@ibm-cloud/secrets-manager 1.0.31 → 1.0.34

package/secrets-manager/v1.d.ts

@@ -25,7 +25,6 @@ import { BaseService, UserOptions } from 'ibm-cloud-sdk-core';
  * See: https://cloud.ibm.com/docs/secrets-manager
  */
 declare class SecretsManagerV1 extends BaseService {
-    static DEFAULT_SERVICE_URL: string;
     static DEFAULT_SERVICE_NAME: string;
     /*************************
      * Factory method
@@ -57,7 +56,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Create a secret group.
      *
-     * Creates a secret group that you can use to organize secrets and control who on your team has access to them.
+     * Create a secret group that you can use to organize secrets and control who on your team has access to them.
      *
      * A successful request returns the ID value of the secret group, along with other metadata. To learn more about
      * secret groups, check out the
@@ -73,7 +72,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List secret groups.
      *
-     * Retrieves the list of secret groups that are available in your Secrets Manager instance.
+     * List the secret groups that are available in your Secrets Manager instance.
      *
      * @param {Object} [params] - The parameters to send to the service.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
@@ -83,7 +82,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get a secret group.
      *
-     * Retrieves the metadata of an existing secret group by specifying the ID of the group.
+     * Get the metadata of an existing secret group by specifying the ID of the group.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret group.
@@ -94,7 +93,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Update a secret group.
      *
-     * Updates the metadata of an existing secret group, such as its name or description.
+     * Update the metadata of an existing secret group, such as its name or description.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret group.
@@ -107,7 +106,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Delete a secret group.
      *
-     * Deletes a secret group by specifying the ID of the secret group.
+     * Delete a secret group by specifying the ID of the secret group.
      *
      * **Note:** To delete a secret group, it must be empty. If you need to remove a secret group that contains secrets,
      * you must first [delete the secrets](#delete-secret) that are associated with the group.
@@ -145,7 +144,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List secrets by type.
      *
-     * Retrieves a list of secrets based on the type that you specify.
+     * List the secrets in your Secrets Manager instance based on the type that you specify.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -154,12 +153,12 @@ declare class SecretsManagerV1 extends BaseService {
      * resources.
      *
      * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-     * `../secrets/{secret-type}?limit=5`.
+     * `../secrets/{secret_type}?limit=5`.
      * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
      * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
      *
      * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-     * `../secrets/{secret-type}?offset=25&limit=25`.
+     * `..?offset=25&limit=25`.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecrets>>}
      */
@@ -167,7 +166,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List all secrets.
      *
-     * Retrieves a list of all secrets in your Secrets Manager instance.
+     * List all of the secrets in your Secrets Manager instance.
      *
      * @param {Object} [params] - The parameters to send to the service.
      * @param {number} [params.limit] - The number of secrets to retrieve. By default, list operations return the first
@@ -175,28 +174,28 @@ declare class SecretsManagerV1 extends BaseService {
      * resources.
      *
      * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-     * `../secrets/{secret-type}?limit=5`.
+     * `../secrets/{secret_type}?limit=5`.
      * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
      * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
      *
      * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-     * `../secrets/{secret-type}?offset=25&limit=25`.
+     * `..?offset=25&limit=25`.
      * @param {string} [params.search] - Filter secrets that contain the specified string. The fields that are searched
      * include: id, name, description, labels, secret_type.
      *
      * **Usage:** If you want to list only the secrets that contain the string "text", use
-     * `../secrets/{secret-type}?search=text`.
+     * `../secrets/{secret_type}?search=text`.
      * @param {string} [params.sortBy] - Sort a list of secrets by the specified field.
      *
      * **Usage:** To sort a list of secrets by their creation date, use
-     * `../secrets/{secret-type}?sort_by=creation_date`.
+     * `../secrets/{secret_type}?sort_by=creation_date`.
      * @param {string[]} [params.groups] - Filter secrets by groups.
      *
      * You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter secrets
      * that are in the default secret group, use the `default` keyword.
      *
      * **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
-     * use `../secrets?groups={secret_group_ID},default`.
+     * use `..?groups={secret_group_ID},default`.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecrets>>}
      */
@@ -220,7 +219,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Invoke an action on a secret.
      *
-     * Invokes an action on a specified secret. This method supports the following actions:
+     * Invoke an action on a specified secret. This method supports the following actions:
      *
      * - `rotate`: Replace the value of a secret.
      * - `restore`: Restore a previous version of an `iam_credentials` secret.
@@ -239,7 +238,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Delete a secret.
      *
-     * Deletes a secret by specifying the ID of the secret.
+     * Delete a secret by specifying the ID of the secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -251,7 +250,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List versions of a secret.
      *
-     * Retrieves a list of the versions of a secret.
+     * List the versions of a secret.
      *
      * A successful request returns the list of the versions along with the metadata of each version.
      *
@@ -265,7 +264,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get a version of a secret.
      *
-     * Retrieves a version of a secret by specifying the ID of the version or the alias `previous`.
+     * Get a version of a secret by specifying the ID of the version or the alias `previous`.
      *
      * A successful request returns the secret data that is associated with the specified version of your secret, along
      * with other metadata.
@@ -282,10 +281,30 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersion>>}
      */
     getSecretVersion(params: SecretsManagerV1.GetSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersion>>;
+    /**
+     * Invoke an action on a version of a secret.
+     *
+     * Invoke an action on a specified version of a secret. This method supports the following actions:
+     *
+     * - `revoke`: Revoke a version of a private certificate.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {string} params.action - The action to perform on the specified secret version.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>}
+     */
+    updateSecretVersion(params: SecretsManagerV1.UpdateSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>;
     /**
      * Get secret version metadata.
      *
-     * Retrieves secret version metadata by specifying the ID of the version or the alias `previous`.
+     * Get the metadata of a secret version by specifying the ID of the version or the alias `previous`.
      *
      * A successful request returns the metadata that is associated with the specified version of your secret.
      *
@@ -304,7 +323,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get secret metadata.
      *
-     * Retrieves the details of a secret by specifying the ID.
+     * Get the details of a secret by specifying its ID.
      *
      * A successful request returns only metadata about the secret, such as its name and creation date. To retrieve the
      * value of a secret, use the [Get a secret](#get-secret) or [Get a version of a secret](#get-secret-version) methods.
@@ -319,7 +338,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Update secret metadata.
      *
-     * Updates the metadata of a secret, such as its name or description.
+     * Update the metadata of a secret, such as its name or description.
      *
      * To update the actual contents of a secret, rotate the secret by using the [Invoke an action on a
      * secret](#update-secret) method.
@@ -333,15 +352,223 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.SecretMetadataRequest>>}
      */
     updateSecretMetadata(params: SecretsManagerV1.UpdateSecretMetadataParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.SecretMetadataRequest>>;
+    /*************************
+     * locks
+     ************************/
+    /**
+     * List secret locks.
+     *
+     * List the locks that are associated with a specified secret.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {number} [params.limit] - The number of secrets with locks to retrieve. By default, list operations return
+     * the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page through your available
+     * resources.
+     *
+     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+     * `..?limit=5`.
+     * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
+     * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
+     *
+     * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+     * `..?offset=25&limit=25`.
+     * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
+     *
+     * **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+     * `..?search=text`.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>}
+     */
+    getLocks(params: SecretsManagerV1.GetLocksParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>;
+    /**
+     * Lock a secret.
+     *
+     * Create a lock on the current version of a secret.
+     *
+     * A lock can be used to prevent a secret from being deleted or modified while it's in use by your applications. A
+     * successful request attaches a new lock to your secret, or replaces a lock of the same name if it already exists.
+     * Additionally, you can use this method to clear any matching locks on a secret by using one of the following
+     * optional lock modes:
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     *
+     * For more information about locking secrets, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secret-locks).
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {LockSecretBodyLocksItem[]} [params.locks] - The lock data to be attached to a secret version.
+     * @param {string} [params.mode] - An optional lock mode. At lock creation, you can set one of the following modes to
+     * clear any matching locks on a secret version.
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    lockSecret(params: SecretsManagerV1.LockSecretParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * Unlock a secret.
+     *
+     * Delete one or more locks that are associated with the current version of a secret.
+     *
+     * A successful request deletes the locks that you specify. To remove all locks, you can pass `{"locks": ["*"]}` in in
+     * the request body. Otherwise, specify the names of the locks that you want to delete. For example, `{"locks":
+     * ["lock1", "lock2"]}`.
+     *
+     * **Note:** A secret is considered unlocked and able to be revoked or deleted only after all of its locks are
+     * removed. To understand whether a secret contains locks, check the `locks_total` field that is returned as part of
+     * the metadata of your secret.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string[]} [params.locks] - A comma-separated list of locks to delete.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    unlockSecret(params: SecretsManagerV1.UnlockSecretParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * List secret version locks.
+     *
+     * List the locks that are associated with a specified secret version.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {number} [params.limit] - The number of secrets with locks to retrieve. By default, list operations return
+     * the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page through your available
+     * resources.
+     *
+     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+     * `..?limit=5`.
+     * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
+     * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
+     *
+     * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+     * `..?offset=25&limit=25`.
