@ibm-cloud/secrets-manager 1.0.3 → 1.0.33

package/secrets-manager/v1.d.ts

@@ -21,11 +21,10 @@ import { BaseService, UserOptions } from 'ibm-cloud-sdk-core';
  * services or your custom-built applications. Secrets are stored in a dedicated instance of Secrets Manager, which is
  * built on open source HashiCorp Vault.
  *
- * API Version: 1.0.0
+ * API Version: 1.0.33
  * See: https://cloud.ibm.com/docs/secrets-manager
  */
 declare class SecretsManagerV1 extends BaseService {
-    static DEFAULT_SERVICE_URL: string;
     static DEFAULT_SERVICE_NAME: string;
     /*************************
      * Factory method
@@ -57,7 +56,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Create a secret group.
      *
-     * Creates a secret group that you can use to organize secrets and control who on your team has access to them.
+     * Create a secret group that you can use to organize secrets and control who on your team has access to them.
      *
      * A successful request returns the ID value of the secret group, along with other metadata. To learn more about
      * secret groups, check out the
@@ -73,7 +72,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List secret groups.
      *
-     * Retrieves the list of secret groups that are available in your Secrets Manager instance.
+     * List the secret groups that are available in your Secrets Manager instance.
      *
      * @param {Object} [params] - The parameters to send to the service.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
@@ -83,7 +82,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get a secret group.
      *
-     * Retrieves the metadata of an existing secret group by specifying the ID of the group.
+     * Get the metadata of an existing secret group by specifying the ID of the group.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret group.
@@ -94,7 +93,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Update a secret group.
      *
-     * Updates the metadata of an existing secret group, such as its name or description.
+     * Update the metadata of an existing secret group, such as its name or description.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret group.
@@ -107,7 +106,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Delete a secret group.
      *
-     * Deletes a secret group by specifying the ID of the secret group.
+     * Delete a secret group by specifying the ID of the secret group.
      *
      * **Note:** To delete a secret group, it must be empty. If you need to remove a secret group that contains secrets,
      * you must first [delete the secrets](#delete-secret) that are associated with the group.
@@ -145,7 +144,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List secrets by type.
      *
-     * Retrieves a list of secrets based on the type that you specify.
+     * List the secrets in your Secrets Manager instance based on the type that you specify.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -167,7 +166,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List all secrets.
      *
-     * Retrieves a list of all secrets in your Secrets Manager instance.
+     * List all of the secrets in your Secrets Manager instance.
      *
      * @param {Object} [params] - The parameters to send to the service.
      * @param {number} [params.limit] - The number of secrets to retrieve. By default, list operations return the first
@@ -220,10 +219,11 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Invoke an action on a secret.
      *
-     * Invokes an action on a specified secret. This method supports the following actions:
+     * Invoke an action on a specified secret. This method supports the following actions:
      *
      * - `rotate`: Replace the value of a secret.
      * - `restore`: Restore a previous version of an `iam_credentials` secret.
+     * - `revoke`: Revoke a private certificate.
      * - `delete_credentials`: Delete the API key that is associated with an `iam_credentials` secret.
      *
      * @param {Object} params - The parameters to send to the service.
@@ -238,7 +238,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Delete a secret.
      *
-     * Deletes a secret by specifying the ID of the secret.
+     * Delete a secret by specifying the ID of the secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -250,7 +250,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List versions of a secret.
      *
-     * Retrieves a list of the versions of a secret.
+     * List the versions of a secret.
      *
      * A successful request returns the list of the versions along with the metadata of each version.
      *
@@ -264,7 +264,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get a version of a secret.
      *
-     * Retrieves a version of a secret by specifying the ID of the version or the alias `previous`.
+     * Get a version of a secret by specifying the ID of the version or the alias `previous`.
      *
      * A successful request returns the secret data that is associated with the specified version of your secret, along
      * with other metadata.
@@ -281,10 +281,30 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersion>>}
      */
     getSecretVersion(params: SecretsManagerV1.GetSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersion>>;
+    /**
+     * Invoke an action on a version of a secret.
+     *
+     * Invoke an action on a specified version of a secret. This method supports the following actions:
+     *
+     * - `revoke`: Revoke a version of a private certificate.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {string} params.action - The action to perform on the specified secret version.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>}
+     */
+    updateSecretVersion(params: SecretsManagerV1.UpdateSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>;
     /**
      * Get secret version metadata.
      *
-     * Retrieves secret version metadata by specifying the ID of the version or the alias `previous`.
+     * Get the metadata of a secret version by specifying the ID of the version or the alias `previous`.
      *
      * A successful request returns the metadata that is associated with the specified version of your secret.
      *
@@ -303,7 +323,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get secret metadata.
      *
-     * Retrieves the details of a secret by specifying the ID.
+     * Get the details of a secret by specifying its ID.
      *
      * A successful request returns only metadata about the secret, such as its name and creation date. To retrieve the
      * value of a secret, use the [Get a secret](#get-secret) or [Get a version of a secret](#get-secret-version) methods.
@@ -318,7 +338,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Update secret metadata.
      *
-     * Updates the metadata of a secret, such as its name or description.
+     * Update the metadata of a secret, such as its name or description.
      *
      * To update the actual contents of a secret, rotate the secret by using the [Invoke an action on a
      * secret](#update-secret) method.
@@ -338,9 +358,9 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Set secret policies.
      *
-     * Creates or updates one or more policies, such as an [automatic rotation
-     * policy](http://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-rotate-secrets#auto-rotate-secret), for the
-     * specified secret.
+     * Create or update one or more policies, such as an [automatic rotation
+     * policy](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-automatic-rotation), for the specified
+     * secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -355,7 +375,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List secret policies.
      *
-     * Retrieves a list of policies that are associated with a specified secret.
+     * List the rotation policies that are associated with a specified secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -371,11 +391,11 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Set the configuration of a secret type.
      *
-     * Sets the configuration for the specified secret type.
+     * Set the configuration for the specified secret type.
      *
      * Use this method to configure the IAM credentials (`iam_credentials`) engine for your service instance. Looking to
-     * set up certificate ordering? To configure the public certificates (`public_cert`) engine, use the [Add a
-     * configuration](#create_config_element) method.
+     * order or generate certificates? To configure the public certificates (`public_cert`) or  private certificates
+     * (`private_cert`) engines, use the [Add a configuration](#create_config_element) method.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -387,7 +407,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get the configuration of a secret type.
      *
-     * Retrieves the configuration that is associated with the specified secret type.
+     * Get the configuration that is associated with the specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -398,10 +418,18 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Add a configuration.
      *
-     * Adds a configuration element to the specified secret type.
+     * Add a configuration element to the specified secret type.
      *
      * Use this method to define the configurations that are required to enable the public certificates (`public_cert`)
-     * engine. You can add up to 10 certificate authority and DNS provider configurations for your instance.
+     * and private certificates (`private_cert`) engines.
