the connection information to access a database or other service, which Secrets Manager
- *       doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the
- *       important information needed to manage the secret.</p>
- *          <p>For secrets that use <i>managed rotation</i>, you need to create the secret through the managing service. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.
- *
- *     </p>
- *          <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a secret</a>.</p>
+ *             credentials such as a user name and password, an OAuth token, or other secret
+ *             information that you store in an encrypted form in Secrets Manager. The secret also includes the
+ *             connection information to access a database or other service, which Secrets Manager doesn't
+ *             encrypt. A secret in Secrets Manager consists of both the protected secret data and the important
+ *             information needed to manage the secret.</p>
+ *          <p>For secrets that use <i>managed rotation</i>, you need to create the
+ *             secret through the managing service. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets
+ *                 managed by other Amazon Web Services services</a>. </p>
+ *          <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a
+ *                 secret</a>.</p>
  *          <p>To create a secret, you can provide the secret value to be encrypted in either the
- *       <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both.
- *       If you include <code>SecretString</code> or <code>SecretBinary</code>
- *       then Secrets Manager creates an initial secret version and automatically attaches the staging
- *       label <code>AWSCURRENT</code> to it.</p>
- *          <p>For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret,
- *       you must make sure the JSON you store in the <code>SecretString</code> matches the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html">JSON structure of
- *         a database secret</a>.</p>
+ *                 <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but
+ *             not both. If you include <code>SecretString</code> or <code>SecretBinary</code> then
+ *             Secrets Manager creates an initial secret version and automatically attaches the staging label
+ *                 <code>AWSCURRENT</code> to it.</p>
+ *          <p>For database credentials you want to rotate, for Secrets Manager to be able to rotate the
+ *             secret, you must make sure the JSON you store in the <code>SecretString</code> matches
+ *             the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html">JSON
+ *                 structure of a database secret</a>.</p>
  *          <p>If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key
- *       <code>aws/secretsmanager</code>. If this key
- *       doesn't already exist in your account, then Secrets Manager creates it for you automatically. All
- *       users and roles in the Amazon Web Services account automatically have access to use <code>aws/secretsmanager</code>.
- *       Creating <code>aws/secretsmanager</code> can result in a one-time significant delay in returning the
- *       result.</p>
- *          <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then
- *       you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create
- *       and use a customer managed KMS key. </p>
- *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except <code>SecretBinary</code> or <code>SecretString</code> because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
+ *                 <code>aws/secretsmanager</code>. If this key doesn't already exist in your account,
+ *             then Secrets Manager creates it for you automatically. All users and roles in the Amazon Web Services account
+ *             automatically have access to use <code>aws/secretsmanager</code>. Creating
+ *                 <code>aws/secretsmanager</code> can result in a one-time significant delay in
+ *             returning the result.</p>
+ *          <p>If the secret is in a different Amazon Web Services account from the credentials calling the API,
+ *             then you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must
+ *             create and use a customer managed KMS key. </p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action.
+ *             Do not include sensitive information in request parameters except
+ *                 <code>SecretBinary</code> or <code>SecretString</code> because it might be logged.
+ *             For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:CreateSecret</code>. If you
- *       include tags in the secret, you also need <code>secretsmanager:TagResource</code>. To add replica Regions, you must also have <code>secretsmanager:ReplicateSecretToRegions</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:CreateSecret</code>. If you include tags in the
+ *             secret, you also need <code>secretsmanager:TagResource</code>. To add replica Regions,
+ *             you must also have <code>secretsmanager:ReplicateSecretToRegions</code>.
+ *             For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
- *          <p>To encrypt the secret with a KMS key other than <code>aws/secretsmanager</code>, you need <code>kms:GenerateDataKey</code> and <code>kms:Decrypt</code> permission to the key. </p>
+ *          <p>To encrypt the secret with a KMS key other than <code>aws/secretsmanager</code>, you
+ *             need <code>kms:GenerateDataKey</code> and <code>kms:Decrypt</code> permission to the
+ *             key. </p>
  *          <important>
  *             <p>When you enter commands in a command shell, there is a risk of the command history being accessed or utilities having access to your command parameters. This is a concern if the command includes the value of a secret. Learn how to <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/security_cli-exposure-risks.html">Mitigate the risks of using command-line tools to store Secrets Manager secrets</a>.</p>
  *          </important>
@@ -94,6 +103,7 @@ declare const CreateSecretCommand_base: {
  *     },
  *   ],
  *   ForceOverwriteReplicaSecret: true || false,
+ *   Type: "STRING_VALUE",
  * };
  * const command = new CreateSecretCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/DeleteResourcePolicyCommand.d.ts