+     * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
+     *
+     * **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+     * `..?search=text`.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>}
+     */
+    getSecretVersionLocks(params: SecretsManagerV1.GetSecretVersionLocksParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>;
+    /**
+     * Lock a secret version.
+     *
+     * Create a lock on the specified version of a secret.
+     *
+     * A lock can be used to prevent a secret from being deleted or modified while it's in use by your applications. A
+     * successful request attaches a new lock to the specified version, or replaces a lock of the same name if it already
+     * exists. Additionally, you can use this method to clear any matching locks on a secret version by using one of the
+     * following optional lock modes:
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     *
+     * For more information about locking secrets, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secret-locks).
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {LockSecretBodyLocksItem[]} [params.locks] - The lock data to be attached to a secret version.
+     * @param {string} [params.mode] - An optional lock mode. At lock creation, you can set one of the following modes to
+     * clear any matching locks on a secret version.
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    lockSecretVersion(params: SecretsManagerV1.LockSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * Unlock a secret version.
+     *
+     * Delete one or more locks that are associated with the specified secret version.
+     *
+     * A successful request deletes the locks that you specify. To remove all locks, you can pass `{"locks": ["*"]}` in in
+     * the request body. Otherwise, specify the names of the locks that you want to delete. For example, `{"locks":
+     * ["lock-1", "lock-2"]}`.
+     *
+     * **Note:** A secret is considered unlocked and able to be revoked or deleted only after all of its locks are
+     * removed. To understand whether a secret contains locks, check the `locks_total` field that is returned as part of
+     * the metadata of your secret.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {string[]} [params.locks] - A comma-separated list of locks to delete.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    unlockSecretVersion(params: SecretsManagerV1.UnlockSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * List all secrets and locks.
+     *
+     * List the lock details that are associated with all secrets in your Secrets Manager instance.
+     *
+     * @param {Object} [params] - The parameters to send to the service.
+     * @param {number} [params.limit] - The number of secrets with locks to retrieve. By default, list operations return
+     * the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page through your available
+     * resources.
+     *
+     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+     * `..?limit=5`.
+     * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
+     * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
+     *
+     * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+     * `..?offset=25&limit=25`.
+     * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
+     *
+     * **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+     * `..?search=text`.
+     * @param {string[]} [params.groups] - Filter secrets by groups.
+     *
+     * You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter secrets
+     * that are in the default secret group, use the `default` keyword.
+     *
+     * **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
+     * use `..?groups={secret_group_ID},default`.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetInstanceLocks>>}
+     */
+    listInstanceSecretsLocks(params?: SecretsManagerV1.ListInstanceSecretsLocksParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetInstanceLocks>>;
     /*************************
      * policies
      ************************/
     /**
      * Set secret policies.
      *
-     * Creates or updates one or more policies, such as an [automatic rotation
-     * policy](http://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-rotate-secrets#auto-rotate-secret), for the
-     * specified secret.
+     * Create or update one or more policies, such as an [automatic rotation
+     * policy](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-automatic-rotation), for the specified
+     * secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -356,7 +583,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List secret policies.
      *
-     * Retrieves a list of policies that are associated with a specified secret.
+     * List the rotation policies that are associated with a specified secret.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -372,11 +599,11 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Set the configuration of a secret type.
      *
-     * Sets the configuration for the specified secret type.
+     * Set the configuration for the specified secret type.
      *
      * Use this method to configure the IAM credentials (`iam_credentials`) engine for your service instance. Looking to
-     * set up certificate ordering? To configure the public certificates (`public_cert`) engine, use the [Add a
-     * configuration](#create_config_element) method.
+     * order or generate certificates? To configure the public certificates (`public_cert`) or  private certificates
+     * (`private_cert`) engines, use the [Add a configuration](#create_config_element) method.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -388,7 +615,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get the configuration of a secret type.
      *
-     * Retrieves the configuration that is associated with the specified secret type.
+     * Get the configuration that is associated with the specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -399,17 +626,17 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Add a configuration.
      *
-     * Adds a configuration element to the specified secret type.
+     * Add a configuration element to the specified secret type.
      *
      * Use this method to define the configurations that are required to enable the public certificates (`public_cert`)
-     * engine and the private certificates (`private_cert`) engine.
+     * and private certificates (`private_cert`) engines.
      *
      * You can add multiple configurations for your instance as follows:
      *
      * - Up to 10 public certificate authority configurations
      * - Up to 10 DNS provider configurations
-     * - Up to 10 private root certifiate authority configurations
-     * - Up to 10 private intermediate certifiate authority configurations
+     * - Up to 10 private root certificate authority configurations
+     * - Up to 10 private intermediate certificate authority configurations
      * - Up to 10 certificate templates.
      *
      * @param {Object} params - The parameters to send to the service.
@@ -426,7 +653,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * List configurations.
      *
-     * Lists the configuration elements that are associated with a specified secret type.
+     * List the configuration elements that are associated with a specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -438,7 +665,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get a configuration.
      *
-     * Retrieves the details of a specific configuration that is associated with a secret type.
+     * Get the details of a specific configuration that is associated with a secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -451,7 +678,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Update a configuration.
      *
-     * Updates a configuration element that is associated with the specified secret type.
+     * Update a configuration element that is associated with the specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -464,10 +691,31 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSingleConfigElement>>}
      */
     updateConfigElement(params: SecretsManagerV1.UpdateConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSingleConfigElement>>;
+    /**
+     * Invoke an action on a configuration.
+     *
+     * Invoke an action on a specified configuration element. This method supports the following actions:
+     *
+     * - `sign_intermediate`: Sign an intermediate certificate authority.
+     * - `sign_csr`: Sign a certificate signing request.
+     * - `set_signed`: Set a signed intermediate certificate authority.
+     * - `revoke`: Revoke an internally signed intermediate certificate authority certificate.
+     * - `rotate_crl`: Rotate the certificate revocation list (CRL) of an intermediate certificate authority.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.configElement - The configuration element on which the action is applied.
+     * @param {string} params.configName - The name of the certificate authority.
+     * @param {string} params.action - The action to perform on the specified configuration element.
+     * @param {ConfigAction} [params.config] - Properties that describe an action on a configuration element.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ConfigElementActionResult>>}
+     */
+    actionOnConfigElement(params: SecretsManagerV1.ActionOnConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ConfigElementActionResult>>;
     /**
      * Delete a configuration.
      *
-     * Deletes a configuration element from the specified secret type.
+     * Delete a configuration element from the specified secret type.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -483,7 +731,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Register with Event Notifications.
      *
-     * Creates a registration between a Secrets Manager instance and [Event
+     * Create a registration between a Secrets Manager instance and [Event
      * Notifications](https://cloud.ibm.com/apidocs/event-notifications).
      *
      * A successful request adds Secrets Manager as a source that you can reference from your Event Notifications
@@ -504,7 +752,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Get Event Notifications registration details.
      *
-     * Retrieves the details of an existing registration between a Secrets Manager instance and Event Notifications.
+     * Get the details of an existing registration between a Secrets Manager instance and Event Notifications.
      *
      * @param {Object} [params] - The parameters to send to the service.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
@@ -514,7 +762,7 @@ declare class SecretsManagerV1 extends BaseService {
     /**
      * Unregister from Event Notifications.
      *
-     * Deletes a registration between a Secrets Manager instance and Event Notifications.
+     * Delete a registration between a Secrets Manager instance and Event Notifications.
      *
      * A successful request removes your Secrets Manager instance as a source in Event Notifications.
      *
@@ -524,7 +772,7 @@ declare class SecretsManagerV1 extends BaseService {
      */
     deleteNotificationsRegistration(params?: SecretsManagerV1.DeleteNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
     /**
-     * Send test event.
+     * Send a test event.
      *
      * Send a test event from a Secrets Manager instance to a configured [Event
      * Notifications](https://cloud.ibm.com/apidocs/event-notifications) instance.
@@ -627,14 +875,14 @@ declare namespace SecretsManagerV1 {
          *  different set of items, use `limit` with `offset` to page through your available resources.
          *
          *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-         *  `../secrets/{secret-type}?limit=5`.
+         *  `../secrets/{secret_type}?limit=5`.
          */
         limit?: number;
         /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
          *  `offset` value. Use `offset` with `limit` to page through your available resources.
          *
          *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-         *  `../secrets/{secret-type}?offset=25&limit=25`.
+         *  `..?offset=25&limit=25`.
          */
         offset?: number;
         headers?: OutgoingHttpHeaders;
@@ -658,27 +906,27 @@ declare namespace SecretsManagerV1 {
          *  different set of items, use `limit` with `offset` to page through your available resources.
          *
          *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-         *  `../secrets/{secret-type}?limit=5`.
+         *  `../secrets/{secret_type}?limit=5`.
          */
         limit?: number;
         /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
          *  `offset` value. Use `offset` with `limit` to page through your available resources.
          *
          *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-         *  `../secrets/{secret-type}?offset=25&limit=25`.
+         *  `..?offset=25&limit=25`.
          */
         offset?: number;
         /** Filter secrets that contain the specified string. The fields that are searched include: id, name,
          *  description, labels, secret_type.
