@aws-sdk/client-secrets-manager 3.933.0 → 3.935.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-cjs/index.js +72 -29
- package/dist-es/index.js +2 -1
- package/dist-es/models/enums.js +18 -0
- package/dist-es/models/errors.js +169 -0
- package/dist-es/models/models_0.js +1 -187
- package/dist-es/schemas/schemas_0.js +54 -12
- package/dist-types/commands/BatchGetSecretValueCommand.d.ts +17 -6
- package/dist-types/commands/CancelRotateSecretCommand.d.ts +11 -13
- package/dist-types/commands/CreateSecretCommand.d.ts +40 -30
- package/dist-types/commands/DeleteResourcePolicyCommand.d.ts +5 -5
- package/dist-types/commands/DeleteSecretCommand.d.ts +25 -23
- package/dist-types/commands/DescribeSecretCommand.d.ts +13 -5
- package/dist-types/commands/GetRandomPasswordCommand.d.ts +10 -7
- package/dist-types/commands/GetResourcePolicyCommand.d.ts +5 -7
- package/dist-types/commands/GetSecretValueCommand.d.ts +12 -12
- package/dist-types/commands/ListSecretVersionIdsCommand.d.ts +6 -6
- package/dist-types/commands/ListSecretsCommand.d.ts +20 -7
- package/dist-types/commands/PutResourcePolicyCommand.d.ts +5 -6
- package/dist-types/commands/PutSecretValueCommand.d.ts +29 -25
- package/dist-types/commands/RemoveRegionsFromReplicationCommand.d.ts +5 -3
- package/dist-types/commands/ReplicateSecretToRegionsCommand.d.ts +8 -3
- package/dist-types/commands/RestoreSecretCommand.d.ts +5 -5
- package/dist-types/commands/RotateSecretCommand.d.ts +28 -13
- package/dist-types/commands/StopReplicationToReplicaCommand.d.ts +7 -5
- package/dist-types/commands/TagResourceCommand.d.ts +12 -11
- package/dist-types/commands/UntagResourceCommand.d.ts +8 -8
- package/dist-types/commands/UpdateSecretCommand.d.ts +35 -24
- package/dist-types/commands/UpdateSecretVersionStageCommand.d.ts +19 -16
- package/dist-types/commands/ValidateResourcePolicyCommand.d.ts +8 -6
- package/dist-types/index.d.ts +3 -1
- package/dist-types/models/enums.d.ts +42 -0
- package/dist-types/models/errors.d.ts +175 -0
- package/dist-types/models/models_0.d.ts +582 -588
- package/dist-types/schemas/schemas_0.d.ts +2 -0
- package/dist-types/ts3.4/index.d.ts +3 -1
- package/dist-types/ts3.4/models/enums.d.ts +22 -0
- package/dist-types/ts3.4/models/errors.d.ts +97 -0
- package/dist-types/ts3.4/models/models_0.d.ts +21 -119
- package/dist-types/ts3.4/schemas/schemas_0.d.ts +2 -0
- package/package.json +12 -12
- package/dist-es/models/index.js +0 -1
- package/dist-types/models/index.d.ts +0 -1
- package/dist-types/ts3.4/models/index.d.ts +0 -1
|
@@ -1,17 +1,19 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { SecretsManagerServiceException as __BaseException } from "./SecretsManagerServiceException";
|
|
1
|
+
import { FilterNameStringType, SortOrderType, StatusType } from "./enums";
|
|
3
2
|
/**
|
|
4
|
-
* <p>A custom type that specifies a <code>Region</code> and the <code>KmsKeyId</code> for a
|
|
3
|
+
* <p>A custom type that specifies a <code>Region</code> and the <code>KmsKeyId</code> for a
|
|
4
|
+
* replica secret.</p>
|
|
5
5
|
* @public
|
|
6
6
|
*/
|
|
7
7
|
export interface ReplicaRegionType {
|
|
8
8
|
/**
|
|
9
|
-
* <p>A Region code. For a list of Region codes, see <a href="https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints">Name and code of
|
|
9
|
+
* <p>A Region code. For a list of Region codes, see <a href="https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints">Name and code of
|
|
10
|
+
* Regions</a>.</p>
|
|
10
11
|
* @public
|
|
11
12
|
*/
|
|
12
13
|
Region?: string | undefined;
|
|
13
14
|
/**
|
|
14
|
-
* <p>The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include
|
|
15
|
+
* <p>The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include
|
|
16
|
+
* this field, Secrets Manager uses <code>aws/secretsmanager</code>.</p>
|
|
15
17
|
* @public
|
|
16
18
|
*/
|
|
17
19
|
KmsKeyId?: string | undefined;
|
|
@@ -27,7 +29,10 @@ export interface APIErrorType {
|
|
|
27
29
|
*/
|
|
28
30
|
SecretId?: string | undefined;
|
|
29
31
|
/**
|
|
30
|
-
* <p>The error Secrets Manager encountered while retrieving an individual secret as part of <a>BatchGetSecretValue</a>, for example
|
|
32
|
+
* <p>The error Secrets Manager encountered while retrieving an individual secret as part of <a>BatchGetSecretValue</a>, for example
|
|
33
|
+
* <code>ResourceNotFoundException</code>,<code>InvalidParameterException</code>,
|
|
34
|
+
* <code>InvalidRequestException</code>, <code>DecryptionFailure</code>, or
|
|
35
|
+
* <code>AccessDeniedException</code>.</p>
|
|
31
36
|
* @public
|
|
32
37
|
*/
|
|
33
38
|
ErrorCode?: string | undefined;
|
|
@@ -38,24 +43,9 @@ export interface APIErrorType {
|
|
|
38
43
|
Message?: string | undefined;
|
|
39
44
|
}
|
|
40
45
|
/**
|
|
41
|
-
*
|
|
42
|
-
*
|
|
43
|
-
|
|
44
|
-
export declare const FilterNameStringType: {
|
|
45
|
-
readonly all: "all";
|
|
46
|
-
readonly description: "description";
|
|
47
|
-
readonly name: "name";
|
|
48
|
-
readonly owning_service: "owning-service";
|
|
49
|
-
readonly primary_region: "primary-region";
|
|
50
|
-
readonly tag_key: "tag-key";
|
|
51
|
-
readonly tag_value: "tag-value";
|
|
52
|
-
};
|
|
53
|
-
/**
|
|
54
|
-
* @public
|
|
55
|
-
*/
|
|
56
|
-
export type FilterNameStringType = (typeof FilterNameStringType)[keyof typeof FilterNameStringType];
|
|
57
|
-
/**
|
|
58
|
-
* <p>Allows you to add filters when you use the search function in Secrets Manager. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Find secrets in Secrets Manager</a>.</p>
|
|
46
|
+
* <p>Allows you to add filters when you use the search function in Secrets Manager. For more
|
|
47
|
+
* information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Find secrets in
|
|
48
|
+
* Secrets Manager</a>.</p>
|
|
59
49
|
* @public
|
|
60
50
|
*/
|
|
61
51
|
export interface Filter {
|
|
@@ -64,7 +54,8 @@ export interface Filter {
|
|
|
64
54
|
* <ul>
|
|
65
55
|
* <li>
|
|
66
56
|
* <p>
|
|
67
|
-
* <b>description</b>: Prefix match, not
|
|
57
|
+
* <b>description</b>: Prefix match, not
|
|
58
|
+
* case-sensitive.</p>
|
|
68
59
|
* </li>
|
|
69
60
|
* <li>
|
|
70
61
|
* <p>
|
|
@@ -76,19 +67,23 @@ export interface Filter {
|
|
|
76
67
|
* </li>
|
|
77
68
|
* <li>
|
|
78
69
|
* <p>
|
|
79
|
-
* <b>tag-value</b>: Prefix match,
|
|
70
|
+
* <b>tag-value</b>: Prefix match,
|
|
71
|
+
* case-sensitive.</p>
|
|
80
72
|
* </li>
|
|
81
73
|
* <li>
|
|
82
74
|
* <p>
|
|
83
|
-
* <b>primary-region</b>: Prefix match,
|
|
75
|
+
* <b>primary-region</b>: Prefix match,
|
|
76
|
+
* case-sensitive.</p>
|
|
84
77
|
* </li>
|
|
85
78
|
* <li>
|
|
86
79
|
* <p>
|
|
87
|
-
* <b>owning-service</b>: Prefix match,
|
|
80
|
+
* <b>owning-service</b>: Prefix match,
|
|
81
|
+
* case-sensitive.</p>
|
|
88
82
|
* </li>
|
|
89
83
|
* <li>
|
|
90
84
|
* <p>
|
|
91
|
-
* <b>all</b>: Breaks the filter value string into
|
|
85
|
+
* <b>all</b>: Breaks the filter value string into
|
|
86
|
+
* words and then searches all attributes for matches. Not case-sensitive.</p>
|
|
92
87
|
* </li>
|
|
93
88
|
* </ul>
|
|
94
89
|
* @public
|
|
@@ -96,7 +91,8 @@ export interface Filter {
|
|
|
96
91
|
Key?: FilterNameStringType | undefined;
|
|
97
92
|
/**
|
|
98
93
|
* <p>The keyword to filter for.</p>
|
|
99
|
-
* <p>You can prefix your search value with an exclamation mark (<code>!</code>) in order to
|
|
94
|
+
* <p>You can prefix your search value with an exclamation mark (<code>!</code>) in order to
|
|
95
|
+
* perform negation filters. </p>
|
|
100
96
|
* @public
|
|
101
97
|
*/
|
|
102
98
|
Values?: string[] | undefined;
|
|
@@ -106,27 +102,30 @@ export interface Filter {
|
|
|
106
102
|
*/
|
|
107
103
|
export interface BatchGetSecretValueRequest {
|
|
108
104
|
/**
|
|
109
|
-
* <p>The ARN or names of the secrets to retrieve. You must include <code>Filters</code> or
|
|
105
|
+
* <p>The ARN or names of the secrets to retrieve. You must include <code>Filters</code> or
|
|
106
|
+
* <code>SecretIdList</code>, but not both.</p>
|
|
110
107
|
* @public
|
|
111
108
|
*/
|
|
112
109
|
SecretIdList?: string[] | undefined;
|
|
113
110
|
/**
|
|
114
|
-
* <p>The filters to choose which secrets to retrieve. You must include <code>Filters</code>
|
|
111
|
+
* <p>The filters to choose which secrets to retrieve. You must include <code>Filters</code>
|
|
112
|
+
* or <code>SecretIdList</code>, but not both.</p>
|
|
115
113
|
* @public
|
|
116
114
|
*/
|
|
117
115
|
Filters?: Filter[] | undefined;
|
|
118
116
|
/**
|
|
119
117
|
* <p>The number of results to include in the response.</p>
|
|
120
|
-
* <p>If there are more results available, in the response, Secrets Manager includes
|
|
121
|
-
*
|
|
122
|
-
*
|
|
118
|
+
* <p>If there are more results available, in the response, Secrets Manager includes
|
|
119
|
+
* <code>NextToken</code>. To get the next results, call
|
|
120
|
+
* <code>BatchGetSecretValue</code> again with the value from <code>NextToken</code>.
|
|
121
|
+
* To use this parameter, you must also use the <code>Filters</code> parameter.</p>
|
|
123
122
|
* @public
|
|
124
123
|
*/
|
|
125
124
|
MaxResults?: number | undefined;
|
|
126
125
|
/**
|
|
127
|
-
* <p>A token that indicates where the output should continue from, if a
|
|
128
|
-
*
|
|
129
|
-
*
|
|
126
|
+
* <p>A token that indicates where the output should continue from, if a previous call did
|
|
127
|
+
* not show all results. To get the next results, call <code>BatchGetSecretValue</code>
|
|
128
|
+
* again with this value.</p>
|
|
130
129
|
* @public
|
|
131
130
|
*/
|
|
132
131
|
NextToken?: string | undefined;
|
|
@@ -142,7 +141,7 @@ export interface SecretValueEntry {
|
|
|
142
141
|
*/
|
|
143
142
|
ARN?: string | undefined;
|
|
144
143
|
/**
|
|
145
|
-
* <p>The friendly name of the secret.