+     *
+     * You can add multiple configurations for your instance as follows:
+     *
+     * - Up to 10 public certificate authority configurations
+     * - Up to 10 DNS provider configurations
+     * - Up to 10 private root certificate authority configurations
+     * - Up to 10 private intermediate certificate authority configurations
+     * - Up to 10 certificate templates.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -409,7 +437,7 @@ declare class SecretsManagerV1 extends BaseService {
      * @param {string} params.name - The human-readable name to assign to your configuration.
      * @param {string} params.type - The type of configuration. Value options differ depending on the `config_element`
      * property that you want to define.
-     * @param {JsonObject} params.config - The configuration to define for the specified secret type.
+     * @param {ConfigElementDefConfig} params.config - The configuration to define for the specified secret type.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSingleConfigElement>>}
      */
@@ -417,7 +445,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List configurations.
      *
-     * Lists the configuration elements that are associated with a specified secret type.
+     * List the configuration elements that are associated with a specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -429,7 +457,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get a configuration.
      *
-     * Retrieves the details of a specific configuration that is associated with a secret type.
+     * Get the details of a specific configuration that is associated with a secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -442,7 +470,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Update a configuration.
      *
-     * Updates a configuration element that is associated with the specified secret type.
+     * Update a configuration element that is associated with the specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -455,10 +483,31 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSingleConfigElement>>}
      */
     updateConfigElement(params: SecretsManagerV1.UpdateConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSingleConfigElement>>;
+    /**
+     * Invoke an action on a configuration.
+     *
+     * Invoke an action on a specified configuration element. This method supports the following actions:
+     *
+     * - `sign_intermediate`: Sign an intermediate certificate authority.
+     * - `sign_csr`: Sign a certificate signing request.
+     * - `set_signed`: Set a signed intermediate certificate authority.
+     * - `revoke`: Revoke an internally signed intermediate certificate authority certificate.
+     * - `rotate_crl`: Rotate the certificate revocation list (CRL) of an intermediate certificate authority.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.configElement - The configuration element on which the action is applied.
+     * @param {string} params.configName - The name of the certificate authority.
+     * @param {string} params.action - The action to perform on the specified configuration element.
+     * @param {ConfigAction} [params.config] - Properties that describe an action on a configuration element.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ConfigElementActionResult>>}
+     */
+    actionOnConfigElement(params: SecretsManagerV1.ActionOnConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ConfigElementActionResult>>;
     /**
      * Delete a configuration.
      *
-     * Deletes a configuration element from the specified secret type.
+     * Delete a configuration element from the specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -468,6 +517,67 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
      */
     deleteConfigElement(params: SecretsManagerV1.DeleteConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    /*************************
+     * notifications
+     ************************/
+    /**
+     * Register with Event Notifications.
+     *
+     * Create a registration between a Secrets Manager instance and [Event
+     * Notifications](https://cloud.ibm.com/apidocs/event-notifications).
+     *
+     * A successful request adds Secrets Manager as a source that you can reference from your Event Notifications
+     * instance. For more information about enabling notifications for Secrets Manager, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-event-notifications).
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.eventNotificationsInstanceCrn - The Cloud Resource Name (CRN) of the connected Event
+     * Notifications instance.
+     * @param {string} params.eventNotificationsSourceName - The name that is displayed as a source in your Event
+     * Notifications instance.
+     * @param {string} [params.eventNotificationsSourceDescription] - An optional description for the source in your Event
+     * Notifications instance.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetNotificationsSettings>>}
+     */
+    createNotificationsRegistration(params: SecretsManagerV1.CreateNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetNotificationsSettings>>;
+    /**
+     * Get Event Notifications registration details.
+     *
+     * Get the details of an existing registration between a Secrets Manager instance and Event Notifications.
+     *
+     * @param {Object} [params] - The parameters to send to the service.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetNotificationsSettings>>}
+     */
+    getNotificationsRegistration(params?: SecretsManagerV1.GetNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetNotificationsSettings>>;
+    /**
+     * Unregister from Event Notifications.
+     *
+     * Delete a registration between a Secrets Manager instance and Event Notifications.
+     *
+     * A successful request removes your Secrets Manager instance as a source in Event Notifications.
+     *
+     * @param {Object} [params] - The parameters to send to the service.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     */
+    deleteNotificationsRegistration(params?: SecretsManagerV1.DeleteNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    /**
+     * Send a test event.
+     *
+     * Send a test event from a Secrets Manager instance to a configured [Event
+     * Notifications](https://cloud.ibm.com/apidocs/event-notifications) instance.
+     *
+     * A successful request sends a test event to the Event Notifications instance. For more information about enabling
+     * notifications for Secrets Manager, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-event-notifications).
+     *
+     * @param {Object} [params] - The parameters to send to the service.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     */
+    sendTestNotification(params?: SecretsManagerV1.SendTestNotificationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
 }
 /*************************
  * interfaces
@@ -544,6 +654,7 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
@@ -576,6 +687,7 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
@@ -647,6 +759,7 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
@@ -671,6 +784,7 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
@@ -678,6 +792,7 @@ declare namespace SecretsManagerV1 {
         enum Action {
             ROTATE = "rotate",
             RESTORE = "restore",
+            REVOKE = "revoke",
             DELETE_CREDENTIALS = "delete_credentials"
         }
     }
@@ -697,6 +812,7 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
@@ -717,6 +833,7 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
@@ -744,10 +861,39 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
     }
+    /** Parameters for the `updateSecretVersion` operation. */
+    interface UpdateSecretVersionParams {
+        /** The secret type. */
+        secretType: UpdateSecretVersionConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The action to perform on the specified secret version. */
+        action: UpdateSecretVersionConstants.Action | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `updateSecretVersion` operation. */