          *
          *  **Usage:** If you want to list only the secrets that contain the string "text", use
-         *  `../secrets/{secret-type}?search=text`.
+         *  `../secrets/{secret_type}?search=text`.
          */
         search?: string;
         /** Sort a list of secrets by the specified field.
          *
          *  **Usage:** To sort a list of secrets by their creation date, use
-         *  `../secrets/{secret-type}?sort_by=creation_date`.
+         *  `../secrets/{secret_type}?sort_by=creation_date`.
          */
         sortBy?: ListAllSecretsConstants.SortBy | string;
         /** Filter secrets by groups.
@@ -687,14 +935,14 @@ declare namespace SecretsManagerV1 {
          *  secrets that are in the default secret group, use the `default` keyword.
          *
          *  **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
-         *  use `../secrets?groups={secret_group_ID},default`.
+         *  use `..?groups={secret_group_ID},default`.
          */
         groups?: string[];
         headers?: OutgoingHttpHeaders;
     }
     /** Constants for the `listAllSecrets` operation. */
     namespace ListAllSecretsConstants {
-        /** Sort a list of secrets by the specified field. **Usage:** To sort a list of secrets by their creation date, use `../secrets/{secret-type}?sort_by=creation_date`. */
+        /** Sort a list of secrets by the specified field. **Usage:** To sort a list of secrets by their creation date, use `../secrets/{secret_type}?sort_by=creation_date`. */
         enum SortBy {
             ID = "id",
             CREATION_DATE = "creation_date",
@@ -826,6 +1074,34 @@ declare namespace SecretsManagerV1 {
             KV = "kv"
         }
     }
+    /** Parameters for the `updateSecretVersion` operation. */
+    interface UpdateSecretVersionParams {
+        /** The secret type. */
+        secretType: UpdateSecretVersionConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The action to perform on the specified secret version. */
+        action: UpdateSecretVersionConstants.Action | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `updateSecretVersion` operation. */
+    namespace UpdateSecretVersionConstants {
+        /** The secret type. */
+        enum SecretType {
+            PRIVATE_CERT = "private_cert"
+        }
+        /** The action to perform on the specified secret version. */
+        enum Action {
+            REVOKE = "revoke"
+        }
+    }
     /** Parameters for the `getSecretVersionMetadata` operation. */
     interface GetSecretVersionMetadataParams {
         /** The secret type. */
@@ -900,86 +1176,342 @@ declare namespace SecretsManagerV1 {
             KV = "kv"
         }
     }
-    /** Parameters for the `putPolicy` operation. */
-    interface PutPolicyParams {
+    /** Parameters for the `getLocks` operation. */
+    interface GetLocksParams {
         /** The secret type. */
-        secretType: PutPolicyConstants.SecretType | string;
+        secretType: GetLocksConstants.SecretType | string;
         /** The v4 UUID that uniquely identifies the secret. */
         id: string;
-        /** The metadata that describes the resource array. */
-        metadata: CollectionMetadata;
-        /** A collection of resources. */
-        resources: SecretPolicyRotation[];
-        /** The type of policy that is associated with the specified secret. */
-        policy?: PutPolicyConstants.Policy | string;
+        /** The number of secrets with locks to retrieve. By default, list operations return the first 25 items. To
+         *  retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+         *
+         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+         *  `..?limit=5`.
+         */
+        limit?: number;
+        /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+         *  `offset` value. Use `offset` with `limit` to page through your available resources.
+         *
+         *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+         *  `..?offset=25&limit=25`.
+         */
+        offset?: number;
+        /** Filter locks that contain the specified string in the field "name".
+         *
+         *  **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+         *  `..?search=text`.
+         */
+        search?: string;
         headers?: OutgoingHttpHeaders;
     }
-    /** Constants for the `putPolicy` operation. */
-    namespace PutPolicyConstants {
+    /** Constants for the `getLocks` operation. */
+    namespace GetLocksConstants {
         /** The secret type. */
         enum SecretType {
-            USERNAME_PASSWORD = "username_password",
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            PRIVATE_CERT = "private_cert"
-        }
-        /** The type of policy that is associated with the specified secret. */
-        enum Policy {
-            ROTATION = "rotation"
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
     }
-    /** Parameters for the `getPolicy` operation. */
-    interface GetPolicyParams {
+    /** Parameters for the `lockSecret` operation. */
+    interface LockSecretParams {
         /** The secret type. */
-        secretType: GetPolicyConstants.SecretType | string;
+        secretType: LockSecretConstants.SecretType | string;
         /** The v4 UUID that uniquely identifies the secret. */
         id: string;
-        /** The type of policy that is associated with the specified secret. */
-        policy?: GetPolicyConstants.Policy | string;
+        /** The lock data to be attached to a secret version. */
+        locks?: LockSecretBodyLocksItem[];
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks
+         *  on a secret version.
+         *
+         *  - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the
+         *  secret.
+         *  - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version
+         *  if it doesn't have any locks.
+         */
+        mode?: LockSecretConstants.Mode | string;
         headers?: OutgoingHttpHeaders;
     }
-    /** Constants for the `getPolicy` operation. */
-    namespace GetPolicyConstants {
+    /** Constants for the `lockSecret` operation. */
+    namespace LockSecretConstants {
         /** The secret type. */
         enum SecretType {
-            USERNAME_PASSWORD = "username_password",
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            PRIVATE_CERT = "private_cert"
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
-        /** The type of policy that is associated with the specified secret. */
-        enum Policy {
-            ROTATION = "rotation"
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
+        enum Mode {
+            EXCLUSIVE = "exclusive",
+            EXCLUSIVE_DELETE = "exclusive_delete"
         }
     }
-    /** Parameters for the `putConfig` operation. */
-    interface PutConfigParams {
+    /** Parameters for the `unlockSecret` operation. */
+    interface UnlockSecretParams {
         /** The secret type. */
-        secretType: PutConfigConstants.SecretType | string;
-        /** Properties to update for a secrets engine. */
-        engineConfig: EngineConfig;
+        secretType: UnlockSecretConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** A comma-separated list of locks to delete. */
+        locks?: string[];
         headers?: OutgoingHttpHeaders;
     }
-    /** Constants for the `putConfig` operation. */
-    namespace PutConfigConstants {
+    /** Constants for the `unlockSecret` operation. */
+    namespace UnlockSecretConstants {
         /** The secret type. */
         enum SecretType {
-            IAM_CREDENTIALS = "iam_credentials"
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
         }
     }
-    /** Parameters for the `getConfig` operation. */
-    interface GetConfigParams {
+    /** Parameters for the `getSecretVersionLocks` operation. */
+    interface GetSecretVersionLocksParams {
         /** The secret type. */
-        secretType: GetConfigConstants.SecretType | string;
+        secretType: GetSecretVersionLocksConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The number of secrets with locks to retrieve. By default, list operations return the first 25 items. To
+         *  retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+         *
+         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+         *  `..?limit=5`.
+         */
+        limit?: number;
+        /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+         *  `offset` value. Use `offset` with `limit` to page through your available resources.
+         *
+         *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+         *  `..?offset=25&limit=25`.
+         */
+        offset?: number;
+        /** Filter locks that contain the specified string in the field "name".
+         *
+         *  **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+         *  `..?search=text`.
+         */
+        search?: string;
         headers?: OutgoingHttpHeaders;
     }
-    /** Constants for the `getConfig` operation. */
-    namespace GetConfigConstants {
+    /** Constants for the `getSecretVersionLocks` operation. */
+    namespace GetSecretVersionLocksConstants {
         /** The secret type. */
         enum SecretType {
+            ARBITRARY = "arbitrary",
             IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
             PUBLIC_CERT = "public_cert",
-            PRIVATE_CERT = "private_cert"
-        }
-    }
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `lockSecretVersion` operation. */
+    interface LockSecretVersionParams {
+        /** The secret type. */
+        secretType: LockSecretVersionConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The lock data to be attached to a secret version. */
+        locks?: LockSecretBodyLocksItem[];
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks
+         *  on a secret version.
+         *
+         *  - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the
+         *  secret.
+         *  - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version
+         *  if it doesn't have any locks.
+         */
+        mode?: LockSecretVersionConstants.Mode | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `lockSecretVersion` operation. */
+    namespace LockSecretVersionConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
+        enum Mode {
+            EXCLUSIVE = "exclusive",
+            EXCLUSIVE_DELETE = "exclusive_delete"
+        }
+    }
+    /** Parameters for the `unlockSecretVersion` operation. */
+    interface UnlockSecretVersionParams {
+        /** The secret type. */
+        secretType: UnlockSecretVersionConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** A comma-separated list of locks to delete. */
+        locks?: string[];
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `unlockSecretVersion` operation. */
+    namespace UnlockSecretVersionConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `listInstanceSecretsLocks` operation. */
+    interface ListInstanceSecretsLocksParams {
+        /** The number of secrets with locks to retrieve. By default, list operations return the first 25 items. To
+         *  retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+         *
+         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+         *  `..?limit=5`.
+         */
+        limit?: number;
+        /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+         *  `offset` value. Use `offset` with `limit` to page through your available resources.
