@ibm-cloud/secrets-manager 1.0.2 → 1.0.32

package/secrets-manager/v1.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2021.
+ * (C) Copyright IBM Corp. 2022.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,14 +18,13 @@ import { IncomingHttpHeaders, OutgoingHttpHeaders } from 'http';
 import { BaseService, UserOptions } from 'ibm-cloud-sdk-core';
 /**
  * With IBM Cloud® Secrets Manager, you can create, lease, and centrally manage secrets that are used in IBM Cloud
- * services or your custom-built applications. Secrets are stored in a dedicated instance of Secrets Manager, built on
- * open source HashiCorp Vault.
+ * services or your custom-built applications. Secrets are stored in a dedicated instance of Secrets Manager, which is
+ * built on open source HashiCorp Vault.
  *
  * API Version: 1.0.0
  * See: https://cloud.ibm.com/docs/secrets-manager
  */
 declare class SecretsManagerV1 extends BaseService {
-    static DEFAULT_SERVICE_URL: string;
     static DEFAULT_SERVICE_NAME: string;
     /*************************
      * Factory method
@@ -57,7 +56,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Create a secret group.
      *
-     * Creates a secret group that you can use to organize secrets and control who on your team has access to them.
+     * Create a secret group that you can use to organize secrets and control who on your team has access to them.
      *
      * A successful request returns the ID value of the secret group, along with other metadata. To learn more about
      * secret groups, check out the
@@ -73,7 +72,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List secret groups.
      *
-     * Retrieves the list of secret groups that are available in your Secrets Manager instance.
+     * List the secret groups that are available in your Secrets Manager instance.
      *
      * @param {Object} [params] - The parameters to send to the service.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
@@ -83,7 +82,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get a secret group.
      *
-     * Retrieves the metadata of an existing secret group by specifying the ID of the group.
+     * Get the metadata of an existing secret group by specifying the ID of the group.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret group.
@@ -94,7 +93,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Update a secret group.
      *
-     * Updates the metadata of an existing secret group, such as its name or description.
+     * Update the metadata of an existing secret group, such as its name or description.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret group.
@@ -107,7 +106,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Delete a secret group.
      *
-     * Deletes a secret group by specifying the ID of the secret group.
+     * Delete a secret group by specifying the ID of the secret group.
      *
      * **Note:** To delete a secret group, it must be empty. If you need to remove a secret group that contains secrets,
      * you must first [delete the secrets](#delete-secret) that are associated with the group.
@@ -124,7 +123,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Create a secret.
      *
-     * Creates a secret or imports an existing value that you can use to access or authenticate to a protected resource.
+     * Create a secret or import an existing value that you can use to access or authenticate to a protected resource.
      *
      * Use this method to either generate or import an existing secret, such as an arbitrary value or a TLS certificate,
      * that you can manage in your Secrets Manager service instance. A successful request stores the secret in your
@@ -145,7 +144,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List secrets by type.
      *
-     * Retrieves a list of secrets based on the type that you specify.
+     * List the secrets in your Secrets Manager instance based on the type that you specify.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -167,7 +166,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List all secrets.
      *
-     * Retrieves a list of all secrets in your Secrets Manager instance.
+     * List all of the secrets in your Secrets Manager instance.
      *
      * @param {Object} [params] - The parameters to send to the service.
      * @param {number} [params.limit] - The number of secrets to retrieve. By default, list operations return the first
@@ -204,7 +203,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get a secret.
      *
-     * Retrieves a secret and its details by specifying the ID of the secret.
+     * Get a secret and its details by specifying the ID of the secret.
      *
      * A successful request returns the secret data that is associated with your secret, along with other metadata. To
      * view only the details of a specified secret without retrieving its value, use the [Get secret
@@ -220,16 +219,18 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Invoke an action on a secret.
      *
-     * Invokes an action on a specified secret. This method supports the following actions:
+     * Invoke an action on a specified secret. This method supports the following actions:
      *
-     * - `rotate`: Replace the value of an `arbitrary`, `username_password`, `public_cert` or `imported_cert` secret.
+     * - `rotate`: Replace the value of a secret.
+     * - `restore`: Restore a previous version of an `iam_credentials` secret.
+     * - `revoke`: Revoke a private certificate.
      * - `delete_credentials`: Delete the API key that is associated with an `iam_credentials` secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
      * @param {string} params.action - The action to perform on the specified secret.
-     * @param {SecretAction} params.secretAction - The properties to update for the secret.
+     * @param {SecretAction} [params.secretAction] - The properties to update for the secret.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>}
      */
@@ -237,7 +238,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Delete a secret.
      *
-     * Deletes a secret by specifying the ID of the secret.
+     * Delete a secret by specifying the ID of the secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -246,10 +247,24 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
      */
     deleteSecret(params: SecretsManagerV1.DeleteSecretParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    /**
+     * List versions of a secret.
+     *
+     * List the versions of a secret.
+     *
+     * A successful request returns the list of the versions along with the metadata of each version.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretVersions>>}
+     */
+    listSecretVersions(params: SecretsManagerV1.ListSecretVersionsParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretVersions>>;
     /**
      * Get a version of a secret.
      *
-     * Retrieves a version of a secret by specifying the ID of the version or the alias `previous`.
+     * Get a version of a secret by specifying the ID of the version or the alias `previous`.
      *
      * A successful request returns the secret data that is associated with the specified version of your secret, along
      * with other metadata.
@@ -266,10 +281,30 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersion>>}
      */
     getSecretVersion(params: SecretsManagerV1.GetSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersion>>;
+    /**
+     * Invoke an action on a version of a secret.
+     *
+     * Invoke an action on a specified version of a secret. This method supports the following actions:
+     *
+     * - `revoke`: Revoke a version of a private certificate.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {string} params.action - The action to perform on the specified secret version.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>}
+     */
+    updateSecretVersion(params: SecretsManagerV1.UpdateSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>;
     /**
      * Get secret version metadata.
      *
-     * Retrieves secret version metadata by specifying the ID of the version or the alias `previous`.
+     * Get the metadata of a secret version by specifying the ID of the version or the alias `previous`.
      *
      * A successful request returns the metadata that is associated with the specified version of your secret.
      *
@@ -288,7 +323,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get secret metadata.
      *
-     * Retrieves the details of a secret by specifying the ID.
+     * Get the details of a secret by specifying its ID.
      *
      * A successful request returns only metadata about the secret, such as its name and creation date. To retrieve the
      * value of a secret, use the [Get a secret](#get-secret) or [Get a version of a secret](#get-secret-version) methods.
@@ -303,7 +338,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Update secret metadata.
      *
-     * Updates the metadata of a secret, such as its name or description.
+     * Update the metadata of a secret, such as its name or description.
      *
      * To update the actual contents of a secret, rotate the secret by using the [Invoke an action on a
      * secret](#update-secret) method.
@@ -323,9 +358,9 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Set secret policies.
      *
-     * Creates or updates one or more policies, such as an [automatic rotation
-     * policy](http://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-rotate-secrets#auto-rotate-secret), for the
-     * specified secret.
+     * Create or update one or more policies, such as an [automatic rotation
+     * policy](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-automatic-rotation), for the specified
+     * secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -340,7 +375,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List secret policies.
      *
-     * Retrieves a list of policies that are associated with a specified secret.
+     * List the rotation policies that are associated with a specified secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -356,14 +391,14 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Set the configuration of a secret type.
      *
-     * Sets the configuration for the specified secret type.
+     * Set the configuration for the specified secret type.
      *
      * Use this method to configure the IAM credentials (`iam_credentials`) engine for your service instance. Looking to
-     * set up certificate ordering? To configure the public certificates (`public_cert`) engine, use the [Add a
-     * configuration](#create_config_element) method.
+     * order or generate certificates? To configure the public certificates (`public_cert`) or  private certificates
+     * (`private_cert`) engines, use the [Add a configuration](#create_config_element) method.
      *
      * @param {Object} params - The parameters to send to the service.
-     * @param {string} params.secretType -
+     * @param {string} params.secretType - The secret type.
      * @param {EngineConfig} params.engineConfig - Properties to update for a secrets engine.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
@@ -372,7 +407,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get the configuration of a secret type.
      *
-     * Retrieves the configuration that is associated with the specified secret type.
+     * Get the configuration that is associated with the specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -383,10 +418,18 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Add a configuration.
      *
-     * Adds a configuration element to the specified secret type.
+     * Add a configuration element to the specified secret type.
+     *
+     * Use this method to define the configurations that are required to enable the public certificates (`public_cert`)
+     * and private certificates (`private_cert`) engines.
      *
-     * Use this method to define the configurations that are required to enable the  public certificates (`public_cert`)
-     * engine. You can add up to 10 certificate authority and DNS provider configurations for your instance.
+     * You can add multiple configurations for your instance as follows:
+     *
+     * - Up to 10 public certificate authority configurations
+     * - Up to 10 DNS provider configurations
+     * - Up to 10 private root certificate authority configurations
+     * - Up to 10 private intermediate certificate authority configurations
+     * - Up to 10 certificate templates.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -402,7 +445,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List configurations.
      *
-     * Lists the configuration elements that are associated with a specified secret type.
+     * List the configuration elements that are associated with a specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -414,7 +457,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get a configuration.
      *
-     * Retrieves the details of a specific configuration that is associated with a secret type.
+     * Get the details of a specific configuration that is associated with a secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -427,7 +470,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Update a configuration.
