@aws-sdk/client-secrets-manager 3.934.0 → 3.936.0

package/dist-types/commands/ListSecretsCommand.d.ts

@@ -28,16 +28,21 @@ declare const ListSecretsCommand_base: {
 };
 /**
  * <p>Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets
- *       that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console.</p>
- *          <p>All Secrets Manager operations are eventually consistent. ListSecrets might not reflect changes from the last five minutes. You can get more recent information for a specific secret by calling <a>DescribeSecret</a>.</p>
+ *             that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager
+ *             console.</p>
+ *          <p>All Secrets Manager operations are eventually consistent. ListSecrets might not
+ *             reflect changes from the last five minutes. You can get more recent information for a
+ *             specific secret by calling <a>DescribeSecret</a>.</p>
  *          <p>To list the versions of a secret, use <a>ListSecretVersionIds</a>.</p>
- *          <p>To retrieve the values for the secrets, call <a>BatchGetSecretValue</a> or <a>GetSecretValue</a>.</p>
- *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Find secrets in Secrets Manager</a>.</p>
+ *          <p>To retrieve the values for the secrets, call <a>BatchGetSecretValue</a> or
+ *                 <a>GetSecretValue</a>.</p>
+ *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Find secrets in
+ *                 Secrets Manager</a>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:ListSecrets</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:ListSecrets</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example
@@ -69,6 +74,7 @@ declare const ListSecretsCommand_base: {
  * //     { // SecretListEntry
  * //       ARN: "STRING_VALUE",
  * //       Name: "STRING_VALUE",
+ * //       Type: "STRING_VALUE",
  * //       Description: "STRING_VALUE",
  * //       KmsKeyId: "STRING_VALUE",
  * //       RotationEnabled: true || false,
@@ -78,6 +84,13 @@ declare const ListSecretsCommand_base: {
  * //         Duration: "STRING_VALUE",
  * //         ScheduleExpression: "STRING_VALUE",
  * //       },
+ * //       ExternalSecretRotationMetadata: [ // ExternalSecretRotationMetadataType
+ * //         { // ExternalSecretRotationMetadataItem
+ * //           Key: "STRING_VALUE",
+ * //           Value: "STRING_VALUE",
+ * //         },
+ * //       ],
+ * //       ExternalSecretRotationRoleArn: "STRING_VALUE",
  * //       LastRotatedDate: new Date("TIMESTAMP"),
  * //       LastChangedDate: new Date("TIMESTAMP"),
  * //       LastAccessedDate: new Date("TIMESTAMP"),

package/dist-types/commands/PutResourcePolicyCommand.d.ts

@@ -28,15 +28,14 @@ declare const PutResourcePolicyCommand_base: {
 };
 /**
  * <p>Attaches a resource-based permission policy to a secret. A resource-based policy is
- *       optional. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication and access control for Secrets Manager</a>
+ *             optional. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication and access control for Secrets Manager</a>
  *          </p>
- *          <p>For information about attaching a policy in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html">Attach a
- *       permissions policy to a secret</a>.</p>
+ *          <p>For information about attaching a policy in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html">Attach a permissions policy to a secret</a>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:PutResourcePolicy</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:PutResourcePolicy</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/PutSecretValueCommand.d.ts