+    namespace UpdateSecretVersionConstants {
+        /** The secret type. */
+        enum SecretType {
+            PRIVATE_CERT = "private_cert"
+        }
+        /** The action to perform on the specified secret version. */
+        enum Action {
+            REVOKE = "revoke"
+        }
+    }
     /** Parameters for the `getSecretVersionMetadata` operation. */
     interface GetSecretVersionMetadataParams {
         /** The secret type. */
@@ -771,6 +917,7 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
@@ -791,6 +938,7 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
@@ -815,6 +963,7 @@ declare namespace SecretsManagerV1 {
             IAM_CREDENTIALS = "iam_credentials",
             IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
@@ -838,7 +987,8 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             USERNAME_PASSWORD = "username_password",
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The type of policy that is associated with the specified secret. */
         enum Policy {
@@ -860,7 +1010,8 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             USERNAME_PASSWORD = "username_password",
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The type of policy that is associated with the specified secret. */
         enum Policy {
@@ -893,7 +1044,8 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             IAM_CREDENTIALS = "iam_credentials",
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
     }
     /** Parameters for the `createConfigElement` operation. */
@@ -909,26 +1061,33 @@ declare namespace SecretsManagerV1 {
          */
         type: CreateConfigElementConstants.Type | string;
         /** The configuration to define for the specified secret type. */
-        config: JsonObject;
+        config: ConfigElementDefConfig;
         headers?: OutgoingHttpHeaders;
     }
     /** Constants for the `createConfigElement` operation. */
     namespace CreateConfigElementConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
         /** The type of configuration. Value options differ depending on the `config_element` property that you want to define. */
         enum Type {
             LETSENCRYPT = "letsencrypt",
             LETSENCRYPT_STAGE = "letsencrypt-stage",
             CIS = "cis",
-            CLASSIC_INFRASTRUCTURE = "classic_infrastructure"
+            CLASSIC_INFRASTRUCTURE = "classic_infrastructure",
+            ROOT_CERTIFICATE_AUTHORITY = "root_certificate_authority",
+            INTERMEDIATE_CERTIFICATE_AUTHORITY = "intermediate_certificate_authority",
+            CERTIFICATE_TEMPLATE = "certificate_template"
         }
     }
     /** Parameters for the `getConfigElements` operation. */
@@ -943,12 +1102,16 @@ declare namespace SecretsManagerV1 {
     namespace GetConfigElementsConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
     }
     /** Parameters for the `getConfigElement` operation. */
@@ -965,12 +1128,16 @@ declare namespace SecretsManagerV1 {
     namespace GetConfigElementConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
     }
     /** Parameters for the `updateConfigElement` operation. */
@@ -993,19 +1160,60 @@ declare namespace SecretsManagerV1 {
     namespace UpdateConfigElementConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
         /** The type of configuration. Value options differ depending on the `config_element` property that you want to define. */
         enum Type {
             LETSENCRYPT = "letsencrypt",
             LETSENCRYPT_STAGE = "letsencrypt-stage",
             CIS = "cis",
-            CLASSIC_INFRASTRUCTURE = "classic_infrastructure"
+            CLASSIC_INFRASTRUCTURE = "classic_infrastructure",
+            ROOT_CERTIFICATE_AUTHORITY = "root_certificate_authority",
+            INTERMEDIATE_CERTIFICATE_AUTHORITY = "intermediate_certificate_authority",
+            CERTIFICATE_TEMPLATE = "certificate_template"
+        }
+    }
+    /** Parameters for the `actionOnConfigElement` operation. */
+    interface ActionOnConfigElementParams {
+        /** The secret type. */
+        secretType: ActionOnConfigElementConstants.SecretType | string;
+        /** The configuration element on which the action is applied. */
+        configElement: ActionOnConfigElementConstants.ConfigElement | string;
+        /** The name of the certificate authority. */
+        configName: string;
+        /** The action to perform on the specified configuration element. */
+        action: ActionOnConfigElementConstants.Action | string;
+        /** Properties that describe an action on a configuration element. */
+        config?: ConfigAction;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `actionOnConfigElement` operation. */
+    namespace ActionOnConfigElementConstants {
+        /** The secret type. */
+        enum SecretType {
+            PRIVATE_CERT = "private_cert"
+        }
+        /** The configuration element on which the action is applied. */
+        enum ConfigElement {
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities"
+        }
+        /** The action to perform on the specified configuration element. */
+        enum Action {
+            SIGN_INTERMEDIATE = "sign_intermediate",
+            SIGN_CSR = "sign_csr",
+            SET_SIGNED = "set_signed",
+            REVOKE = "revoke",
+            ROTATE_CRL = "rotate_crl"
         }
     }
     /** Parameters for the `deleteConfigElement` operation. */
@@ -1022,17 +1230,61 @@ declare namespace SecretsManagerV1 {
     namespace DeleteConfigElementConstants {
         /** The secret type. */
         enum SecretType {
-            PUBLIC_CERT = "public_cert"
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
         }
         /** The configuration element to define or manage. */
         enum ConfigElement {
             CERTIFICATE_AUTHORITIES = "certificate_authorities",
-            DNS_PROVIDERS = "dns_providers"
+            DNS_PROVIDERS = "dns_providers",
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities",
+            CERTIFICATE_TEMPLATES = "certificate_templates"
         }
     }
+    /** Parameters for the `createNotificationsRegistration` operation. */
+    interface CreateNotificationsRegistrationParams {
+        /** The Cloud Resource Name (CRN) of the connected Event Notifications instance. */
+        eventNotificationsInstanceCrn: string;
+        /** The name that is displayed as a source in your Event Notifications instance. */
+        eventNotificationsSourceName: string;
+        /** An optional description for the source in your Event Notifications instance. */
+        eventNotificationsSourceDescription?: string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Parameters for the `getNotificationsRegistration` operation. */
+    interface GetNotificationsRegistrationParams {
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Parameters for the `deleteNotificationsRegistration` operation. */
+    interface DeleteNotificationsRegistrationParams {
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Parameters for the `sendTestNotification` operation. */
+    interface SendTestNotificationParams {
+        headers?: OutgoingHttpHeaders;
+    }
     /*************************
      * model interfaces
      ************************/
+    /** The data that is associated with the secret version. The data object contains the following fields: - `certificate`: The contents of the certificate. - `private_key`: The private key that is associated with the certificate. - `intermediate`: The intermediate certificate that is associated with the certificate. */
+    interface CertificateSecretData {
+    }
+    /** Certificate templates configuration. */
+    interface CertificateTemplatesConfigItem {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        /** Properties that describe a certificate template. You can use a certificate template to control the
+         *  parameters that
+         *  are applied to your issued private certificates. For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificate-templates).