      *
-     * Updates a configuration element that is associated with the specified secret type.
+     * Update a configuration element that is associated with the specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -435,15 +478,36 @@ declare class SecretsManagerV1 extends BaseService {
      * @param {string} params.configName - The name of your configuration.
      * @param {string} params.type - The type of configuration. Value options differ depending on the `config_element`
      * property that you want to define.
-     * @param {JsonObject} params.config -
+     * @param {JsonObject} params.config - Properties that describe a configuration, which depends on type.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSingleConfigElement>>}
      */
     updateConfigElement(params: SecretsManagerV1.UpdateConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSingleConfigElement>>;
+    /**
+     * Invoke an action on a configuration.
+     *
+     * Invoke an action on a specified configuration element. This method supports the following actions:
+     *
+     * - `sign_intermediate`: Sign an intermediate certificate authority.
+     * - `sign_csr`: Sign a certificate signing request.
+     * - `set_signed`: Set a signed intermediate certificate authority.
+     * - `revoke`: Revoke an internally signed intermediate certificate authority certificate.
+     * - `rotate_crl`: Rotate the certificate revocation list (CRL) of an intermediate certificate authority.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.configElement - The configuration element on which the action is applied.
+     * @param {string} params.configName - The name of the certificate authority.
+     * @param {string} params.action - The action to perform on the specified configuration element.
+     * @param {ConfigAction} [params.config] - Properties that describe an action on a configuration element.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ConfigElementActionResult>>}
+     */
+    actionOnConfigElement(params: SecretsManagerV1.ActionOnConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ConfigElementActionResult>>;
     /**
      * Delete a configuration.
      *
-     * Deletes a configuration element from the specified secret type.
+     * Delete a configuration element from the specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -453,6 +517,67 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
      */
     deleteConfigElement(params: SecretsManagerV1.DeleteConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    /*************************
+     * notifications
+     ************************/
+    /**
+     * Register with Event Notifications.
+     *
+     * Create a registration between a Secrets Manager instance and [Event
+     * Notifications](https://cloud.ibm.com/apidocs/event-notifications).
+     *
+     * A successful request adds Secrets Manager as a source that you can reference from your Event Notifications
+     * instance. For more information about enabling notifications for Secrets Manager, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-event-notifications).
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.eventNotificationsInstanceCrn - The Cloud Resource Name (CRN) of the connected Event
+     * Notifications instance.
+     * @param {string} params.eventNotificationsSourceName - The name that is displayed as a source in your Event
+     * Notifications instance.
+     * @param {string} [params.eventNotificationsSourceDescription] - An optional description for the source in your Event
+     * Notifications instance.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetNotificationsSettings>>}
+     */
+    createNotificationsRegistration(params: SecretsManagerV1.CreateNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetNotificationsSettings>>;
+    /**
+     * Get Event Notifications registration details.
+     *
+     * Get the details of an existing registration between a Secrets Manager instance and Event Notifications.
+     *
+     * @param {Object} [params] - The parameters to send to the service.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetNotificationsSettings>>}
+     */
+    getNotificationsRegistration(params?: SecretsManagerV1.GetNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetNotificationsSettings>>;
+    /**
+     * Unregister from Event Notifications.
+     *
+     * Delete a registration between a Secrets Manager instance and Event Notifications.
+     *
+     * A successful request removes your Secrets Manager instance as a source in Event Notifications.
+     *
+     * @param {Object} [params] - The parameters to send to the service.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     */
+    deleteNotificationsRegistration(params?: SecretsManagerV1.DeleteNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    /**
+     * Send a test event.
+     *
+     * Send a test event from a Secrets Manager instance to a configured [Event
+     * Notifications](https://cloud.ibm.com/apidocs/event-notifications) instance.
+     *
+     * A successful request sends a test event to the Event Notifications instance. For more information about enabling
+     * notifications for Secrets Manager, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-event-notifications).
+     *
+     * @param {Object} [params] - The parameters to send to the service.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     */
+    sendTestNotification(params?: SecretsManagerV1.SendTestNotificationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
 }
 /*************************
  * interfaces
@@ -529,7 +654,9 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            USERNAME_PASSWORD = "username_password"
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
     }
     /** Parameters for the `listSecrets` operation. */
@@ -560,7 +687,9 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            USERNAME_PASSWORD = "username_password"
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
     }
     /** Parameters for the `listAllSecrets` operation. */
@@ -630,7 +759,9 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            USERNAME_PASSWORD = "username_password"
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
     }
     /** Parameters for the `updateSecret` operation. */
@@ -642,7 +773,7 @@ declare namespace SecretsManagerV1 {
         /** The action to perform on the specified secret. */
         action: UpdateSecretConstants.Action | string;
         /** The properties to update for the secret. */
-        secretAction: SecretAction;
+        secretAction?: SecretAction;
         headers?: OutgoingHttpHeaders;
     }
     /** Constants for the `updateSecret` operation. */
@@ -653,11 +784,15 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            USERNAME_PASSWORD = "username_password"
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
         /** The action to perform on the specified secret. */
         enum Action {
             ROTATE = "rotate",
+            RESTORE = "restore",
+            REVOKE = "revoke",
             DELETE_CREDENTIALS = "delete_credentials"
         }
     }
@@ -677,7 +812,30 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            USERNAME_PASSWORD = "username_password"
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `listSecretVersions` operation. */
+    interface ListSecretVersionsParams {
+        /** The secret type. */
+        secretType: ListSecretVersionsConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `listSecretVersions` operation. */
+    namespace ListSecretVersionsConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
     }
     /** Parameters for the `getSecretVersion` operation. */
@@ -699,8 +857,41 @@ declare namespace SecretsManagerV1 {
     namespace GetSecretVersionConstants {
         /** The secret type. */
         enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `updateSecretVersion` operation. */
+    interface UpdateSecretVersionParams {
+        /** The secret type. */
+        secretType: UpdateSecretVersionConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The action to perform on the specified secret version. */
+        action: UpdateSecretVersionConstants.Action | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `updateSecretVersion` operation. */
+    namespace UpdateSecretVersionConstants {
+        /** The secret type. */
+        enum SecretType {
+            PRIVATE_CERT = "private_cert"
+        }
+        /** The action to perform on the specified secret version. */
+        enum Action {
+            REVOKE = "revoke"
         }
     }
     /** Parameters for the `getSecretVersionMetadata` operation. */
@@ -722,8 +913,13 @@ declare namespace SecretsManagerV1 {
     namespace GetSecretVersionMetadataConstants {
         /** The secret type. */
         enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
     }
     /** Parameters for the `getSecretMetadata` operation. */
@@ -742,7 +938,9 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            USERNAME_PASSWORD = "username_password"
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
     }
     /** Parameters for the `updateSecretMetadata` operation. */
@@ -765,7 +963,9 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            USERNAME_PASSWORD = "username_password"
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
     }
     /** Parameters for the `putPolicy` operation. */
@@ -787,7 +987,8 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             USERNAME_PASSWORD = "username_password",
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The type of policy that is associated with the specified secret. */
         enum Policy {
@@ -809,7 +1010,8 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             USERNAME_PASSWORD = "username_password",
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The type of policy that is associated with the specified secret. */
         enum Policy {
@@ -818,6 +1020,7 @@ declare namespace SecretsManagerV1 {
     }
     /** Parameters for the `putConfig` operation. */
     interface PutConfigParams {
+        /** The secret type. */
         secretType: PutConfigConstants.SecretType | string;
         /** Properties to update for a secrets engine. */
         engineConfig: EngineConfig;
@@ -825,7 +1028,7 @@ declare namespace SecretsManagerV1 {
     }
     /** Constants for the `putConfig` operation. */
     namespace PutConfigConstants {
-        /** SecretType */
+        /** The secret type. */
         enum SecretType {
             IAM_CREDENTIALS = "iam_credentials"
         }
@@ -841,7 +1044,8 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             IAM_CREDENTIALS = "iam_credentials",
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
     }
     /** Parameters for the `createConfigElement` operation. */
@@ -864,19 +1068,26 @@ declare namespace SecretsManagerV1 {
     namespace CreateConfigElementConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
         /** The type of configuration. Value options differ depending on the `config_element` property that you want to define. */
         enum Type {
             LETSENCRYPT = "letsencrypt",
             LETSENCRYPT_STAGE = "letsencrypt-stage",
             CIS = "cis",
-            CLASSIC_INFRASTRUCTURE = "classic_infrastructure"
+            CLASSIC_INFRASTRUCTURE = "classic_infrastructure",
+            ROOT_CERTIFICATE_AUTHORITY = "root_certificate_authority",
+            INTERMEDIATE_CERTIFICATE_AUTHORITY = "intermediate_certificate_authority",
+            CERTIFICATE_TEMPLATE = "certificate_template"
         }
     }
     /** Parameters for the `getConfigElements` operation. */
@@ -891,12 +1102,16 @@ declare namespace SecretsManagerV1 {
     namespace GetConfigElementsConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
     }
     /** Parameters for the `getConfigElement` operation. */
@@ -913,12 +1128,16 @@ declare namespace SecretsManagerV1 {
     namespace GetConfigElementConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
     }
     /** Parameters for the `updateConfigElement` operation. */
@@ -933,6 +1152,7 @@ declare namespace SecretsManagerV1 {
          *  define.