+         *
+         *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+         *  `..?offset=25&limit=25`.
+         */
+        offset?: number;
+        /** Filter locks that contain the specified string in the field "name".
+         *
+         *  **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+         *  `..?search=text`.
+         */
+        search?: string;
+        /** Filter secrets by groups.
+         *
+         *  You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter
+         *  secrets that are in the default secret group, use the `default` keyword.
+         *
+         *  **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
+         *  use `..?groups={secret_group_ID},default`.
+         */
+        groups?: string[];
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Parameters for the `putPolicy` operation. */
+    interface PutPolicyParams {
+        /** The secret type. */
+        secretType: PutPolicyConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: SecretPolicyRotation[];
+        /** The type of policy that is associated with the specified secret. */
+        policy?: PutPolicyConstants.Policy | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `putPolicy` operation. */
+    namespace PutPolicyConstants {
+        /** The secret type. */
+        enum SecretType {
+            USERNAME_PASSWORD = "username_password",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
+        }
+        /** The type of policy that is associated with the specified secret. */
+        enum Policy {
+            ROTATION = "rotation"
+        }
+    }
+    /** Parameters for the `getPolicy` operation. */
+    interface GetPolicyParams {
+        /** The secret type. */
+        secretType: GetPolicyConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The type of policy that is associated with the specified secret. */
+        policy?: GetPolicyConstants.Policy | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `getPolicy` operation. */
+    namespace GetPolicyConstants {
+        /** The secret type. */
+        enum SecretType {
+            USERNAME_PASSWORD = "username_password",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
+        }
+        /** The type of policy that is associated with the specified secret. */
+        enum Policy {
+            ROTATION = "rotation"
+        }
+    }
+    /** Parameters for the `putConfig` operation. */
+    interface PutConfigParams {
+        /** The secret type. */
+        secretType: PutConfigConstants.SecretType | string;
+        /** Properties to update for a secrets engine. */
+        engineConfig: EngineConfig;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `putConfig` operation. */
+    namespace PutConfigConstants {
+        /** The secret type. */
+        enum SecretType {
+            IAM_CREDENTIALS = "iam_credentials"
+        }
+    }
+    /** Parameters for the `getConfig` operation. */
+    interface GetConfigParams {
+        /** The secret type. */
+        secretType: GetConfigConstants.SecretType | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `getConfig` operation. */
+    namespace GetConfigConstants {
+        /** The secret type. */
+        enum SecretType {
+            IAM_CREDENTIALS = "iam_credentials",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert"
+        }
+    }
     /** Parameters for the `createConfigElement` operation. */
     interface CreateConfigElementParams {
         /** The secret type. */
@@ -1114,6 +1646,40 @@ declare namespace SecretsManagerV1 {
             CERTIFICATE_TEMPLATE = "certificate_template"
         }
     }
+    /** Parameters for the `actionOnConfigElement` operation. */
+    interface ActionOnConfigElementParams {
+        /** The secret type. */
+        secretType: ActionOnConfigElementConstants.SecretType | string;
+        /** The configuration element on which the action is applied. */
+        configElement: ActionOnConfigElementConstants.ConfigElement | string;
+        /** The name of the certificate authority. */
+        configName: string;
+        /** The action to perform on the specified configuration element. */
+        action: ActionOnConfigElementConstants.Action | string;
+        /** Properties that describe an action on a configuration element. */
+        config?: ConfigAction;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `actionOnConfigElement` operation. */
+    namespace ActionOnConfigElementConstants {
+        /** The secret type. */
+        enum SecretType {
+            PRIVATE_CERT = "private_cert"
+        }
+        /** The configuration element on which the action is applied. */
+        enum ConfigElement {
+            ROOT_CERTIFICATE_AUTHORITIES = "root_certificate_authorities",
+            INTERMEDIATE_CERTIFICATE_AUTHORITIES = "intermediate_certificate_authorities"
+        }
+        /** The action to perform on the specified configuration element. */
+        enum Action {
+            SIGN_INTERMEDIATE = "sign_intermediate",
+            SIGN_CSR = "sign_csr",
+            SET_SIGNED = "set_signed",
+            REVOKE = "revoke",
+            ROTATE_CRL = "rotate_crl"
+        }
+    }
     /** Parameters for the `deleteConfigElement` operation. */
     interface DeleteConfigElementParams {
         /** The secret type. */
@@ -1165,6 +1731,24 @@ declare namespace SecretsManagerV1 {
     /*************************
      * model interfaces
      ************************/
+    /** The data that is associated with the secret version. The data object contains the following fields: - `certificate`: The contents of the certificate. - `private_key`: The private key that is associated with the certificate. - `intermediate`: The intermediate certificate that is associated with the certificate. */
+    interface CertificateSecretData {
+    }
+    /** Certificate templates configuration. */
+    interface CertificateTemplatesConfigItem {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        /** Properties that describe a certificate template. You can use a certificate template to control the
+         *  parameters that
+         *  are applied to your issued private certificates. For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificate-templates).
+         */
+        config?: CertificateTemplateConfig;
+    }
     /** The metadata that describes the resource array. */
     interface CollectionMetadata {
         /** The type of resources in the resource array. */
@@ -1172,6 +1756,29 @@ declare namespace SecretsManagerV1 {
         /** The number of elements in the resource array. */
         collection_total: number;
     }
+    /** Properties that describe an action on a configuration element. */
+    interface ConfigAction {
+    }
+    /** The configuration to add or update. */
+    interface ConfigElementActionData {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        config: ConfigElementActionResultConfig;
+    }
+    /** Properties that describe an action on a configuration element. */
+    interface ConfigElementActionResult {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: ConfigElementActionData[];
+    }
+    /** ConfigElementActionResultConfig. */
+    interface ConfigElementActionResultConfig {
+    }
     /** The configuration to add or update. */
     interface ConfigElementDef {
         /** The human-readable name to assign to your configuration. */
@@ -1225,6 +1832,13 @@ declare namespace SecretsManagerV1 {
     /** GetConfigResourcesItem. */
     interface GetConfigResourcesItem {
     }
+    /** Properties that describe the locks that are associated with an instance. */
+    interface GetInstanceLocks {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: InstanceSecretsLocks[];
+    }
     /** Properties that describe an existing registration with Event Notifications. */
     interface GetNotificationsSettings {
         /** The metadata that describes the resource array. */
@@ -1239,6 +1853,13 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources: SecretResource[];
     }
+    /** Properties that describe the lock of a secret or a secret version. */
+    interface GetSecretLocks {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: SecretsLocks[];
+    }
     /** GetSecretPolicies. */
     interface GetSecretPolicies {
     }
@@ -1263,6 +1884,33 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources: ConfigElementDef[];
     }
+    /** Properties that describe the locks that are associated with an instance. */
+    interface InstanceSecretsLocks {
+        /** The unique ID of the secret. */
+        secret_id?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** A collection of locks that are attached to a secret version. */
+        versions?: SecretLockVersion[];
+        /** InstanceSecretsLocks accepts additional properties. */
+        [propName: string]: any;
+    }
+    /** Intermediate certificate authorities configuration. */
+    interface IntermediateCertificateAuthoritiesConfigItem {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        /** Intermediate certificate authority configuration. */
+        config?: IntermediateCertificateAuthorityConfig;
+    }
     /** Issuance information that is associated with your certificate. */
     interface IssuanceInfo {
         /** The date the certificate was ordered. The date format follows RFC 3339. */
@@ -1290,6 +1938,13 @@ declare namespace SecretsManagerV1 {
         /** The name that was assigned to the DNS provider configuration. */
         dns?: string;
     }
+    /** Properties that describe the locks of a secret or a secret version. */
+    interface ListSecretLocks {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: SecretLockData[];
+    }
     /** Properties that describe a list of versions of a secret. */
     interface ListSecretVersions {
         /** The metadata that describes the resource array. */
@@ -1304,11 +1959,39 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources?: SecretResource[];
     }
+    /** LockSecretBodyLocksItem. */
+    interface LockSecretBodyLocksItem {
+        /** A human-readable name to assign to the lock. The lock name must be unique per secret version.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a name for your secret
+         *  lock.
+         */
+        name: string;
+        /** An extended description of the lock.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret lock.
+         */
+        description: string;
+        /** Optional information to associate with a lock, such as resources CRNs to be used by automation. */
+        attributes: JsonObject;
+    }
     /** The Event Notifications details. */
     interface NotificationsSettings {
         /** The Cloud Resource Name (CRN) of the connected Event Notifications instance. */
         event_notifications_instance_crn: string;
     }
+    /** Root certificate authorities configuration. */
+    interface RootCertificateAuthoritiesConfigItem {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        /** Root certificate authority configuration. */
+        config?: RootCertificateAuthorityConfig;
+    }
     /** Rotation. */
     interface Rotation {
         /** Determines whether Secrets Manager rotates your certificate automatically.
@@ -1325,18 +2008,18 @@ declare namespace SecretsManagerV1 {
          *
          *  If set to `true`, the service generates and stores a new private key for your rotated certificate.
          *
-         *  **Note:** Use this field only for public certificates. Ignored for private certificates.
