npm - @ibm-cloud/secrets-manager - Versions diffs - 1.0.32 → 1.0.35 - Mend

@ibm-cloud/secrets-manager 1.0.32 → 1.0.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/auth/index.js +1 -0
package/auth/index.js.map +1 -1
package/lib/common.js +1 -1
package/lib/common.js.map +1 -1
package/package.json +4 -4
package/secrets-manager/v1.d.ts +834 -190
package/secrets-manager/v1.js +612 -73
package/secrets-manager/v1.js.map +1 -1

package/secrets-manager/v1.d.ts CHANGED Viewed

@@ -153,12 +153,12 @@ declare class SecretsManagerV1 extends BaseService {
      * resources.
      *
      * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-     * `../secrets/{secret-type}?limit=5`.
+     * `../secrets/{secret_type}?limit=5`.
      * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
      * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
      *
      * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-     * `../secrets/{secret-type}?offset=25&limit=25`.
+     * `..?offset=25&limit=25`.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecrets>>}
      */
@@ -174,28 +174,28 @@ declare class SecretsManagerV1 extends BaseService {
      * resources.
      *
      * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-     * `../secrets/{secret-type}?limit=5`.
+     * `../secrets/{secret_type}?limit=5`.
      * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
      * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
      *
      * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-     * `../secrets/{secret-type}?offset=25&limit=25`.
+     * `..?offset=25&limit=25`.
      * @param {string} [params.search] - Filter secrets that contain the specified string. The fields that are searched
      * include: id, name, description, labels, secret_type.
      *
      * **Usage:** If you want to list only the secrets that contain the string "text", use
-     * `../secrets/{secret-type}?search=text`.
+     * `../secrets/{secret_type}?search=text`.
      * @param {string} [params.sortBy] - Sort a list of secrets by the specified field.
      *
      * **Usage:** To sort a list of secrets by their creation date, use
-     * `../secrets/{secret-type}?sort_by=creation_date`.
+     * `../secrets/{secret_type}?sort_by=creation_date`.
      * @param {string[]} [params.groups] - Filter secrets by groups.
      *
      * You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter secrets
      * that are in the default secret group, use the `default` keyword.
      *
      * **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
-     * use `../secrets?groups={secret_group_ID},default`.
+     * use `..?groups={secret_group_ID},default`.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecrets>>}
      */
@@ -352,6 +352,214 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.SecretMetadataRequest>>}
      */
     updateSecretMetadata(params: SecretsManagerV1.UpdateSecretMetadataParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.SecretMetadataRequest>>;
+    /*************************
+     * locks
+     ************************/
+    /**
+     * List secret locks.
+     *
+     * List the locks that are associated with a specified secret.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {number} [params.limit] - The number of secrets with locks to retrieve. By default, list operations return
+     * the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page through your available
+     * resources.
+     *
+     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+     * `..?limit=5`.
+     * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
+     * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
+     *
+     * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+     * `..?offset=25&limit=25`.
+     * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
+     *
+     * **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+     * `..?search=text`.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>}
+     */
+    getLocks(params: SecretsManagerV1.GetLocksParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>;
+    /**
+     * Lock a secret.
+     *
+     * Create a lock on the current version of a secret.
+     *
+     * A lock can be used to prevent a secret from being deleted or modified while it's in use by your applications. A
+     * successful request attaches a new lock to your secret, or replaces a lock of the same name if it already exists.
+     * Additionally, you can use this method to clear any matching locks on a secret by using one of the following
+     * optional lock modes:
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     *
+     * For more information about locking secrets, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secret-locks).
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {LockSecretBodyLocksItem[]} [params.locks] - The lock data to be attached to a secret version.
+     * @param {string} [params.mode] - An optional lock mode. At lock creation, you can set one of the following modes to
+     * clear any matching locks on a secret version.
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    lockSecret(params: SecretsManagerV1.LockSecretParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * Unlock a secret.
+     *
+     * Delete one or more locks that are associated with the current version of a secret.
+     *
+     * A successful request deletes the locks that you specify. To remove all locks, you can pass `{"locks": ["*"]}` in in
+     * the request body. Otherwise, specify the names of the locks that you want to delete. For example, `{"locks":
+     * ["lock1", "lock2"]}`.
+     *
+     * **Note:** A secret is considered unlocked and able to be revoked or deleted only after all of its locks are
+     * removed. To understand whether a secret contains locks, check the `locks_total` field that is returned as part of
+     * the metadata of your secret.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string[]} [params.locks] - A comma-separated list of locks to delete.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    unlockSecret(params: SecretsManagerV1.UnlockSecretParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * List secret version locks.