          */
         type: UpdateConfigElementConstants.Type | string;
+        /** Properties that describe a configuration, which depends on type. */
         config: JsonObject;
         headers?: OutgoingHttpHeaders;
     }
@@ -940,19 +1160,60 @@ declare namespace SecretsManagerV1 {
     namespace UpdateConfigElementConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
         /** The type of configuration. Value options differ depending on the `config_element` property that you want to define. */
         enum Type {
             LETSENCRYPT = "letsencrypt",
             LETSENCRYPT_STAGE = "letsencrypt-stage",
             CIS = "cis",
-            CLASSIC_INFRASTRUCTURE = "classic_infrastructure"
+            CLASSIC_INFRASTRUCTURE = "classic_infrastructure",
+            ROOT_CERTIFICATE_AUTHORITY = "root_certificate_authority",
+            INTERMEDIATE_CERTIFICATE_AUTHORITY = "intermediate_certificate_authority",
+            CERTIFICATE_TEMPLATE = "certificate_template"
+        }
+    }
+    /** Parameters for the `actionOnConfigElement` operation. */
+    interface ActionOnConfigElementParams {
+        /** The secret type. */
+        secretType: ActionOnConfigElementConstants.SecretType | string;
+        /** The configuration element on which the action is applied. */
+        configElement: ActionOnConfigElementConstants.ConfigElement | string;
+        /** The name of the certificate authority. */
+        configName: string;
+        /** The action to perform on the specified configuration element. */
+        action: ActionOnConfigElementConstants.Action | string;
+        /** Properties that describe an action on a configuration element. */
+        config?: ConfigAction;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `actionOnConfigElement` operation. */
+    namespace ActionOnConfigElementConstants {
+        /** The secret type. */
+        enum SecretType {
+            PRIVATE_CERT = "private_cert"
+        }
+        /** The configuration element on which the action is applied. */
+        enum ConfigElement {
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities"
+        }
+        /** The action to perform on the specified configuration element. */
+        enum Action {
+            SIGN_INTERMEDIATE = "sign_intermediate",
+            SIGN_CSR = "sign_csr",
+            SET_SIGNED = "set_signed",
+            REVOKE = "revoke",
+            ROTATE_CRL = "rotate_crl"
         }
     }
     /** Parameters for the `deleteConfigElement` operation. */
@@ -969,25 +1230,45 @@ declare namespace SecretsManagerV1 {
     namespace DeleteConfigElementConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
     }
+    /** Parameters for the `createNotificationsRegistration` operation. */
+    interface CreateNotificationsRegistrationParams {
+        /** The Cloud Resource Name (CRN) of the connected Event Notifications instance. */
+        eventNotificationsInstanceCrn: string;
+        /** The name that is displayed as a source in your Event Notifications instance. */
+        eventNotificationsSourceName: string;
+        /** An optional description for the source in your Event Notifications instance. */
+        eventNotificationsSourceDescription?: string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Parameters for the `getNotificationsRegistration` operation. */
+    interface GetNotificationsRegistrationParams {
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Parameters for the `deleteNotificationsRegistration` operation. */
+    interface DeleteNotificationsRegistrationParams {
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Parameters for the `sendTestNotification` operation. */
+    interface SendTestNotificationParams {
+        headers?: OutgoingHttpHeaders;
+    }
     /*************************
      * model interfaces
      ************************/
-    /** CertificateSecretData. */
+    /** The data that is associated with the secret version. The data object contains the following fields: - `certificate`: The contents of the certificate. - `private_key`: The private key that is associated with the certificate. - `intermediate`: The intermediate certificate that is associated with the certificate. */
     interface CertificateSecretData {
-        /** The contents of the certificate. */
-        certificate?: string;
-        /** The private key that is associated with the certificate. */
-        private_key?: string;
-        /** The intermediate certificate that is associated with the certificate. */
-        intermediate?: string;
     }
     /** The metadata that describes the resource array. */
     interface CollectionMetadata {
@@ -996,6 +1277,29 @@ declare namespace SecretsManagerV1 {
         /** The number of elements in the resource array. */
         collection_total: number;
     }
+    /** Properties that describe an action on a configuration element. */
+    interface ConfigAction {
+    }
+    /** The configuration to add or update. */
+    interface ConfigElementActionData {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        config: ConfigElementActionResultConfig;
+    }
+    /** Properties that describe an action on a configuration element. */
+    interface ConfigElementActionResult {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: ConfigElementActionData[];
+    }
+    /** ConfigElementActionResultConfig. */
+    interface ConfigElementActionResultConfig {
+    }
     /** The configuration to add or update. */
     interface ConfigElementDef {
         /** The human-readable name to assign to your configuration. */
@@ -1049,6 +1353,13 @@ declare namespace SecretsManagerV1 {
     /** GetConfigResourcesItem. */
     interface GetConfigResourcesItem {
     }
+    /** Properties that describe an existing registration with Event Notifications. */
+    interface GetNotificationsSettings {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: NotificationsSettings[];
+    }
     /** Properties that describe a secret. */
     interface GetSecret {
         /** The metadata that describes the resource array. */
@@ -1059,24 +1370,6 @@ declare namespace SecretsManagerV1 {
     /** GetSecretPolicies. */
     interface GetSecretPolicies {
     }
-    /** Properties that describe a rotation policy. */
-    interface GetSecretPolicyRotationResourcesItem {
-        /** The v4 UUID that uniquely identifies the policy. */
-        id: string;
-        /** The Cloud Resource Name (CRN) that uniquely identifies your cloud resources. */
-        crn?: string;
-        /** The date the policy was created. The date format follows RFC 3339. */
-        creation_date?: string;
-        /** The unique identifier for the entity that created the policy. */
-        created_by?: string;
-        /** Updates when the policy is replaced or modified. The date format follows RFC 3339. */
-        last_update_date?: string;
-        /** The unique identifier for the entity that updated the policy. */
-        updated_by?: string;
-        /** The MIME type that represents the policy. Currently, only the default is supported. */
-        type: string;
-        rotation: SecretPolicyRotationRotation;
-    }
     /** Properties that describe the version of a secret. */
     interface GetSecretVersion {
         /** The metadata that describes the resource array. */
@@ -1098,11 +1391,22 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources: ConfigElementDef[];
     }
+    /** Intermediate certificate authorities configuration. */
+    interface IntermediateCertificateAuthoritiesConfigItem {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        /** Intermediate certificate authority configuration. */
+        config?: IntermediateCertificateAuthorityConfig;
+    }
     /** Issuance information that is associated with your certificate. */
     interface IssuanceInfo {
         /** The date the certificate was ordered. The date format follows RFC 3339. */
         ordered_on?: string;
-        /** An code that identifies an issuance error.
+        /** A code that identifies an issuance error.
          *
          *  This field, along with `error_message`, is returned when Secrets Manager successfully processes your request,
          *  but a certificate is unable to be issued by the certificate authority.
@@ -1125,6 +1429,13 @@ declare namespace SecretsManagerV1 {
         /** The name that was assigned to the DNS provider configuration. */
         dns?: string;
     }
+    /** Properties that describe a list of versions of a secret. */
+    interface ListSecretVersions {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources?: SecretVersionInfo[];
+    }
     /** Properties that describe a list of secrets. */
     interface ListSecrets {
         /** The metadata that describes the resource array. */
@@ -1132,19 +1443,52 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources?: SecretResource[];
     }
+    /** The Event Notifications details. */
+    interface NotificationsSettings {
+        /** The Cloud Resource Name (CRN) of the connected Event Notifications instance. */
+        event_notifications_instance_crn: string;
+    }
+    /** Root certificate authorities configuration. */
+    interface RootCertificateAuthoritiesConfigItem {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        /** Root certificate authority configuration. */
+        config?: RootCertificateAuthorityConfig;
+    }
     /** Rotation. */
     interface Rotation {
         /** Determines whether Secrets Manager rotates your certificate automatically.
          *
-         *  If set to `true`, the service reorders your certificate 31 days before it expires. To access the previous
-         *  version of the certifcate, you can use the [Get a version of a secret](#get-secret-version) method.
+         *  For public certificates, if `auto_rotate` is set to `true` the service reorders your certificate 31 days before
+         *  it expires. For private certificates, the certificate is rotated according to the time interval specified in the
+         *  `interval` and `unit` fields.
+         *
+         *  To access the previous version of the certificate, you can use the
+         *  [Get a version of a secret](#get-secret-version) method.
          */
         auto_rotate?: boolean;
         /** Determines whether Secrets Manager rotates the private key for your certificate automatically.
          *
          *  If set to `true`, the service generates and stores a new private key for your rotated certificate.
+         *
+         *  **Note:** Use this field only for public certificates. It is ignored for private certificates.
          */
         rotate_keys?: boolean;
+        /** Used together with the `unit` field to specify the rotation interval. The minimum interval is one day, and
+         *  the maximum interval is 3 years (1095 days). Required in case `auto_rotate` is set to `true`.
+         *
+         *  **Note:** Use this field only for private certificates. It is ignored for public certificates.
+         */
+        interval?: number;
+        /** The time unit of the rotation interval.
+         *
+         *  **Note:** Use this field only for private certificates. It is ignored for public certificates.