@@ -27,32 +27,36 @@ declare const PutSecretValueCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Creates a new version with a new encrypted secret value and attaches it to the secret. The
- *       version can contain a new <code>SecretString</code> value or a new <code>SecretBinary</code> value. </p>
- *          <p>We recommend you avoid calling <code>PutSecretValue</code> at a sustained rate of more than
- *       once every 10 minutes. When you update the secret value, Secrets Manager creates a new version
- *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not
- *       remove versions created less than 24 hours ago. If you call <code>PutSecretValue</code> more
- *       than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach
- *       the quota for secret versions.</p>
- *          <p>You can specify the staging labels to attach to the new version in <code>VersionStages</code>.
- *       If you don't include <code>VersionStages</code>, then Secrets Manager automatically
- *       moves the staging label <code>AWSCURRENT</code> to this version. If this operation creates
- *       the first version for the secret, then Secrets Manager
- *         automatically attaches the staging label <code>AWSCURRENT</code> to it.
- *     If this operation moves the staging label <code>AWSCURRENT</code> from another version to this
- *       version, then Secrets Manager also automatically moves the staging label <code>AWSPREVIOUS</code> to
- *       the version that <code>AWSCURRENT</code> was removed from.</p>
- *          <p>This operation is idempotent. If you call this operation with a <code>ClientRequestToken</code>
- *     that matches an existing version's VersionId, and you specify the
- *       same secret data, the operation succeeds but does nothing. However, if the secret data is
- *       different, then the operation fails because you can't modify an existing version; you can
- *       only create new ones.</p>
- *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except <code>SecretBinary</code>, <code>SecretString</code>, or <code>RotationToken</code> because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
+ * <p>Creates a new version of your secret by creating a new encrypted value and attaching
+ *             it to the secret. version can contain a new <code>SecretString</code> value or a new
+ *                 <code>SecretBinary</code> value. </p>
+ *          <p>Do not call <code>PutSecretValue</code> at a sustained rate of more than once every 10
+ *             minutes. When you update the secret value, Secrets Manager creates a new version of the secret.
+ *             Secrets Manager keeps 100 of the most recent versions, but it keeps <i>all</i>
+ *             secret versions created in the last 24 hours. If you call <code>PutSecretValue</code>
+ *             more than once every 10 minutes, you will create more versions than Secrets Manager removes, and
+ *             you will reach the quota for secret versions.</p>
+ *          <p>You can specify the staging labels to attach to the new version in
+ *                 <code>VersionStages</code>. If you don't include <code>VersionStages</code>, then
+ *             Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to this version. If
+ *             this operation creates the first version for the secret, then Secrets Manager automatically
+ *             attaches the staging label <code>AWSCURRENT</code> to it. If this operation moves the
+ *             staging label <code>AWSCURRENT</code> from another version to this version, then Secrets Manager
+ *             also automatically moves the staging label <code>AWSPREVIOUS</code> to the version that
+ *                 <code>AWSCURRENT</code> was removed from.</p>
+ *          <p>This operation is idempotent. If you call this operation with a
+ *                 <code>ClientRequestToken</code> that matches an existing version's VersionId, and
+ *             you specify the same secret data, the operation succeeds but does nothing. However, if
+ *             the secret data is different, then the operation fails because you can't modify an
+ *             existing version; you can only create new ones.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action.
+ *             Do not include sensitive information in request parameters except
+ *                 <code>SecretBinary</code>, <code>SecretString</code>, or <code>RotationToken</code>
+ *             because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:PutSecretValue</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:PutSecretValue</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  *          <important>

package/dist-types/commands/RemoveRegionsFromReplicationCommand.d.ts

@@ -27,12 +27,14 @@ declare const RemoveRegionsFromReplicationCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify.</p>
+ * <p>For a secret that is replicated to other Regions, deletes the secret replicas from the
+ *             Regions you specify.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
+ *             <b>Required permissions:
+ *                 </b>
  *             <code>secretsmanager:RemoveRegionsFromReplication</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/ReplicateSecretToRegionsCommand.d.ts

@@ -30,9 +30,14 @@ declare const ReplicateSecretToRegionsCommand_base: {
  * <p>Replicates the secret to a new Regions. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html">Multi-Region secrets</a>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:ReplicateSecretToRegions</code>.
- *       If the primary secret is encrypted with a KMS key other than <code>aws/secretsmanager</code>, you also need <code>kms:Decrypt</code> permission to the key. To encrypt the replicated secret with a KMS key other than <code>aws/secretsmanager</code>, you need <code>kms:GenerateDataKey</code> and <code>kms:Encrypt</code> to the key. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:ReplicateSecretToRegions</code>. If the primary
+ *             secret is encrypted with a KMS key other than <code>aws/secretsmanager</code>, you also
+ *             need <code>kms:Decrypt</code> permission to the key. To encrypt the replicated secret
+ *             with a KMS key other than <code>aws/secretsmanager</code>, you need
+ *                 <code>kms:GenerateDataKey</code> and <code>kms:Encrypt</code> to the key.
+ *             For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/RestoreSecretCommand.d.ts