|
|
144
|
+
* <p>The friendly name of the secret. </p>
|
|
146
145
|
* @public
|
|
147
146
|
*/
|
|
148
147
|
Name?: string | undefined;
|
|
@@ -152,22 +151,21 @@ export interface SecretValueEntry {
|
|
|
152
151
|
*/
|
|
153
152
|
VersionId?: string | undefined;
|
|
154
153
|
/**
|
|
155
|
-
* <p>The decrypted secret value, if the secret value was originally provided as
|
|
156
|
-
*
|
|
157
|
-
*
|
|
158
|
-
* string.</p>
|
|
154
|
+
* <p>The decrypted secret value, if the secret value was originally provided as binary data
|
|
155
|
+
* in the form of a byte array. The parameter represents the binary data as a <a href="https://tools.ietf.org/html/rfc4648#section-4">base64-encoded</a>
|
|
156
|
+
* string.</p>
|
|
159
157
|
* @public
|
|
160
158
|
*/
|
|
161
159
|
SecretBinary?: Uint8Array | undefined;
|
|
162
160
|
/**
|
|
163
161
|
* <p>The decrypted secret value, if the secret value was originally provided as a string or
|
|
164
|
-
*
|
|
162
|
+
* through the Secrets Manager console.</p>
|
|
165
163
|
* @public
|
|
166
164
|
*/
|
|
167
165
|
SecretString?: string | undefined;
|
|
168
166
|
/**
|
|
169
167
|
* <p>A list of all of the staging labels currently attached to this version of the
|
|
170
|
-
*
|
|
168
|
+
* secret.</p>
|
|
171
169
|
* @public
|
|
172
170
|
*/
|
|
173
171
|
VersionStages?: string[] | undefined;
|
|
@@ -187,113 +185,20 @@ export interface BatchGetSecretValueResponse {
|
|
|
187
185
|
*/
|
|
188
186
|
SecretValues?: SecretValueEntry[] | undefined;
|
|
189
187
|
/**
|
|
190
|
-
* <p>Secrets Manager includes this value if
|
|
191
|
-
*
|
|
192
|
-
*
|
|
193
|
-
*
|
|
194
|
-
* with this value.</p>
|
|
188
|
+
* <p>Secrets Manager includes this value if there's more output available than what is included in
|
|
189
|
+
* the current response. This can occur even when the response includes no values at all,
|
|
190
|
+
* such as when you ask for a filtered view of a long list. To get the next results, call
|
|
191
|
+
* <code>BatchGetSecretValue</code> again with this value.</p>
|
|
195
192
|
* @public
|
|
196
193
|
*/
|
|
197
194
|
NextToken?: string | undefined;
|
|
198
195
|
/**
|
|
199
|
-
* <p>A list of errors Secrets Manager encountered while attempting to retrieve individual
|
|
196
|
+
* <p>A list of errors Secrets Manager encountered while attempting to retrieve individual
|
|
197
|
+
* secrets.</p>
|
|
200
198
|
* @public
|
|
201
199
|
*/
|
|
202
200
|
Errors?: APIErrorType[] | undefined;
|
|
203
201
|
}
|
|
204
|
-
/**
|
|
205
|
-
* <p>Secrets Manager can't decrypt the protected secret text using the provided KMS key. </p>
|
|
206
|
-
* @public
|
|
207
|
-
*/
|
|
208
|
-
export declare class DecryptionFailure extends __BaseException {
|
|
209
|
-
readonly name: "DecryptionFailure";
|
|
210
|
-
readonly $fault: "client";
|
|
211
|
-
Message?: string | undefined;
|
|
212
|
-
/**
|
|
213
|
-
* @internal
|
|
214
|
-
*/
|
|
215
|
-
constructor(opts: __ExceptionOptionType<DecryptionFailure, __BaseException>);
|
|
216
|
-
}
|
|
217
|
-
/**
|
|
218
|
-
* <p>An error occurred on the server side.</p>
|
|
219
|
-
* @public
|
|
220
|
-
*/
|
|
221
|
-
export declare class InternalServiceError extends __BaseException {
|
|
222
|
-
readonly name: "InternalServiceError";
|
|
223
|
-
readonly $fault: "server";
|
|
224
|
-
Message?: string | undefined;
|
|
225
|
-
/**
|
|
226
|
-
* @internal
|
|
227
|
-
*/
|
|
228
|
-
constructor(opts: __ExceptionOptionType<InternalServiceError, __BaseException>);
|
|
229
|
-
}
|
|
230
|
-
/**
|
|
231
|
-
* <p>The <code>NextToken</code> value is invalid.</p>
|
|
232
|
-
* @public
|
|
233
|
-
*/
|
|
234
|
-
export declare class InvalidNextTokenException extends __BaseException {
|
|
235
|
-
readonly name: "InvalidNextTokenException";
|
|
236
|
-
readonly $fault: "client";
|
|
237
|
-
Message?: string | undefined;
|
|
238
|
-
/**
|
|
239
|
-
* @internal
|
|
240
|
-
*/
|
|
241
|
-
constructor(opts: __ExceptionOptionType<InvalidNextTokenException, __BaseException>);
|
|
242
|
-
}
|
|
243
|
-
/**
|
|
244
|
-
* <p>The parameter name or value is invalid.</p>
|
|
245
|
-
* @public
|
|
246
|
-
*/
|
|
247
|
-
export declare class InvalidParameterException extends __BaseException {
|
|
248
|
-
readonly name: "InvalidParameterException";
|
|
249
|
-
readonly $fault: "client";
|
|
250
|
-
Message?: string | undefined;
|
|
251
|
-
/**
|
|
252
|
-
* @internal
|
|
253
|
-
*/
|
|
254
|
-
constructor(opts: __ExceptionOptionType<InvalidParameterException, __BaseException>);
|
|
255
|
-
}
|
|
256
|
-
/**
|
|
257
|
-
* <p>A parameter value is not valid for the current state of the
|
|
258
|
-
* resource.</p>
|
|
259
|
-
* <p>Possible causes:</p>
|
|
260
|
-
* <ul>
|
|
261
|
-
* <li>
|
|
262
|
-
* <p>The secret is scheduled for deletion.</p>
|
|
263
|
-
* </li>
|
|
264
|
-
* <li>
|
|
265
|
-
* <p>You tried to enable rotation on a secret that doesn't already have a Lambda function
|
|
266
|
-
* ARN configured and you didn't include such an ARN as a parameter in this call. </p>
|
|
267
|
-
* </li>
|
|
268
|
-
* <li>
|
|
269
|
-
* <p>The secret is managed by another service, and you must use that service to update it.
|
|
270
|
-
* For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets managed by other Amazon Web Services services</a>.</p>
|
|
271
|
-
* </li>
|
|
272
|
-
* </ul>
|
|
273
|
-
* @public
|
|
274
|
-
*/
|
|
275
|
-
export declare class InvalidRequestException extends __BaseException {
|
|
276
|
-
readonly name: "InvalidRequestException";
|
|
277
|
-
readonly $fault: "client";
|
|
278
|
-
Message?: string | undefined;
|
|
279
|
-
/**
|
|
280
|
-
* @internal
|
|
281
|
-
*/
|
|
282
|
-
constructor(opts: __ExceptionOptionType<InvalidRequestException, __BaseException>);
|
|
283
|
-
}
|
|
284
|
-
/**
|
|
285
|
-
* <p>Secrets Manager can't find the resource that you asked for.</p>
|
|
286
|
-
* @public
|
|
287
|
-
*/
|
|
288
|
-
export declare class ResourceNotFoundException extends __BaseException {
|
|
289
|
-
readonly name: "ResourceNotFoundException";
|
|
290
|
-
readonly $fault: "client";
|
|
291
|
-
Message?: string | undefined;
|
|
292
|
-
/**
|
|
293
|
-
* @internal
|
|
294
|
-
*/
|
|
295
|
-
constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>);
|
|
296
|
-
}
|
|
297
202
|
/**
|
|
298
203
|
* @public
|
|
299
204
|
*/
|
|
@@ -322,10 +227,10 @@ export interface CancelRotateSecretResponse {
|
|
|
322
227
|
Name?: string | undefined;
|
|
323
228
|
/**
|
|
324
229
|
* <p>The unique identifier of the version of the secret created during the rotation. This
|
|
325
|
-
*
|
|
326
|
-
*
|
|
327
|
-
*
|
|
328
|
-
*
|
|
230
|
+
* version might not be complete, and should be evaluated for possible deletion. We
|
|
231
|
+
* recommend that you remove the <code>VersionStage</code> value <code>AWSPENDING</code>
|
|
232
|
+
* from this version so that Secrets Manager can delete it. Failing to clean up a cancelled rotation
|
|
233
|
+
* can block you from starting future rotations.</p>
|
|
329
234
|
* @public
|
|
330
235
|
*/
|
|
331
236
|
VersionId?: string | undefined;
|
|
@@ -353,17 +258,18 @@ export interface CreateSecretRequest {
|
|
|
353
258
|
/**
|
|
354
259
|
* <p>The name of the new secret.</p>
|
|
355
260
|
* <p>The secret name can contain ASCII letters, numbers, and the following characters:
|
|
356
|
-
*
|
|
357
|
-
* <p>Do not end your secret name with a hyphen followed by six characters. If you do so,
|
|
358
|
-
*
|
|
359
|
-
*
|
|
261
|
+
* /_+=.@-</p>
|
|
262
|
+
* <p>Do not end your secret name with a hyphen followed by six characters. If you do so,
|
|
263
|
+
* you risk confusion and unexpected results when searching for a secret by partial ARN.
|
|
264
|
+
* Secrets Manager automatically adds a hyphen and six random characters after the secret name at the
|
|
265
|
+
* end of the ARN.</p>
|
|
360
266
|
* @public
|
|
361
267
|
*/
|
|
362
268
|
Name: string | undefined;
|
|
363
269
|
/**
|
|
364
|
-
* <p>If you include <code>SecretString</code> or <code>SecretBinary</code>, then
|
|
365
|
-
*
|
|
366
|
-
*
|
|
270
|
+
* <p>If you include <code>SecretString</code> or <code>SecretBinary</code>, then Secrets Manager
|
|
271
|
+
* creates an initial version for the secret, and this parameter specifies the unique
|
|
272
|
+
* identifier for the new version. </p>
|
|
367
273
|
* <note>
|
|
368
274
|
* <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. </p>
|
|
369
275
|
* </note>
|
|
@@ -371,19 +277,20 @@ export interface CreateSecretRequest {
|
|
|
371
277
|
* <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during a rotation. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to ensure uniqueness of your versions within the specified secret. </p>
|
|
372
278
|
* <ul>
|
|
373
279
|
* <li>
|
|
374
|
-
* <p>If the <code>ClientRequestToken</code> value isn't already associated with a
|
|
375
|
-
*
|
|
280
|
+
* <p>If the <code>ClientRequestToken</code> value isn't already associated with a
|
|
281
|
+
* version of the secret then a new version of the secret is created. </p>
|
|
376
282
|
* </li>
|
|
377
283
|
* <li>
|
|
378
|
-
* <p>If a version with this value already exists and the version
|
|
379
|
-
*
|
|
380
|
-
*
|
|
284
|
+
* <p>If a version with this value already exists and the version
|
|
285
|
+
* <code>SecretString</code> and <code>SecretBinary</code> values are the same
|
|
286
|
+
* as those in the request, then the request is ignored.</p>
|
|
381
287
|
* </li>
|
|
382
288
|
* <li>
|
|
383
289
|
* <p>If a version with this value already exists and that version's
|
|
384
|
-
*
|
|
385
|
-
*
|
|
386
|
-
*
|
|
290
|
+
* <code>SecretString</code> and <code>SecretBinary</code> values are different
|
|
291
|
+
* from those in the request, then the request fails because you cannot modify an
|
|
292
|
+
* existing version. Instead, use <a>PutSecretValue</a> to create a new
|
|
293
|
+
* version.</p>
|
|
387
294
|
* </li>
|
|
388
295
|
* </ul>
|
|
389
296
|
* <p>This value becomes the <code>VersionId</code> of the new version.</p>
|
|
@@ -396,62 +303,64 @@ export interface CreateSecretRequest {
|
|
|
396
303
|
*/
|
|
397
304
|
Description?: string | undefined;
|
|
398
305
|
/**
|
|
399
|
-
* <p>The ARN, key ID, or alias of the KMS key that Secrets Manager uses to
|
|
400
|
-
*
|
|
401
|
-
*
|
|
306
|
+
* <p>The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value
|
|
307
|
+
* in the secret. An alias is always prefixed by <code>alias/</code>, for example
|
|
308
|
+
* <code>alias/aws/secretsmanager</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html">About
|
|
309
|
+
* aliases</a>.</p>
|
|
402
310
|
* <p>To use a KMS key in a different account, use the key ARN or the alias ARN.</p>
|
|
403
|
-
* <p>If you don't specify this value, then Secrets Manager uses the key
|
|
404
|
-
*
|
|
405
|
-
*
|
|
406
|
-
* <p>If the secret is in a different Amazon Web Services account from the credentials calling the API,
|
|
407
|
-
*
|
|
408
|
-
*
|
|
311
|
+
* <p>If you don't specify this value, then Secrets Manager uses the key
|
|
312
|
+
* <code>aws/secretsmanager</code>. If that key doesn't yet exist, then Secrets Manager creates
|
|
313
|
+
* it for you automatically the first time it encrypts the secret value.</p>
|
|
314
|
+
* <p>If the secret is in a different Amazon Web Services account from the credentials calling the API,
|
|
315
|
+
* then you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must
|
|
316
|
+
* create and use a customer managed KMS key. </p>
|
|
409
317
|
* @public
|
|
410
318
|
*/
|
|
411
319
|
KmsKeyId?: string | undefined;
|
|
412
320
|
/**
|
|
413
|
-
* <p>The binary data to encrypt and store in the new version of
|
|
414
|
-
*
|
|
415
|
-
*
|
|
416
|
-
* <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but
|
|
417
|
-
*
|
|
321
|
+
* <p>The binary data to encrypt and store in the new version of the secret. We recommend
|
|
322
|
+
* that you store your binary data in a file and then pass the contents of the file as a
|
|
323
|
+
* parameter.</p>
|
|
324
|
+
* <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but
|
|
325
|
+
* not both.</p>
|
|
418
326
|
* <p>This parameter is not available in the Secrets Manager console.</p>
|
|
419
327
|
* <p>Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.</p>
|
|
420
328
|
* @public
|
|
421
329
|
*/
|
|
422
330
|
SecretBinary?: Uint8Array | undefined;
|
|
423
331
|
/**
|
|
424
|
-
* <p>The text data to encrypt and store in this new version of
|
|
425
|
-
*
|
|
426
|
-
* <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but
|
|
427
|
-
*
|
|
428
|
-
* <p>If you create a secret by using the Secrets Manager console then Secrets Manager puts the protected
|
|
429
|
-
*
|
|
430
|
-
*
|
|
332
|
+
* <p>The text data to encrypt and store in this new version of the secret. We recommend you
|
|
333
|
+
* use a JSON structure of key/value pairs for your secret value.</p>
|
|
334
|
+
* <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but
|
|
335
|
+
* not both.</p>
|
|
336
|
+
* <p>If you create a secret by using the Secrets Manager console then Secrets Manager puts the protected secret
|
|
337
|
+
* text in only the <code>SecretString</code> parameter. The Secrets Manager console stores the
|
|
338
|
+
* information as a JSON structure of key/value pairs that a Lambda rotation function can
|
|
339
|
+
* parse.</p>
|
|
431
340
|
* <p>Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.</p>
|
|
432
341
|
* @public
|
|
433
342
|
*/
|
|
434
343
|
SecretString?: string | undefined;
|
|
435
344
|
/**
|
|
436
|
-
* <p>A list of tags to attach to the secret. Each tag
|
|
437
|
-
*
|
|
345
|
+
* <p>A list of tags to attach to the secret. Each tag is a key and value pair of strings in
|
|
346
|
+
* a JSON text string, for example:</p>
|
|
438
347
|
* <p>
|
|
439
348
|
* <code>[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]</code>
|
|
440
349
|
* </p>
|
|
441
350
|
* <p>Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag
|
|
442
|
-
*
|
|
443
|
-
* <p>If you check tags in permissions policies as part of your
|
|
444
|
-
*
|
|
445
|
-
*
|
|
446
|
-
*
|
|
447
|
-
*
|
|
448
|
-
*
|
|
449
|
-
*
|
|
450
|
-
*
|
|
451
|
-
*
|
|
452
|
-
*
|
|
453
|
-
* <p>For tag quotas and naming restrictions, see <a href="https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas">Service quotas for
|
|
454
|
-
*
|
|
351
|
+
* from one with key "abc".</p>
|
|
352
|
+
* <p>If you check tags in permissions policies as part of your security strategy, then
|
|
353
|
+
* adding or removing a tag can change permissions. If the completion of this operation
|
|
354
|
+
* would result in you losing your permissions for this secret, then Secrets Manager blocks the
|
|
355
|
+
* operation and returns an <code>Access Denied</code> error. For more information, see
|
|
356
|
+
* <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac">Control access to secrets using tags</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2">Limit access to identities with tags that match secrets' tags</a>.</p>
|
|
357
|
+
* <p>For information about how to format a JSON parameter for the various command line tool
|
|
358
|
+
* environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for
|
|
359
|
+
* Parameters</a>. If your command-line tool or SDK requires quotation marks around
|
|
360
|
+
* the parameter, you should use single quotes to avoid confusion with the double quotes
|
|
361
|
+
* required in the JSON text.</p>
|
|
362
|
+
* <p>For tag quotas and naming restrictions, see <a href="https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas">Service quotas for
|
|
363
|
+
* Tagging</a> in the <i>Amazon Web Services General Reference guide</i>.</p>
|
|
455
364
|
* @public
|
|
456
365
|
*/
|
|
457
366
|
Tags?: Tag[] | undefined;
|
|
@@ -461,27 +370,21 @@ export interface CreateSecretRequest {
|
|
|
461
370
|
*/
|
|
462
371
|
AddReplicaRegions?: ReplicaRegionType[] | undefined;
|
|
463
372
|
/**
|
|
464
|
-
* <p>Specifies whether to overwrite a secret with the same name in the
|
|
465
|
-
*
|
|
373
|
+
* <p>Specifies whether to overwrite a secret with the same name in the destination Region.