+         *  **Note:** Use this field only for public certificates. It is ignored for private certificates.
          */
         rotate_keys?: boolean;
         /** Used together with the `unit` field to specify the rotation interval. The minimum interval is one day, and
          *  the maximum interval is 3 years (1095 days). Required in case `auto_rotate` is set to `true`.
          *
-         *  **Note:** Use this field only for private certificates Ignored for public certificates.
+         *  **Note:** Use this field only for private certificates. It is ignored for public certificates.
          */
         interval?: number;
         /** The time unit of the rotation interval.
          *
-         *  **Note:** Use this field only for private certificates. Ignored for public certificates.
+         *  **Note:** Use this field only for private certificates. It is ignored for public certificates.
          */
         unit?: string;
     }
@@ -1390,6 +2073,56 @@ declare namespace SecretsManagerV1 {
         /** SecretGroupResource accepts additional properties. */
         [propName: string]: any;
     }
+    /** Properties that describe a lock. */
+    interface SecretLockData {
+        /** A human-readable name to assign to the secret lock.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a name for the secret lock.
+         */
+        name?: string;
+        /** An extended description of the secret lock.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for the
+         *  secret lock.
+         */
+        description?: string;
+        /** The date the secret lock was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret lock. */
+        created_by?: string;
+        /** The information that is associated with a lock, such as resources CRNs to be used by automation. */
+        attributes?: JsonObject;
+        /** The v4 UUID that uniquely identifies the secret version. */
+        secret_version_id?: string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        secret_id?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** Updates when the actual secret is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** A representation for the 2 last secret versions. Could be "current" for version (n) or "previous" for
+         *  version (n-1).
+         */
+        secret_version_alias?: string;
+    }
+    /** Properties that describe the secret locks. */
+    interface SecretLockVersion {
+        /** The v4 UUID that uniquely identifies the lock. */
+        id?: string;
+        /** A human-readable alias that describes the secret version. 'Current' is used for version `n` and 'previous'
+         *  is used for version `n-1`.
+         */
+        alias?: string;
+        /** The names of all locks that are associated with this secret. */
+        locks?: string[];
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** SecretLockVersion accepts additional properties. */
+        [propName: string]: any;
+    }
     /** SecretMetadata. */
     interface SecretMetadata {
     }
@@ -1421,11 +2154,51 @@ declare namespace SecretsManagerV1 {
     /** SecretVersionMetadata. */
     interface SecretVersionMetadata {
     }
+    /** Properties that describe the secret locks. */
+    interface SecretsLocks {
+        /** The unique ID of the secret. */
+        secret_id?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** A collection of locks that are attached to a secret version. */
+        versions?: SecretLockVersion[];
+        /** SecretsLocks accepts additional properties. */
+        [propName: string]: any;
+    }
+    /** Properties that are returned with a successful `sign` action. */
+    interface SignActionResultData {
+        /** The PEM-encoded certificate. */
+        certificate?: string;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The PEM-encoded certificate of the certificate authority that signed and issued this certificate. */
+        issuing_ca?: string;
+        /** The chain of certificate authorities that are associated with the certificate. */
+        ca_chain?: string[];
+        /** The time until the certificate expires. */
+        expiration?: number;
+    }
+    /** Properties that are returned with a successful `sign` action. */
+    interface SignIntermediateActionResultData {
+        /** The PEM-encoded certificate. */
+        certificate?: string;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The PEM-encoded certificate of the certificate authority that signed and issued this certificate. */
+        issuing_ca?: string;
+        /** The chain of certificate authorities that are associated with the certificate. */
+        ca_chain?: string[];
+        /** The time until the certificate expires. */
+        expiration?: number;
+    }
     /** CertificateValidity. */
     interface CertificateValidity {
-        /** The date the certificate validity period begins. */
+        /** The date and time that the certificate validity period begins. */
         not_before?: string;
-        /** The date the certificate validity period ends. */
+        /** The date and time that the certificate validity period ends. */
         not_after?: string;
     }
     /** Metadata properties that describe an arbitrary secret. */
@@ -1473,8 +2246,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -1536,6 +2311,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -1564,6 +2341,8 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** The data that is associated with the secret version.
          *
          *  The data object contains the field `payload`.
@@ -1601,6 +2380,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
     }
     /** Metadata properties that describe a certificate secret. */
     interface CertificateSecretMetadata extends SecretMetadata {
@@ -1647,16 +2428,18 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
          *  the certificate.
          */
         algorithm?: string;
-        /** The identifier for the cryptographic algorithm that was used to generate the public key that is associated
-         *  with the certificate.
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
          */
         key_algorithm?: string;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
@@ -1723,6 +2506,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The contents of your certificate. The data must be formatted on a single line with embedded newline
          *  characters.
          */
@@ -1737,11 +2522,9 @@ declare namespace SecretsManagerV1 {
         intermediate?: string;
         /** The data that is associated with the secret. The data object contains the following fields:
          *
-         *  `certificate`: The contents of the certificate.
-         *
-         *  `private_key`: The private key that is associated with the certificate.
-         *
-         *  `intermediate`: The intermediate certificate that is associated with the certificate.
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
          */
         secret_data?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
@@ -1750,8 +2533,8 @@ declare namespace SecretsManagerV1 {
          *  the certificate.
          */
         algorithm?: string;
-        /** The identifier for the cryptographic algorithm that was used to generate the public key that is associated
-         *  with the certificate.
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
          */
         key_algorithm?: string;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
@@ -1763,8 +2546,13 @@ declare namespace SecretsManagerV1 {
         intermediate_included?: boolean;
         /** Indicates whether the certificate was imported with an associated private key. */
         private_key_included?: boolean;
-        /** The alternative names that are defined for the certificate. */
-        alt_names?: string[];
+        /** The alternative names that are defined for the certificate.
+         *
+         *  For public certificates, this value is provided as an array of strings. For private certificates, this value is
+         *  provided as a comma-delimited list (string). In the API response, this value is returned as an array of strings
+         *  for all the types of certificate secrets.
+         */
+        alt_names?: any;
         /** The date that the certificate expires. The date format follows RFC 3339. */
         expiration_date?: string;
     }
@@ -1778,6 +2566,8 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         validity?: CertificateValidity;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
@@ -1785,13 +2575,11 @@ declare namespace SecretsManagerV1 {
         expiration_date?: string;
         /** The data that is associated with the secret version. The data object contains the following fields:
          *
-         *  `certificate`: The contents of the certificate.
-         *
-         *  `private_key`: The private key that is associated with the certificate.
-         *
-         *  `intermediate`: The intermediate certificate that is associated with the certificate.
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
          */
-        secret_data?: JsonObject;
+        secret_data?: CertificateSecretData;
     }
     /** CertificateSecretVersionInfo. */
     interface CertificateSecretVersionInfo extends SecretVersionInfo {
@@ -1829,12 +2617,185 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
         expiration_date?: string;
         validity?: CertificateValidity;
     }
+    /** Properties that describe a certificate template. You can use a certificate template to control the parameters that  are applied to your issued private certificates. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificate-templates). */
+    interface CertificateTemplateConfig extends ConfigElementDefConfig {
+        /** The name of the intermediate certificate authority. */
+        certificate_authority: string;
+        /** Scopes the creation of private certificates to only the secret groups that you specify.
+         *
+         *  This field can be supplied as a comma-delimited list of secret group IDs.
+         */
+        allowed_secret_groups?: string;
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API
+         *  response, this value is returned in seconds (integer).
+         *
+         *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
+         */
+        max_ttl?: any;
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration, such as `12h`. Hour (`h`) is the largest
+         *  time suffix. The value can't exceed the `max_ttl` that is defined in the associated certificate template. In the
+         *  API response, this value is returned in seconds (integer).
+         */
+        ttl?: any;
+        /** Determines whether to allow `localhost` to be included as one of the requested common names. */
+        allow_localhost?: boolean;
+        /** The domains to define for the certificate template. This property is used along with the
+         *  `allow_bare_domains` and `allow_subdomains` options.
+         */
+        allowed_domains?: string[];
+        /** Determines whether to allow the domains that are supplied in the `allowed_domains` field to contain access
+         *  control list (ACL) templates.
+         */
+        allowed_domains_template?: boolean;
+        /** Determines whether to allow clients to request private certificates that match the value of the actual
+         *  domains on the final certificate.
+         *
+         *  For example, if you specify `example.com` in the `allowed_domains` field, you grant clients the ability to
+         *  request a certificate that contains the name `example.com` as one of the DNS values on the final certificate.
+         *
+         *  **Important:** In some scenarios, allowing bare domains can be considered a security risk.
+         */
+        allow_bare_domains?: boolean;
+        /** Determines whether to allow clients to request private certificates with common names (CN) that are
+         *  subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard
+         *  subdomains.
+         *
+         *  For example, if `allowed_domains` has a value of `example.com` and `allow_subdomains`is set to `true`, then the
+         *  following subdomains are allowed: `foo.example.com`, `bar.example.com`, `*.example.com`.
+         *
+         *  **Note:** This field is redundant if you use the `allow_any_name` option.