@@ -27,13 +27,13 @@ declare const RestoreSecretCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Cancels the scheduled deletion of a secret by removing the <code>DeletedDate</code> time
- *       stamp. You can access a secret again after it has been restored.</p>
+ * <p>Cancels the scheduled deletion of a secret by removing the <code>DeletedDate</code>
+ *             time stamp. You can access a secret again after it has been restored.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:RestoreSecret</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:RestoreSecret</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/RotateSecretCommand.d.ts

@@ -27,22 +27,30 @@ declare const RotateSecretCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Configures and starts the asynchronous process of rotating the secret. For information about rotation,
- *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a> in the <i>Secrets Manager User Guide</i>. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. </p>
- *          <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be attached
- *       to the same version as the <code>AWSCURRENT</code> version, or it might not be attached to any
- *       version. If the <code>AWSPENDING</code> staging label is present but not attached to the same
- *       version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code>
- *       assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
+ * <p>Configures and starts the asynchronous process of rotating the secret. For information
+ *             about rotation, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a>
+ *             in the <i>Secrets Manager User Guide</i>. If you include the configuration
+ *             parameters, the operation sets the values for the secret and then immediately starts a
+ *             rotation. If you don't include the configuration parameters, the operation starts a
+ *             rotation with the values already stored in the secret. </p>
+ *          <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be
+ *             attached to the same version as the <code>AWSCURRENT</code> version, or it might not be
+ *             attached to any version. If the <code>AWSPENDING</code> staging label is present but not
+ *             attached to the same version as <code>AWSCURRENT</code>, then any later invocation of
+ *                 <code>RotateSecret</code> assumes that a previous rotation request is still in
+ *             progress and returns an error. When rotation is unsuccessful, the
+ *                 <code>AWSPENDING</code> staging label might be attached to an empty secret version.
+ *             For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot
+ *                 rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:RotateSecret</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:RotateSecret</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
- *       and access control in Secrets Manager</a>. You also need <code>lambda:InvokeFunction</code> permissions on the rotation function.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html">
- *         Permissions for rotation</a>.</p>
+ *       and access control in Secrets Manager</a>. You also
+ *             need <code>lambda:InvokeFunction</code> permissions on the rotation function. For more
+ *             information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html"> Permissions for rotation</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -60,6 +68,13 @@ declare const RotateSecretCommand_base: {
  *     Duration: "STRING_VALUE",
  *     ScheduleExpression: "STRING_VALUE",
  *   },
+ *   ExternalSecretRotationMetadata: [ // ExternalSecretRotationMetadataType
+ *     { // ExternalSecretRotationMetadataItem
+ *       Key: "STRING_VALUE",
+ *       Value: "STRING_VALUE",
+ *     },
+ *   ],
+ *   ExternalSecretRotationRoleArn: "STRING_VALUE",
  *   RotateImmediately: true || false,
  * };
  * const command = new RotateSecretCommand(input);

package/dist-types/commands/StopReplicationToReplicaCommand.d.ts

@@ -27,13 +27,15 @@ declare const StopReplicationToReplicaCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region.</p>
- *          <p>You must call this operation from the Region in which you want to promote the replica to a primary secret.</p>
+ * <p>Removes the link between the replica secret and the primary secret and promotes the
+ *             replica to a primary secret in the replica Region.</p>
+ *          <p>You must call this operation from the Region in which you want to promote the replica
+ *             to a primary secret.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:StopReplicationToReplica</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:StopReplicationToReplica</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/TagResourceCommand.d.ts