|
|
374
|
+
* By default, secrets aren't overwritten.</p>
|
|
466
375
|
* @public
|
|
467
376
|
*/
|
|
468
377
|
ForceOverwriteReplicaSecret?: boolean | undefined;
|
|
378
|
+
/**
|
|
379
|
+
* <p>The exact string that identifies the partner that holds the external secret. For more
|
|
380
|
+
* information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/managed-external-secrets.html">Using Secrets Manager managed external secrets</a>.</p>
|
|
381
|
+
* @public
|
|
382
|
+
*/
|
|
383
|
+
Type?: string | undefined;
|
|
469
384
|
}
|
|
470
385
|
/**
|
|
471
|
-
*
|
|
472
|
-
*
|
|
473
|
-
*/
|
|
474
|
-
export declare const StatusType: {
|
|
475
|
-
readonly Failed: "Failed";
|
|
476
|
-
readonly InProgress: "InProgress";
|
|
477
|
-
readonly InSync: "InSync";
|
|
478
|
-
};
|
|
479
|
-
/**
|
|
480
|
-
* @public
|
|
481
|
-
*/
|
|
482
|
-
export type StatusType = (typeof StatusType)[keyof typeof StatusType];
|
|
483
|
-
/**
|
|
484
|
-
* <p>A replication object consisting of a <code>RegionReplicationStatus</code> object and includes a Region, KMSKeyId, status, and status message.</p>
|
|
386
|
+
* <p>A replication object consisting of a <code>RegionReplicationStatus</code> object and
|
|
387
|
+
* includes a Region, KMSKeyId, status, and status message.</p>
|
|
485
388
|
* @public
|
|
486
389
|
*/
|
|
487
390
|
export interface ReplicationStatusType {
|
|
@@ -496,18 +399,20 @@ export interface ReplicationStatusType {
|
|
|
496
399
|
*/
|
|
497
400
|
KmsKeyId?: string | undefined;
|
|
498
401
|
/**
|
|
499
|
-
* <p>The status can be <code>InProgress</code>, <code>Failed</code>, or
|
|
402
|
+
* <p>The status can be <code>InProgress</code>, <code>Failed</code>, or
|
|
403
|
+
* <code>InSync</code>.</p>
|
|
500
404
|
* @public
|
|
501
405
|
*/
|
|
502
406
|
Status?: StatusType | undefined;
|
|
503
407
|
/**
|
|
504
408
|
* <p>Status message such as "<i>Secret with this name already exists in this
|
|
505
|
-
*
|
|
409
|
+
* region</i>".</p>
|
|
506
410
|
* @public
|
|
507
411
|
*/
|
|
508
412
|
StatusMessage?: string | undefined;
|
|
509
413
|
/**
|
|
510
|
-
* <p>The date that the secret was last accessed in the Region. This field is omitted if the
|
|
414
|
+
* <p>The date that the secret was last accessed in the Region. This field is omitted if the
|
|
415
|
+
* secret has never been retrieved in the Region.</p>
|
|
511
416
|
* @public
|
|
512
417
|
*/
|
|
513
418
|
LastAccessedDate?: Date | undefined;
|
|
@@ -517,10 +422,10 @@ export interface ReplicationStatusType {
|
|
|
517
422
|
*/
|
|
518
423
|
export interface CreateSecretResponse {
|
|
519
424
|
/**
|
|
520
|
-
* <p>The ARN of the new secret. The ARN includes the name of the secret followed by six
|
|
521
|
-
*
|
|
522
|
-
*
|
|
523
|
-
*
|
|
425
|
+
* <p>The ARN of the new secret. The ARN includes the name of the secret followed by six
|
|
426
|
+
* random characters. This ensures that if you create a new secret with the same name as a
|
|
427
|
+
* deleted secret, then users with access to the old secret don't get access to the new
|
|
428
|
+
* secret because the ARNs are different.</p>
|
|
524
429
|
* @public
|
|
525
430
|
*/
|
|
526
431
|
ARN?: string | undefined;
|
|
@@ -543,7 +448,8 @@ export interface CreateSecretResponse {
|
|
|
543
448
|
* </li>
|
|
544
449
|
* <li>
|
|
545
450
|
* <p>
|
|
546
|
-
* <code>InProgress</code>, which indicates that Secrets Manager is in the
|
|
451
|
+
* <code>InProgress</code>, which indicates that Secrets Manager is in the
|
|
452
|
+
* process of creating the replica.</p>
|
|
547
453
|
* </li>
|
|
548
454
|
* <li>
|
|
549
455
|
* <p>
|
|
@@ -554,73 +460,6 @@ export interface CreateSecretResponse {
|
|
|
554
460
|
*/
|
|
555
461
|
ReplicationStatus?: ReplicationStatusType[] | undefined;
|
|
556
462
|
}
|
|
557
|
-
/**
|
|
558
|
-
* <p>Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the
|
|
559
|
-
* KMS key is available, enabled, and not in an invalid state. For more
|
|
560
|
-
* information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a>.</p>
|
|
561
|
-
* @public
|
|
562
|
-
*/
|
|
563
|
-
export declare class EncryptionFailure extends __BaseException {
|
|
564
|
-
readonly name: "EncryptionFailure";
|
|
565
|
-
readonly $fault: "client";
|
|
566
|
-
Message?: string | undefined;
|
|
567
|
-
/**
|
|
568
|
-
* @internal
|
|
569
|
-
*/
|
|
570
|
-
constructor(opts: __ExceptionOptionType<EncryptionFailure, __BaseException>);
|
|
571
|
-
}
|
|
572
|
-
/**
|
|
573
|
-
* <p>The request failed because it would exceed one of the Secrets Manager quotas.</p>
|
|
574
|
-
* @public
|
|
575
|
-
*/
|
|
576
|
-
export declare class LimitExceededException extends __BaseException {
|
|
577
|
-
readonly name: "LimitExceededException";
|
|
578
|
-
readonly $fault: "client";
|
|
579
|
-
Message?: string | undefined;
|
|
580
|
-
/**
|
|
581
|
-
* @internal
|
|
582
|
-
*/
|
|
583
|
-
constructor(opts: __ExceptionOptionType<LimitExceededException, __BaseException>);
|
|
584
|
-
}
|
|
585
|
-
/**
|
|
586
|
-
* <p>The resource policy has syntax errors.</p>
|
|
587
|
-
* @public
|
|
588
|
-
*/
|
|
589
|
-
export declare class MalformedPolicyDocumentException extends __BaseException {
|
|
590
|
-
readonly name: "MalformedPolicyDocumentException";
|
|
591
|
-
readonly $fault: "client";
|
|
592
|
-
Message?: string | undefined;
|
|
593
|
-
/**
|
|
594
|
-
* @internal
|
|
595
|
-
*/
|
|
596
|
-
constructor(opts: __ExceptionOptionType<MalformedPolicyDocumentException, __BaseException>);
|
|
597
|
-
}
|
|
598
|
-
/**
|
|
599
|
-
* <p>The request failed because you did not complete all the prerequisite steps.</p>
|
|
600
|
-
* @public
|
|
601
|
-
*/
|
|
602
|
-
export declare class PreconditionNotMetException extends __BaseException {
|
|
603
|
-
readonly name: "PreconditionNotMetException";
|
|
604
|
-
readonly $fault: "client";
|
|
605
|
-
Message?: string | undefined;
|
|
606
|
-
/**
|
|
607
|
-
* @internal
|
|
608
|
-
*/
|
|
609
|
-
constructor(opts: __ExceptionOptionType<PreconditionNotMetException, __BaseException>);
|
|
610
|
-
}
|
|
611
|
-
/**
|
|
612
|
-
* <p>A resource with the ID you requested already exists.</p>
|
|
613
|
-
* @public
|
|
614
|
-
*/
|
|
615
|
-
export declare class ResourceExistsException extends __BaseException {
|
|
616
|
-
readonly name: "ResourceExistsException";
|
|
617
|
-
readonly $fault: "client";
|
|
618
|
-
Message?: string | undefined;
|
|
619
|
-
/**
|
|
620
|
-
* @internal
|
|
621
|
-
*/
|
|
622
|
-
constructor(opts: __ExceptionOptionType<ResourceExistsException, __BaseException>);
|
|
623
|
-
}
|
|
624
463
|
/**
|
|
625
464
|
* @public
|
|
626
465
|
*/
|
|
@@ -661,25 +500,28 @@ export interface DeleteSecretRequest {
|
|
|
661
500
|
SecretId: string | undefined;
|
|
662
501
|
/**
|
|
663
502
|
* <p>The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the
|
|
664
|
-
*
|
|
665
|
-
*
|
|
503
|
+
* secret. You can't use both this parameter and <code>ForceDeleteWithoutRecovery</code> in
|
|
504
|
+
* the same call. If you don't use either, then by default Secrets Manager uses a 30 day recovery
|
|
505
|
+
* window.</p>
|
|
666
506
|
* @public
|
|
667
507
|
*/
|
|
668
508
|
RecoveryWindowInDays?: number | undefined;
|
|
669
509
|
/**
|
|
670
|
-
* <p>Specifies whether to delete the secret without any recovery window. You
|
|
671
|
-
*
|
|
672
|
-
*
|
|
673
|
-
* <p>Secrets Manager performs the actual deletion with an asynchronous background process, so there
|
|
674
|
-
*
|
|
675
|
-
*
|
|
676
|
-
*
|
|
510
|
+
* <p>Specifies whether to delete the secret without any recovery window. You can't use both
|
|
511
|
+
* this parameter and <code>RecoveryWindowInDays</code> in the same call. If you don't use
|
|
512
|
+
* either, then by default Secrets Manager uses a 30 day recovery window.</p>
|
|
513
|
+
* <p>Secrets Manager performs the actual deletion with an asynchronous background process, so there
|
|
514
|
+
* might be a short delay before the secret is permanently deleted. If you delete a secret
|
|
515
|
+
* and then immediately create a secret with the same name, use appropriate back off and
|
|
516
|
+
* retry logic.</p>
|
|
517
|
+
* <p>If you forcibly delete an already deleted or nonexistent secret, the operation does
|
|
518
|
+
* not return <code>ResourceNotFoundException</code>.</p>
|
|
677
519
|
* <important>
|
|
678
|
-
* <p>Use this parameter with caution. This parameter causes the operation to skip the
|
|
679
|
-
*
|
|
680
|
-
*
|
|
681
|
-
*
|
|
682
|
-
*
|
|
520
|
+
* <p>Use this parameter with caution. This parameter causes the operation to skip the
|
|
521
|
+
* normal recovery window before the permanent deletion that Secrets Manager would normally
|
|
522
|
+
* impose with the <code>RecoveryWindowInDays</code> parameter. If you delete a secret
|
|
523
|
+
* with the <code>ForceDeleteWithoutRecovery</code> parameter, then you have no
|
|
524
|
+
* opportunity to recover the secret. You lose the secret permanently.</p>
|
|
683
525
|
* </important>
|
|
684
526
|
* @public
|
|
685
527
|
*/
|
|
@@ -701,8 +543,8 @@ export interface DeleteSecretResponse {
|
|
|
701
543
|
Name?: string | undefined;
|
|
702
544
|
/**
|
|
703
545
|
* <p>The date and time after which this secret Secrets Manager can permanently delete this secret,
|
|
704
|
-
*
|
|
705
|
-
*
|
|
546
|
+
* and it can no longer be restored. This value is the date and time of the delete request
|
|
547
|
+
* plus the number of days in <code>RecoveryWindowInDays</code>.</p>
|
|
706
548
|
* @public
|
|
707
549
|
*/
|
|
708
550
|
DeletionDate?: Date | undefined;
|
|
@@ -719,56 +561,80 @@ export interface DescribeSecretRequest {
|
|
|
719
561
|
*/
|
|
720
562
|
SecretId: string | undefined;
|
|
721
563
|
}
|
|
564
|
+
/**
|
|
565
|
+
* <p>The metadata needed to successfully rotate a managed external secret. A list of key
|
|
566
|
+
* value pairs in JSON format specified by the partner. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html">Managed
|
|
567
|
+
* external secret partners</a>.</p>
|
|
568
|
+
* @public
|
|
569
|
+
*/
|
|
570
|
+
export interface ExternalSecretRotationMetadataItem {
|
|
571
|
+
/**
|
|
572
|
+
* <p>The key that identifies the item.</p>
|
|
573
|
+
* @public
|
|
574
|
+
*/
|
|
575
|
+
Key?: string | undefined;
|
|
576
|
+
/**
|
|
577
|
+
* <p>The value of the specified item.</p>
|
|
578
|
+
* @public
|
|
579
|
+
*/
|
|
580
|
+
Value?: string | undefined;
|
|
581
|
+
}
|
|
722
582
|
/**
|
|
723
583
|
* <p>A structure that defines the rotation configuration for the secret.</p>
|
|
724
584
|
* @public
|
|
725
585
|
*/
|
|
726
586
|
export interface RotationRulesType {
|
|
727
587
|
/**
|
|
728
|
-
* <p>The number of days between rotations of the secret. You can use this
|
|
729
|
-
*
|
|
730
|
-
*
|
|
731
|
-
*
|
|
732
|
-
*
|
|
733
|
-
*
|
|
734
|
-
*
|
|
735
|
-
*
|
|
736
|
-
*
|
|
737
|
-
*
|
|
588
|
+
* <p>The number of days between rotations of the secret. You can use this value to check
|
|
589
|
+
* that your secret meets your compliance guidelines for how often secrets must be rotated.