@@ -27,13 +27,13 @@ declare const DeleteResourcePolicyCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Deletes the resource-based permission policy attached to the secret. To attach a policy to
- *       a secret, use <a>PutResourcePolicy</a>.</p>
+ * <p>Deletes the resource-based permission policy attached to the secret. To attach a
+ *             policy to a secret, use <a>PutResourcePolicy</a>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:DeleteResourcePolicy</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:DeleteResourcePolicy</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/DeleteSecretCommand.d.ts

@@ -27,33 +27,35 @@ declare const DeleteSecretCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Deletes a secret and all of its versions. You can specify a recovery
- *       window during which you can restore the secret. The minimum recovery window is 7 days.
- *       The default recovery window is 30 days. Secrets Manager attaches a <code>DeletionDate</code> stamp to
- *       the secret that specifies the end of the recovery window. At the end of the recovery window,
- *       Secrets Manager deletes the secret permanently.</p>
- *          <p>You can't delete a primary secret that is replicated to other Regions. You must first delete the
- *     replicas using <a>RemoveRegionsFromReplication</a>, and then delete the primary secret.
- *     When you delete a replica, it is deleted immediately.</p>
- *          <p>You can't directly delete a version of a secret. Instead, you remove all staging labels
- *     from the version using <a>UpdateSecretVersionStage</a>. This marks the version as deprecated,
- *     and then Secrets Manager can automatically delete the version in the background.</p>
+ * <p>Deletes a secret and all of its versions. You can specify a recovery window during
+ *             which you can restore the secret. The minimum recovery window is 7 days. The default
+ *             recovery window is 30 days. Secrets Manager attaches a <code>DeletionDate</code> stamp to the
+ *             secret that specifies the end of the recovery window. At the end of the recovery window,
+ *             Secrets Manager deletes the secret permanently.</p>
+ *          <p>You can't delete a primary secret that is replicated to other Regions. You must first
+ *             delete the replicas using <a>RemoveRegionsFromReplication</a>, and then
+ *             delete the primary secret. When you delete a replica, it is deleted immediately.</p>
+ *          <p>You can't directly delete a version of a secret. Instead, you remove all staging
+ *             labels from the version using <a>UpdateSecretVersionStage</a>. This marks the
+ *             version as deprecated, and then Secrets Manager can automatically delete the version in the
+ *             background.</p>
  *          <p>To determine whether an application still uses a secret, you can create an Amazon CloudWatch alarm
- *     to alert you to any attempts to access a secret during the recovery window. For more information,
- *     see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html">
- *     Monitor secrets scheduled for deletion</a>.</p>
+ *             to alert you to any attempts to access a secret during the recovery window. For more
+ *             information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html">
+ *                 Monitor secrets scheduled for deletion</a>.</p>
  *          <p>Secrets Manager performs the permanent secret deletion at the end of the waiting period as a
- *         background task with low priority. There is no guarantee of a specific time after the
- *         recovery window for the permanent delete to occur.</p>
- *          <p>At any time before recovery window ends, you can use <a>RestoreSecret</a> to
- *       remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p>
- *          <p>When a secret is scheduled for deletion, you cannot retrieve the secret value.
- *       You must first cancel the deletion with <a>RestoreSecret</a> and then you can retrieve the secret.</p>
+ *             background task with low priority. There is no guarantee of a specific time after the
+ *             recovery window for the permanent delete to occur.</p>
+ *          <p>At any time before recovery window ends, you can use <a>RestoreSecret</a>
+ *             to remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p>
+ *          <p>When a secret is scheduled for deletion, you cannot retrieve the secret value. You
+ *             must first cancel the deletion with <a>RestoreSecret</a> and then you can
+ *             retrieve the secret.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:DeleteSecret</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:DeleteSecret</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/DescribeSecretCommand.d.ts