+     *
+     * List the locks that are associated with a specified secret version.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {number} [params.limit] - The number of secrets with locks to retrieve. By default, list operations return
+     * the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page through your available
+     * resources.
+     *
+     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+     * `..?limit=5`.
+     * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
+     * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
+     *
+     * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+     * `..?offset=25&limit=25`.
+     * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
+     *
+     * **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+     * `..?search=text`.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>}
+     */
+    getSecretVersionLocks(params: SecretsManagerV1.GetSecretVersionLocksParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>;
+    /**
+     * Lock a secret version.
+     *
+     * Create a lock on the specified version of a secret.
+     *
+     * A lock can be used to prevent a secret from being deleted or modified while it's in use by your applications. A
+     * successful request attaches a new lock to the specified version, or replaces a lock of the same name if it already
+     * exists. Additionally, you can use this method to clear any matching locks on a secret version by using one of the
+     * following optional lock modes:
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     *
+     * For more information about locking secrets, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secret-locks).
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {LockSecretBodyLocksItem[]} [params.locks] - The lock data to be attached to a secret version.
+     * @param {string} [params.mode] - An optional lock mode. At lock creation, you can set one of the following modes to
+     * clear any matching locks on a secret version.
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    lockSecretVersion(params: SecretsManagerV1.LockSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * Unlock a secret version.
+     *
+     * Delete one or more locks that are associated with the specified secret version.
+     *
+     * A successful request deletes the locks that you specify. To remove all locks, you can pass `{"locks": ["*"]}` in in
+     * the request body. Otherwise, specify the names of the locks that you want to delete. For example, `{"locks":
+     * ["lock-1", "lock-2"]}`.
+     *
+     * **Note:** A secret is considered unlocked and able to be revoked or deleted only after all of its locks are
+     * removed. To understand whether a secret contains locks, check the `locks_total` field that is returned as part of
+     * the metadata of your secret.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {string[]} [params.locks] - A comma-separated list of locks to delete.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    unlockSecretVersion(params: SecretsManagerV1.UnlockSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * List all secrets and locks.
+     *
+     * List the lock details that are associated with all secrets in your Secrets Manager instance.
+     *
+     * @param {Object} [params] - The parameters to send to the service.
+     * @param {number} [params.limit] - The number of secrets with locks to retrieve. By default, list operations return
+     * the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page through your available
+     * resources.
+     *
+     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+     * `..?limit=5`.
+     * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
+     * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
+     *
+     * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+     * `..?offset=25&limit=25`.
+     * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
+     *
+     * **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+     * `..?search=text`.
+     * @param {string[]} [params.groups] - Filter secrets by groups.
+     *
+     * You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter secrets
+     * that are in the default secret group, use the `default` keyword.
+     *
+     * **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
+     * use `..?groups={secret_group_ID},default`.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetInstanceLocks>>}
+     */
+    listInstanceSecretsLocks(params?: SecretsManagerV1.ListInstanceSecretsLocksParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetInstanceLocks>>;
     /*************************
      * policies
      ************************/
@@ -667,14 +875,14 @@ declare namespace SecretsManagerV1 {
          *  different set of items, use `limit` with `offset` to page through your available resources.
          *
          *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-         *  `../secrets/{secret-type}?limit=5`.
+         *  `../secrets/{secret_type}?limit=5`.
          */
         limit?: number;
         /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
          *  `offset` value. Use `offset` with `limit` to page through your available resources.
          *
          *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-         *  `../secrets/{secret-type}?offset=25&limit=25`.
+         *  `..?offset=25&limit=25`.
          */
         offset?: number;
         headers?: OutgoingHttpHeaders;
@@ -698,27 +906,27 @@ declare namespace SecretsManagerV1 {
          *  different set of items, use `limit` with `offset` to page through your available resources.
          *
          *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-         *  `../secrets/{secret-type}?limit=5`.
+         *  `../secrets/{secret_type}?limit=5`.
          */
         limit?: number;
         /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
          *  `offset` value. Use `offset` with `limit` to page through your available resources.
          *
          *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-         *  `../secrets/{secret-type}?offset=25&limit=25`.
+         *  `..?offset=25&limit=25`.
          */
         offset?: number;
         /** Filter secrets that contain the specified string. The fields that are searched include: id, name,
          *  description, labels, secret_type.
          *
          *  **Usage:** If you want to list only the secrets that contain the string "text", use
-         *  `../secrets/{secret-type}?search=text`.
+         *  `../secrets/{secret_type}?search=text`.
          */
         search?: string;
         /** Sort a list of secrets by the specified field.
          *
          *  **Usage:** To sort a list of secrets by their creation date, use
-         *  `../secrets/{secret-type}?sort_by=creation_date`.