+         */
+        config?: CertificateTemplateConfig;
+    }
     /** The metadata that describes the resource array. */
     interface CollectionMetadata {
         /** The type of resources in the resource array. */
@@ -1040,6 +1292,29 @@ declare namespace SecretsManagerV1 {
         /** The number of elements in the resource array. */
         collection_total: number;
     }
+    /** Properties that describe an action on a configuration element. */
+    interface ConfigAction {
+    }
+    /** The configuration to add or update. */
+    interface ConfigElementActionData {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        config: ConfigElementActionResultConfig;
+    }
+    /** Properties that describe an action on a configuration element. */
+    interface ConfigElementActionResult {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: ConfigElementActionData[];
+    }
+    /** ConfigElementActionResultConfig. */
+    interface ConfigElementActionResultConfig {
+    }
     /** The configuration to add or update. */
     interface ConfigElementDef {
         /** The human-readable name to assign to your configuration. */
@@ -1049,7 +1324,10 @@ declare namespace SecretsManagerV1 {
          */
         type: string;
         /** The configuration to define for the specified secret type. */
-        config: JsonObject;
+        config: ConfigElementDefConfig;
+    }
+    /** The configuration to define for the specified secret type. */
+    interface ConfigElementDefConfig {
     }
     /** Properties that describe a configuration element. */
     interface ConfigElementMetadata {
@@ -1090,6 +1368,13 @@ declare namespace SecretsManagerV1 {
     /** GetConfigResourcesItem. */
     interface GetConfigResourcesItem {
     }
+    /** Properties that describe an existing registration with Event Notifications. */
+    interface GetNotificationsSettings {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: NotificationsSettings[];
+    }
     /** Properties that describe a secret. */
     interface GetSecret {
         /** The metadata that describes the resource array. */
@@ -1121,6 +1406,17 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources: ConfigElementDef[];
     }
+    /** Intermediate certificate authorities configuration. */
+    interface IntermediateCertificateAuthoritiesConfigItem {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        /** Intermediate certificate authority configuration. */
+        config?: IntermediateCertificateAuthorityConfig;
+    }
     /** Issuance information that is associated with your certificate. */
     interface IssuanceInfo {
         /** The date the certificate was ordered. The date format follows RFC 3339. */
@@ -1162,19 +1458,52 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources?: SecretResource[];
     }
+    /** The Event Notifications details. */
+    interface NotificationsSettings {
+        /** The Cloud Resource Name (CRN) of the connected Event Notifications instance. */
+        event_notifications_instance_crn: string;
+    }
+    /** Root certificate authorities configuration. */
+    interface RootCertificateAuthoritiesConfigItem {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        /** Root certificate authority configuration. */
+        config?: RootCertificateAuthorityConfig;
+    }
     /** Rotation. */
     interface Rotation {
         /** Determines whether Secrets Manager rotates your certificate automatically.
          *
-         *  If set to `true`, the service reorders your certificate 31 days before it expires. To access the previous
-         *  version of the certificate, you can use the [Get a version of a secret](#get-secret-version) method.
+         *  For public certificates, if `auto_rotate` is set to `true` the service reorders your certificate 31 days before
+         *  it expires. For private certificates, the certificate is rotated according to the time interval specified in the
+         *  `interval` and `unit` fields.
+         *
+         *  To access the previous version of the certificate, you can use the
+         *  [Get a version of a secret](#get-secret-version) method.
          */
         auto_rotate?: boolean;
         /** Determines whether Secrets Manager rotates the private key for your certificate automatically.
          *
          *  If set to `true`, the service generates and stores a new private key for your rotated certificate.
+         *
+         *  **Note:** Use this field only for public certificates. It is ignored for private certificates.
          */
         rotate_keys?: boolean;
+        /** Used together with the `unit` field to specify the rotation interval. The minimum interval is one day, and
+         *  the maximum interval is 3 years (1095 days). Required in case `auto_rotate` is set to `true`.
+         *
+         *  **Note:** Use this field only for private certificates. It is ignored for public certificates.
+         */
+        interval?: number;
+        /** The time unit of the rotation interval.
+         *
+         *  **Note:** Use this field only for private certificates. It is ignored for public certificates.
+         */
+        unit?: string;
     }
     /** SecretAction. */
     interface SecretAction {
@@ -1257,11 +1586,37 @@ declare namespace SecretsManagerV1 {
     /** SecretVersionMetadata. */
     interface SecretVersionMetadata {
     }
+    /** Properties that are returned with a successful `sign` action. */
+    interface SignActionResultData {
+        /** The PEM-encoded certificate. */
+        certificate?: string;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The PEM-encoded certificate of the certificate authority that signed and issued this certificate. */
+        issuing_ca?: string;
+        /** The chain of certificate authorities that are associated with the certificate. */
+        ca_chain?: string[];
+        /** The time until the certificate expires. */
+        expiration?: number;
+    }
+    /** Properties that are returned with a successful `sign` action. */
+    interface SignIntermediateActionResultData {
+        /** The PEM-encoded certificate. */
+        certificate?: string;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The PEM-encoded certificate of the certificate authority that signed and issued this certificate. */
+        issuing_ca?: string;
+        /** The chain of certificate authorities that are associated with the certificate. */
+        ca_chain?: string[];
+        /** The time until the certificate expires. */
+        expiration?: number;
+    }
     /** CertificateValidity. */
     interface CertificateValidity {
-        /** The date the certificate validity period begins. */
+        /** The date and time that the certificate validity period begins. */
         not_before?: string;
-        /** The date the certificate validity period ends. */
+        /** The date and time that the certificate validity period ends. */
         not_after?: string;
     }
     /** Metadata properties that describe an arbitrary secret. */
@@ -1384,7 +1739,10 @@ declare namespace SecretsManagerV1 {
         expiration_date?: string;
         /** The new secret data to assign to the secret. */
         payload?: string;
-        /** The data that is associated with the secret version. The data object contains the field `payload`. */
+        /** The data that is associated with the secret version.
+         *
+         *  The data object contains the field `payload`.
+         */
         secret_data?: JsonObject;
     }
     /** ArbitrarySecretVersion. */
@@ -1397,7 +1755,10 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
-        /** The data that is associated with the secret version. The data object contains the field `payload`. */
+        /** The data that is associated with the secret version.
+         *
+         *  The data object contains the field `payload`.
+         */
         secret_data?: JsonObject;
     }
     /** ArbitrarySecretVersionInfo. */
@@ -1485,8 +1846,8 @@ declare namespace SecretsManagerV1 {
          *  the certificate.
          */
         algorithm?: string;
-        /** The identifier for the cryptographic algorithm that was used to generate the public key that is associated
-         *  with the certificate.
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
          */
         key_algorithm?: string;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
@@ -1566,9 +1927,10 @@ declare namespace SecretsManagerV1 {
          */
         intermediate?: string;
         /** The data that is associated with the secret. The data object contains the following fields:
-         *  `certificate`: The contents of the certificate.
-         *  `private_key`: The private key that is associated with the certificate.
-         *  `intermediate`: The intermediate certificate that is associated with the certificate.
+         *
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
          */
         secret_data?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
@@ -1577,8 +1939,8 @@ declare namespace SecretsManagerV1 {
          *  the certificate.
          */
         algorithm?: string;
-        /** The identifier for the cryptographic algorithm that was used to generate the public key that is associated
-         *  with the certificate.
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
          */
         key_algorithm?: string;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
@@ -1590,8 +1952,13 @@ declare namespace SecretsManagerV1 {
         intermediate_included?: boolean;
         /** Indicates whether the certificate was imported with an associated private key. */
         private_key_included?: boolean;
-        /** The alternative names that are defined for the certificate. */
-        alt_names?: string[];
+        /** The alternative names that are defined for the certificate.
+         *
+         *  For public certificates, this value is provided as an array of strings. For private certificates, this value is
+         *  provided as a comma-delimited list (string). In the API response, this value is returned as an array of strings
+         *  for all the types of certificate secrets.
+         */
+        alt_names?: any;
         /** The date that the certificate expires. The date format follows RFC 3339. */
         expiration_date?: string;
     }
@@ -1611,11 +1978,12 @@ declare namespace SecretsManagerV1 {
         /** The date that the certificate expires. The date format follows RFC 3339. */
         expiration_date?: string;
         /** The data that is associated with the secret version. The data object contains the following fields:
-         *  `certificate`: The contents of the certificate.