+         */
+        unit?: string;
     }
     /** SecretAction. */
     interface SecretAction {
@@ -1221,14 +1565,43 @@ declare namespace SecretsManagerV1 {
     /** SecretVersion. */
     interface SecretVersion {
     }
+    /** Properties that describe a secret version within a list of secret versions. */
+    interface SecretVersionInfo {
+    }
     /** SecretVersionMetadata. */
     interface SecretVersionMetadata {
     }
+    /** Properties that are returned with a successful `sign` action. */
+    interface SignActionResultData {
+        /** The PEM-encoded certificate. */
+        certificate?: string;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The PEM-encoded certificate of the certificate authority that signed and issued this certificate. */
+        issuing_ca?: string;
+        /** The chain of certificate authorities that are associated with the certificate. */
+        ca_chain?: string[];
+        /** The time until the certificate expires. */
+        expiration?: number;
+    }
+    /** Properties that are returned with a successful `sign` action. */
+    interface SignIntermediateActionResultData {
+        /** The PEM-encoded certificate. */
+        certificate?: string;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The PEM-encoded certificate of the certificate authority that signed and issued this certificate. */
+        issuing_ca?: string;
+        /** The chain of certificate authorities that are associated with the certificate. */
+        ca_chain?: string[];
+        /** The time until the certificate expires. */
+        expiration?: number;
+    }
     /** CertificateValidity. */
     interface CertificateValidity {
-        /** The date the certificate validity period begins. */
+        /** The date and time that the certificate validity period begins. */
         not_before?: string;
-        /** The date the certificate validity period ends. */
+        /** The date and time that the certificate validity period ends. */
         not_after?: string;
     }
     /** Metadata properties that describe an arbitrary secret. */
@@ -1237,8 +1610,9 @@ declare namespace SecretsManagerV1 {
         id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -1310,8 +1684,8 @@ declare namespace SecretsManagerV1 {
         secret_group_id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
+         *  not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -1350,16 +1724,59 @@ declare namespace SecretsManagerV1 {
         expiration_date?: string;
         /** The new secret data to assign to the secret. */
         payload?: string;
+        /** The data that is associated with the secret version.
+         *
+         *  The data object contains the field `payload`.
+         */
+        secret_data?: JsonObject;
+    }
+    /** ArbitrarySecretVersion. */
+    interface ArbitrarySecretVersion extends SecretVersion {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** The data that is associated with the secret version.
+         *
+         *  The data object contains the field `payload`.
+         */
         secret_data?: JsonObject;
     }
+    /** ArbitrarySecretVersionInfo. */
+    interface ArbitrarySecretVersionInfo extends SecretVersionInfo {
+        /** The ID of the secret version. */
+        id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
+    }
     /** Properties that describe a secret version. */
     interface ArbitrarySecretVersionMetadata extends SecretVersionMetadata {
-        /** The ID of the secret version. */
+        /** The v4 UUID that uniquely identifies the secret. */
         id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
         /** The date that the version of the secret was created. */
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
     }
     /** Metadata properties that describe a certificate secret. */
     interface CertificateSecretMetadata extends SecretMetadata {
@@ -1367,8 +1784,9 @@ declare namespace SecretsManagerV1 {
         id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -1409,12 +1827,12 @@ declare namespace SecretsManagerV1 {
         versions_total?: number;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
-        /** The identifier for the cryptographic algorthim that was used by the issuing certificate authority to sign
-         *  the ceritificate.
+        /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
+         *  the certificate.
          */
         algorithm?: string;
-        /** The identifier for the cryptographic algorithm that was used to generate the public key that is associated
-         *  with the certificate.
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
          */
         key_algorithm?: string;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
@@ -1453,8 +1871,8 @@ declare namespace SecretsManagerV1 {
         secret_group_id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
+         *  not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -1493,15 +1911,21 @@ declare namespace SecretsManagerV1 {
          *  line with embedded newline characters.
          */
         intermediate?: string;
+        /** The data that is associated with the secret. The data object contains the following fields:
+         *
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
+         */
         secret_data?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
-        /** The identifier for the cryptographic algorthim that was used by the issuing certificate authority to sign
-         *  the ceritificate.
+        /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
+         *  the certificate.
          */
         algorithm?: string;
-        /** The identifier for the cryptographic algorithm that was used to generate the public key that is associated
-         *  with the certificate.
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
          */
         key_algorithm?: string;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
@@ -1522,8 +1946,6 @@ declare namespace SecretsManagerV1 {
     interface CertificateSecretVersion extends SecretVersion {
         /** The v4 UUID that uniquely identifies the secret. */
         id?: string;
-        /** The Cloud Resource Name (CRN) that uniquely identifies the secret. */
-        crn?: string;
         /** The ID of the secret version. */
         version_id?: string;
         /** The date that the version of the secret was created. */
@@ -1535,45 +1957,241 @@ declare namespace SecretsManagerV1 {
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
         expiration_date?: string;
+        /** The data that is associated with the secret version. The data object contains the following fields:
+         *
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
+         */
         secret_data?: CertificateSecretData;
     }
-    /** Properties that describe a secret version. */
-    interface CertificateSecretVersionMetadata extends SecretVersionMetadata {
+    /** CertificateSecretVersionInfo. */
+    interface CertificateSecretVersionInfo extends SecretVersionInfo {
         /** The ID of the secret version. */
         id?: string;
         /** The date that the version of the secret was created. */
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
         expiration_date?: string;
         validity?: CertificateValidity;
     }
-    /** Properties that describe an IBM Cloud classic infrastructure (SoftLayer) configuration. */
-    interface ConfigElementDefConfigClassicInfrastructureConfig extends ConfigElementDefConfig {
-        /** The username that is associated with your classic infrastructure account.
-         *
-         *  In most cases, your classic infrastructure username is your `<account_id>_<email_address>`. In the console, you
-         *  can find your username by going to **Manage > Access (IAM) > Users > name > VPN password.** For more
-         *  information, see the
-         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-classic-infrastructure).
-         */
-        classic_infrastructure_username: string;
-        /** Your classic infrastructure API key.
-         *
-         *  In the console, you can view or create a classic infrastructure API key by going to **Manage > Access (IAM)
-         *  > Users > name > API keys.** For more information, see the
-         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-classic-infrastructure).
-         */
-        classic_infrastructure_password: string;
-    }
-    /** Properties that describe an IBM Cloud Internet Services (CIS) configuration. */
+    /** Properties that describe a secret version. */
+    interface CertificateSecretVersionMetadata extends SecretVersionMetadata {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        validity?: CertificateValidity;
+    }
+    /** Properties that describe a certificate template. You can use a certificate template to control the parameters that  are applied to your issued private certificates. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificate-templates). */
+    interface CertificateTemplateConfig extends ConfigElementDefConfig {
+        /** The name of the intermediate certificate authority. */
+        certificate_authority: string;
+        /** Scopes the creation of private certificates to only the secret groups that you specify.
+         *
+         *  This field can be supplied as a comma-delimited list of secret group IDs.
+         */
+        allowed_secret_groups?: string;
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a
+         *  string representation of a duration in hours, for example '8760h'. Note that in the API response the value is
+         *  returned in seconds (integer).
+         *
+         *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
+         */
+        max_ttl?: any;
+        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration, such as `12h`. Hour (`h`) is the largest
+         *  time suffix. The value can't exceed the `max_ttl` that is defined in the associated certificate template. Note
+         *  that in the API response the value is returned in seconds (integer).
+         */
+        ttl?: string;
+        /** Determines whether to allow `localhost` to be included as one of the requested common names. */
+        allow_localhost?: boolean;
+        /** The domains to define for the certificate template. This property is used along with the
+         *  `allow_bare_domains` and `allow_subdomains` options.
+         */
+        allowed_domains?: string[];
+        /** Determines whether to allow the domains that are supplied in the `allowed_domains` field to contain access
+         *  control list (ACL) templates.
+         */
+        allowed_domains_template?: boolean;
+        /** Determines whether to allow clients to request private certificates that match the value of the actual
+         *  domains on the final certificate.
+         *
+         *  For example, if you specify `example.com` in the `allowed_domains` field, you grant clients the ability to
+         *  request a certificate that contains the name `example.com` as one of the DNS values on the final certificate.
+         *
+         *  **Important:** In some scenarios, allowing bare domains can be considered a security risk.
+         */
+        allow_bare_domains?: boolean;
+        /** Determines whether to allow clients to request private certificates with common names (CN) that are
+         *  subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard
+         *  subdomains.
+         *
+         *  For example, if `allowed_domains` has a value of `example.com` and `allow_subdomains`is set to `true`, then the
+         *  following subdomains are allowed: `foo.example.com`, `bar.example.com`, `*.example.com`.
+         *
+         *  **Note:** This field is redundant if you use the `allow_any_name` option.
+         */
+        allow_subdomains?: boolean;
+        /** Determines whether to allow glob patterns, for example, `ftp*.example.com`, in the names that are specified
+         *  in the `allowed_domains` field.
+         *
+         *  If set to `true`, clients are allowed to request private certificates with names that match the glob patterns.
+         */
+        allow_glob_domains?: boolean;
+        /** Determines whether to allow clients to request a private certificate that matches any common name. */
+        allow_any_name?: boolean;
+        /** Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the
+         *  host section of email addresses.
+         */
+        enforce_hostnames?: boolean;
+        /** Determines whether to allow clients to request a private certificate with IP Subject Alternative Names. */
+        allow_ip_sans?: boolean;
+        /** The URI Subject Alternative Names to allow for private certificates.
+         *
+         *  Values can contain glob patterns, for example `spiffe://hostname/_*`.
+         */
+        allowed_uri_sans?: string[];
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private
+         *  certificates.