|
|
590
|
+
* If you use this field to set the rotation schedule, Secrets Manager calculates the next rotation
|
|
591
|
+
* date based on the previous rotation. Manually updating the secret value by calling
|
|
592
|
+
* <code>PutSecretValue</code> or <code>UpdateSecret</code> is considered a valid
|
|
593
|
+
* rotation.</p>
|
|
594
|
+
* <p>In <code>DescribeSecret</code> and <code>ListSecrets</code>, this value is calculated
|
|
595
|
+
* from the rotation schedule after every successful rotation. In
|
|
596
|
+
* <code>RotateSecret</code>, you can set the rotation schedule in
|
|
597
|
+
* <code>RotationRules</code> with <code>AutomaticallyAfterDays</code> or
|
|
598
|
+
* <code>ScheduleExpression</code>, but not both. To set a rotation schedule in hours,
|
|
599
|
+
* use <code>ScheduleExpression</code>.</p>
|
|
738
600
|
* @public
|
|
739
601
|
*/
|
|
740
602
|
AutomaticallyAfterDays?: number | undefined;
|
|
741
603
|
/**
|
|
742
604
|
* <p>The length of the rotation window in hours, for example <code>3h</code> for a three
|
|
743
|
-
*
|
|
744
|
-
*
|
|
745
|
-
*
|
|
746
|
-
*
|
|
747
|
-
*
|
|
748
|
-
*
|
|
749
|
-
*
|
|
605
|
+
* hour window. Secrets Manager rotates your secret at any time during this window. The window must
|
|
606
|
+
* not extend into the next rotation window or the next UTC day. The window starts
|
|
607
|
+
* according to the <code>ScheduleExpression</code>. If you don't specify a
|
|
608
|
+
* <code>Duration</code>, for a <code>ScheduleExpression</code> in hours, the window
|
|
609
|
+
* automatically closes after one hour. For a <code>ScheduleExpression</code> in days, the
|
|
610
|
+
* window automatically closes at the end of the UTC day. For more information, including
|
|
611
|
+
* examples, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html">Schedule
|
|
612
|
+
* expressions in Secrets Manager rotation</a> in the <i>Secrets Manager Users
|
|
613
|
+
* Guide</i>.</p>
|
|
750
614
|
* @public
|
|
751
615
|
*/
|
|
752
616
|
Duration?: string | undefined;
|
|
753
617
|
/**
|
|
754
618
|
* <p>A <code>cron()</code> or <code>rate()</code> expression that defines the schedule for
|
|
755
|
-
*
|
|
619
|
+
* rotating your secret. Secrets Manager rotation schedules use UTC time zone. Secrets Manager rotates your
|
|
620
|
+
* secret any time during a rotation window.</p>
|
|
756
621
|
* <p>Secrets Manager <code>rate()</code> expressions represent the interval in hours or days that you
|
|
757
|
-
*
|
|
758
|
-
*
|
|
759
|
-
*
|
|
760
|
-
*
|
|
761
|
-
*
|
|
762
|
-
*
|
|
763
|
-
*
|
|
622
|
+
* want to rotate your secret, for example <code>rate(12 hours)</code> or <code>rate(10
|
|
623
|
+
* days)</code>. You can rotate a secret as often as every four hours. If you use a
|
|
624
|
+
* <code>rate()</code> expression, the rotation window starts at midnight. For a rate
|
|
625
|
+
* in hours, the default rotation window closes after one hour. For a rate in days, the
|
|
626
|
+
* default rotation window closes at the end of the day. You can set the
|
|
627
|
+
* <code>Duration</code> to change the rotation window. The rotation window must not
|
|
628
|
+
* extend into the next UTC day or into the next rotation window.</p>
|
|
764
629
|
* <p>You can use a <code>cron()</code> expression to create a rotation schedule that is
|
|
765
|
-
*
|
|
766
|
-
*
|
|
767
|
-
*
|
|
768
|
-
*
|
|
769
|
-
*
|
|
770
|
-
*
|
|
771
|
-
*
|
|
630
|
+
* more detailed than a rotation interval. For more information, including examples, see
|
|
631
|
+
* <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html">Schedule
|
|
632
|
+
* expressions in Secrets Manager rotation</a> in the <i>Secrets Manager Users Guide</i>.
|
|
633
|
+
* For a cron expression that represents a schedule in hours, the default rotation window
|
|
634
|
+
* closes after one hour. For a cron expression that represents a schedule in days, the
|
|
635
|
+
* default rotation window closes at the end of the day. You can set the
|
|
636
|
+
* <code>Duration</code> to change the rotation window. The rotation window must not
|
|
637
|
+
* extend into the next UTC day or into the next rotation window.</p>
|
|
772
638
|
* @public
|
|
773
639
|
*/
|
|
774
640
|
ScheduleExpression?: string | undefined;
|
|
@@ -787,6 +653,12 @@ export interface DescribeSecretResponse {
|
|
|
787
653
|
* @public
|
|
788
654
|
*/
|
|
789
655
|
Name?: string | undefined;
|
|
656
|
+
/**
|
|
657
|
+
* <p>The exact string that identifies the partner that holds the external secret. For more
|
|
658
|
+
* information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/managed-external-secrets.html">Using Secrets Manager managed external secrets</a>.</p>
|
|
659
|
+
* @public
|
|
660
|
+
*/
|
|
661
|
+
Type?: string | undefined;
|
|
790
662
|
/**
|
|
791
663
|
* <p>The description of the secret.</p>
|
|
792
664
|
* @public
|
|
@@ -794,34 +666,50 @@ export interface DescribeSecretResponse {
|
|
|
794
666
|
Description?: string | undefined;
|
|
795
667
|
/**
|
|
796
668
|
* <p>The key ID or alias ARN of the KMS key that Secrets Manager uses to encrypt the secret value.
|
|
797
|
-
*
|
|
798
|
-
*
|
|
669
|
+
* If the secret is encrypted with the Amazon Web Services managed key
|
|
670
|
+
* <code>aws/secretsmanager</code>, this field is omitted. Secrets created using the
|
|
671
|
+
* console use an KMS key ID.</p>
|
|
799
672
|
* @public
|
|
800
673
|
*/
|
|
801
674
|
KmsKeyId?: string | undefined;
|
|
802
675
|
/**
|
|
803
|
-
* <p>Specifies whether automatic rotation is turned on for this secret.
|
|
804
|
-
*
|
|
805
|
-
*
|
|
676
|
+
* <p>Specifies whether automatic rotation is turned on for this secret. If the secret has
|
|
677
|
+
* never been configured for rotation, Secrets Manager returns null.</p>
|
|
678
|
+
* <p>To turn on rotation, use <a>RotateSecret</a>. To turn off rotation, use
|
|
679
|
+
* <a>CancelRotateSecret</a>.</p>
|
|
806
680
|
* @public
|
|
807
681
|
*/
|
|
808
682
|
RotationEnabled?: boolean | undefined;
|
|
809
683
|
/**
|
|
810
|
-
* <p>The ARN of the Lambda function that Secrets Manager invokes to rotate the
|
|
811
|
-
* secret. </p>
|
|
684
|
+
* <p>The ARN of the Lambda function that Secrets Manager invokes to rotate the secret. </p>
|
|
812
685
|
* @public
|
|
813
686
|
*/
|
|
814
687
|
RotationLambdaARN?: string | undefined;
|
|
815
688
|
/**
|
|
816
|
-
* <p>The rotation schedule and Lambda function for this secret. If the secret previously had
|
|
817
|
-
*
|
|
818
|
-
*
|
|
689
|
+
* <p>The rotation schedule and Lambda function for this secret. If the secret previously had
|
|
690
|
+
* rotation turned on, but it is now turned off, this field shows the previous rotation
|
|
691
|
+
* schedule and rotation function. If the secret never had rotation turned on, this field
|
|
692
|
+
* is omitted.</p>
|
|
819
693
|
* @public
|
|
820
694
|
*/
|
|
821
695
|
RotationRules?: RotationRulesType | undefined;
|
|
822
696
|
/**
|
|
823
|
-
* <p>The
|
|
824
|
-
*
|
|
697
|
+
* <p>The metadata needed to successfully rotate a managed external secret. A list of key
|
|
698
|
+
* value pairs in JSON format specified by the partner. For more information about the
|
|
699
|
+
* required information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html">Managed external secrets partners</a>.</p>
|
|
700
|
+
* @public
|
|
701
|
+
*/
|
|
702
|
+
ExternalSecretRotationMetadata?: ExternalSecretRotationMetadataItem[] | undefined;
|
|
703
|
+
/**
|
|
704
|
+
* <p>The Amazon Resource Name (ARN) of the role that allows Secrets Manager to rotate a secret held
|
|
705
|
+
* by a third-party partner. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-security.html">Security and
|
|
706
|
+
* permissions</a>.</p>
|
|
707
|
+
* @public
|
|
708
|
+
*/
|
|
709
|
+
ExternalSecretRotationRoleArn?: string | undefined;
|
|
710
|
+
/**
|
|
711
|
+
* <p>The last date and time that Secrets Manager rotated the secret. If the secret isn't configured
|
|
712
|
+
* for rotation or rotation has been disabled, Secrets Manager returns null.</p>
|
|
825
713
|
* @public
|
|
826
714
|
*/
|
|
827
715
|
LastRotatedDate?: Date | undefined;
|
|
@@ -831,55 +719,62 @@ export interface DescribeSecretResponse {
|
|
|
831
719
|
*/
|
|
832
720
|
LastChangedDate?: Date | undefined;
|
|
833
721
|
/**
|
|
834
|
-
* <p>The date that the secret was last accessed in the Region. This field is omitted if the
|
|
722
|
+
* <p>The date that the secret was last accessed in the Region. This field is omitted if the
|
|
723
|
+
* secret has never been retrieved in the Region.</p>
|
|
835
724
|
* @public
|
|
836
725
|
*/
|
|
837
726
|
LastAccessedDate?: Date | undefined;
|
|
838
727
|
/**
|
|
839
|
-
* <p>The date the secret is scheduled for deletion. If it is not scheduled for deletion,
|
|
840
|
-
*
|
|
841
|
-
*
|
|
842
|
-
*
|
|
843
|
-
* <p>If a secret is scheduled for deletion, then its details, including the encrypted
|
|
844
|
-
*
|
|
728
|
+
* <p>The date the secret is scheduled for deletion. If it is not scheduled for deletion,
|
|
729
|
+
* this field is omitted. When you delete a secret, Secrets Manager requires a recovery window of at
|
|
730
|
+
* least 7 days before deleting the secret. Some time after the deleted date, Secrets Manager deletes
|
|
731
|
+
* the secret, including all of its versions.</p>
|
|
732
|
+
* <p>If a secret is scheduled for deletion, then its details, including the encrypted
|
|
733
|
+
* secret value, is not accessible. To cancel a scheduled deletion and restore access to
|
|
734
|
+
* the secret, use <a>RestoreSecret</a>.</p>
|
|
845
735
|
* @public
|
|
846
736
|
*/
|
|
847
737
|
DeletedDate?: Date | undefined;
|
|
848
738
|
/**
|
|
849
|
-
* <p>The next rotation is scheduled to occur on or before this date. If the secret isn't
|
|
850
|
-
*
|
|
739
|
+
* <p>The next rotation is scheduled to occur on or before this date. If the secret isn't
|
|
740
|
+
* configured for rotation or rotation has been disabled, Secrets Manager returns null. If rotation
|
|
741
|
+
* fails, Secrets Manager retries the entire rotation process multiple times. If rotation
|
|
742
|
+
* is unsuccessful, this date may be in the past.</p>
|
|
743
|
+
* <p>This date represents the latest date that rotation will occur, but it is not an
|
|
744
|
+
* approximate rotation date. In some cases, for example if you turn off automatic rotation
|
|
745
|
+
* and then turn it back on, the next rotation may occur much sooner than this date.</p>
|
|
851
746
|
* @public
|
|
852
747
|
*/
|
|
853
748
|
NextRotationDate?: Date | undefined;
|
|
854
749
|
/**
|
|
855
|
-
* <p>The list of tags attached to the secret. To add tags to a
|
|
856
|
-
* secret, use <a>TagResource</a>. To remove tags, use <a>UntagResource</a>.</p>
|
|
750
|
+
* <p>The list of tags attached to the secret. To add tags to a secret, use <a>TagResource</a>. To remove tags, use <a>UntagResource</a>.</p>
|
|
857
751
|
* @public
|
|
858
752
|
*/
|
|
859
753
|
Tags?: Tag[] | undefined;
|
|
860
754
|
/**
|
|
861
|
-
* <p>A list of the versions of the secret that have staging labels attached.
|
|
862
|
-
*
|
|
863
|
-
*
|
|
864
|
-
*
|
|
865
|
-
* staging labels for rotation are: </p>
|
|
755
|
+
* <p>A list of the versions of the secret that have staging labels attached. Versions that
|
|
756
|
+
* don't have staging labels are considered deprecated and Secrets Manager can delete them.</p>
|
|
757
|
+
* <p>Secrets Manager uses staging labels to indicate the status of a secret version during rotation.