-         *  `private_key`: The private key that is associated with the certificate.
-         *  `intermediate`: The intermediate certificate that is associated with the certificate.
+         *
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
          */
-        secret_data?: JsonObject;
+        secret_data?: CertificateSecretData;
     }
     /** CertificateSecretVersionInfo. */
     interface CertificateSecretVersionInfo extends SecretVersionInfo {
@@ -1659,6 +2027,220 @@ declare namespace SecretsManagerV1 {
         expiration_date?: string;
         validity?: CertificateValidity;
     }
+    /** Properties that describe a certificate template. You can use a certificate template to control the parameters that  are applied to your issued private certificates. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificate-templates). */
+    interface CertificateTemplateConfig extends ConfigElementDefConfig {
+        /** The name of the intermediate certificate authority. */
+        certificate_authority: string;
+        /** Scopes the creation of private certificates to only the secret groups that you specify.
+         *
+         *  This field can be supplied as a comma-delimited list of secret group IDs.
+         */
+        allowed_secret_groups?: string;
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API
+         *  response, this value is returned in seconds (integer).
+         *
+         *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
+         */
+        max_ttl?: any;
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration, such as `12h`. Hour (`h`) is the largest
+         *  time suffix. The value can't exceed the `max_ttl` that is defined in the associated certificate template. In the
+         *  API response, this value is returned in seconds (integer).
+         */
+        ttl?: any;
+        /** Determines whether to allow `localhost` to be included as one of the requested common names. */
+        allow_localhost?: boolean;
+        /** The domains to define for the certificate template. This property is used along with the
+         *  `allow_bare_domains` and `allow_subdomains` options.
+         */
+        allowed_domains?: string[];
+        /** Determines whether to allow the domains that are supplied in the `allowed_domains` field to contain access
+         *  control list (ACL) templates.
+         */
+        allowed_domains_template?: boolean;
+        /** Determines whether to allow clients to request private certificates that match the value of the actual
+         *  domains on the final certificate.
+         *
+         *  For example, if you specify `example.com` in the `allowed_domains` field, you grant clients the ability to
+         *  request a certificate that contains the name `example.com` as one of the DNS values on the final certificate.
+         *
+         *  **Important:** In some scenarios, allowing bare domains can be considered a security risk.
+         */
+        allow_bare_domains?: boolean;
+        /** Determines whether to allow clients to request private certificates with common names (CN) that are
+         *  subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard
+         *  subdomains.
+         *
+         *  For example, if `allowed_domains` has a value of `example.com` and `allow_subdomains`is set to `true`, then the
+         *  following subdomains are allowed: `foo.example.com`, `bar.example.com`, `*.example.com`.
+         *
+         *  **Note:** This field is redundant if you use the `allow_any_name` option.
+         */
+        allow_subdomains?: boolean;
+        /** Determines whether to allow glob patterns, for example, `ftp*.example.com`, in the names that are specified
+         *  in the `allowed_domains` field.
+         *
+         *  If set to `true`, clients are allowed to request private certificates with names that match the glob patterns.
+         */
+        allow_glob_domains?: boolean;
+        /** Determines whether to allow clients to request a private certificate that matches any common name. */
+        allow_any_name?: boolean;
+        /** Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the
+         *  host section of email addresses.
+         */
+        enforce_hostnames?: boolean;
+        /** Determines whether to allow clients to request a private certificate with IP Subject Alternative Names. */
+        allow_ip_sans?: boolean;
+        /** The URI Subject Alternative Names to allow for private certificates.
+         *
+         *  Values can contain glob patterns, for example `spiffe://hostname/_*`.
+         */
+        allowed_uri_sans?: string[];
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private
+         *  certificates.
+         *
+         *  The format for each element in the list is the same as OpenSSL: `<oid>:<type>:<value>` where the current valid
+         *  type is `UTF8`. To allow any value for an OID, use `*` as its value. Alternatively, specify a single `*` to
+         *  allow any `other_sans` input.
+         */
+        allowed_other_sans?: string[];
+        /** Determines whether private certificates are flagged for server use. */
+        server_flag?: boolean;
+        /** Determines whether private certificates are flagged for client use. */
+        client_flag?: boolean;
+        /** Determines whether private certificates are flagged for code signing use. */
+        code_signing_flag?: boolean;
+        /** Determines whether private certificates are flagged for email protection use. */
+        email_protection_flag?: boolean;
+        /** The type of private key to generate for private certificates and the type of key that is expected for
+         *  submitted certificate signing requests (CSRs).
+         *
+         *  Allowable values are: `rsa` and `ec`.
+         */
+        key_type?: string;
+        /** The number of bits to use when generating the private key.
+         *
+         *  Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and
+         *  `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
+         */
+        key_bits?: number;
+        /** The allowed key usage constraint to define for private certificates.
+         *
+         *  You can find valid values in the [Go x509 package documentation](https://pkg.go.dev/crypto/x509#KeyUsage).  Omit
+         *  the `KeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this
+         *  field to an empty list.
+         */
+        key_usage?: string[];
+        /** The allowed extended key usage constraint on private certificates.
+         *
+         *  You can find valid values in the [Go x509 package
+         *  documentation](https://golang.org/pkg/crypto/x509/#ExtKeyUsage). Omit the `ExtKeyUsage` part of the value.
+         *  Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
+         */
+        ext_key_usage?: string[];
+        /** A list of extended key usage Object Identifiers (OIDs). */
+        ext_key_usage_oids?: string[];
+        /** When used with the `sign_csr` action, this field determines whether to use the common name (CN) from a
+         *  certificate signing request (CSR) instead of the CN that's included in the JSON data of the certificate.
+         *
+         *  Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names,
+         *  include the `use_csr_sans` property.
+         */
+        use_csr_common_name?: boolean;
+        /** When used with the `sign_csr` action, this field determines whether to use the Subject Alternative Names
+         *  (SANs) from a certificate signing request (CSR) instead of the SANs that are included in the JSON data of the
+         *  certificate.
+         *
+         *  Does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property.
+         */
+        use_csr_sans?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** Determines whether to require a common name to create a private certificate.
+         *
+         *  By default, a common name is required to generate a certificate. To make the `common_name` field optional, set
+         *  the `require_cn` option to `false`.
+         */
+        require_cn?: boolean;
+        /** A list of policy Object Identifiers (OIDs). */
+        policy_identifiers?: string[];
+        /** Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for
+         *  non-CA certificates.
+         */
+        basic_constraints_valid_for_non_ca?: boolean;
+        /** The duration in seconds by which to backdate the `not_before` property of an issued private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration, such as `30s`. In the API response, this
+         *  value is returned in seconds (integer).