+         *
+         *  The format for each element in the list is the same as OpenSSL: `<oid>:<type>:<value>` where the current valid
+         *  type is `UTF8`. To allow any value for an OID, use `*` as its value. Alternatively, specify a single `*` to
+         *  allow any `other_sans` input.
+         */
+        allowed_other_sans?: string[];
+        /** Determines whether private certificates are flagged for server use. */
+        server_flag?: boolean;
+        /** Determines whether private certificates are flagged for client use. */
+        client_flag?: boolean;
+        /** Determines whether private certificates are flagged for code signing use. */
+        code_signing_flag?: boolean;
+        /** Determines whether private certificates are flagged for email protection use. */
+        email_protection_flag?: boolean;
+        /** The type of private key to generate for private certificates and the type of key that is expected for
+         *  submitted certificate signing requests (CSRs).
+         *
+         *  Allowable values are: `rsa` and `ec`.
+         */
+        key_type?: string;
+        /** The number of bits to use when generating the private key.
+         *
+         *  Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384 And 521. The
+         *  default for RSA keys is 2048, and the default for EC keys is 256.
+         */
+        key_bits?: number;
+        /** The allowed key usage constraint to define for private certificates.
+         *
+         *  You can find valid values in the [Go x509 package documentation](https://pkg.go.dev/crypto/x509#KeyUsage).  Omit
+         *  the `KeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this
+         *  field to an empty list.
+         */
+        key_usage?: string[];
+        /** The allowed extended key usage constraint on private certificates.
+         *
+         *  You can find valid values in the [Go x509 package
+         *  documentation](https://golang.org/pkg/crypto/x509/#ExtKeyUsage). Omit the `ExtKeyUsage` part of the value.
+         *  Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
+         */
+        ext_key_usage?: string[];
+        /** A list of extended key usage Object Identifiers (OIDs). */
+        ext_key_usage_oids?: string[];
+        /** When used with the `sign_csr` action, this field determines whether to use the common name (CN) from a
+         *  certificate signing request (CSR) instead of the CN that's included in the JSON data of the certificate.
+         *
+         *  Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names,
+         *  include the `use_csr_sans` property.
+         */
+        use_csr_common_name?: boolean;
+        /** When used with the `sign_csr` action, this field determines whether to use the Subject Alternative Names
+         *  (SANs) from a certificate signing request (CSR) instead of the SANs that are included in the JSON data of the
+         *  certificate.
+         *
+         *  Does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property.
+         */
+        use_csr_sans?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting CA certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
+         *  omit this field.
+         */
+        serial_number?: string;
+        /** Determines whether to require a common name to create a private certificate.
+         *
+         *  By default, a common name is required to generate a certificate. To make the `common_name` field optional, set
+         *  the `require_cn` option to `false`.
+         */
+        require_cn?: boolean;
+        /** A list of policy Object Identifiers (OIDs). */
+        policy_identifiers?: string[];
+        /** Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for
+         *  non-CA certificates.
+         */
+        basic_constraints_valid_for_non_ca?: boolean;
+        /** The duration in seconds by which to backdate the `not_before` property of an issued private certificate. The
+         *  value can be supplied as a string representation of a duration, such as `30s`. Note that in the API response the
+         *  value is returned in seconds (integer).
+         */
+        not_before_duration?: any;
+    }
+    /** Properties that describe an IBM Cloud classic infrastructure (SoftLayer) configuration. */
+    interface ConfigElementDefConfigClassicInfrastructureConfig extends ConfigElementDefConfig {
+        /** The username that is associated with your classic infrastructure account.
+         *
+         *  In most cases, your classic infrastructure username is your `<account_id>_<email_address>`. For more
+         *  information, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
+         */
+        classic_infrastructure_username: string;
+        /** Your classic infrastructure API key.
+         *
+         *  For information about viewing and accessing your classic infrastructure API key, see the
+         *  [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
+         */
+        classic_infrastructure_password: string;
+    }
+    /** Properties that describe an IBM Cloud Internet Services (CIS) configuration. */
     interface ConfigElementDefConfigCloudInternetServicesConfig extends ConfigElementDefConfig {
         /** The Cloud Resource Name (CRN) that is associated with the CIS instance. */
         cis_crn: string;
-        /** An IBM Cloud API key that has the capability to list domains in your CIS instance.
+        /** An IBM Cloud API key that can to list domains in your CIS instance.
          *
          *  To grant Secrets Manager the ability to view the CIS instance and all of its domains, the API key must be
          *  assigned the Reader service role on Internet Services (`internet-svcs`).
@@ -1590,7 +2208,7 @@ declare namespace SecretsManagerV1 {
     interface ConfigElementDefConfigLetsEncryptConfig extends ConfigElementDefConfig {
         /** The private key that is associated with your Automatic Certificate Management Environment (ACME) account.
          *
-         *  If you have a working ACME client or account for Let's Encrypt, you can use the existing private key to  enable
+         *  If you have a working ACME client or account for Let's Encrypt, you can use the existing private key to enable
          *  communications with Secrets Manager. If you don't have an account yet, you can create one. For more information,
          *  see the
          *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#create-acme-account).
@@ -1599,56 +2217,537 @@ declare namespace SecretsManagerV1 {
     }
     /** Configuration for the IAM credentials engine. */
     interface CreateIAMCredentialsSecretEngineRootConfig extends EngineConfig {
-        /** An IBM Cloud API key that has the capability to create and manage service IDs.
+        /** An IBM Cloud API key that can create and manage service IDs.
+         *
+         *  The API key must be assigned the Editor platform role on the Access Groups Service and the Operator platform
+         *  role on the IAM Identity Service. For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-configure-iam-engine).
+         */
+        api_key: string;
+        /** The hash value of the IBM Cloud API key that is used to create and manage service IDs. */
+        api_key_hash?: string;
+    }
+    /** Delete the credentials that are associated with an `iam_credentials` secret. */
+    interface DeleteCredentialsForIAMCredentialsSecret extends SecretAction {
+        /** The ID of the API key that you want to delete. If the secret was created with a static service ID, only the
+         *  API key is deleted. Otherwise, the service ID is deleted together with its API key.
+         */
+        api_key_id?: string;
+        /** The service ID that you want to delete. This property can be used instead of the `api_key_id` field, but
+         *  only for secrets that were created with a service ID that was generated by Secrets Manager.
+         *
+         *  **Deprecated.** Use the `api_key_id` field instead.
+         */
+        service_id?: string;
+    }
+    /** Certificate authorities configuration. */
+    interface GetConfigElementsResourcesItemCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
+        certificate_authorities: ConfigElementMetadata[];
+    }
+    /** DNS providers configuration. */
+    interface GetConfigElementsResourcesItemDnsProvidersConfig extends GetConfigElementsResourcesItem {
+        dns_providers: ConfigElementMetadata[];
+    }
+    /** Properties that describe a rotation policy. */
+    interface GetSecretPolicyRotation extends GetSecretPolicies {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: JsonObject[];
+    }
+    /** Configuration for the IAM credentials engine. */
+    interface IAMCredentialsSecretEngineRootConfig extends GetConfigResourcesItem {
+        /** An IBM Cloud API key that can create and manage service IDs.
+         *
+         *  The API key must be assigned the Editor platform role on the Access Groups Service and the Operator platform
+         *  role on the IAM Identity Service. For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-configure-iam-engine).
+         */
+        api_key: string;
+        /** The hash value of the IBM Cloud API key that is used to create and manage service IDs. */
+        api_key_hash?: string;
+    }
+    /** Metadata properties that describe an `iam_credentials` secret. */
+    interface IAMCredentialsSecretMetadata extends SecretMetadata {
+        /** The unique ID of the secret. */
+        id?: string;
+        /** Labels that you can use to filter for secrets in your instance.
+         *
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         */
+        labels?: string[];
+        /** A human-readable alias to assign to your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         */
+        name: string;
+        /** An extended description of your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret.
+         */
+        description?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** The Cloud Resource Name (CRN) that uniquely identifies the resource. */
+        crn?: string;
+        /** The date the secret was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret. */
+        created_by?: string;
+        /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** The number of versions the secret has. */
+        versions_total?: number;
+        /** The time-to-live (TTL) or lease duration that is assigned to the secret. For `iam_credentials` secrets, the
+         *  TTL defines for how long each generated API key remains valid.
+         */
+        ttl?: string;
+        /** Determines whether to use the same service ID and API key for future read operations on an
+         *  `iam_credentials` secret.
+         *
+         *  If set to `true`, the service reuses the current credentials. If set to `false`, a new service ID and API key
+         *  are generated each time that the secret is read or accessed.
+         */
+        reuse_api_key?: boolean;
+        /** Indicates whether an `iam_credentials` secret was created with a static service ID.
+         *
+         *  If the value is `true`, the service ID for the secret was provided by the user at secret creation. If the value
+         *  is `false`, the service ID was generated by Secrets Manager.
+         */
+        service_id_is_static?: boolean;
+        /** The service ID under which the API key is created. The service ID is included in the metadata only if the
+         *  secret was created with a static service ID.
+         */
+        service_id?: string;
+        /** The access groups that define the capabilities of the service ID and API key that are generated for an
+         *  `iam_credentials` secret. The access groups are included in the metadata only if the secret was created with a
+         *  service ID that was generated by Secrets Manager.
+         */
+        access_groups?: string[];
+    }
+    /** Properties that describe a secret. */
+    interface IAMCredentialsSecretResource extends SecretResource {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** A human-readable alias to assign to your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         */
+        name: string;
+        /** An extended description of your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret.