@@ -27,21 +27,22 @@ declare const TagResourceCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the
- *       secret's metadata. They are not associated with specific versions of the secret. This operation appends tags to the existing list of tags.</p>
- *          <p>For tag quotas and naming restrictions, see <a href="https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas">Service quotas for Tagging</a> in the <i>Amazon Web Services General
- *       Reference guide</i>.</p>
+ * <p>Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of
+ *             the secret's metadata. They are not associated with specific versions of the secret.
+ *             This operation appends tags to the existing list of tags.</p>
+ *          <p>For tag quotas and naming restrictions, see <a href="https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas">Service quotas for
+ *                 Tagging</a> in the <i>Amazon Web Services General Reference guide</i>.</p>
  *          <important>
- *             <p>If you use tags as part of your security strategy, then adding or removing a tag can
- *         change permissions. If successfully completing this operation would result in you losing
- *         your permissions for this secret, then the operation is blocked and returns an Access Denied
- *         error.</p>
+ *             <p>If you use tags as part of your security strategy, then adding or removing a tag
+ *                 can change permissions. If successfully completing this operation would result in
+ *                 you losing your permissions for this secret, then the operation is blocked and
+ *                 returns an Access Denied error.</p>
  *          </important>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:TagResource</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:TagResource</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/UntagResourceCommand.d.ts

@@ -28,19 +28,19 @@ declare const UntagResourceCommand_base: {
 };
 /**
  * <p>Removes specific tags from a secret.</p>
- *          <p>This operation is idempotent. If a requested tag is not attached to the secret, no error
- *       is returned and the secret metadata is unchanged.</p>
+ *          <p>This operation is idempotent. If a requested tag is not attached to the secret, no
+ *             error is returned and the secret metadata is unchanged.</p>
  *          <important>
  *             <p>If you use tags as part of your security strategy, then removing a tag can change
- *         permissions. If successfully completing this operation would result in you losing your
- *         permissions for this secret, then the operation is blocked and returns an Access Denied
- *         error.</p>
+ *                 permissions. If successfully completing this operation would result in you losing
+ *                 your permissions for this secret, then the operation is blocked and returns an
+ *                 Access Denied error.</p>
  *          </important>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:UntagResource</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:UntagResource</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/UpdateSecretCommand.d.ts