+         */
+        not_before_duration?: any;
+    }
+    /** Certificate templates configuration. */
+    interface CertificateTemplatesConfig extends GetConfigElementsResourcesItem {
+        certificate_templates: CertificateTemplatesConfigItem[];
+    }
+    /** Properties that describe an IBM Cloud classic infrastructure (SoftLayer) configuration. */
+    interface ConfigElementDefConfigClassicInfrastructureConfig extends ConfigElementDefConfig {
+        /** The username that is associated with your classic infrastructure account.
+         *
+         *  In most cases, your classic infrastructure username is your `<account_id>_<email_address>`. For more
+         *  information, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
+         */
+        classic_infrastructure_username: string;
+        /** Your classic infrastructure API key.
+         *
+         *  For information about viewing and accessing your classic infrastructure API key, see the
+         *  [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).
+         */
+        classic_infrastructure_password: string;
+    }
+    /** Properties that describe an IBM Cloud Internet Services (CIS) configuration. */
+    interface ConfigElementDefConfigCloudInternetServicesConfig extends ConfigElementDefConfig {
+        /** The Cloud Resource Name (CRN) that is associated with the CIS instance. */
+        cis_crn: string;
+        /** An IBM Cloud API key that can to list domains in your CIS instance.
+         *
+         *  To grant Secrets Manager the ability to view the CIS instance and all of its domains, the API key must be
+         *  assigned the Reader service role on Internet Services (`internet-svcs`).
+         *
+         *  If you need to manage specific domains, you can assign the Manager role. For production environments, it is
+         *  recommended that you assign the Reader access role, and then use the
+         *  [IAM Policy Management API](https://cloud.ibm.com/apidocs/iam-policy-management#create-policy) to control
+         *  specific domains. For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-specific-domains).
+         */
+        cis_apikey?: string;
+    }
+    /** Properties that describe a Let's Encrypt configuration. */
+    interface ConfigElementDefConfigLetsEncryptConfig extends ConfigElementDefConfig {
+        /** The private key that is associated with your Automatic Certificate Management Environment (ACME) account.
+         *
+         *  If you have a working ACME client or account for Let's Encrypt, you can use the existing private key to enable
+         *  communications with Secrets Manager. If you don't have an account yet, you can create one. For more information,
+         *  see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#create-acme-account).
+         */
+        private_key: string;
+    }
     /** Configuration for the IAM credentials engine. */
     interface CreateIAMCredentialsSecretEngineRootConfig extends EngineConfig {
         /** An IBM Cloud API key that can create and manage service IDs.
@@ -1711,7 +2293,7 @@ declare namespace SecretsManagerV1 {
         /** The hash value of the IBM Cloud API key that is used to create and manage service IDs. */
         api_key_hash?: string;
     }
-    /** Metadata properties that describe a iam_credentials secret. */
+    /** Metadata properties that describe an `iam_credentials` secret. */
     interface IAMCredentialsSecretMetadata extends SecretMetadata {
         /** The unique ID of the secret. */
         id?: string;
@@ -1758,15 +2340,10 @@ declare namespace SecretsManagerV1 {
         last_update_date?: string;
         /** The number of versions the secret has. */
         versions_total?: number;
-        /** The time-to-live (TTL) or lease duration to assign to generated credentials.
-         *
-         *  For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can
-         *  be either an integer that specifies the number of seconds, or the string representation of a duration, such as
-         *  `120m` or `24h`.
-         *
-         *  Minimum duration is 1 minute. Maximum is 90 days.
+        /** The time-to-live (TTL) or lease duration that is assigned to the secret. For `iam_credentials` secrets, the
+         *  TTL defines for how long each generated API key remains valid.
          */
-        ttl?: any;
+        ttl?: string;
         /** Determines whether to use the same service ID and API key for future read operations on an
          *  `iam_credentials` secret.
          *
@@ -1902,9 +2479,10 @@ declare namespace SecretsManagerV1 {
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
         /** The data that is associated with the secret version. The data object contains the following fields:
-         *  `api_key`: The API key that is generated for this secret.
-         *  `api_key_id`: The ID of the API key that is generated for this secret.
-         *  `service_id`: The service ID under which the API key is created.
+         *
+         *  - `api_key`: The API key that is generated for this secret.
+         *  - `api_key_id`: The ID of the API key that is generated for this secret.
+         *  - `service_id`: The service ID under which the API key is created.
          */
         secret_data?: JsonObject;
     }
@@ -1940,31 +2518,150 @@ declare namespace SecretsManagerV1 {
          */
         downloaded?: boolean;
     }
-    /** Metadata properties that describe a key-value secret. */
-    interface KvSecretMetadata extends SecretMetadata {
-        /** The unique ID of the secret. */
-        id?: string;
-        /** Labels that you can use to filter for secrets in your instance.
+    /** Intermediate certificate authorities configuration. */
+    interface IntermediateCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
+        intermediate_certificate_authorities: IntermediateCertificateAuthoritiesConfigItem[];
+    }
+    /** Intermediate certificate authority configuration. */
+    interface IntermediateCertificateAuthorityConfig extends ConfigElementDefConfig {
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA.
          *
-         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
-         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
-         *  character (|).
+         *  The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API
+         *  response, this value is returned in seconds (integer).
          *
-         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
          */
-        labels?: string[];
-        /** A human-readable alias to assign to your secret.
+        max_ttl: any;
+        /** The signing method to use with this certificate authority to generate private certificates.
          *
-         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         *  You can choose between internal or externally signed options. For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities).
          */
-        name: string;
-        /** An extended description of your secret.
+        signing_method: string;
+        /** The certificate authority that signed and issued the certificate.
          *
-         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
-         *  secret.
+         *  If the certificate is signed internally, the `issuer` field is required and must match the name of a certificate
+         *  authority that is configured in the Secrets Manager service instance.
          */
-        description?: string;
-        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+        issuer?: string;
+        /** The time until the certificate revocation list (CRL) expires.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `48h`. The default is 72
+         *  hours. In the API response, this value is returned in seconds (integer).
+         *
+         *  **Note:** The CRL is rotated automatically before it expires.
+         */
+        crl_expiry?: any;
+        /** Disables or enables certificate revocation list (CRL) building.
+         *
+         *  If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building
+         *  is enabled,  it will rebuild the CRL.
+         */
+        crl_disable?: boolean;
+        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates
+         *  that are issued by this certificate authority.
+         */
+        crl_distribution_points_encoded?: boolean;
+        /** Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this
+         *  certificate authority.
+         */
+        issuing_certificates_urls_encoded?: boolean;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The status of the certificate authority. The status of a root certificate authority is either `configured`
+         *  or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,
+         *  `signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`.
+         */
+        status?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** The type of private key to generate. */
+        key_type?: string;
+        /** The number of bits to use when generating the private key.
+         *
+         *  Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and
+         *  `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
+         */
+        key_bits?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** The data that is associated with the intermediate certificate authority. The data object contains the
+         *   following fields:
+         *
+         *  - `csr`: The PEM-encoded certificate signing request.