+         */
+        description?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** Labels that you can use to filter for secrets in your instance.
+         *
+         *  Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
+         *  not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         */
+        labels?: string[];
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** The Cloud Resource Name (CRN) that uniquely identifies your Secrets Manager resource. */
+        crn?: string;
+        /** The date the secret was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret. */
+        created_by?: string;
+        /** Updates when the actual secret is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** The number of versions that are associated with a secret. */
+        versions_total?: number;
+        /** An array that contains metadata for each secret version. For more information on the metadata properties,
+         *  see [Get secret version metadata](#get-secret-version-metadata).
+         */
+        versions?: JsonObject[];
+        /** The time-to-live (TTL) or lease duration to assign to generated credentials.
+         *
+         *  For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can
+         *  be either an integer that specifies the number of seconds, or the string representation of a duration, such as
+         *  `120m` or `24h`.
+         *
+         *  Minimum duration is 1 minute. Maximum is 90 days.
+         */
+        ttl?: string;
+        /** The access groups that define the capabilities of the service ID and API key that are generated for an
+         *  `iam_credentials` secret. If you prefer to use an existing service ID that is already assigned the access
+         *  policies that you require, you can omit this parameter and use the `service_id` field instead.
+         *
+         *  **Tip:** To list the access groups that are available in an account, you can use the [IAM Access Groups
+         *  API](https://cloud.ibm.com/apidocs/iam-access-groups#list-access-groups). To find the ID of an access group in
+         *  the console, go to **Manage > Access (IAM) > Access groups**. Select the access group to inspect, and click
+         *  **Details** to view its ID.
+         */
+        access_groups?: string[];
+        /** The API key that is generated for this secret.
+         *
+         *  After the secret reaches the end of its lease (see the `ttl` field), the API key is deleted automatically. If
+         *  you want to continue to use the same API key for future read operations, see the `reuse_api_key` field.
+         */
+        api_key?: string;
+        /** The ID of the API key that is generated for this secret. */
+        api_key_id?: string;
+        /** The service ID under which the API key (see the `api_key` field) is created.
+         *
+         *  If you omit this parameter, Secrets Manager generates a new service ID for your secret at its creation and adds
+         *  it to the access groups that you assign.
+         *
+         *  Optionally, you can use this field to provide your own service ID if you prefer to manage its access directly or
+         *  retain the service ID after your secret expires, is rotated, or deleted. If you provide a service ID, do not
+         *  include the `access_groups` parameter.
+         */
+        service_id?: string;
+        /** Indicates whether an `iam_credentials` secret was created with a static service ID.
+         *
+         *  If `true`, the service ID for the secret was provided by the user at secret creation. If `false`, the service ID
+         *  was generated by Secrets Manager.
+         */
+        service_id_is_static?: boolean;
+        /** Determines whether to use the same service ID and API key for future read operations on an
+         *  `iam_credentials` secret.
+         *
+         *  If set to `true`, the service reuses the current credentials. If set to `false`, a new service ID and API key
+         *  are generated each time that the secret is read or accessed.
+         */
+        reuse_api_key?: boolean;
+    }
+    /** IAMCredentialsSecretVersion. */
+    interface IAMCredentialsSecretVersion extends SecretVersion {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** The data that is associated with the secret version. The data object contains the following fields:
+         *
+         *  - `api_key`: The API key that is generated for this secret.
+         *  - `api_key_id`: The ID of the API key that is generated for this secret.
+         *  - `service_id`: The service ID under which the API key is created.
+         */
+        secret_data?: JsonObject;
+    }
+    /** IAMCredentialsSecretVersionInfo. */
+    interface IAMCredentialsSecretVersionInfo extends SecretVersionInfo {
+        /** The ID of the secret version. */
+        id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
+    }
+    /** Properties that describe a secret version. */
+    interface IAMCredentialsSecretVersionMetadata extends SecretVersionMetadata {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
+    }
+    /** Intermediate certificate authorities configuration. */
+    interface IntermediateCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
+        intermediate_certificate_authorities: IntermediateCertificateAuthoritiesConfigItem[];
+    }
+    /** Intermediate certificate authority configuration. */
+    interface IntermediateCertificateAuthorityConfig extends ConfigElementDefConfig {
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a
+         *  string representation of a duration in hours, for example '8760h'. Note that in the API response the value is
+         *  returned in seconds (integer).
+         *
+         *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
+         */
+        max_ttl: any;
+        /** The signing method to use with this certificate authority to generate private certificates.
+         *
+         *  You can choose between internal or externally signed options. For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities).
+         */
+        signing_method: string;
+        /** The certificate authority that signed and issued the certificate.
+         *
+         *  If the certificate is signed internally, the `issuer` field is required and must match the name of a certificate
+         *  authority that is configured in the Secrets Manager service instance.
+         */
+        issuer?: string;
+        /** The time until the certificate revocation list (CRL) expires. The value can be supplied as a string
+         *  representation of a duration in hours, such as `48h`. The default is 72 hours. Note that in the API response the
+         *  value is returned in seconds (integer).
+         */
+        crl_expiry?: any;
+        /** Determines whether to disable certificate revocation list (CRL) building.
+         *
+         *  By default, each request rebuilds a CRL. To disable CRL building, set this field to `true`.
+         */
+        crl_disable?: boolean;
+        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the private
+         *  certificates that are issued by a certificate authority.
+         */
+        crl_distribution_points_encoded?: boolean;
+        /** Determines whether to encode the URL of the issuing certificate in the private certificates that are issued
+         *  by a certificate authority.
+         */
+        issuing_certificates_urls_encoded?: boolean;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The status of the certificate authority. The status of a root certificate authority is either `configured`
+         *  or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,
+         *  `signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`.
+         */
+        status?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string[];
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** The type of private key to generate. */
+        key_type?: string;
+        /** The number of bits to use when generating the private key.
+         *
+         *  Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384 And 521. The
+         *  default for RSA keys is 2048, and the default for EC keys is 256.
+         */
+        key_bits?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting CA certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
+         *  omit this field.
+         */
+        serial_number?: string;
+        /** The data that is associated with the intermediate certificate authority. The data object contains the
+         *   following fields:
+         *
+         *  - `csr`: The PEM-encoded certificate signing request.
+         *  - `private_key`: The private key.
+         *  - `private_key_type`: The type of private key, for example `rsa`.
+         */
+        data?: JsonObject;
+    }
+    /** Metadata properties that describe a key-value secret. */
+    interface KvSecretMetadata extends SecretMetadata {
+        /** The unique ID of the secret. */
+        id?: string;
+        /** Labels that you can use to filter for secrets in your instance.
+         *
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         */
+        labels?: string[];
+        /** A human-readable alias to assign to your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         */
+        name: string;
+        /** An extended description of your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret.
+         */
+        description?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** The Cloud Resource Name (CRN) that uniquely identifies the resource. */
+        crn?: string;
+        /** The date the secret was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret. */
+        created_by?: string;
+        /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** The number of versions the secret has. */
+        versions_total?: number;
+    }
+    /** Properties that describe a secret. */
+    interface KvSecretResource extends SecretResource {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** A human-readable alias to assign to your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         */
+        name: string;
+        /** An extended description of your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret.
+         */
+        description?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** Labels that you can use to filter for secrets in your instance.
+         *
+         *  Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
+         *  not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         */
+        labels?: string[];
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** The Cloud Resource Name (CRN) that uniquely identifies your Secrets Manager resource. */
+        crn?: string;
+        /** The date the secret was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret. */
+        created_by?: string;
+        /** Updates when the actual secret is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** The number of versions that are associated with a secret. */
+        versions_total?: number;
+        /** An array that contains metadata for each secret version. For more information on the metadata properties,
+         *  see [Get secret version metadata](#get-secret-version-metadata).
+         */
+        versions?: JsonObject[];
+        /** The date the secret material expires. The date format follows RFC 3339.
          *
-         *  The API key must be assigned the Editor platform role on the Access Groups Service and the Operator platform
-         *  role on the IAM Identity Service. For more information, see the
-         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-configure-iam-engine).
+         *  You can set an expiration date on supported secret types at their creation. If you create a secret without
+         *  specifying an expiration date, the secret does not expire. The `expiration_date` field is supported for the
+         *  following secret types:
+         *
+         *  - `arbitrary`
+         *  - `username_password`.
          */
-        api_key: string;
-        /** The hash value of the IBM Cloud API key that is used to create and manage service IDs. */
-        api_key_hash?: string;
-    }
-    /** Delete the credentials that are associated with an `iam_credentials` secret. */
-    interface DeleteCredentialsForIAMCredentialsSecret extends SecretAction {
-        /** The service ID that you want to delete. It is deleted together with its API key. */
-        service_id: string;
-    }
-    /** Certificate authorities configuration. */
-    interface GetConfigElementsResourcesItemCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
-        certificate_authorities: ConfigElementMetadata[];
-    }
-    /** DNS providers configuration. */
-    interface GetConfigElementsResourcesItemDnsProvidersConfig extends GetConfigElementsResourcesItem {
-        dns_providers: ConfigElementMetadata[];
-    }
-    /** Properties that describe a rotation policy. */
-    interface GetSecretPolicyRotation extends GetSecretPolicies {
-        /** The metadata that describes the resource array. */
-        metadata: CollectionMetadata;
-        /** A collection of resources. */
-        resources: GetSecretPolicyRotationResourcesItem[];
-    }
-    /** Configuration for the IAM credentials engine. */
-    interface IAMCredentialsSecretEngineRootConfig extends GetConfigResourcesItem {
-        /** An IBM Cloud API key that has the capability to create and manage service IDs.