|
|
758
|
+
* The three staging labels for rotation are: </p>
|
|
866
759
|
* <ul>
|
|
867
760
|
* <li>
|
|
868
761
|
* <p>
|
|
869
|
-
* <code>AWSCURRENT</code>, which indicates the current version of the
|
|
762
|
+
* <code>AWSCURRENT</code>, which indicates the current version of the
|
|
763
|
+
* secret.</p>
|
|
870
764
|
* </li>
|
|
871
765
|
* <li>
|
|
872
766
|
* <p>
|
|
873
|
-
* <code>AWSPENDING</code>, which indicates the version of the secret that
|
|
874
|
-
*
|
|
875
|
-
*
|
|
876
|
-
*
|
|
877
|
-
*
|
|
767
|
+
* <code>AWSPENDING</code>, which indicates the version of the secret that
|
|
768
|
+
* contains new secret information that will become the next current version when
|
|
769
|
+
* rotation finishes.</p>
|
|
770
|
+
* <p>During rotation, Secrets Manager creates an <code>AWSPENDING</code> version ID before
|
|
771
|
+
* creating the new secret version. To check if a secret version exists, call <a>GetSecretValue</a>.</p>
|
|
878
772
|
* </li>
|
|
879
773
|
* <li>
|
|
880
774
|
* <p>
|
|
881
|
-
* <code>AWSPREVIOUS</code>, which indicates the previous current version of the
|
|
882
|
-
*
|
|
775
|
+
* <code>AWSPREVIOUS</code>, which indicates the previous current version of the
|
|
776
|
+
* secret. You can use this as the <i>last known good</i>
|
|
777
|
+
* version.</p>
|
|
883
778
|
* </li>
|
|
884
779
|
* </ul>
|
|
885
780
|
* <p>For more information about rotation and staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
|
|
@@ -887,7 +782,8 @@ export interface DescribeSecretResponse {
|
|
|
887
782
|
*/
|
|
888
783
|
VersionIdsToStages?: Record<string, string[]> | undefined;
|
|
889
784
|
/**
|
|
890
|
-
* <p>The ID of the service that created this secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets managed by
|
|
785
|
+
* <p>The ID of the service that created this secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets managed by
|
|
786
|
+
* other Amazon Web Services services</a>.</p>
|
|
891
787
|
* @public
|
|
892
788
|
*/
|
|
893
789
|
OwningService?: string | undefined;
|
|
@@ -897,7 +793,8 @@ export interface DescribeSecretResponse {
|
|
|
897
793
|
*/
|
|
898
794
|
CreatedDate?: Date | undefined;
|
|
899
795
|
/**
|
|
900
|
-
* <p>The Region the secret is in. If a secret is replicated to other Regions, the replicas
|
|
796
|
+
* <p>The Region the secret is in. If a secret is replicated to other Regions, the replicas
|
|
797
|
+
* are listed in <code>ReplicationStatus</code>. </p>
|
|
901
798
|
* @public
|
|
902
799
|
*/
|
|
903
800
|
PrimaryRegion?: string | undefined;
|
|
@@ -910,7 +807,8 @@ export interface DescribeSecretResponse {
|
|
|
910
807
|
* </li>
|
|
911
808
|
* <li>
|
|
912
809
|
* <p>
|
|
913
|
-
* <code>InProgress</code>, which indicates that Secrets Manager is in the process of
|
|
810
|
+
* <code>InProgress</code>, which indicates that Secrets Manager is in the process of
|
|
811
|
+
* creating the replica.</p>
|
|
914
812
|
* </li>
|
|
915
813
|
* <li>
|
|
916
814
|
* <p>
|
|
@@ -926,8 +824,8 @@ export interface DescribeSecretResponse {
|
|
|
926
824
|
*/
|
|
927
825
|
export interface GetRandomPasswordRequest {
|
|
928
826
|
/**
|
|
929
|
-
* <p>The length of the password. If you don't include this parameter, the
|
|
930
|
-
*
|
|
827
|
+
* <p>The length of the password. If you don't include this parameter, the default length is
|
|
828
|
+
* 32 characters.</p>
|
|
931
829
|
* @public
|
|
932
830
|
*/
|
|
933
831
|
PasswordLength?: number | undefined;
|
|
@@ -937,39 +835,41 @@ export interface GetRandomPasswordRequest {
|
|
|
937
835
|
*/
|
|
938
836
|
ExcludeCharacters?: string | undefined;
|
|
939
837
|
/**
|
|
940
|
-
* <p>Specifies whether to exclude numbers from the password. If you don't
|
|
941
|
-
*
|
|
838
|
+
* <p>Specifies whether to exclude numbers from the password. If you don't include this
|
|
839
|
+
* switch, the password can contain numbers.</p>
|
|
942
840
|
* @public
|
|
943
841
|
*/
|
|
944
842
|
ExcludeNumbers?: boolean | undefined;
|
|
945
843
|
/**
|
|
946
844
|
* <p>Specifies whether to exclude the following punctuation characters from the password:
|
|
947
|
-
*
|
|
948
|
-
*
|
|
845
|
+
* <code>! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` \{ | \}
|
|
846
|
+
* ~</code>. If you don't include this switch, the password can contain
|
|
847
|
+
* punctuation.</p>
|
|
949
848
|
* @public
|
|
950
849
|
*/
|
|
951
850
|
ExcludePunctuation?: boolean | undefined;
|
|
952
851
|
/**
|
|
953
|
-
* <p>Specifies whether to exclude uppercase letters from the password. If you
|
|
954
|
-
*
|
|
852
|
+
* <p>Specifies whether to exclude uppercase letters from the password. If you don't include
|
|
853
|
+
* this switch, the password can contain uppercase letters.</p>
|
|
955
854
|
* @public
|
|
956
855
|
*/
|
|
957
856
|
ExcludeUppercase?: boolean | undefined;
|
|
958
857
|
/**
|
|
959
|
-
* <p>Specifies whether to exclude lowercase letters from the password. If
|
|
960
|
-
*
|
|
858
|
+
* <p>Specifies whether to exclude lowercase letters from the password. If you don't include
|
|
859
|
+
* this switch, the password can contain lowercase letters.</p>
|
|
961
860
|
* @public
|
|
962
861
|
*/
|
|
963
862
|
ExcludeLowercase?: boolean | undefined;
|
|
964
863
|
/**
|
|
965
|
-
* <p>Specifies whether to include the space character. If you
|
|
966
|
-
*
|
|
864
|
+
* <p>Specifies whether to include the space character. If you include this switch, the
|
|
865
|
+
* password can contain space characters.</p>
|
|
967
866
|
* @public
|
|
968
867
|
*/
|
|
969
868
|
IncludeSpace?: boolean | undefined;
|
|
970
869
|
/**
|
|
971
|
-
* <p>Specifies whether to include at least one upper and lowercase letter, one number, and
|
|
972
|
-
*
|
|
870
|
+
* <p>Specifies whether to include at least one upper and lowercase letter, one number, and
|
|
871
|
+
* one punctuation. If you don't include this switch, the password contains at least one of
|
|
872
|
+
* every character type.</p>
|
|
973
873
|
* @public
|
|
974
874
|
*/
|
|
975
875
|
RequireEachIncludedType?: boolean | undefined;
|
|
@@ -989,7 +889,8 @@ export interface GetRandomPasswordResponse {
|
|
|
989
889
|
*/
|
|
990
890
|
export interface GetResourcePolicyRequest {
|
|
991
891
|
/**
|
|
992
|
-
* <p>The ARN or name of the secret to retrieve the attached resource-based policy
|
|
892
|
+
* <p>The ARN or name of the secret to retrieve the attached resource-based policy
|
|
893
|
+
* for.</p>
|
|
993
894
|
* <p>For an ARN, we recommend that you specify a complete ARN rather
|
|
994
895
|
* than a partial ARN. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen">Finding a secret from a partial ARN</a>.</p>
|
|
995
896
|
* @public
|
|
@@ -1011,9 +912,9 @@ export interface GetResourcePolicyResponse {
|
|
|
1011
912
|
*/
|
|
1012
913
|
Name?: string | undefined;
|
|
1013
914
|
/**
|
|
1014
|
-
* <p>A JSON-formatted string that contains the permissions policy
|
|
1015
|
-
*
|
|
1016
|
-
*
|
|
915
|
+
* <p>A JSON-formatted string that contains the permissions policy attached to the secret.
|
|
916
|
+
* For more information about permissions policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication and access
|
|
917
|
+
* control for Secrets Manager</a>.</p>
|
|
1017
918
|
* @public
|
|
1018
919
|
*/
|
|
1019
920
|
ResourcePolicy?: string | undefined;
|
|
@@ -1023,28 +924,31 @@ export interface GetResourcePolicyResponse {
|
|
|
1023
924
|
*/
|
|
1024
925
|
export interface GetSecretValueRequest {
|
|
1025
926
|
/**
|
|
1026
|
-
* <p>The ARN or name of the secret to retrieve. To retrieve a secret from another account,
|
|
927
|
+
* <p>The ARN or name of the secret to retrieve. To retrieve a secret from another account,
|
|
928
|
+
* you must use an ARN.</p>
|
|
1027
929
|
* <p>For an ARN, we recommend that you specify a complete ARN rather
|
|
1028
930
|
* than a partial ARN. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen">Finding a secret from a partial ARN</a>.</p>
|
|
1029
931
|
* @public
|
|
1030
932
|
*/
|
|
1031
933
|
SecretId: string | undefined;
|
|
1032
934
|
/**
|
|
1033
|
-
* <p>The unique identifier of the version of the secret to retrieve. If
|
|
1034
|
-
*
|
|
1035
|
-
*
|
|
1036
|
-
*
|
|
1037
|
-
*
|
|
1038
|
-
*
|
|
935
|
+
* <p>The unique identifier of the version of the secret to retrieve. If you include both
|
|
936
|
+
* this parameter and <code>VersionStage</code>, the two parameters must refer to the same
|
|
937
|
+
* secret version. If you don't specify either a <code>VersionStage</code> or
|
|
938
|
+
* <code>VersionId</code>, then Secrets Manager returns the <code>AWSCURRENT</code>
|
|
939
|
+
* version.</p>
|
|
940
|
+
* <p>This value is typically a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a>
|
|
941
|
+
* value with 32 hexadecimal digits.</p>
|
|
1039
942
|
* @public
|
|
1040
943
|
*/
|
|
1041
944
|
VersionId?: string | undefined;
|
|
1042
945
|
/**
|
|
1043
946
|
* <p>The staging label of the version of the secret to retrieve. </p>
|
|
1044
|
-
* <p>Secrets Manager uses staging labels to keep track of different versions during the rotation
|
|
1045
|
-
*
|
|
1046
|
-
*
|
|
1047
|
-
*
|
|
947
|
+
* <p>Secrets Manager uses staging labels to keep track of different versions during the rotation
|
|
948
|
+
* process. If you include both this parameter and <code>VersionId</code>, the two
|
|
949
|
+
* parameters must refer to the same secret version. If you don't specify either a
|
|
950
|
+
* <code>VersionStage</code> or <code>VersionId</code>, Secrets Manager returns the
|
|
951
|
+
* <code>AWSCURRENT</code> version.</p>
|
|
1048
952
|
* @public
|
|
1049
953
|
*/
|
|
1050
954
|
VersionStage?: string | undefined;
|
|
@@ -1069,71 +973,62 @@ export interface GetSecretValueResponse {
|
|
|
1069
973
|
*/
|
|
1070
974
|
VersionId?: string | undefined;
|
|
1071
975
|
/**
|
|
1072
|
-
* <p>The decrypted secret value, if the secret value was originally provided as
|
|
1073
|
-
*
|
|
976
|
+
* <p>The decrypted secret value, if the secret value was originally provided as binary data
|
|
977
|
+
* in the form of a byte array. When you retrieve a <code>SecretBinary</code> using the
|
|
978
|
+
* HTTP API, the Python SDK, or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it
|
|
979
|
+
* is not encoded.</p>
|
|
1074
980
|
* <p>If the secret was created by using the Secrets Manager console, or if the secret value was
|
|
1075
|
-
*
|
|
1076
|
-
*
|
|
981
|
+
* originally provided as a string, then this field is omitted. The secret value appears in
|
|
982
|
+
* <code>SecretString</code> instead.</p>
|
|
1077
983
|
* <p>Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.</p>
|
|
1078
984
|
* @public
|
|
1079
985
|
*/
|
|
1080
986
|
SecretBinary?: Uint8Array | undefined;
|
|
1081
987
|
/**
|
|
1082
988
|
* <p>The decrypted secret value, if the secret value was originally provided as a string or
|
|
1083
|
-
*
|
|
1084
|
-
* <p>If this secret was created by using the console, then Secrets Manager stores the information as
|
|
1085
|
-
*
|
|
989
|
+
* through the Secrets Manager console.</p>
|
|
990
|
+
* <p>If this secret was created by using the console, then Secrets Manager stores the information as
|
|
991
|
+
* a JSON structure of key/value pairs. </p>
|
|
1086
992
|
* <p>Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.</p>
|
|
1087
993
|
* @public
|
|
1088
994
|
*/
|
|
1089
995
|
SecretString?: string | undefined;
|
|
1090
996
|
/**
|
|
1091
997
|
* <p>A list of all of the staging labels currently attached to this version of the
|
|
1092
|
-
*
|
|
998
|
+
* secret.</p>
|
|
1093
999
|
* @public
|
|
1094
1000
|
*/
|
|
1095
1001
|
VersionStages?: string[] | undefined;
|
|
1096
1002
|
/**
|
|
1097
1003
|
* <p>The date and time that this version of the secret was created. If you don't specify
|
|
1098
|
-
*
|
|
1099
|
-
*
|
|
1004
|
+
* which version in <code>VersionId</code> or <code>VersionStage</code>, then Secrets Manager uses
|
|
1005
|
+
* the <code>AWSCURRENT</code> version.</p>
|
|
1100
1006
|
* @public
|
|
1101
1007
|
*/
|
|
1102
1008
|
CreatedDate?: Date | undefined;
|
|
1103
1009
|
}
|
|
1104
|
-
/**
|
|
1105
|
-
* @public
|
|
1106
|
-
* @enum
|
|
1107
|
-
*/
|
|
1108
|
-
export declare const SortOrderType: {
|
|
1109
|
-
readonly asc: "asc";
|
|
1110
|
-
readonly desc: "desc";
|
|
1111
|
-
};
|
|
1112
|
-
/**
|
|
1113
|
-
* @public
|
|
1114
|
-
*/
|
|
1115
|
-
export type SortOrderType = (typeof SortOrderType)[keyof typeof SortOrderType];
|
|
1116
1010
|
/**
|
|
1117
1011
|
* @public
|
|
1118
1012
|
*/
|
|
1119
1013
|
export interface ListSecretsRequest {
|
|
1120
1014
|
/**
|
|
1121
|
-
* <p>Specifies whether to include secrets scheduled for deletion. By default, secrets
|
|
1015
|
+
* <p>Specifies whether to include secrets scheduled for deletion. By default, secrets
|
|
1016
|
+
* scheduled for deletion aren't included.</p>
|
|
1122
1017
|
* @public
|
|
1123
1018
|
*/
|
|
1124
1019
|
IncludePlannedDeletion?: boolean | undefined;
|
|
1125
1020
|
/**
|
|
1126
1021
|
* <p>The number of results to include in the response.</p>
|
|
1127
|
-
* <p>If there are more results available, in the response, Secrets Manager includes
|
|
1128
|
-
*
|
|
1129
|
-
*
|
|
1022
|
+
* <p>If there are more results available, in the response, Secrets Manager includes
|
|
1023
|
+
* <code>NextToken</code>. To get the next results, call <code>ListSecrets</code> again
|
|
1024
|
+
* with the value from <code>NextToken</code>.</p>
|
|
1130
1025
|
* @public
|
|
1131
1026
|
*/
|
|
1132
1027
|
MaxResults?: number | undefined;
|
|
1133
1028
|
/**
|
|
1134
|
-
* <p>A token that indicates where the output should continue from, if a
|
|
1135
|
-
*
|
|
1136
|
-
*
|
|
1029
|
+
* <p>A token that indicates where the output should continue from, if a previous call did
|
|
1030
|
+
* not show all results. To get the next results, call <code>ListSecrets</code> again with
|
|
1031
|
+
* this value.</p>
|
|
1137
1032
|
* @public
|
|
1138
1033
|
*/
|
|
1139
1034
|
NextToken?: string | undefined;
|
|
@@ -1149,10 +1044,9 @@ export interface ListSecretsRequest {
|
|
|
1149
1044
|
SortOrder?: SortOrderType | undefined;
|
|
1150
1045
|
}
|
|
1151
1046
|
/**
|
|
1152
|
-
* <p>A structure that contains the details about a secret. It does not include the
|
|
1153
|
-
*
|
|
1154
|
-
*
|
|
1155
|
-
* .</p>
|
|
1047
|
+
* <p>A structure that contains the details about a secret. It does not include the
|
|
1048
|
+
* encrypted <code>SecretString</code> and <code>SecretBinary</code> values. To get those
|
|
1049
|
+
* values, use <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html">GetSecretValue</a> .</p>
|
|
1156
1050
|
* @public
|
|
1157
1051
|
*/
|
|
1158
1052
|
export interface SecretListEntry {
|
|
@@ -1162,18 +1056,26 @@ export interface SecretListEntry {
|
|
|
1162
1056
|
*/
|
|
1163
1057
|
ARN?: string | undefined;
|
|
1164
1058
|
/**
|
|
1165
|
-
* <p>The friendly name of the secret.