@@ -27,33 +27,43 @@ declare const UpdateSecretCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use <a>PutSecretValue</a>.</p>
- *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p>
- *          <p>To change a secret so that it is managed by another service, you need to recreate the secret in that service. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.</p>
- *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than
- *       once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version
- *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not
- *       remove versions created less than 24 hours ago. If you update the secret value more
- *       than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach
- *       the quota for secret versions.</p>
+ * <p>Modifies the details of a secret, including metadata and the secret value. To change
+ *             the secret value, you can also use <a>PutSecretValue</a>.</p>
+ *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a>
+ *             instead.</p>
+ *          <p>To change a secret so that it is managed by another service, you need to recreate the
+ *             secret in that service. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets
+ *                 managed by other Amazon Web Services services</a>.</p>
+ *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more
+ *             than once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret
+ *             value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when
+ *             there are more than 100, but it does not remove versions created less than 24 hours ago.
+ *             If you update the secret value more than once every 10 minutes, you create more versions
+ *             than Secrets Manager removes, and you will reach the quota for secret versions.</p>
  *          <p>If you include <code>SecretString</code> or <code>SecretBinary</code> to create a new
- *       secret version, Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to the new
- *       version. Then it attaches the label <code>AWSPREVIOUS</code>
- *         to the version that <code>AWSCURRENT</code> was removed from.</p>
- *          <p>If you call this operation with a <code>ClientRequestToken</code> that matches an existing version's
- *       <code>VersionId</code>, the operation results in an error. You can't modify an existing
- *       version, you can only create a new version. To remove a version, remove all staging labels from it. See
- *     <a>UpdateSecretVersionStage</a>.</p>
- *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except <code>SecretBinary</code> or <code>SecretString</code> because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
+ *             secret version, Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to
+ *             the new version. Then it attaches the label <code>AWSPREVIOUS</code> to the version that
+ *                 <code>AWSCURRENT</code> was removed from.</p>
+ *          <p>If you call this operation with a <code>ClientRequestToken</code> that matches an
+ *             existing version's <code>VersionId</code>, the operation results in an error. You can't
+ *             modify an existing version, you can only create a new version. To remove a version,
+ *             remove all staging labels from it. See <a>UpdateSecretVersionStage</a>.</p>
+ *          <p>Secrets Manager generates a CloudTrail log entry when you call this action.
+ *             Do not include sensitive information in request parameters except
+ *                 <code>SecretBinary</code> or <code>SecretString</code> because it might be logged.
+ *             For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:UpdateSecret</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:UpdateSecret</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
- *       and access control in Secrets Manager</a>.
- *       If you use a customer managed key, you must also have <code>kms:GenerateDataKey</code>, <code>kms:Encrypt</code>, and
- *       <code>kms:Decrypt</code> permissions on the key. If you change the KMS key and you don't have <code>kms:Encrypt</code> permission to the new key, Secrets Manager does not re-encrypt existing secret versions with the new key. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html">
- *         Secret encryption and decryption</a>.</p>
+ *       and access control in Secrets Manager</a>. If you use a
+ *                 customer managed key, you must also have <code>kms:GenerateDataKey</code>,
+ *                 <code>kms:Encrypt</code>, and <code>kms:Decrypt</code> permissions on the key. If
+ *             you change the KMS key and you don't have <code>kms:Encrypt</code> permission to the new
+ *             key, Secrets Manager does not re-encrypt existing secret versions with the new key. For more
+ *             information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html"> Secret encryption
+ *                 and decryption</a>.</p>
  *          <important>
  *             <p>When you enter commands in a command shell, there is a risk of the command history being accessed or utilities having access to your command parameters. This is a concern if the command includes the value of a secret. Learn how to <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/security_cli-exposure-risks.html">Mitigate the risks of using command-line tools to store Secrets Manager secrets</a>.</p>
  *          </important>
@@ -72,6 +82,7 @@ declare const UpdateSecretCommand_base: {
  *   KmsKeyId: "STRING_VALUE",
  *   SecretBinary: new Uint8Array(), // e.g. Buffer.from("") or new TextEncoder().encode("")
  *   SecretString: "STRING_VALUE",
+ *   Type: "STRING_VALUE",
  * };
  * const command = new UpdateSecretCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/UpdateSecretVersionStageCommand.d.ts

@@ -27,26 +27,29 @@ declare const UpdateSecretVersionStageCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Modifies the staging labels attached to a version of a secret. Secrets Manager uses staging labels to
- *       track a version as it progresses through the secret rotation process. Each staging label can be
- *       attached to only one version at a time. To add a staging label to a version when it is already
- *       attached to another version, Secrets Manager first removes it from the other version first and
- *       then attaches it to this one. For more information about versions and staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">Concepts: Version</a>. </p>
- *          <p>The staging labels that you specify in the <code>VersionStage</code> parameter are added
- *       to the existing list of staging labels for the version. </p>
- *          <p>You can move the <code>AWSCURRENT</code> staging label to this version by including it in this
- *       call.</p>
+ * <p>Modifies the staging labels attached to a version of a secret. Secrets Manager uses staging
+ *             labels to track a version as it progresses through the secret rotation process. Each
+ *             staging label can be attached to only one version at a time. To add a staging label to a
+ *             version when it is already attached to another version, Secrets Manager first removes it from the
+ *             other version first and then attaches it to this one. For more information about
+ *             versions and staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">Concepts:
+ *                 Version</a>. </p>
+ *          <p>The staging labels that you specify in the <code>VersionStage</code> parameter are
+ *             added to the existing list of staging labels for the version. </p>
+ *          <p>You can move the <code>AWSCURRENT</code> staging label to this version by including it
+ *             in this call.</p>
  *          <note>
- *             <p>Whenever you move <code>AWSCURRENT</code>, Secrets Manager automatically moves the label <code>AWSPREVIOUS</code>
- *         to the version that <code>AWSCURRENT</code> was removed from.</p>
+ *             <p>Whenever you move <code>AWSCURRENT</code>, Secrets Manager automatically moves the label
+ *                     <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed
+ *                 from.</p>
  *          </note>
- *          <p>If this action results in the last label being removed from a version, then the version is
- *       considered to be 'deprecated' and can be deleted by Secrets Manager.</p>
+ *          <p>If this action results in the last label being removed from a version, then the
+ *             version is considered to be 'deprecated' and can be deleted by Secrets Manager.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:UpdateSecretVersionStage</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:UpdateSecretVersionStage</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/commands/ValidateResourcePolicyCommand.d.ts