+        expiration_date?: string;
+        /** The new secret data to assign to the secret. */
+        payload?: JsonObject;
+        /** The data that is associated with the secret version.
          *
-         *  The API key must be assigned the Editor platform role on the Access Groups Service and the Operator platform
-         *  role on the IAM Identity Service. For more information, see the
-         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-configure-iam-engine).
+         *  The data object contains the field `payload`.
          */
-        api_key: string;
-        /** The hash value of the IBM Cloud API key that is used to create and manage service IDs. */
-        api_key_hash?: string;
+        secret_data?: JsonObject;
     }
-    /** Metadata properties that describe a iam_credentials secret. */
-    interface IAMCredentialsSecretMetadata extends SecretMetadata {
+    /** The `private_cert` secret rotation policy. */
+    interface PrivateCertPolicyRotation extends SecretPolicyRotationRotation {
+        auto_rotate: boolean;
+        /** The length of the secret rotation time interval. */
+        interval?: number;
+        /** The units for the secret rotation time interval. */
+        unit?: string;
+    }
+    /** Configuration for the private certificates engine. */
+    interface PrivateCertSecretEngineRootConfig extends GetConfigResourcesItem {
+        /** The root certificate authority configurations that are associated with your instance. */
+        root_certificate_authorities?: RootCertificateAuthorityConfig[];
+        /** The intermediate certificate authority configurations that are associated with your instance. */
+        intermdiate_certificate_authorities?: IntermediateCertificateAuthorityConfig[];
+        /** The certificate templates that are associated with your instance. */
+        certificate_templates?: CertificateTemplateConfig[];
+    }
+    /** Metadata properties that describe a private certificate secret. */
+    interface PrivateCertificateSecretMetadata extends SecretMetadata {
         /** The unique ID of the secret. */
         id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -1687,21 +2786,65 @@ declare namespace SecretsManagerV1 {
         last_update_date?: string;
         /** The number of versions the secret has. */
         versions_total?: number;
-        /** The time-to-live (TTL) or lease duration to assign to generated credentials.
+        /** The name of the certificate template. */
+        certificate_template: string;
+        /** The intermediate certificate authority that signed this certificate. */
+        certificate_authority?: string;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
          *
-         *  For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can
-         *  be either an integer that specifies the number of seconds, or the string representation of a duration, such as
-         *  `120m` or `24h`.
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string[];
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) or lease duration to assign to a private certificate. The value can be supplied as a
+         *  string representation of a duration in hours, for example '12h'. The value can't exceed the `max_ttl` that is
+         *  defined in the associated certificate template.
+         */
+        ttl?: string;
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        rotation?: Rotation;
+        /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
+         *  the certificate.
          */
-        ttl?: any;
-        /** For `iam_credentials` secrets, this field controls whether to use the same service ID and API key for future
-         *  read operations on this secret. If set to `true`, the service reuses the current credentials. If set to `false`,
-         *  a new service ID and API key is generated each time that the secret is read or accessed.
+        algorithm?: string;
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
          */
-        reuse_api_key?: boolean;
+        key_algorithm?: string;
+        /** The certificate authority that signed and issued the certificate. */
+        issuer?: string;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
     }
     /** Properties that describe a secret. */
-    interface IAMCredentialsSecretResource extends SecretResource {
+    interface PrivateCertificateSecretResource extends SecretResource {
         /** The v4 UUID that uniquely identifies the secret. */
         id?: string;
         /** A human-readable alias to assign to your secret.
@@ -1722,8 +2865,8 @@ declare namespace SecretsManagerV1 {
         secret_group_id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
+         *  not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -1750,48 +2893,171 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
-        /** The time-to-live (TTL) or lease duration to assign to generated credentials.
+        /** The name of the certificate template. */
+        certificate_template: string;
+        /** The intermediate certificate authority that signed this certificate. */
+        certificate_authority?: string;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
          *
-         *  For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can
-         *  be either an integer that specifies the number of seconds, or the string representation of a duration, such as
-         *  `120m` or `24h`.
+         *  The alternative names can be host names or email addresses.
          */
-        ttl?: any;
-        /** The access groups that define the capabilities of the service ID and API key that are generated for an
-         *  `iam_credentials` secret.
+        alt_names?: string[];
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) or lease duration to assign to a private certificate. The value can be supplied as a
+         *  string representation of a duration in hours, for example '12h'. The value can't exceed the `max_ttl` that is
+         *  defined in the associated certificate template.
+         */
+        ttl?: string;
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        rotation?: Rotation;
+        /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
+         *  the certificate.
+         */
+        algorithm?: string;
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
+         */
+        key_algorithm?: string;
+        /** The certificate authority that signed and issued the certificate. */
+        issuer?: string;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** The data that is associated with the secret. The data object contains the following fields:
          *
-         *  **Tip:** To list the access groups that are available in an account, you can use the [IAM Access Groups
-         *  API](https://cloud.ibm.com/apidocs/iam-access-groups#list-access-groups). To find the ID of an access group in
-         *  the console, go to **Manage > Access (IAM) > Access groups**. Select the access group to inspect, and click
-         *  **Details** to view its ID.
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `issuing_ca`: The certificate of the certificate authority that signed and issued this certificate.
+         *  - `ca_chain`: The chain of certificate authorities that are associated with the certificate.
          */
-        access_groups?: string[];
-        /** The API key that is generated for this secret.
+        secret_data?: JsonObject;
+    }
+    /** PrivateCertificateSecretVersion. */
+    interface PrivateCertificateSecretVersion extends SecretVersion {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        /** The data that is associated with the secret version. The data object contains the following fields:
          *
-         *  After the secret reaches the end of its lease (see the `ttl` field), the API key is deleted automatically. If
-         *  you want to continue to use the same API key for future read operations, see the `reuse_api_key` field.
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
          */
-        api_key?: string;
-        /** The service ID under which the API key (see the `api_key` field) is created. This service ID is added to the
-         *  access groups that you assign for this secret.
+        secret_data?: CertificateSecretData;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
          */
-        service_id?: string;
-        /** Set to `true` to reuse the service ID and API key for this secret.
-         *
-         *  Use this field to control whether to use the same service ID and API key for future read operations on this
-         *  secret. If set to `true`, the service reuses the current credentials. If set to `false`, a new service ID and
-         *  API key is generated each time that the secret is read or accessed.
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
+    }
+    /** PrivateCertificateSecretVersionInfo. */
+    interface PrivateCertificateSecretVersionInfo extends SecretVersionInfo {
+        /** The ID of the secret version. */
+        id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
          */
-        reuse_api_key?: boolean;
+        downloaded?: boolean;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        validity?: CertificateValidity;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
     }
     /** Properties that describe a secret version. */
-    interface IAMCredentialsSecretVersionMetadata extends SecretVersionMetadata {
-        /** The ID of the secret version. */
+    interface PrivateCertificateSecretVersionMetadata extends SecretVersionMetadata {
+        /** The v4 UUID that uniquely identifies the secret. */
         id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
         /** The date that the version of the secret was created. */
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        validity?: CertificateValidity;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
     }
     /** Configuration for the public certificates engine. */
     interface PublicCertSecretEngineRootConfig extends GetConfigResourcesItem {
@@ -1801,13 +3067,14 @@ declare namespace SecretsManagerV1 {
         dns_providers?: ConfigElementMetadata[];
     }
     /** Metadata properties that describe a public certificate secret. */
-    interface PublicCertificateMetadataSecretResource extends SecretMetadata {
+    interface PublicCertificateSecretMetadata extends SecretMetadata {
         /** The unique ID of the secret. */
         id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -1853,8 +3120,8 @@ declare namespace SecretsManagerV1 {
          *  Set to `false` for the certificate file to contain only the issued certificate.
          */
         bundle_certs?: boolean;
-        /** The identifier for the cryptographic algorthim to be used by the issuing certificate authority to sign the
-         *  ceritificate.
+        /** The identifier for the cryptographic algorithm to be used by the issuing certificate authority to sign the
+         *  certificate.
          */
         algorithm?: string;
         /** The identifier for the cryptographic algorithm to be used to generate the public key that is associated with
@@ -1872,6 +3139,9 @@ declare namespace SecretsManagerV1 {
         rotation?: Rotation;
         /** Issuance information that is associated with your certificate. */
         issuance_info?: IssuanceInfo;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
     }
     /** Properties that describe a secret. */
     interface PublicCertificateSecretResource extends SecretResource {
@@ -1895,8 +3165,8 @@ declare namespace SecretsManagerV1 {
         secret_group_id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
+         *  not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -1940,15 +3210,15 @@ declare namespace SecretsManagerV1 {
          *  To view a list of your configured authorities, use the [List configurations API](#get-secret-config-element).
          */
         dns?: string;
-        /** The identifier for the cryptographic algorthim to be used by the issuing certificate authority to sign the
-         *  ceritificate.
+        /** The identifier for the cryptographic algorithm to be used by the issuing certificate authority to sign the
+         *  certificate.
          */
         algorithm?: string;
         /** The identifier for the cryptographic algorithm to be used to generate the public key that is associated with
          *  the certificate.