@@ -27,13 +27,13 @@ declare const DescribeSecretCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager
- *       only returns fields that have a value in the response. </p>
+ * <p>Retrieves the details of a secret. It does not include the encrypted secret value.
+ *             Secrets Manager only returns fields that have a value in the response. </p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:DescribeSecret</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:DescribeSecret</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example
@@ -52,6 +52,7 @@ declare const DescribeSecretCommand_base: {
  * // { // DescribeSecretResponse
  * //   ARN: "STRING_VALUE",
  * //   Name: "STRING_VALUE",
+ * //   Type: "STRING_VALUE",
  * //   Description: "STRING_VALUE",
  * //   KmsKeyId: "STRING_VALUE",
  * //   RotationEnabled: true || false,
@@ -61,6 +62,13 @@ declare const DescribeSecretCommand_base: {
  * //     Duration: "STRING_VALUE",
  * //     ScheduleExpression: "STRING_VALUE",
  * //   },
+ * //   ExternalSecretRotationMetadata: [ // ExternalSecretRotationMetadataType
+ * //     { // ExternalSecretRotationMetadataItem
+ * //       Key: "STRING_VALUE",
+ * //       Value: "STRING_VALUE",
+ * //     },
+ * //   ],
+ * //   ExternalSecretRotationRoleArn: "STRING_VALUE",
  * //   LastRotatedDate: new Date("TIMESTAMP"),
  * //   LastChangedDate: new Date("TIMESTAMP"),
  * //   LastAccessedDate: new Date("TIMESTAMP"),

package/dist-types/commands/GetRandomPasswordCommand.d.ts

@@ -27,15 +27,18 @@ declare const GetRandomPasswordCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Generates a random password. We recommend that you specify the
- *       maximum length and include every character type that the system you are generating a password
- *       for can support. By default, Secrets Manager uses uppercase and lowercase letters, numbers, and the following characters in passwords: <code>!\"#$%&'()*+,-./:;<=>?@[\\]^_`\{|\}~</code>
+ * <p>Generates a random password. We recommend that you specify the maximum length and
+ *             include every character type that the system you are generating a password for can
+ *             support. By default, Secrets Manager uses uppercase and lowercase letters, numbers, and the
+ *             following characters in passwords:
+ *                 <code>!\"#$%&'()*+,-./:;<=>?@[\\]^_`\{|\}~</code>
  *          </p>
- *          <p>Secrets Manager generates a CloudTrail log entry when you call this action.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this
+ *             action.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:GetRandomPassword</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:GetRandomPassword</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/GetResourcePolicyCommand.d.ts

@@ -27,15 +27,13 @@ declare const GetResourcePolicyCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves the JSON text of the resource-based policy document attached to the
- *       secret. For more information about permissions policies attached to a secret, see
- *       <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions
- *         policies attached to a secret</a>.</p>
+ * <p>Retrieves the JSON text of the resource-based policy document attached to the secret.
+ *             For more information about permissions policies attached to a secret, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions policies attached to a secret</a>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:GetResourcePolicy</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:GetResourcePolicy</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/GetSecretValueCommand.d.ts

@@ -28,21 +28,21 @@ declare const GetSecretValueCommand_base: {
 };
 /**
  * <p>Retrieves the contents of the encrypted fields <code>SecretString</code> or
- *         <code>SecretBinary</code> from the specified version of a secret, whichever contains
- *       content.</p>
+ *                 <code>SecretBinary</code> from the specified version of a secret, whichever contains
+ *             content.</p>
  *          <p>To retrieve the values for a group of secrets, call <a>BatchGetSecretValue</a>.</p>
- *          <p>We recommend that you cache your secret values by using client-side caching.
- *       Caching secrets improves speed and reduces your costs. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html">Cache secrets for
- *         your applications</a>.</p>
- *          <p>To retrieve the previous version of a secret, use <code>VersionStage</code> and specify
- *       AWSPREVIOUS. To revert to the previous version of a secret, call <a href="https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html">UpdateSecretVersionStage</a>.</p>
+ *          <p>We recommend that you cache your secret values by using client-side caching. Caching
+ *             secrets improves speed and reduces your costs. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html">Cache secrets for your applications</a>.</p>
+ *          <p>To retrieve the previous version of a secret, use <code>VersionStage</code> and
+ *             specify AWSPREVIOUS. To revert to the previous version of a secret, call <a href="https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html">UpdateSecretVersionStage</a>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:GetSecretValue</code>.
- *       If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key
- *       <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code> permissions for that key.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:GetSecretValue</code>. If the secret is encrypted
+ *             using a customer-managed key instead of the Amazon Web Services managed key
+ *                 <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code>
+ *             permissions for that key. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/ListSecretVersionIdsCommand.d.ts

@@ -27,15 +27,15 @@ declare const ListSecretVersionIdsCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Lists the versions of a secret. Secrets Manager uses staging labels to indicate the different versions
- *     of a secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">
- *     Secrets Manager concepts: Versions</a>.</p>
+ * <p>Lists the versions of a secret. Secrets Manager uses staging labels to indicate the different
+ *             versions of a secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version"> Secrets Manager
+ *                 concepts: Versions</a>.</p>
  *          <p>To list the secrets in the account, use <a>ListSecrets</a>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:ListSecretVersionIds</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:ListSecretVersionIds</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example