@@ -28,12 +28,13 @@ declare const ValidateResourcePolicyCommand_base: {
 };
 /**
  * <p>Validates that a resource policy does not grant a wide range of principals access to
- *       your secret. A resource-based policy is optional for secrets.</p>
+ *             your secret. A resource-based policy is optional for secrets.</p>
  *          <p>The API performs three checks when validating the policy:</p>
  *          <ul>
  *             <li>
- *                <p>Sends a call to <a href="https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/">Zelkova</a>, an automated reasoning engine, to ensure your resource policy does not
- *           allow broad access to your secret, for example policies that use a wildcard for the principal.</p>
+ *                <p>Sends a call to <a href="https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/">Zelkova</a>, an automated reasoning engine, to ensure your resource
+ *                     policy does not allow broad access to your secret, for example policies that use
+ *                     a wildcard for the principal.</p>
  *             </li>
  *             <li>
  *                <p>Checks for correct syntax in a policy.</p>
@@ -44,9 +45,10 @@ declare const ValidateResourcePolicyCommand_base: {
  *          </ul>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
- *             <b>Required permissions: </b>
- *             <code>secretsmanager:ValidateResourcePolicy</code> and <code>secretsmanager:PutResourcePolicy</code>.
- *       For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
+ *             <b>Required permissions:
+ *                 </b>
+ *             <code>secretsmanager:ValidateResourcePolicy</code> and
+ *                 <code>secretsmanager:PutResourcePolicy</code>. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
  *       IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
  *       and access control in Secrets Manager</a>. </p>
  * @example

package/dist-types/index.d.ts

@@ -35,5 +35,7 @@ export type { RuntimeExtension } from "./runtimeExtensions";
 export type { SecretsManagerExtensionConfiguration } from "./extensionConfiguration";
 export * from "./commands";
 export * from "./pagination";
-export * from "./models";
+export * from "./models/enums";
+export * from "./models/errors";
+export type * from "./models/models_0";
 export { SecretsManagerServiceException } from "./models/SecretsManagerServiceException";

package/dist-types/models/enums.d.ts

@@ -0,0 +1,42 @@
+/**
+ * @public
+ * @enum
+ */
+export declare const FilterNameStringType: {
+    readonly all: "all";
+    readonly description: "description";
+    readonly name: "name";
+    readonly owning_service: "owning-service";
+    readonly primary_region: "primary-region";
+    readonly tag_key: "tag-key";
+    readonly tag_value: "tag-value";
+};
+/**
+ * @public
+ */
+export type FilterNameStringType = (typeof FilterNameStringType)[keyof typeof FilterNameStringType];
+/**
+ * @public
+ * @enum
+ */
+export declare const StatusType: {
+    readonly Failed: "Failed";
+    readonly InProgress: "InProgress";
+    readonly InSync: "InSync";
+};
+/**
+ * @public
+ */
+export type StatusType = (typeof StatusType)[keyof typeof StatusType];
+/**
+ * @public
+ * @enum
+ */
+export declare const SortOrderType: {
+    readonly asc: "asc";
+    readonly desc: "desc";
+};
+/**
+ * @public
+ */
+export type SortOrderType = (typeof SortOrderType)[keyof typeof SortOrderType];