          *
-         *  The algorithm that you select determines the encryption algorthim (`RSA` or `ECDSA`) and key size to be used to
-         *  generate keys and sign certificates. For longer living certificates it is recommended to use longer keys to
+         *  The algorithm that you select determines the encryption algorithm (`RSA` or `ECDSA`) and key size to be used to
+         *  generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to
          *  provide more encryption protection.
          */
         key_algorithm?: string;
@@ -1956,12 +3226,156 @@ declare namespace SecretsManagerV1 {
         alt_names?: string[];
         /** The fully qualified domain name or host domain name for the certificate. */
         common_name?: string;
+        /** Indicates whether the issued certificate includes a private key. */
+        private_key_included?: boolean;
+        /** Indicates whether the issued certificate includes an intermediate certificate. */
+        intermediate_included?: boolean;
         rotation?: Rotation;
         /** Issuance information that is associated with your certificate. */
         issuance_info?: IssuanceInfo;
-        /** The data that is associated with the secret. */
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The data that is associated with the secret. The data object contains the following fields:
+         *
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
+         */
         secret_data?: JsonObject;
     }
+    /** The request body of a `restore` action. */
+    interface RestoreIAMCredentialsSecretBody extends SecretAction {
+        /** The ID of the target version or the alias `previous`. */
+        version_id: string;
+    }
+    /** A request to revoke the certificate of an internally signed intermediate certificate authority. */
+    interface RevokeAction extends ConfigAction {
+        /** The serial number of the certificate. */
+        serial_number: string;
+    }
+    /** Properties that are returned with a successful `revoke` action. */
+    interface RevokeActionResult extends ConfigElementActionResultConfig {
+        /** The time until the certificate authority is revoked. */
+        revocation_time?: number;
+    }
+    /** Root certificate authorities configuration. */
+    interface RootCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
+        root_certificate_authorities: RootCertificateAuthoritiesConfigItem[];
+    }
+    /** Root certificate authority configuration. */
+    interface RootCertificateAuthorityConfig extends ConfigElementDefConfig {
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a
+         *  string representation of a duration in hours, for example '8760h'. Note that in the API response the value is
+         *  returned in seconds (integer).
+         *
+         *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
+         */
+        max_ttl: any;
+        /** The time until the certificate revocation list (CRL) expires. The value can be supplied as a string
+         *  representation of a duration in hours, such as `48h`. The default is 72 hours. Note that in the API response the
+         *  value is returned in seconds (integer).
+         */
+        crl_expiry?: any;
+        /** Determines whether to disable certificate revocation list (CRL) building.
+         *
+         *  By default, each request rebuilds a CRL. To disable CRL building, set this field to `true`.
+         */
+        crl_disable?: boolean;
+        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the private
+         *  certificates that are issued by a certificate authority.
+         */
+        crl_distribution_points_encoded?: boolean;
+        /** Determines whether to encode the URL of the issuing certificate in the private certificates that are issued
+         *  by a certificate authority.
+         */
+        issuing_certificates_urls_encoded?: boolean;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The status of the certificate authority. The status of a root certificate authority is either `configured`
+         *  or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,
+         *  `signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`.
+         */
+        status?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string[];
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration, such as `12h`. The value can't exceed the
+         *  `max_ttl` that is defined in the associated certificate template. Note that in the API response the value is
+         *  returned in seconds (integer).
+         */
+        ttl?: string;
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** The type of private key to generate. */
+        key_type?: string;
+        /** The number of bits to use when generating the private key.
+         *
+         *  Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384 And 521. The
+         *  default for RSA keys is 2048, and the default for EC keys is 256.
+         */
+        key_bits?: number;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting CA certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
+         *  omit this field.
+         */
+        serial_number?: string;
+        /** The data that is associated with the root certificate authority. The data object contains the following
+         *  fields:
+         *
+         *  - `certificate`: The root certificate content.
+         *  - `issuing_ca`: The certificate of the certificate authority that signed and issued this certificate.
+         *  - `serial_number`: The unique serial number of the root certificate.
+         */
+        data?: JsonObject;
+    }
     /** The request body of a `rotate` action. */
     interface RotateArbitrarySecretBody extends SecretAction {
         /** The new secret data to assign to an `arbitrary` secret. */
@@ -1976,9 +3390,17 @@ declare namespace SecretsManagerV1 {
         /** The new intermediate certificate to associate with the certificate. */
         intermediate?: string;
     }
+    /** Properties that are returned with a successful `rotate_crl` action. */
+    interface RotateCrlActionResult extends ConfigElementActionResultConfig {
+    }
+    /** The request body of a `rotate` action. */
+    interface RotateKvSecretBody extends SecretAction {
+        /** The new secret data to assign to a key-value secret. */
+        payload: JsonObject;
+    }
     /** The request body of a `rotate` action. */
     interface RotatePublicCertBody extends SecretAction {
-        /** Determine whether keys should be rotated. */
+        /** Determine whether keys must be rotated. */
         rotate_keys: boolean;
     }
     /** The request body of a `rotate` action. */
@@ -1988,9 +3410,9 @@ declare namespace SecretsManagerV1 {
     }
     /** The secret rotation time interval. */
     interface SecretPolicyRotationRotationPolicyRotation extends SecretPolicyRotationRotation {
-        /** Specifies the length of the secret rotation time interval. */
+        /** The length of the secret rotation time interval. */
         interval: number;
-        /** Specifies the units for the secret rotation time interval. */
+        /** The units for the secret rotation time interval. */
         unit: string;
     }
     /** The `public_cert` secret rotation policy. */
@@ -1998,14 +3420,333 @@ declare namespace SecretsManagerV1 {
         auto_rotate: boolean;
         rotate_keys: boolean;
     }
+    /** A request to set a signed certificate in an intermediate certificate authority. */
+    interface SetSignedAction extends ConfigAction {
+        /** The PEM-encoded certificate. */
+        certificate: string;
+    }
+    /** Properties that are returned with a successful `set_signed` action. */
+    interface SetSignedActionResult extends ConfigElementActionResultConfig {
+    }
+    /** A request to sign a certificate signing request (CSR). */
+    interface SignCsrAction extends ConfigAction {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string[];
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: string;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting CA certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
+         *  omit this field.
+         */
+        serial_number?: string;
+        /** The PEM-encoded certificate signing request (CSR). This field is required for the `sign_csr` action. */
+        csr: string;
+    }
+    /** Properties that are returned with a successful `sign_csr` action. */
+    interface SignCsrActionResult extends ConfigElementActionResultConfig {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string[];
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: string;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting CA certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
+         *  omit this field.
+         */
+        serial_number?: string;
+        /** Properties that are returned with a successful `sign` action. */
+        data: SignActionResultData;
+        /** The PEM-encoded certificate signing request (CSR). */
+        csr: string;
+    }
+    /** A request to sign an intermediate certificate authority. */
+    interface SignIntermediateAction extends ConfigAction {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string[];
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: string;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting CA certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
+         *  omit this field.
+         */
+        serial_number?: string;
+        /** The intermediate certificate authority to be signed. The name must match one of the pre-configured
+         *  intermediate certificate authorities.
+         */
+        intermediate_certificate_authority: string;
+    }
+    /** Properties that are returned with a successful `sign_intermediate` action. */
+    interface SignIntermediateActionResult extends ConfigElementActionResultConfig {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string[];
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: string;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting CA certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
+         *  omit this field.
+         */
+        serial_number?: string;
+        /** Properties that are returned with a successful `sign` action. */
+        data: SignIntermediateActionResultData;
+        /** The signed intermediate certificate authority. */
+        intermediate_certificate_authority: string;
+    }
     /** Metadata properties that describe a username_password secret. */
     interface UsernamePasswordSecretMetadata extends SecretMetadata {
         /** The unique ID of the secret. */
         id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -2077,8 +3818,8 @@ declare namespace SecretsManagerV1 {
         secret_group_id?: string;
         /** Labels that you can use to filter for secrets in your instance.
          *
-         *  Up to 30 labels can be created. Labels can be between 2-30 characters, including spaces. Special characters not
-         *  permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *  Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
+         *  not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
          *
          *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
          */
@@ -2109,6 +3850,11 @@ declare namespace SecretsManagerV1 {
         username?: string;
         /** The password to assign to this secret. */
         password?: string;
+        /** The data that is associated with the secret version. The data object contains the following fields:
+         *
+         *  - `username`: The username that is associated with the secret version.
+         *  - `password`: The password that is associated with the secret version.
+         */
         secret_data?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
@@ -2127,14 +3873,58 @@ declare namespace SecretsManagerV1 {
          */
         next_rotation_date?: string;
     }
+    /** UsernamePasswordSecretVersion. */
+    interface UsernamePasswordSecretVersion extends SecretVersion {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
+        /** The data that is associated with the secret version. The data object contains the following fields:
+         *
+         *  - `username`: The username that is associated with the secret version.
+         *  - `password`: The password that is associated with the secret version.
+         */
+        secret_data?: JsonObject;
+    }
+    /** UsernamePasswordSecretVersionInfo. */
+    interface UsernamePasswordSecretVersionInfo extends SecretVersionInfo {
+        /** The ID of the secret version. */
+        id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
+    }
     /** Properties that describe a secret version. */
     interface UsernamePasswordSecretVersionMetadata extends SecretVersionMetadata {
-        /** The ID of the secret version. */
+        /** The v4 UUID that uniquely identifies the secret. */
         id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
         /** The date that the version of the secret was created. */
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
     }