|
|
1059
|
+
* <p>The friendly name of the secret. </p>
|
|
1166
1060
|
* @public
|
|
1167
1061
|
*/
|
|
1168
1062
|
Name?: string | undefined;
|
|
1063
|
+
/**
|
|
1064
|
+
* <p>The exact string that identifies the third-party partner that holds the external
|
|
1065
|
+
* secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html">Managed external secret
|
|
1066
|
+
* partners</a>.</p>
|
|
1067
|
+
* @public
|
|
1068
|
+
*/
|
|
1069
|
+
Type?: string | undefined;
|
|
1169
1070
|
/**
|
|
1170
1071
|
* <p>The user-provided description of the secret.</p>
|
|
1171
1072
|
* @public
|
|
1172
1073
|
*/
|
|
1173
1074
|
Description?: string | undefined;
|
|
1174
1075
|
/**
|
|
1175
|
-
* <p>The ARN of the KMS key that Secrets Manager uses to encrypt the secret value. If the secret is
|
|
1176
|
-
*
|
|
1076
|
+
* <p>The ARN of the KMS key that Secrets Manager uses to encrypt the secret value. If the secret is
|
|
1077
|
+
* encrypted with the Amazon Web Services managed key <code>aws/secretsmanager</code>, this
|
|
1078
|
+
* field is omitted.</p>
|
|
1177
1079
|
* @public
|
|
1178
1080
|
*/
|
|
1179
1081
|
KmsKeyId?: string | undefined;
|
|
@@ -1183,8 +1085,8 @@ export interface SecretListEntry {
|
|
|
1183
1085
|
*/
|
|
1184
1086
|
RotationEnabled?: boolean | undefined;
|
|
1185
1087
|
/**
|
|
1186
|
-
* <p>The ARN of an Amazon Web Services Lambda function invoked by Secrets Manager to rotate and expire the
|
|
1187
|
-
*
|
|
1088
|
+
* <p>The ARN of an Amazon Web Services Lambda function invoked by Secrets Manager to rotate and expire the secret
|
|
1089
|
+
* either automatically per the schedule or manually by a call to <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html">
|
|
1188
1090
|
* <code>RotateSecret</code>
|
|
1189
1091
|
* </a>.</p>
|
|
1190
1092
|
* @public
|
|
@@ -1196,7 +1098,22 @@ export interface SecretListEntry {
|
|
|
1196
1098
|
*/
|
|
1197
1099
|
RotationRules?: RotationRulesType | undefined;
|
|
1198
1100
|
/**
|
|
1199
|
-
* <p>The
|
|
1101
|
+
* <p>The metadata needed to successfully rotate a managed external secret. A list of key
|
|
1102
|
+
* value pairs in JSON format specified by the partner. For more information about the
|
|
1103
|
+
* required information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html">Managed external secrets partners</a>.</p>
|
|
1104
|
+
* @public
|
|
1105
|
+
*/
|
|
1106
|
+
ExternalSecretRotationMetadata?: ExternalSecretRotationMetadataItem[] | undefined;
|
|
1107
|
+
/**
|
|
1108
|
+
* <p>The role that Secrets Manager assumes to call APIs required to perform the rotation. For more
|
|
1109
|
+
* information about the required information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html">Managed
|
|
1110
|
+
* external secrets partners</a>.</p>
|
|
1111
|
+
* @public
|
|
1112
|
+
*/
|
|
1113
|
+
ExternalSecretRotationRoleArn?: string | undefined;
|
|
1114
|
+
/**
|
|
1115
|
+
* <p>The most recent date and time that the Secrets Manager rotation process was
|
|
1116
|
+
* successfully completed. This value is null if the secret hasn't ever rotated.</p>
|
|
1200
1117
|
* @public
|
|
1201
1118
|
*/
|
|
1202
1119
|
LastRotatedDate?: Date | undefined;
|
|
@@ -1206,42 +1123,44 @@ export interface SecretListEntry {
|
|
|
1206
1123
|
*/
|
|
1207
1124
|
LastChangedDate?: Date | undefined;
|
|
1208
1125
|
/**
|
|
1209
|
-
* <p>The date that the secret was last accessed in the Region. This field is omitted if the
|
|
1126
|
+
* <p>The date that the secret was last accessed in the Region. This field is omitted if the
|
|
1127
|
+
* secret has never been retrieved in the Region.</p>
|
|
1210
1128
|
* @public
|
|
1211
1129
|
*/
|
|
1212
1130
|
LastAccessedDate?: Date | undefined;
|
|
1213
1131
|
/**
|
|
1214
|
-
* <p>The date and time the deletion of the secret occurred. Not present on active secrets.
|
|
1215
|
-
*
|
|
1216
|
-
*
|
|
1132
|
+
* <p>The date and time the deletion of the secret occurred. Not present on active secrets.
|
|
1133
|
+
* The secret can be recovered until the number of days in the recovery window has passed,
|
|
1134
|
+
* as specified in the <code>RecoveryWindowInDays</code> parameter of the <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html">
|
|
1217
1135
|
* <code>DeleteSecret</code>
|
|
1218
1136
|
* </a> operation.</p>
|
|
1219
1137
|
* @public
|
|
1220
1138
|
*/
|
|
1221
1139
|
DeletedDate?: Date | undefined;
|
|
1222
1140
|
/**
|
|
1223
|
-
* <p>The next rotation is scheduled to occur on or before this date. If the secret isn't
|
|
1141
|
+
* <p>The next rotation is scheduled to occur on or before this date. If the secret isn't
|
|
1142
|
+
* configured for rotation or rotation has been disabled, Secrets Manager returns null.</p>
|
|
1224
1143
|
* @public
|
|
1225
1144
|
*/
|
|
1226
1145
|
NextRotationDate?: Date | undefined;
|
|
1227
1146
|
/**
|
|
1228
|
-
* <p>The list of user-defined tags associated with the secret. To add tags to a
|
|
1229
|
-
*
|
|
1147
|
+
* <p>The list of user-defined tags associated with the secret. To add tags to a secret, use
|
|
1148
|
+
* <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html">
|
|
1230
1149
|
* <code>TagResource</code>
|
|
1231
|
-
* </a>.
|
|
1232
|
-
* To remove tags, use <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html">
|
|
1150
|
+
* </a>. To remove tags, use <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html">
|
|
1233
1151
|
* <code>UntagResource</code>
|
|
1234
1152
|
* </a>.</p>
|
|
1235
1153
|
* @public
|
|
1236
1154
|
*/
|
|
1237
1155
|
Tags?: Tag[] | undefined;
|
|
1238
1156
|
/**
|
|
1239
|
-
* <p>A list of all of the currently assigned <code>SecretVersionStage</code> staging labels
|
|
1240
|
-
*
|
|
1241
|
-
*
|
|
1157
|
+
* <p>A list of all of the currently assigned <code>SecretVersionStage</code> staging labels
|
|
1158
|
+
* and the <code>SecretVersionId</code> attached to each one. Staging labels are used to
|
|
1159
|
+
* keep track of the different versions during the rotation process.</p>
|
|
1242
1160
|
* <note>
|
|
1243
1161
|
* <p>A version that does not have any <code>SecretVersionStage</code> is considered
|
|
1244
|
-
*
|
|
1162
|
+
* deprecated and subject to deletion. Such versions are not included in this
|
|
1163
|
+
* list.</p>
|
|
1245
1164
|
* </note>
|
|
1246
1165
|
* @public
|
|
1247
1166
|
*/
|
|
@@ -1272,11 +1191,10 @@ export interface ListSecretsResponse {
|
|
|
1272
1191
|
*/
|
|
1273
1192
|
SecretList?: SecretListEntry[] | undefined;
|
|
1274
1193
|
/**
|
|
1275
|
-
* <p>Secrets Manager includes this value if
|
|
1276
|
-
*
|
|
1277
|
-
*
|
|
1278
|
-
*
|
|
1279
|
-
* with this value.</p>
|
|
1194
|
+
* <p>Secrets Manager includes this value if there's more output available than what is included in
|
|
1195
|
+
* the current response. This can occur even when the response includes no values at all,
|
|
1196
|
+
* such as when you ask for a filtered view of a long list. To get the next results, call
|
|
1197
|
+
* <code>ListSecrets</code> again with this value.</p>
|
|
1280
1198
|
* @public
|
|
1281
1199
|
*/
|
|
1282
1200
|
NextToken?: string | undefined;
|
|
@@ -1294,22 +1212,25 @@ export interface ListSecretVersionIdsRequest {
|
|
|
1294
1212
|
SecretId: string | undefined;
|
|
1295
1213
|
/**
|
|
1296
1214
|
* <p>The number of results to include in the response.</p>
|
|
1297
|
-
* <p>If there are more results available, in the response, Secrets Manager includes
|
|
1298
|
-
*
|
|
1215
|
+
* <p>If there are more results available, in the response, Secrets Manager includes
|
|
1216
|
+
* <code>NextToken</code>. To get the next results, call
|
|
1217
|
+
* <code>ListSecretVersionIds</code> again with the value from <code>NextToken</code>.
|
|
1218
|
+
* </p>
|
|
1299
1219
|
* @public
|
|
1300
1220
|
*/
|
|
1301
1221
|
MaxResults?: number | undefined;
|
|
1302
1222
|
/**
|
|
1303
|
-
* <p>A token that indicates where the output should continue from, if a previous call
|
|
1304
|
-
*
|
|
1305
|
-
*
|
|
1223
|
+
* <p>A token that indicates where the output should continue from, if a previous call did
|
|
1224
|
+
* not show all results. To get the next results, call <code>ListSecretVersionIds</code>
|
|
1225
|
+
* again with this value.</p>
|
|
1306
1226
|
* @public
|
|
1307
1227
|
*/
|
|
1308
1228
|
NextToken?: string | undefined;
|
|
1309
1229
|
/**
|
|
1310
|
-
* <p>Specifies whether to include versions of secrets that don't have any
|
|
1311
|
-
*
|
|
1312
|
-
*
|
|
1230
|
+
* <p>Specifies whether to include versions of secrets that don't have any staging labels
|
|
1231
|
+
* attached to them. Versions without staging labels are considered deprecated and are
|
|
1232
|
+
* subject to deletion by Secrets Manager. By default, versions without staging labels aren't
|
|
1233
|
+
* included.</p>
|
|
1313
1234
|
* @public
|
|
1314
1235
|
*/
|
|
1315
1236
|
IncludeDeprecated?: boolean | undefined;
|
|
@@ -1326,13 +1247,13 @@ export interface SecretVersionsListEntry {
|
|
|
1326
1247
|
VersionId?: string | undefined;
|
|
1327
1248
|
/**
|
|
1328
1249
|
* <p>An array of staging labels that are currently associated with this version of the
|
|
1329
|
-
*
|
|
1250
|
+
* secret.</p>
|
|
1330
1251
|
* @public
|
|
1331
1252
|
*/
|
|
1332
1253
|
VersionStages?: string[] | undefined;
|
|
1333
1254
|
/**
|
|
1334
|
-
* <p>The date that this version of the secret was last accessed. Note that the resolution
|
|
1335
|
-
*
|
|
1255
|
+
* <p>The date that this version of the secret was last accessed. Note that the resolution
|
|
1256
|
+
* of this field is at the date level and does not include the time.</p>
|
|
1336
1257
|
* @public
|
|
1337
1258
|
*/
|
|
1338
1259
|
LastAccessedDate?: Date | undefined;
|
|
@@ -1357,10 +1278,10 @@ export interface ListSecretVersionIdsResponse {
|
|
|
1357
1278
|
*/
|
|
1358
1279
|
Versions?: SecretVersionsListEntry[] | undefined;
|
|
1359
1280
|
/**
|
|
1360
|
-
* <p>Secrets Manager includes this value if there's more output available than what is included
|
|
1361
|
-
*
|
|
1362
|
-
*
|
|
1363
|
-
*
|
|
1281
|
+
* <p>Secrets Manager includes this value if there's more output available than what is included in
|
|
1282
|
+
* the current response. This can occur even when the response includes no values at all,
|
|
1283
|
+
* such as when you ask for a filtered view of a long list. To get the next results, call
|
|
1284
|
+
* <code>ListSecretVersionIds</code> again with this value. </p>
|
|
1364
1285
|
* @public
|
|
1365
1286
|
*/
|
|
1366
1287
|
NextToken?: string | undefined;
|
|
@@ -1375,19 +1296,6 @@ export interface ListSecretVersionIdsResponse {
|
|
|
1375
1296
|
*/
|
|
1376
1297
|
Name?: string | undefined;
|
|
1377
1298
|
}
|
|
1378
|
-
/**
|
|
1379
|
-
* <p>The <code>BlockPublicPolicy</code> parameter is set to true, and the resource policy did not prevent broad access to the secret.</p>
|
|
1380
|
-
* @public
|
|
1381
|
-
*/
|
|
1382
|
-
export declare class PublicPolicyException extends __BaseException {
|
|
1383
|
-
readonly name: "PublicPolicyException";
|
|
1384
|
-
readonly $fault: "client";
|
|
1385
|
-
Message?: string | undefined;
|
|
1386
|
-
/**
|
|
1387
|
-
* @internal
|
|
1388
|
-
*/
|
|
1389
|
-
constructor(opts: __ExceptionOptionType<PublicPolicyException, __BaseException>);
|
|
1390
|
-
}
|
|
1391
1299
|
/**
|
|
1392
1300
|
* @public
|
|
1393
1301
|
*/
|
|
@@ -1400,22 +1308,30 @@ export interface PutResourcePolicyRequest {
|
|
|
1400
1308
|
*/
|
|
1401
1309
|
SecretId: string | undefined;
|
|
1402
1310
|
/**
|
|
1403
|
-
* <p>A JSON-formatted string for an Amazon Web Services
|
|
1404
|
-
*
|
|
1405
|
-
* policy examples</a>.</p>
|
|
1311
|
+
* <p>A JSON-formatted string for an Amazon Web Services resource-based policy. For example policies, see
|
|
1312
|
+
* <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html">Permissions policy examples</a>.</p>
|
|
1406
1313
|
* @public
|
|
1407
1314
|
*/
|
|
1408
1315
|
ResourcePolicy: string | undefined;
|
|
1409
1316
|
/**
|
|
1410
|
-
* <p>Specifies whether to block resource-based policies that allow broad access to the
|
|
1317
|
+
* <p>Specifies whether to block resource-based policies that allow broad access to the
|
|
1318
|
+
* secret, for example those that use a wildcard for the principal. By default, public
|
|
1319
|
+
* policies aren't blocked.</p>
|
|
1411
1320
|
* <important>
|
|
1412
|
-
* <p>Resource policy validation and the BlockPublicPolicy parameter help protect your
|
|
1321
|
+