+         */
+        allow_subdomains?: boolean;
+        /** Determines whether to allow glob patterns, for example, `ftp*.example.com`, in the names that are specified
+         *  in the `allowed_domains` field.
+         *
+         *  If set to `true`, clients are allowed to request private certificates with names that match the glob patterns.
+         */
+        allow_glob_domains?: boolean;
+        /** Determines whether to allow clients to request a private certificate that matches any common name. */
+        allow_any_name?: boolean;
+        /** Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the
+         *  host section of email addresses.
+         */
+        enforce_hostnames?: boolean;
+        /** Determines whether to allow clients to request a private certificate with IP Subject Alternative Names. */
+        allow_ip_sans?: boolean;
+        /** The URI Subject Alternative Names to allow for private certificates.
+         *
+         *  Values can contain glob patterns, for example `spiffe://hostname/_*`.
+         */
+        allowed_uri_sans?: string[];
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private
+         *  certificates.
+         *
+         *  The format for each element in the list is the same as OpenSSL: `<oid>:<type>:<value>` where the current valid
+         *  type is `UTF8`. To allow any value for an OID, use `*` as its value. Alternatively, specify a single `*` to
+         *  allow any `other_sans` input.
+         */
+        allowed_other_sans?: string[];
+        /** Determines whether private certificates are flagged for server use. */
+        server_flag?: boolean;
+        /** Determines whether private certificates are flagged for client use. */
+        client_flag?: boolean;
+        /** Determines whether private certificates are flagged for code signing use. */
+        code_signing_flag?: boolean;
+        /** Determines whether private certificates are flagged for email protection use. */
+        email_protection_flag?: boolean;
+        /** The type of private key to generate for private certificates and the type of key that is expected for
+         *  submitted certificate signing requests (CSRs).
+         *
+         *  Allowable values are: `rsa` and `ec`.
+         */
+        key_type?: string;
+        /** The number of bits to use when generating the private key.
+         *
+         *  Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and
+         *  `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
+         */
+        key_bits?: number;
+        /** The allowed key usage constraint to define for private certificates.
+         *
+         *  You can find valid values in the [Go x509 package documentation](https://pkg.go.dev/crypto/x509#KeyUsage).  Omit
+         *  the `KeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this
+         *  field to an empty list.
+         */
+        key_usage?: string[];
+        /** The allowed extended key usage constraint on private certificates.
+         *
+         *  You can find valid values in the [Go x509 package
+         *  documentation](https://golang.org/pkg/crypto/x509/#ExtKeyUsage). Omit the `ExtKeyUsage` part of the value.
+         *  Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list.
+         */
+        ext_key_usage?: string[];
+        /** A list of extended key usage Object Identifiers (OIDs). */
+        ext_key_usage_oids?: string[];
+        /** When used with the `sign_csr` action, this field determines whether to use the common name (CN) from a
+         *  certificate signing request (CSR) instead of the CN that's included in the JSON data of the certificate.
+         *
+         *  Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names,
+         *  include the `use_csr_sans` property.
+         */
+        use_csr_common_name?: boolean;
+        /** When used with the `sign_csr` action, this field determines whether to use the Subject Alternative Names
+         *  (SANs) from a certificate signing request (CSR) instead of the SANs that are included in the JSON data of the
+         *  certificate.
+         *
+         *  Does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property.
+         */
+        use_csr_sans?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** Determines whether to require a common name to create a private certificate.
+         *
+         *  By default, a common name is required to generate a certificate. To make the `common_name` field optional, set
+         *  the `require_cn` option to `false`.
+         */
+        require_cn?: boolean;
+        /** A list of policy Object Identifiers (OIDs). */
+        policy_identifiers?: string[];
+        /** Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for
+         *  non-CA certificates.
+         */
+        basic_constraints_valid_for_non_ca?: boolean;
+        /** The duration in seconds by which to backdate the `not_before` property of an issued private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration, such as `30s`. In the API response, this
+         *  value is returned in seconds (integer).
+         */
+        not_before_duration?: any;
+    }
+    /** Certificate templates configuration. */
+    interface CertificateTemplatesConfig extends GetConfigElementsResourcesItem {
+        certificate_templates: CertificateTemplatesConfigItem[];
+    }
     /** Properties that describe an IBM Cloud classic infrastructure (SoftLayer) configuration. */
     interface ConfigElementDefConfigClassicInfrastructureConfig extends ConfigElementDefConfig {
         /** The username that is associated with your classic infrastructure account.
@@ -1930,7 +2891,7 @@ declare namespace SecretsManagerV1 {
         /** The hash value of the IBM Cloud API key that is used to create and manage service IDs. */
         api_key_hash?: string;
     }
-    /** Metadata properties that describe a iam_credentials secret. */
+    /** Metadata properties that describe an `iam_credentials` secret. */
     interface IAMCredentialsSecretMetadata extends SecretMetadata {
         /** The unique ID of the secret. */
         id?: string;
@@ -1975,9 +2936,13 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
-        /** Specifies the Time To Live value provided as a string duration with time suffix. */
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The time-to-live (TTL) or lease duration that is assigned to the secret. For `iam_credentials` secrets, the
+         *  TTL defines for how long each generated API key remains valid.
+         */
         ttl?: string;
         /** Determines whether to use the same service ID and API key for future read operations on an
          *  `iam_credentials` secret.
@@ -2052,6 +3017,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The time-to-live (TTL) or lease duration to assign to generated credentials.
          *
          *  For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can
@@ -2113,13 +3080,13 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** The data that is associated with the secret version. The data object contains the following fields:
          *
-         *  `api_key`: The API key that is generated for this secret.
-         *
-         *  `api_key_id`: The ID of the API key that is generated for this secret.
-         *
-         *  `service_id`: The service ID under which the API key is created.
+         *  - `api_key`: The API key that is generated for this secret.
+         *  - `api_key_id`: The ID of the API key that is generated for this secret.
+         *  - `service_id`: The service ID under which the API key is created.
          */
         secret_data?: JsonObject;
     }
@@ -2153,10 +3120,268 @@ declare namespace SecretsManagerV1 {
         /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
          *  service API.
          */
-        downloaded?: boolean;
+        downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+    }
+    /** Intermediate certificate authorities configuration. */
+    interface IntermediateCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
+        intermediate_certificate_authorities: IntermediateCertificateAuthoritiesConfigItem[];
+    }
+    /** Intermediate certificate authority configuration. */
+    interface IntermediateCertificateAuthorityConfig extends ConfigElementDefConfig {
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API
+         *  response, this value is returned in seconds (integer).
+         *
+         *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
+         */
+        max_ttl: any;
+        /** The signing method to use with this certificate authority to generate private certificates.
+         *
+         *  You can choose between internal or externally signed options. For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities).
+         */
+        signing_method: string;
+        /** The certificate authority that signed and issued the certificate.
+         *
+         *  If the certificate is signed internally, the `issuer` field is required and must match the name of a certificate
+         *  authority that is configured in the Secrets Manager service instance.
+         */
+        issuer?: string;
+        /** The time until the certificate revocation list (CRL) expires.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `48h`. The default is 72
+         *  hours. In the API response, this value is returned in seconds (integer).
+         *
+         *  **Note:** The CRL is rotated automatically before it expires.
+         */
+        crl_expiry?: any;
+        /** Disables or enables certificate revocation list (CRL) building.
+         *
+         *  If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building
+         *  is enabled,  it will rebuild the CRL.
+         */
+        crl_disable?: boolean;
+        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates
+         *  that are issued by this certificate authority.
+         */
+        crl_distribution_points_encoded?: boolean;
+        /** Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this
+         *  certificate authority.
+         */
+        issuing_certificates_urls_encoded?: boolean;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The status of the certificate authority. The status of a root certificate authority is either `configured`
+         *  or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,
+         *  `signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`.
+         */
+        status?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** The type of private key to generate. */
+        key_type?: string;
+        /** The number of bits to use when generating the private key.
+         *
+         *  Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and
+         *  `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
+         */
+        key_bits?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** The data that is associated with the intermediate certificate authority. The data object contains the
+         *   following fields:
+         *
+         *  - `csr`: The PEM-encoded certificate signing request.
+         *  - `private_key`: The private key.
+         *  - `private_key_type`: The type of private key, for example `rsa`.
+         */
+        data?: JsonObject;
+    }
+    /** Metadata properties that describe a key-value secret. */
+    interface KvSecretMetadata extends SecretMetadata {
+        /** The unique ID of the secret. */
+        id?: string;
+        /** Labels that you can use to filter for secrets in your instance.
+         *
+         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
+         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
+         *  character (|).
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         */
+        labels?: string[];
+        /** A human-readable alias to assign to your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         */
+        name: string;
+        /** An extended description of your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret.
+         */
+        description?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** The Cloud Resource Name (CRN) that uniquely identifies the resource. */
+        crn?: string;
+        /** The date the secret was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret. */
+        created_by?: string;
+        /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** The number of versions that are associated with a secret. */
+        versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+    }
+    /** Properties that describe a secret. */
+    interface KvSecretResource extends SecretResource {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** A human-readable alias to assign to your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         */
+        name: string;
+        /** An extended description of your secret.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret.
+         */
+        description?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** Labels that you can use to filter for secrets in your instance.