+         *  - `private_key`: The private key.
+         *  - `private_key_type`: The type of private key, for example `rsa`.
+         */
+        data?: JsonObject;
+    }
+    /** Metadata properties that describe a key-value secret. */
+    interface KvSecretMetadata extends SecretMetadata {
+        /** The unique ID of the secret. */
+        id?: string;
+        /** Labels that you can use to filter for secrets in your instance.
+         *
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         */
+        labels?: string[];
+        /** A human-readable alias to assign to your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         */
+        name: string;
+        /** An extended description of your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret.
+         */
+        description?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
          *
          *  If you omit this parameter, your secret is assigned to the `default` secret group.
          */
@@ -2050,9 +2747,322 @@ declare namespace SecretsManagerV1 {
         expiration_date?: string;
         /** The new secret data to assign to the secret. */
         payload?: JsonObject;
-        /** The data that is associated with the secret version. The data object contains the field `payload`. */
+        /** The data that is associated with the secret version.
+         *
+         *  The data object contains the field `payload`.
+         */
         secret_data?: JsonObject;
     }
+    /** The `private_cert` secret rotation policy. */
+    interface PrivateCertPolicyRotation extends SecretPolicyRotationRotation {
+        auto_rotate: boolean;
+        /** The length of the secret rotation time interval. */
+        interval?: number;
+        /** The units for the secret rotation time interval. */
+        unit?: string;
+    }
+    /** Configuration for the private certificates engine. */
+    interface PrivateCertSecretEngineRootConfig extends GetConfigResourcesItem {
+        /** The root certificate authority configurations that are associated with your instance. */
+        root_certificate_authorities?: RootCertificateAuthoritiesConfigItem[];
+        /** The intermediate certificate authority configurations that are associated with your instance. */
+        intermediate_certificate_authorities?: IntermediateCertificateAuthoritiesConfigItem[];
+        /** The certificate templates that are associated with your instance. */
+        certificate_templates?: CertificateTemplatesConfigItem[];
+    }
+    /** Metadata properties that describe a private certificate secret. */
+    interface PrivateCertificateSecretMetadata extends SecretMetadata {
+        /** The unique ID of the secret. */
+        id?: string;
+        /** Labels that you can use to filter for secrets in your instance.
+         *
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         */
+        labels?: string[];
+        /** A human-readable alias to assign to your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         */
+        name: string;
+        /** An extended description of your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret.
+         */
+        description?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** The Cloud Resource Name (CRN) that uniquely identifies the resource. */
+        crn?: string;
+        /** The date the secret was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret. */
+        created_by?: string;
+        /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** The number of versions the secret has. */
+        versions_total?: number;
+        /** The name of the certificate template. */
+        certificate_template?: string;
+        /** The intermediate certificate authority that signed this certificate. */
+        certificate_authority?: string;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The alternative names that are defined for the certificate. */
+        alt_names?: string[];
+        rotation?: Rotation;
+        /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
+         *  the certificate.
+         */
+        algorithm?: string;
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
+         */
+        key_algorithm?: string;
+        /** The certificate authority that signed and issued the certificate. */
+        issuer?: string;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+    }
+    /** Properties that describe a secret. */
+    interface PrivateCertificateSecretResource extends SecretResource {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** A human-readable alias to assign to your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         */
+        name: string;
+        /** An extended description of your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret.
+         */
+        description?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** Labels that you can use to filter for secrets in your instance.
+         *
+         *  Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
+         *  not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         */
+        labels?: string[];
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** The Cloud Resource Name (CRN) that uniquely identifies your Secrets Manager resource. */
+        crn?: string;
+        /** The date the secret was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret. */
+        created_by?: string;
+        /** Updates when the actual secret is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** The number of versions that are associated with a secret. */
+        versions_total?: number;
+        /** An array that contains metadata for each secret version. For more information on the metadata properties,
+         *  see [Get secret version metadata](#get-secret-version-metadata).
+         */
+        versions?: JsonObject[];
+        /** The name of the certificate template. */
+        certificate_template: string;
+        /** The intermediate certificate authority that signed this certificate. */
+        certificate_authority?: string;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The alternative names that are defined for the certificate.
+         *
+         *  For public certificates, this value is provided as an array of strings. For private certificates, this value is
+         *  provided as a comma-delimited list (string). In the API response, this value is returned as an array of strings
+         *  for all the types of certificate secrets.
+         */
+        alt_names?: any;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '12h'. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        rotation?: Rotation;
+        /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
+         *  the certificate.
+         */
+        algorithm?: string;
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
+         */
+        key_algorithm?: string;
+        /** The certificate authority that signed and issued the certificate. */
+        issuer?: string;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** The data that is associated with the secret. The data object contains the following fields:
+         *
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `issuing_ca`: The certificate of the certificate authority that signed and issued this certificate.
+         *  - `ca_chain`: The chain of certificate authorities that are associated with the certificate.
+         */
+        secret_data?: JsonObject;
+    }
+    /** PrivateCertificateSecretVersion. */
+    interface PrivateCertificateSecretVersion extends SecretVersion {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        /** The data that is associated with the secret version. The data object contains the following fields:
+         *
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
+         */
+        secret_data?: CertificateSecretData;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
+    }
+    /** PrivateCertificateSecretVersionInfo. */
+    interface PrivateCertificateSecretVersionInfo extends SecretVersionInfo {
+        /** The ID of the secret version. */
+        id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        validity?: CertificateValidity;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
+    }
+    /** Properties that describe a secret version. */
+    interface PrivateCertificateSecretVersionMetadata extends SecretVersionMetadata {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        validity?: CertificateValidity;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
+    }
     /** Configuration for the public certificates engine. */
     interface PublicCertSecretEngineRootConfig extends GetConfigResourcesItem {
         /** The certificate authority configurations that are associated with your instance. */
@@ -2133,6 +3143,9 @@ declare namespace SecretsManagerV1 {
         rotation?: Rotation;
         /** Issuance information that is associated with your certificate. */
         issuance_info?: IssuanceInfo;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
     }
     /** Properties that describe a secret. */
     interface PublicCertificateSecretResource extends SecretResource {
@@ -2213,8 +3226,13 @@ declare namespace SecretsManagerV1 {
          *  provide more encryption protection.
          */
         key_algorithm?: string;
-        /** The alternative names that are defined for the certificate. */
-        alt_names?: string[];
+        /** The alternative names that are defined for the certificate.
+         *
+         *  For public certificates, this value is provided as an array of strings. For private certificates, this value is
+         *  provided as a comma-delimited list (string). In the API response, this value is returned as an array of strings
+         *  for all the types of certificate secrets.
+         */
+        alt_names?: any;
         /** The fully qualified domain name or host domain name for the certificate. */
         common_name?: string;
         /** Indicates whether the issued certificate includes a private key. */
@@ -2225,13 +3243,13 @@ declare namespace SecretsManagerV1 {
         /** Issuance information that is associated with your certificate. */
         issuance_info?: IssuanceInfo;
         validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
         /** The data that is associated with the secret. The data object contains the following fields:
          *
-         *  `certificate`: The contents of the certificate.