* <p>Resource policy validation and the BlockPublicPolicy parameter help protect your
|
|
1322
|
+
* resources by preventing public access from being granted through the resource
|
|
1323
|
+
* policies that are directly attached to your secrets. In addition to using these
|
|
1324
|
+
* features, carefully inspect the following policies to confirm that they do not grant
|
|
1325
|
+
* public access:</p>
|
|
1413
1326
|
* <ul>
|
|
1414
1327
|
* <li>
|
|
1415
|
-
* <p>Identity-based policies attached to associated Amazon Web Services
|
|
1328
|
+
* <p>Identity-based policies attached to associated Amazon Web Services
|
|
1329
|
+
* principals (for example, IAM roles)</p>
|
|
1416
1330
|
* </li>
|
|
1417
1331
|
* <li>
|
|
1418
|
-
* <p>Resource-based policies attached to associated Amazon Web Services
|
|
1332
|
+
* <p>Resource-based policies attached to associated Amazon Web Services
|
|
1333
|
+
* resources (for example, Key Management Service (KMS)
|
|
1334
|
+
* keys)</p>
|
|
1419
1335
|
* </li>
|
|
1420
1336
|
* </ul>
|
|
1421
1337
|
* <p>To review permissions to your secrets, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/determine-acccess_examine-iam-policies.html">Determine who has permissions to your secrets</a>.</p>
|
|
@@ -1460,19 +1376,21 @@ export interface PutSecretValueRequest {
|
|
|
1460
1376
|
* <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during a rotation. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to ensure uniqueness of your versions within the specified secret. </p>
|
|
1461
1377
|
* <ul>
|
|
1462
1378
|
* <li>
|
|
1463
|
-
* <p>If the <code>ClientRequestToken</code> value isn't already associated with a
|
|
1464
|
-
*
|
|
1379
|
+
* <p>If the <code>ClientRequestToken</code> value isn't already associated with a
|
|
1380
|
+
* version of the secret then a new version of the secret is created. </p>
|
|
1465
1381
|
* </li>
|
|
1466
1382
|
* <li>
|
|
1467
1383
|
* <p>If a version with this value already exists and that version's
|
|
1468
|
-
*
|
|
1469
|
-
*
|
|
1384
|
+
* <code>SecretString</code> or <code>SecretBinary</code> values are the same
|
|
1385
|
+
* as those in the request then the request is ignored. The operation is
|
|
1386
|
+
* idempotent. </p>
|
|
1470
1387
|
* </li>
|
|
1471
1388
|
* <li>
|
|
1472
1389
|
* <p>If a version with this value already exists and the version of the
|
|
1473
|
-
*
|
|
1474
|
-
*
|
|
1475
|
-
*
|
|
1390
|
+
* <code>SecretString</code> and <code>SecretBinary</code> values are different
|
|
1391
|
+
* from those in the request, then the request fails because you can't modify a
|
|
1392
|
+
* secret version. You can only create new versions to store new secret
|
|
1393
|
+
* values.</p>
|
|
1476
1394
|
* </li>
|
|
1477
1395
|
* </ul>
|
|
1478
1396
|
* <p>This value becomes the <code>VersionId</code> of the new version.</p>
|
|
@@ -1480,11 +1398,11 @@ export interface PutSecretValueRequest {
|
|
|
1480
1398
|
*/
|
|
1481
1399
|
ClientRequestToken?: string | undefined;
|
|
1482
1400
|
/**
|
|
1483
|
-
* <p>The binary data to encrypt and store in the new version of
|
|
1484
|
-
*
|
|
1485
|
-
*
|
|
1486
|
-
*
|
|
1487
|
-
*
|
|
1401
|
+
* <p>The binary data to encrypt and store in the new version of the secret. To use this
|
|
1402
|
+
* parameter in the command-line tools, we recommend that you store your binary data in a
|
|
1403
|
+
* file and then pass the contents of the file as a parameter. </p>
|
|
1404
|
+
* <p>You must include <code>SecretBinary</code> or <code>SecretString</code>, but not
|
|
1405
|
+
* both.</p>
|
|
1488
1406
|
* <p>You can't access this value from the Secrets Manager console.</p>
|
|
1489
1407
|
* <p>Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.</p>
|
|
1490
1408
|
* @public
|
|
@@ -1492,28 +1410,35 @@ export interface PutSecretValueRequest {
|
|
|
1492
1410
|
SecretBinary?: Uint8Array | undefined;
|
|
1493
1411
|
/**
|
|
1494
1412
|
* <p>The text to encrypt and store in the new version of the secret. </p>
|
|
1495
|
-
* <p>You must include <code>SecretBinary</code> or <code>SecretString</code>, but not
|
|
1496
|
-
*
|
|
1413
|
+
* <p>You must include <code>SecretBinary</code> or <code>SecretString</code>, but not
|
|
1414
|
+
* both.</p>
|
|
1415
|
+
* <p>We recommend you create the secret string as JSON key/value pairs, as shown in the
|
|
1416
|
+
* example.</p>
|
|
1497
1417
|
* <p>Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.</p>
|
|
1498
1418
|
* @public
|
|
1499
1419
|
*/
|
|
1500
1420
|
SecretString?: string | undefined;
|
|
1501
1421
|
/**
|
|
1502
|
-
* <p>A list of staging labels to attach to this version of the
|
|
1503
|
-
*
|
|
1504
|
-
* <p>If you specify a staging
|
|
1505
|
-
*
|
|
1506
|
-
*
|
|
1507
|
-
*
|
|
1508
|
-
*
|
|
1509
|
-
*
|
|
1510
|
-
*
|
|
1511
|
-
* moves the staging label <code>AWSCURRENT</code> to this version.</p>
|
|
1422
|
+
* <p>A list of staging labels to attach to this version of the secret. Secrets Manager uses staging
|
|
1423
|
+
* labels to track versions of a secret through the rotation process.</p>
|
|
1424
|
+
* <p>If you specify a staging label that's already associated with a different version of
|
|
1425
|
+
* the same secret, then Secrets Manager removes the label from the other version and attaches it to
|
|
1426
|
+
* this version. If you specify <code>AWSCURRENT</code>, and it is already attached to
|
|
1427
|
+
* another version, then Secrets Manager also moves the staging label <code>AWSPREVIOUS</code> to the
|
|
1428
|
+
* version that <code>AWSCURRENT</code> was removed from.</p>
|
|
1429
|
+
* <p>If you don't include <code>VersionStages</code>, then Secrets Manager automatically moves the
|
|
1430
|
+
* staging label <code>AWSCURRENT</code> to this version.</p>
|
|
1512
1431
|
* @public
|
|
1513
1432
|
*/
|
|
1514
1433
|
VersionStages?: string[] | undefined;
|
|
1515
1434
|
/**
|
|
1516
|
-
* <p>A unique identifier that indicates the source of the request.
|
|
1435
|
+
* <p>A unique identifier that indicates the source of the request. Required for secret
|
|
1436
|
+
* rotations using an IAM assumed role or cross-account rotation, in which you rotate a
|
|
1437
|
+
* secret in one account by using a Lambda rotation function in another account. In both
|
|
1438
|
+
* cases, the rotation function assumes an IAM role to call Secrets Manager, and then Secrets Manager validates
|
|
1439
|
+
* the identity using the token. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">How rotation
|
|
1440
|
+
* works</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda">Rotation by Lambda
|
|
1441
|
+
* functions</a>.</p>
|
|
1517
1442
|
* <p>Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.</p>
|
|
1518
1443
|
* @public
|
|
1519
1444
|
*/
|
|
@@ -1540,8 +1465,8 @@ export interface PutSecretValueResponse {
|
|
|
1540
1465
|
VersionId?: string | undefined;
|
|
1541
1466
|
/**
|
|
1542
1467
|
* <p>The list of staging labels that are currently attached to this version of the secret.
|
|
1543
|
-
*
|
|
1544
|
-
*
|
|
1468
|
+
* Secrets Manager uses staging labels to track a version as it progresses through the secret
|
|
1469
|
+
* rotation process.</p>
|
|
1545
1470
|
* @public
|
|
1546
1471
|
*/
|
|
1547
1472
|
VersionStages?: string[] | undefined;
|
|
@@ -1591,7 +1516,8 @@ export interface ReplicateSecretToRegionsRequest {
|
|
|
1591
1516
|
*/
|
|
1592
1517
|
AddReplicaRegions: ReplicaRegionType[] | undefined;
|
|
1593
1518
|
/**
|
|
1594
|
-
* <p>Specifies whether to overwrite a secret with the same name in the destination Region.
|
|
1519
|
+
* <p>Specifies whether to overwrite a secret with the same name in the destination Region.
|
|
1520
|
+
* By default, secrets aren't overwritten.</p>
|
|
1595
1521
|
* @public
|
|
1596
1522
|
*/
|
|
1597
1523
|
ForceOverwriteReplicaSecret?: boolean | undefined;
|
|
@@ -1650,8 +1576,9 @@ export interface RotateSecretRequest {
|
|
|
1650
1576
|
*/
|
|
1651
1577
|
SecretId: string | undefined;
|
|
1652
1578
|
/**
|
|
1653
|
-
* <p>A unique identifier for the new version of the secret. You only need to specify this
|
|
1654
|
-
*
|
|
1579
|
+
* <p>A unique identifier for the new version of the secret. You only need to specify this
|
|
1580
|
+
* value if you implement your own retry logic and you want to ensure that Secrets Manager doesn't
|
|
1581
|
+
* attempt to create a secret version twice.</p>
|
|
1655
1582
|
* <note>
|
|
1656
1583
|
* <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. </p>
|
|
1657
1584
|
* </note>
|
|
@@ -1661,24 +1588,72 @@ export interface RotateSecretRequest {
|
|
|
1661
1588
|
*/
|
|
1662
1589
|
ClientRequestToken?: string | undefined;
|
|
1663
1590
|
/**
|
|
1664
|
-
* <p>For secrets that use a Lambda rotation function to rotate, the ARN of the Lambda
|
|
1665
|
-
*
|
|
1591
|
+
* <p>For secrets that use a Lambda rotation function to rotate, the ARN of the Lambda
|
|
1592
|
+
* rotation function. </p>
|
|
1593
|
+
* <p>For secrets that use <i>managed rotation</i>, omit this field. For more
|
|
1594
|
+
* information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html">Managed
|
|
1595
|
+
* rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
|
|
1666
1596
|
* @public
|
|
1667
1597
|
*/
|
|
1668
1598
|
RotationLambdaARN?: string | undefined;
|
|
1669
1599
|
/**
|
|
1670
1600
|
* <p>A structure that defines the rotation configuration for this secret.</p>
|
|
1601
|
+
* <important>
|
|
1602
|
+
* <p>When changing an existing rotation schedule and setting
|
|
1603
|
+
* <code>RotateImmediately</code> to <code>false</code>:</p>
|
|
1604
|
+
* <ul>
|
|
1605
|
+
* <li>
|
|
1606
|
+
* <p>If using <code>AutomaticallyAfterDays</code> or a
|
|
1607
|
+
* <code>ScheduleExpression</code> with <code>rate()</code>, the previously
|
|
1608
|
+
* scheduled rotation might still occur.</p>
|
|
1609
|
+
* </li>
|
|
1610
|
+
* <li>
|
|
1611
|
+
* <p>To prevent unintended rotations, use a <code>ScheduleExpression</code>
|
|
1612
|
+
* with <code>cron()</code> for granular control over rotation windows.</p>
|
|
1613
|
+
* </li>
|
|
1614
|
+
* </ul>
|
|
1615
|
+
* </important>
|
|
1671
1616
|
* @public
|
|
1672
1617
|
*/
|
|
1673
1618
|
RotationRules?: RotationRulesType | undefined;
|
|
1674
1619
|
/**
|
|
1675
|
-
* <p>
|
|
1676
|
-
*
|
|
1677
|
-
*
|
|
1678
|
-
*
|
|
1679
|
-
*
|
|
1680
|
-
|
|
1681
|
-
|
|
1620
|
+
* <p>The metadata needed to successfully rotate a managed external secret. A list of key
|
|
1621
|
+
* value pairs in JSON format specified by the partner. For more information about the
|
|
1622
|
+
* required information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/managed-external-secrets.html">Using Secrets Manager managed external secrets</a>
|
|
1623
|
+
* </p>
|
|
1624
|
+
* @public
|
|
1625
|
+
*/
|
|
1626
|
+
ExternalSecretRotationMetadata?: ExternalSecretRotationMetadataItem[] | undefined;
|
|
1627
|
+
/**
|
|
1628
|
+
* <p>The Amazon Resource Name (ARN) of the role that allows Secrets Manager to rotate a secret held
|
|
1629
|
+
* by a third-party partner. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-security.html">Security and
|
|
1630
|
+
* permissions</a>.</p>
|
|
1631
|
+
* @public
|
|
1632
|
+
*/
|
|
1633
|
+
ExternalSecretRotationRoleArn?: string | undefined;
|
|
1634
|
+
/**
|
|
1635
|
+
* <p>Specifies whether to rotate the secret immediately or wait until the next scheduled
|
|
1636
|
+
* rotation window. The rotation schedule is defined in <a>RotateSecretRequest$RotationRules</a>.</p>
|
|
1637
|
+
* <p>The default for <code>RotateImmediately</code> is <code>true</code>. If you don't
|
|
1638
|
+
* specify this value, Secrets Manager rotates the secret immediately.</p>
|
|
1639
|
+
* <p>If you set <code>RotateImmediately</code> to <code>false</code>, Secrets Manager tests
|
|
1640
|
+
* the rotation configuration by running the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">
|
|
1641
|
+
* <code>testSecret</code> step</a> of the Lambda rotation function. This test
|
|
1642
|
+
* creates an <code>AWSPENDING</code> version of the secret and then removes it.</p>
|
|
1643
|
+
* <p>When changing an existing rotation schedule and setting <code>RotateImmediately</code>
|
|
1644
|
+
* to <code>false</code>:</p>
|
|
1645
|
+
* <ul>
|
|
1646
|
+
* <li>
|
|
1647
|
+
* <p>If using <code>AutomaticallyAfterDays</code> or a
|
|
1648
|
+
* <code>ScheduleExpression</code> with <code>rate()</code>, the previously
|
|
1649
|
+
* scheduled rotation might still occur.</p>
|
|
1650
|
+
* </li>
|
|
1651
|
+
* <li>
|