+         *
+         *  Up to 30 labels can be created. Labels can be 2 - 30 characters, including spaces. Special characters that are
+         *  not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
+         */
+        labels?: string[];
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** The Cloud Resource Name (CRN) that uniquely identifies your Secrets Manager resource. */
+        crn?: string;
+        /** The date the secret was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret. */
+        created_by?: string;
+        /** Updates when the actual secret is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** The number of versions that are associated with a secret. */
+        versions_total?: number;
+        /** An array that contains metadata for each secret version. For more information on the metadata properties,
+         *  see [Get secret version metadata](#get-secret-version-metadata).
+         */
+        versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The date the secret material expires. The date format follows RFC 3339.
+         *
+         *  You can set an expiration date on supported secret types at their creation. If you create a secret without
+         *  specifying an expiration date, the secret does not expire. The `expiration_date` field is supported for the
+         *  following secret types:
+         *
+         *  - `arbitrary`
+         *  - `username_password`.
+         */
+        expiration_date?: string;
+        /** The new secret data to assign to the secret. */
+        payload?: JsonObject;
+        /** The data that is associated with the secret version.
+         *
+         *  The data object contains the field `payload`.
+         */
+        secret_data?: JsonObject;
     }
-    /** Metadata properties that describe a key-value secret. */
-    interface KvSecretMetadata extends SecretMetadata {
+    /** The `private_cert` secret rotation policy. */
+    interface PrivateCertPolicyRotation extends SecretPolicyRotationRotation {
+        auto_rotate: boolean;
+        /** The length of the secret rotation time interval. */
+        interval?: number;
+        /** The units for the secret rotation time interval. */
+        unit?: string;
+    }
+    /** Configuration for the private certificates engine. */
+    interface PrivateCertSecretEngineRootConfig extends GetConfigResourcesItem {
+        /** The root certificate authority configurations that are associated with your instance. */
+        root_certificate_authorities?: RootCertificateAuthoritiesConfigItem[];
+        /** The intermediate certificate authority configurations that are associated with your instance. */
+        intermediate_certificate_authorities?: IntermediateCertificateAuthoritiesConfigItem[];
+        /** The certificate templates that are associated with your instance. */
+        certificate_templates?: CertificateTemplatesConfigItem[];
+    }
+    /** Metadata properties that describe a private certificate secret. */
+    interface PrivateCertificateSecretMetadata extends SecretMetadata {
         /** The unique ID of the secret. */
         id?: string;
         /** Labels that you can use to filter for secrets in your instance.
@@ -2200,11 +3425,39 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The name of the certificate template. */
+        certificate_template?: string;
+        /** The intermediate certificate authority that signed this certificate. */
+        certificate_authority?: string;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The alternative names that are defined for the certificate. */
+        alt_names?: string[];
+        rotation?: Rotation;
+        /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
+         *  the certificate.
+         */
+        algorithm?: string;
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
+         */
+        key_algorithm?: string;
+        /** The certificate authority that signed and issued the certificate. */
+        issuer?: string;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
     }
     /** Properties that describe a secret. */
-    interface KvSecretResource extends SecretResource {
+    interface PrivateCertificateSecretResource extends SecretResource {
         /** The v4 UUID that uniquely identifies the secret. */
         id?: string;
         /** A human-readable alias to assign to your secret.
@@ -2253,71 +3506,180 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
-        /** The date the secret material expires. The date format follows RFC 3339.
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The name of the certificate template. */
+        certificate_template: string;
+        /** The intermediate certificate authority that signed this certificate. */
+        certificate_authority?: string;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The alternative names that are defined for the certificate.
+         *
+         *  For public certificates, this value is provided as an array of strings. For private certificates, this value is
+         *  provided as a comma-delimited list (string). In the API response, this value is returned as an array of strings
+         *  for all the types of certificate secrets.
+         */
+        alt_names?: any;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
          *
-         *  You can set an expiration date on supported secret types at their creation. If you create a secret without
-         *  specifying an expiration date, the secret does not expire. The `expiration_date` field is supported for the
-         *  following secret types:
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
          *
-         *  - `arbitrary`
-         *  - `username_password`.
+         *  The value can be supplied as a string representation of a duration in hours, for example '12h'. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
          */
-        expiration_date?: string;
-        /** The new secret data to assign to the secret. */
-        payload?: JsonObject;
-        /** The data that is associated with the secret version.
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
          *
-         *  The data object contains the field `payload`.
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        rotation?: Rotation;
+        /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
+         *  the certificate.
+         */
+        algorithm?: string;
+        /** The identifier for the cryptographic algorithm that was used to generate the public and private keys that
+         *  are associated with the certificate.
+         */
+        key_algorithm?: string;
+        /** The certificate authority that signed and issued the certificate. */
+        issuer?: string;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** The data that is associated with the secret. The data object contains the following fields:
+         *
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `issuing_ca`: The certificate of the certificate authority that signed and issued this certificate.
+         *  - `ca_chain`: The chain of certificate authorities that are associated with the certificate.
          */
         secret_data?: JsonObject;
     }
-    /** Metadata properties that describe a private certificate secret. */
-    interface PrivateCertificateSecretMetadata extends SecretMetadata {
-        /** The unique ID of the secret. */
+    /** PrivateCertificateSecretVersion. */
+    interface PrivateCertificateSecretVersion extends SecretVersion {
+        /** The v4 UUID that uniquely identifies the secret. */
         id?: string;
-        /** Labels that you can use to filter for secrets in your instance.
-         *
-         *  Up to 30 labels can be created. Labels can be in the range 2 - 30 characters, including spaces. Special
-         *  characters that are not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe
-         *  character (|).
-         *
-         *  To protect your privacy, do not use personal data, such as your name or location, as a label for your secret.
-         */
-        labels?: string[];
-        /** A human-readable alias to assign to your secret.
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        validity?: CertificateValidity;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        /** The data that is associated with the secret version. The data object contains the following fields:
          *
-         *  To protect your privacy, do not use personal data, such as your name or location, as an alias for your secret.
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
          */
-        name: string;
-        /** An extended description of your secret.
-         *
-         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
-         *  secret.
+        secret_data?: CertificateSecretData;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
          */
-        description?: string;
-        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
-         *
-         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
+    }
+    /** PrivateCertificateSecretVersionInfo. */
+    interface PrivateCertificateSecretVersionInfo extends SecretVersionInfo {
+        /** The ID of the secret version. */
+        id?: string;
+        /** The date that the version of the secret was created. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret version. */
+        created_by?: string;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
          */
-        secret_group_id?: string;
+        downloaded?: boolean;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        validity?: CertificateValidity;
         /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
          *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
          */
         state?: number;
         /** A text representation of the secret state. */
         state_description?: string;
-        /** The secret type. */
-        secret_type?: string;
-        /** The Cloud Resource Name (CRN) that uniquely identifies the resource. */
-        crn?: string;
-        /** The date the secret was created. The date format follows RFC 3339. */
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
+    }
+    /** Properties that describe a secret version. */
+    interface PrivateCertificateSecretVersionMetadata extends SecretVersionMetadata {
+        /** The v4 UUID that uniquely identifies the secret. */
+        id?: string;
+        /** The ID of the secret version. */
+        version_id?: string;
+        /** The date that the version of the secret was created. */
         creation_date?: string;
-        /** The unique identifier for the entity that created the secret. */
+        /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
-        /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
-        last_update_date?: string;
-        /** The number of versions the secret has. */
-        versions_total?: number;
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** Indicates whether the secret data that is associated with a secret version was retrieved in a call to the
+         *  service API.
+         */
+        downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
+        serial_number?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        validity?: CertificateValidity;
+        /** The secret state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0,
+         *  Active = 1,  Suspended = 2, Deactivated = 3, and Destroyed = 5 values.
+         */
+        state?: number;
+        /** A text representation of the secret state. */
+        state_description?: string;
+        /** The timestamp of the certificate revocation. */
+        revocation_time?: number;
+        /** The date and time that the certificate was revoked. The date format follows RFC 3339. */
+        revocation_time_rfc3339?: string;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
     }
     /** Configuration for the public certificates engine. */
     interface PublicCertSecretEngineRootConfig extends GetConfigResourcesItem {
@@ -2371,8 +3733,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
         issuer?: string;
         /** Determines whether your issued certificate is bundled with intermediate certificates.
@@ -2453,6 +3817,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
         issuer?: string;
         /** Determines whether your issued certificate is bundled with intermediate certificates.
@@ -2482,8 +3848,13 @@ declare namespace SecretsManagerV1 {
          *  provide more encryption protection.
          */
         key_algorithm?: string;
-        /** The alternative names that are defined for the certificate. */
-        alt_names?: string[];
+        /** The alternative names that are defined for the certificate.
+         *
+         *  For public certificates, this value is provided as an array of strings. For private certificates, this value is
+         *  provided as a comma-delimited list (string). In the API response, this value is returned as an array of strings
+         *  for all the types of certificate secrets.