-         *
-         *  `private_key`: The private key that is associated with the certificate.
-         *
-         *  `intermediate`: The intermediate certificate that is associated with the certificate.
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
          */
         secret_data?: JsonObject;
     }
@@ -2240,6 +3258,138 @@ declare namespace SecretsManagerV1 {
         /** The ID of the target version or the alias `previous`. */
         version_id: string;
     }
+    /** A request to revoke the certificate of an internally signed intermediate certificate authority. */
+    interface RevokeAction extends ConfigAction {
+        /** The serial number of the certificate. */
+        serial_number: string;
+    }
+    /** Properties that are returned with a successful `revoke` action. */
+    interface RevokeActionResult extends ConfigElementActionResultConfig {
+        /** The time until the certificate authority is revoked. */
+        revocation_time?: number;
+    }
+    /** Root certificate authorities configuration. */
+    interface RootCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
+        root_certificate_authorities: RootCertificateAuthoritiesConfigItem[];
+    }
+    /** Root certificate authority configuration. */
+    interface RootCertificateAuthorityConfig extends ConfigElementDefConfig {
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API
+         *  response, this value is returned in seconds (integer).
+         *
+         *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
+         */
+        max_ttl: any;
+        /** The time until the certificate revocation list (CRL) expires.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `48h`. The default is 72
+         *  hours. In the API response, this value is returned in seconds (integer).
+         *
+         *  **Note:** The CRL is rotated automatically before it expires.
+         */
+        crl_expiry?: any;
+        /** Disables or enables certificate revocation list (CRL) building.
+         *
+         *  If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building
+         *  is enabled,  it will rebuild the CRL.
+         */
+        crl_disable?: boolean;
+        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates
+         *  that are issued by this certificate authority.
+         */
+        crl_distribution_points_encoded?: boolean;
+        /** Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this
+         *  certificate authority.
+         */
+        issuing_certificates_urls_encoded?: boolean;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The status of the certificate authority. The status of a root certificate authority is either `configured`
+         *  or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,
+         *  `signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`.
+         */
+        status?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to this CA certificate.
+         *
+         *  The value can be supplied as a string representation of a duration, such as `12h`. The value can't exceed the
+         *  `max_ttl` that is defined in the associated certificate template. In the API response, this value is returned in
+         *  seconds (integer).
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** The type of private key to generate. */
+        key_type?: string;
+        /** The number of bits to use when generating the private key.
+         *
+         *  Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and
+         *  `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
+         */
+        key_bits?: number;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** The data that is associated with the root certificate authority. The data object contains the following
+         *  fields:
+         *
+         *  - `certificate`: The root certificate content.
+         *  - `issuing_ca`: The certificate of the certificate authority that signed and issued this certificate.
+         *  - `serial_number`: The unique serial number of the root certificate.
+         */
+        data?: JsonObject;
+    }
     /** The request body of a `rotate` action. */
     interface RotateArbitrarySecretBody extends SecretAction {
         /** The new secret data to assign to an `arbitrary` secret. */
@@ -2254,6 +3404,9 @@ declare namespace SecretsManagerV1 {
         /** The new intermediate certificate to associate with the certificate. */
         intermediate?: string;
     }
+    /** Properties that are returned with a successful `rotate_crl` action. */
+    interface RotateCrlActionResult extends ConfigElementActionResultConfig {
+    }
     /** The request body of a `rotate` action. */
     interface RotateKvSecretBody extends SecretAction {
         /** The new secret data to assign to a key-value secret. */
@@ -2271,9 +3424,9 @@ declare namespace SecretsManagerV1 {
     }
     /** The secret rotation time interval. */
     interface SecretPolicyRotationRotationPolicyRotation extends SecretPolicyRotationRotation {
-        /** Specifies the length of the secret rotation time interval. */
+        /** The length of the secret rotation time interval. */
         interval: number;
-        /** Specifies the units for the secret rotation time interval. */
+        /** The units for the secret rotation time interval. */
         unit: string;
     }
     /** The `public_cert` secret rotation policy. */
@@ -2281,6 +3434,324 @@ declare namespace SecretsManagerV1 {
         auto_rotate: boolean;
         rotate_keys: boolean;
     }
+    /** A request to set a signed certificate in an intermediate certificate authority. */
+    interface SetSignedAction extends ConfigAction {
+        /** The PEM-encoded certificate. */
+        certificate: string;
+    }
+    /** Properties that are returned with a successful `set_signed` action. */
+    interface SetSignedActionResult extends ConfigElementActionResultConfig {
+    }
+    /** A request to sign a certificate signing request (CSR). */
+    interface SignCsrAction extends ConfigAction {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** The PEM-encoded certificate signing request (CSR). This field is required for the `sign_csr` action. */
+        csr: string;
+    }
+    /** Properties that are returned with a successful `sign_csr` action. */
+    interface SignCsrActionResult extends ConfigElementActionResultConfig {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** Properties that are returned with a successful `sign` action. */
+        data: SignActionResultData;
+        /** The PEM-encoded certificate signing request (CSR). */
+        csr: string;
+    }
+    /** A request to sign an intermediate certificate authority. */
+    interface SignIntermediateAction extends ConfigAction {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** The intermediate certificate authority to be signed. The name must match one of the pre-configured
+         *  intermediate certificate authorities.
+         */
+        intermediate_certificate_authority: string;
+    }
+    /** Properties that are returned with a successful `sign_intermediate` action. */
+    interface SignIntermediateActionResult extends ConfigElementActionResultConfig {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** Properties that are returned with a successful `sign` action. */
+        data: SignIntermediateActionResultData;
+        /** The signed intermediate certificate authority. */
+        intermediate_certificate_authority: string;
+    }
     /** Metadata properties that describe a username_password secret. */
     interface UsernamePasswordSecretMetadata extends SecretMetadata {
         /** The unique ID of the secret. */
@@ -2394,8 +3865,9 @@ declare namespace SecretsManagerV1 {
         /** The password to assign to this secret. */
         password?: string;
         /** The data that is associated with the secret version. The data object contains the following fields:
-         *  `username`: The username that is associated with the secret version.
-         *  `password`: The password that is associated with the secret version.
+         *
+         *  - `username`: The username that is associated with the secret version.
+         *  - `password`: The password that is associated with the secret version.
          */
         secret_data?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
@@ -2428,8 +3900,9 @@ declare namespace SecretsManagerV1 {
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
         /** The data that is associated with the secret version. The data object contains the following fields:
-         *  `username`: The username that is associated with the secret version.
-         *  `password`: The password that is associated with the secret version.
+         *
+         *  - `username`: The username that is associated with the secret version.
+         *  - `password`: The password that is associated with the secret version.
          */
         secret_data?: JsonObject;
     }