|
1652
|
+
* <p>To prevent unintended rotations, use a <code>ScheduleExpression</code> with
|
|
1653
|
+
* <code>cron()</code> for granular control over rotation windows.</p>
|
|
1654
|
+
* </li>
|
|
1655
|
+
* </ul>
|
|
1656
|
+
* <p>Rotation is an asynchronous process. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
|
|
1682
1657
|
* @public
|
|
1683
1658
|
*/
|
|
1684
1659
|
RotateImmediately?: boolean | undefined;
|
|
@@ -1708,7 +1683,8 @@ export interface RotateSecretResponse {
|
|
|
1708
1683
|
*/
|
|
1709
1684
|
export interface StopReplicationToReplicaRequest {
|
|
1710
1685
|
/**
|
|
1711
|
-
* <p>The
|
|
1686
|
+
* <p>The name of the secret or the replica ARN. The replica ARN is the same as the original
|
|
1687
|
+
* primary secret ARN expect the Region is changed to the replica Region. </p>
|
|
1712
1688
|
* @public
|
|
1713
1689
|
*/
|
|
1714
1690
|
SecretId: string | undefined;
|
|
@@ -1718,7 +1694,8 @@ export interface StopReplicationToReplicaRequest {
|
|
|
1718
1694
|
*/
|
|
1719
1695
|
export interface StopReplicationToReplicaResponse {
|
|
1720
1696
|
/**
|
|
1721
|
-
* <p>The ARN of the promoted secret. The ARN is the same as the original primary secret
|
|
1697
|
+
* <p>The ARN of the promoted secret. The ARN is the same as the original primary secret
|
|
1698
|
+
* except the Region is changed.</p>
|
|
1722
1699
|
* @public
|
|
1723
1700
|
*/
|
|
1724
1701
|
ARN?: string | undefined;
|
|
@@ -1728,16 +1705,16 @@ export interface StopReplicationToReplicaResponse {
|
|
|
1728
1705
|
*/
|
|
1729
1706
|
export interface TagResourceRequest {
|
|
1730
1707
|
/**
|
|
1731
|
-
* <p>The identifier for the secret to attach tags to. You can specify either the
|
|
1732
|
-
*
|
|
1708
|
+
* <p>The identifier for the secret to attach tags to. You can specify either the Amazon
|
|
1709
|
+
* Resource Name (ARN) or the friendly name of the secret.</p>
|
|
1733
1710
|
* <p>For an ARN, we recommend that you specify a complete ARN rather
|
|
1734
1711
|
* than a partial ARN. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen">Finding a secret from a partial ARN</a>.</p>
|
|
1735
1712
|
* @public
|
|
1736
1713
|
*/
|
|
1737
1714
|
SecretId: string | undefined;
|
|
1738
1715
|
/**
|
|
1739
|
-
* <p>The tags to attach to the secret as a JSON text string argument. Each element in the
|
|
1740
|
-
*
|
|
1716
|
+
* <p>The tags to attach to the secret as a JSON text string argument. Each element in the
|
|
1717
|
+
* list consists of a <code>Key</code> and a <code>Value</code>.</p>
|
|
1741
1718
|
* <p>For storing multiple values, we recommend that you use a JSON text
|
|
1742
1719
|
* string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
|
|
1743
1720
|
* in the Amazon Web Services CLI User Guide.</p>
|
|
@@ -1757,8 +1734,8 @@ export interface UntagResourceRequest {
|
|
|
1757
1734
|
*/
|
|
1758
1735
|
SecretId: string | undefined;
|
|
1759
1736
|
/**
|
|
1760
|
-
* <p>A list of tag key names to remove from the secret. You don't specify the value. Both
|
|
1761
|
-
*
|
|
1737
|
+
* <p>A list of tag key names to remove from the secret. You don't specify the value. Both
|
|
1738
|
+
* the key and its associated value are removed.</p>
|
|
1762
1739
|
* <p>This parameter requires a JSON text string argument.</p>
|
|
1763
1740
|
* <p>For storing multiple values, we recommend that you use a JSON text
|
|
1764
1741
|
* string argument and specify key/value pairs. For more information, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html">Specifying parameter values for the Amazon Web Services CLI</a>
|
|
@@ -1779,9 +1756,9 @@ export interface UpdateSecretRequest {
|
|
|
1779
1756
|
*/
|
|
1780
1757
|
SecretId: string | undefined;
|
|
1781
1758
|
/**
|
|
1782
|
-
* <p>If you include <code>SecretString</code> or <code>SecretBinary</code>, then Secrets Manager
|
|
1783
|
-
*
|
|
1784
|
-
*
|
|
1759
|
+
* <p>If you include <code>SecretString</code> or <code>SecretBinary</code>, then Secrets Manager
|
|
1760
|
+
* creates a new version for the secret, and this parameter specifies the unique identifier
|
|
1761
|
+
* for the new version.</p>
|
|
1785
1762
|
* <note>
|
|
1786
1763
|
* <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. </p>
|
|
1787
1764
|
* </note>
|
|
@@ -1796,47 +1773,61 @@ export interface UpdateSecretRequest {
|
|
|
1796
1773
|
*/
|
|
1797
1774
|
Description?: string | undefined;
|
|
1798
1775
|
/**
|
|
1799
|
-
* <p>The ARN, key ID, or alias of the KMS key that Secrets Manager
|
|
1800
|
-
*
|
|
1801
|
-
*
|
|
1802
|
-
*
|
|
1803
|
-
*
|
|
1776
|
+
* <p>The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt new
|
|
1777
|
+
* secret versions as well as any existing versions with the staging labels
|
|
1778
|
+
* <code>AWSCURRENT</code>, <code>AWSPENDING</code>, or <code>AWSPREVIOUS</code>. If
|
|
1779
|
+
* you don't have <code>kms:Encrypt</code> permission to the new key, Secrets Manager does not
|
|
1780
|
+
* re-encrypt existing secret versions with the new key. For more information about
|
|
1781
|
+
* versions and staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">Concepts:
|
|
1782
|
+
* Version</a>.</p>
|
|
1783
|
+
* <p>A key alias is always prefixed by <code>alias/</code>, for example
|
|
1784
|
+
* <code>alias/aws/secretsmanager</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html">About
|
|
1785
|
+
* aliases</a>.</p>
|
|
1804
1786
|
* <p>If you set this to an empty string, Secrets Manager uses the Amazon Web Services managed key
|
|
1805
|
-
*
|
|
1806
|
-
*
|
|
1807
|
-
*
|
|
1808
|
-
*
|
|
1787
|
+
* <code>aws/secretsmanager</code>. If this key doesn't already exist in your account,
|
|
1788
|
+
* then Secrets Manager creates it for you automatically. All users and roles in the Amazon Web Services account
|
|
1789
|
+
* automatically have access to use <code>aws/secretsmanager</code>. Creating
|
|
1790
|
+
* <code>aws/secretsmanager</code> can result in a one-time significant delay in
|
|
1791
|
+
* returning the result. </p>
|
|
1809
1792
|
* <important>
|
|
1810
|
-
* <p>You can only use the Amazon Web Services managed key
|
|
1811
|
-
*
|
|
1812
|
-
*
|
|
1813
|
-
*
|
|
1814
|
-
*
|
|
1793
|
+
* <p>You can only use the Amazon Web Services managed key
|
|
1794
|
+
* <code>aws/secretsmanager</code> if you call this operation using credentials from
|
|
1795
|
+
* the same Amazon Web Services account that owns the secret. If the secret is in a different
|
|
1796
|
+
* account, then you must use a customer managed key and provide the ARN of that
|
|
1797
|
+
* KMS key in this field. The user making the call must have
|
|
1798
|
+
* permissions to both the secret and the KMS key in their respective
|
|
1799
|
+
* accounts.</p>
|
|
1815
1800
|
* </important>
|
|
1816
1801
|
* @public
|
|
1817
1802
|
*/
|
|
1818
1803
|
KmsKeyId?: string | undefined;
|
|
1819
1804
|
/**
|
|
1820
|
-
* <p>The binary data to encrypt and store in the new
|
|
1821
|
-
*
|
|
1822
|
-
*
|
|
1823
|
-
*
|
|
1824
|
-
*
|
|
1825
|
-
* <code>SecretString</code> must have a value, but not both.</p>
|
|
1805
|
+
* <p>The binary data to encrypt and store in the new version of the secret. We recommend
|
|
1806
|
+
* that you store your binary data in a file and then pass the contents of the file as a
|
|
1807
|
+
* parameter. </p>
|
|
1808
|
+
* <p>Either <code>SecretBinary</code> or <code>SecretString</code> must have a value, but
|
|
1809
|
+
* not both.</p>
|
|
1826
1810
|
* <p>You can't access this parameter in the Secrets Manager console.</p>
|
|
1827
1811
|
* <p>Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.</p>
|
|
1828
1812
|
* @public
|
|
1829
1813
|
*/
|
|
1830
1814
|
SecretBinary?: Uint8Array | undefined;
|
|
1831
1815
|
/**
|
|
1832
|
-
* <p>The text data to encrypt and store in the new
|
|
1833
|
-
*
|
|
1834
|
-
* <p>Either <code>SecretBinary</code> or <code>SecretString</code> must have
|
|
1835
|
-
*
|
|
1816
|
+
* <p>The text data to encrypt and store in the new version of the secret. We recommend you
|
|
1817
|
+
* use a JSON structure of key/value pairs for your secret value. </p>
|
|
1818
|
+
* <p>Either <code>SecretBinary</code> or <code>SecretString</code> must have a value, but
|
|
1819
|
+
* not both. </p>
|
|
1836
1820
|
* <p>Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.</p>
|
|
1837
1821
|
* @public
|
|
1838
1822
|
*/
|
|
1839
1823
|
SecretString?: string | undefined;
|
|
1824
|
+
/**
|
|
1825
|
+
* <p>The exact string that identifies the third-party partner that holds the external
|
|
1826
|
+
* secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/mes-partners.html">Managed external secret
|
|
1827
|
+
* partners</a>.</p>
|
|
1828
|
+
* @public
|
|
1829
|
+
*/
|
|
1830
|
+
Type?: string | undefined;
|
|
1840
1831
|
}
|
|
1841
1832
|
/**
|
|
1842
1833
|
* @public
|
|
@@ -1853,8 +1844,8 @@ export interface UpdateSecretResponse {
|
|
|
1853
1844
|
*/
|
|
1854
1845
|
Name?: string | undefined;
|
|
1855
1846
|
/**
|
|
1856
|
-
* <p>If Secrets Manager created a new version of the secret during this operation, then
|
|
1857
|
-
*
|
|
1847
|
+
* <p>If Secrets Manager created a new version of the secret during this operation, then
|
|
1848
|
+
* <code>VersionId</code> contains the unique identifier of the new version.</p>
|
|
1858
1849
|
* @public
|
|
1859
1850
|
*/
|
|
1860
1851
|
VersionId?: string | undefined;
|
|
@@ -1876,19 +1867,19 @@ export interface UpdateSecretVersionStageRequest {
|
|
|
1876
1867
|
*/
|
|
1877
1868
|
VersionStage: string | undefined;
|
|
1878
1869
|
/**
|
|
1879
|
-
* <p>The ID of the version that the staging label is to be removed
|
|
1880
|
-
*
|
|
1881
|
-
*
|
|
1882
|
-
*
|
|
1883
|
-
*
|
|
1870
|
+
* <p>The ID of the version that the staging label is to be removed from. If the staging
|
|
1871
|
+
* label you are trying to attach to one version is already attached to a different
|
|
1872
|
+
* version, then you must include this parameter and specify the version that the label is
|
|
1873
|
+
* to be removed from. If the label is attached and you either do not specify this
|
|
1874
|
+
* parameter, or the version ID does not match, then the operation fails.</p>
|
|
1884
1875
|
* @public
|
|
1885
1876
|
*/
|
|
1886
1877
|
RemoveFromVersionId?: string | undefined;
|
|
1887
1878
|
/**
|
|
1888
|
-
* <p>The ID of the version to add the staging label to. To
|
|
1889
|
-
*
|
|
1890
|
-
* <p>If the staging label is already attached to a different version of the secret, then
|
|
1891
|
-
*
|
|
1879
|
+
* <p>The ID of the version to add the staging label to. To remove a label from a version,
|
|
1880
|
+
* then do not specify this parameter.</p>
|
|
1881
|
+
* <p>If the staging label is already attached to a different version of the secret, then
|
|
1882
|
+
* you must also specify the <code>RemoveFromVersionId</code> parameter. </p>
|
|
1892
1883
|
* @public
|
|
1893
1884
|
*/
|
|
1894
1885
|
MoveToVersionId?: string | undefined;
|
|
@@ -1913,14 +1904,16 @@ export interface UpdateSecretVersionStageResponse {
|
|
|
1913
1904
|
*/
|
|
1914
1905
|
export interface ValidateResourcePolicyRequest {
|
|
1915
1906
|
/**
|
|
1916
|
-
* <p>The ARN or name of the secret with the resource-based policy you want to
|
|
1907
|
+
* <p>The ARN or name of the secret with the resource-based policy you want to
|
|
1908
|
+
* validate.</p>
|
|
1917
1909
|
* @public
|
|
1918
1910
|
*/
|
|
1919
1911
|
SecretId?: string | undefined;
|
|
1920
1912
|
/**
|
|
1921
|
-
* <p>A JSON-formatted string that contains an Amazon Web Services
|
|
1922
|
-
*
|
|
1923
|
-
*
|
|
1913
|
+
* <p>A JSON-formatted string that contains an Amazon Web Services resource-based policy. The policy in
|
|
1914
|
+
* the string identifies who can access or manage this secret and its versions. For example
|
|
1915
|
+
* policies, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html">Permissions
|
|
1916
|
+
* policy examples</a>.</p>
|
|
1924
1917
|
* @public
|
|
1925
1918
|
*/
|
|
1926
1919
|
ResourcePolicy: string | undefined;
|
|
@@ -1936,7 +1929,8 @@ export interface ValidationErrorsEntry {
|
|
|
1936
1929
|
*/
|
|
1937
1930
|
CheckName?: string | undefined;
|
|
1938
1931
|
/**
|
|
1939
|
-
* <p>Displays error messages if validation encounters problems during validation of the
|
|
1932
|
+
* <p>Displays error messages if validation encounters problems during validation of the
|
|
1933
|
+
* resource policy.</p>
|
|
1940
1934
|
* @public
|
|
1941
1935
|
*/
|
|
1942
1936
|
ErrorMessage?: string | undefined;
|