+         */
+        alt_names?: any;
         /** The fully qualified domain name or host domain name for the certificate. */
         common_name?: string;
         /** Indicates whether the issued certificate includes a private key. */
@@ -2498,11 +3869,9 @@ declare namespace SecretsManagerV1 {
         serial_number?: string;
         /** The data that is associated with the secret. The data object contains the following fields:
          *
-         *  `certificate`: The contents of the certificate.
-         *
-         *  `private_key`: The private key that is associated with the certificate.
-         *
-         *  `intermediate`: The intermediate certificate that is associated with the certificate.
+         *  - `certificate`: The contents of the certificate.
+         *  - `private_key`: The private key that is associated with the certificate.
+         *  - `intermediate`: The intermediate certificate that is associated with the certificate.
          */
         secret_data?: JsonObject;
     }
@@ -2511,6 +3880,138 @@ declare namespace SecretsManagerV1 {
         /** The ID of the target version or the alias `previous`. */
         version_id: string;
     }
+    /** A request to revoke the certificate of an internally signed intermediate certificate authority. */
+    interface RevokeAction extends ConfigAction {
+        /** The serial number of the certificate. */
+        serial_number: string;
+    }
+    /** Properties that are returned with a successful `revoke` action. */
+    interface RevokeActionResult extends ConfigElementActionResultConfig {
+        /** The time until the certificate authority is revoked. */
+        revocation_time?: number;
+    }
+    /** Root certificate authorities configuration. */
+    interface RootCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
+        root_certificate_authorities: RootCertificateAuthoritiesConfigItem[];
+    }
+    /** Root certificate authority configuration. */
+    interface RootCertificateAuthorityConfig extends ConfigElementDefConfig {
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API
+         *  response, this value is returned in seconds (integer).
+         *
+         *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
+         */
+        max_ttl: any;
+        /** The time until the certificate revocation list (CRL) expires.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `48h`. The default is 72
+         *  hours. In the API response, this value is returned in seconds (integer).
+         *
+         *  **Note:** The CRL is rotated automatically before it expires.
+         */
+        crl_expiry?: any;
+        /** Disables or enables certificate revocation list (CRL) building.
+         *
+         *  If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building
+         *  is enabled,  it will rebuild the CRL.
+         */
+        crl_disable?: boolean;
+        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates
+         *  that are issued by this certificate authority.
+         */
+        crl_distribution_points_encoded?: boolean;
+        /** Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this
+         *  certificate authority.
+         */
+        issuing_certificates_urls_encoded?: boolean;
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name: string;
+        /** The status of the certificate authority. The status of a root certificate authority is either `configured`
+         *  or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,
+         *  `signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`.
+         */
+        status?: string;
+        /** The date that the certificate expires. The date format follows RFC 3339. */
+        expiration_date?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to this CA certificate.
+         *
+         *  The value can be supplied as a string representation of a duration, such as `12h`. The value can't exceed the
+         *  `max_ttl` that is defined in the associated certificate template. In the API response, this value is returned in
+         *  seconds (integer).
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The format of the generated private key. */
+        private_key_format?: string;
+        /** The type of private key to generate. */
+        key_type?: string;
+        /** The number of bits to use when generating the private key.
+         *
+         *  Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and
+         *  `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
+         */
+        key_bits?: number;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** The data that is associated with the root certificate authority. The data object contains the following
+         *  fields:
+         *
+         *  - `certificate`: The root certificate content.
+         *  - `issuing_ca`: The certificate of the certificate authority that signed and issued this certificate.
+         *  - `serial_number`: The unique serial number of the root certificate.
+         */
+        data?: JsonObject;
+    }
     /** The request body of a `rotate` action. */
     interface RotateArbitrarySecretBody extends SecretAction {
         /** The new secret data to assign to an `arbitrary` secret. */
@@ -2525,6 +4026,9 @@ declare namespace SecretsManagerV1 {
         /** The new intermediate certificate to associate with the certificate. */
         intermediate?: string;
     }
+    /** Properties that are returned with a successful `rotate_crl` action. */
+    interface RotateCrlActionResult extends ConfigElementActionResultConfig {
+    }
     /** The request body of a `rotate` action. */
     interface RotateKvSecretBody extends SecretAction {
         /** The new secret data to assign to a key-value secret. */
@@ -2542,9 +4046,9 @@ declare namespace SecretsManagerV1 {
     }
     /** The secret rotation time interval. */
     interface SecretPolicyRotationRotationPolicyRotation extends SecretPolicyRotationRotation {
-        /** Specifies the length of the secret rotation time interval. */
+        /** The length of the secret rotation time interval. */
         interval: number;
-        /** Specifies the units for the secret rotation time interval. */
+        /** The units for the secret rotation time interval. */
         unit: string;
     }
     /** The `public_cert` secret rotation policy. */
@@ -2552,6 +4056,324 @@ declare namespace SecretsManagerV1 {
         auto_rotate: boolean;
         rotate_keys: boolean;
     }
+    /** A request to set a signed certificate in an intermediate certificate authority. */
+    interface SetSignedAction extends ConfigAction {
+        /** The PEM-encoded certificate. */
+        certificate: string;
+    }
+    /** Properties that are returned with a successful `set_signed` action. */
+    interface SetSignedActionResult extends ConfigElementActionResultConfig {
+    }
+    /** A request to sign a certificate signing request (CSR). */
+    interface SignCsrAction extends ConfigAction {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** The PEM-encoded certificate signing request (CSR). This field is required for the `sign_csr` action. */
+        csr: string;
+    }
+    /** Properties that are returned with a successful `sign_csr` action. */
+    interface SignCsrActionResult extends ConfigElementActionResultConfig {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** Properties that are returned with a successful `sign` action. */
+        data: SignActionResultData;
+        /** The PEM-encoded certificate signing request (CSR). */
+        csr: string;
+    }
+    /** A request to sign an intermediate certificate authority. */
+    interface SignIntermediateAction extends ConfigAction {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** The intermediate certificate authority to be signed. The name must match one of the pre-configured
+         *  intermediate certificate authorities.
+         */
+        intermediate_certificate_authority: string;
+    }
+    /** Properties that are returned with a successful `sign_intermediate` action. */
+    interface SignIntermediateActionResult extends ConfigElementActionResultConfig {
+        /** The fully qualified domain name or host domain name for the certificate. */
+        common_name?: string;
+        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+         *
+         *  The alternative names can be host names or email addresses.
+         */
+        alt_names?: string;
+        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        ip_sans?: string;
+        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
+        uri_sans?: string;
+        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
+         *  certificate.
+         *
+         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
+         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
+         *  valid type is `UTF8`.
+         */
+        other_sans?: string[];
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
+         */
+        ttl?: any;
+        /** The format of the returned data. */
+        format?: string;
+        /** The maximum path length to encode in the generated certificate. `-1` means no limit.
+         *
+         *  If the signing certificate has a maximum path length set, the path length is set to one less than that of the
+         *  signing certificate. A limit of `0` means a literal path length of zero.
+         */
+        max_path_length?: number;
+        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
+         *
+         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
+         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
+         */
+        exclude_cn_from_sans?: boolean;
+        /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
+        permitted_dns_domains?: string[];
+        /** Determines whether to use values from a certificate signing request (CSR) to complete a `sign_csr` action.
+         *  If set to `true`, then:
+         *
+         *  1) Subject information, including names and alternate names, are preserved from the CSR rather than using the
+         *  values provided in the other parameters to this operation.
+         *
+         *  2) Any key usages (for example, non-repudiation) that are requested in the CSR are added to the basic set of key
+         *  usages used for CA certs signed by this intermediate authority.
+         *
+         *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
+         */
+        use_csr_values?: boolean;
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
+        ou?: string[];
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
+        organization?: string[];
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
+        country?: string[];
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
+        locality?: string[];
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
+        province?: string[];
+        /** The Street Address values in the subject field of the resulting certificate. */
+        street_address?: string[];
+        /** The Postal Code values in the subject field of the resulting certificate. */
+        postal_code?: string[];
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
+         */
+        serial_number?: string;
+        /** Properties that are returned with a successful `sign` action. */
+        data: SignIntermediateActionResultData;
+        /** The signed intermediate certificate authority. */
+        intermediate_certificate_authority: string;
+    }
     /** Metadata properties that describe a username_password secret. */
     interface UsernamePasswordSecretMetadata extends SecretMetadata {
         /** The unique ID of the secret. */
@@ -2597,8 +4419,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -2660,15 +4484,16 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The username to assign to this secret. */
         username?: string;
         /** The password to assign to this secret. */
         password?: string;
         /** The data that is associated with the secret version. The data object contains the following fields:
          *
-         *  `username`: The username that is associated with the secret version.
-         *
-         *  `password`: The password that is associated with the secret version.
+         *  - `username`: The username that is associated with the secret version.
+         *  - `password`: The password that is associated with the secret version.
          */
         secret_data?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
@@ -2698,13 +4523,14 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
         /** The data that is associated with the secret version. The data object contains the following fields:
          *
-         *  `username`: The username that is associated with the secret version.
-         *
-         *  `password`: The password that is associated with the secret version.
+         *  - `username`: The username that is associated with the secret version.
+         *  - `password`: The password that is associated with the secret version.
          */
         secret_data?: JsonObject;
     }
@@ -2741,6 +4567,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
     }