+         *  `../secrets/{secret_type}?sort_by=creation_date`.
          */
         sortBy?: ListAllSecretsConstants.SortBy | string;
         /** Filter secrets by groups.
@@ -727,14 +935,14 @@ declare namespace SecretsManagerV1 {
          *  secrets that are in the default secret group, use the `default` keyword.
          *
          *  **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
-         *  use `../secrets?groups={secret_group_ID},default`.
+         *  use `..?groups={secret_group_ID},default`.
          */
         groups?: string[];
         headers?: OutgoingHttpHeaders;
     }
     /** Constants for the `listAllSecrets` operation. */
     namespace ListAllSecretsConstants {
-        /** Sort a list of secrets by the specified field. **Usage:** To sort a list of secrets by their creation date, use `../secrets/{secret-type}?sort_by=creation_date`. */
+        /** Sort a list of secrets by the specified field. **Usage:** To sort a list of secrets by their creation date, use `../secrets/{secret_type}?sort_by=creation_date`. */
         enum SortBy {
             ID = "id",
             CREATION_DATE = "creation_date",
@@ -968,6 +1176,262 @@ declare namespace SecretsManagerV1 {
             KV = "kv"
         }
     }
+    /** Parameters for the `getLocks` operation. */
+    interface GetLocksParams {
+        /** The secret type. */
+        secretType: GetLocksConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The number of secrets with locks to retrieve. By default, list operations return the first 25 items. To
+         *  retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+         *
+         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+         *  `..?limit=5`.
+         */
+        limit?: number;
+        /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+         *  `offset` value. Use `offset` with `limit` to page through your available resources.
+         *
+         *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+         *  `..?offset=25&limit=25`.
+         */
+        offset?: number;
+        /** Filter locks that contain the specified string in the field "name".
+         *
+         *  **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+         *  `..?search=text`.
+         */
+        search?: string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `getLocks` operation. */
+    namespace GetLocksConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `lockSecret` operation. */
+    interface LockSecretParams {
+        /** The secret type. */
+        secretType: LockSecretConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The lock data to be attached to a secret version. */
+        locks?: LockSecretBodyLocksItem[];
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks
+         *  on a secret version.
+         *
+         *  - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the
+         *  secret.
+         *  - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version
+         *  if it doesn't have any locks.
+         */
+        mode?: LockSecretConstants.Mode | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `lockSecret` operation. */
+    namespace LockSecretConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
+        enum Mode {
+            EXCLUSIVE = "exclusive",
+            EXCLUSIVE_DELETE = "exclusive_delete"
+        }
+    }
+    /** Parameters for the `unlockSecret` operation. */
+    interface UnlockSecretParams {
+        /** The secret type. */
+        secretType: UnlockSecretConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** A comma-separated list of locks to delete. */
+        locks?: string[];
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `unlockSecret` operation. */
+    namespace UnlockSecretConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `getSecretVersionLocks` operation. */
+    interface GetSecretVersionLocksParams {
+        /** The secret type. */
+        secretType: GetSecretVersionLocksConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The number of secrets with locks to retrieve. By default, list operations return the first 25 items. To
+         *  retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+         *
+         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+         *  `..?limit=5`.
+         */
+        limit?: number;
+        /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+         *  `offset` value. Use `offset` with `limit` to page through your available resources.
+         *
+         *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+         *  `..?offset=25&limit=25`.
+         */
+        offset?: number;
+        /** Filter locks that contain the specified string in the field "name".
+         *
+         *  **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+         *  `..?search=text`.
+         */
+        search?: string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `getSecretVersionLocks` operation. */
+    namespace GetSecretVersionLocksConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `lockSecretVersion` operation. */
+    interface LockSecretVersionParams {
+        /** The secret type. */
+        secretType: LockSecretVersionConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The lock data to be attached to a secret version. */
+        locks?: LockSecretBodyLocksItem[];
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks
+         *  on a secret version.
+         *
+         *  - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the
+         *  secret.
+         *  - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version
+         *  if it doesn't have any locks.
+         */
+        mode?: LockSecretVersionConstants.Mode | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `lockSecretVersion` operation. */
+    namespace LockSecretVersionConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
+        enum Mode {
+            EXCLUSIVE = "exclusive",
+            EXCLUSIVE_DELETE = "exclusive_delete"
+        }
+    }
+    /** Parameters for the `unlockSecretVersion` operation. */
+    interface UnlockSecretVersionParams {
+        /** The secret type. */
+        secretType: UnlockSecretVersionConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** A comma-separated list of locks to delete. */
+        locks?: string[];
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `unlockSecretVersion` operation. */
+    namespace UnlockSecretVersionConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `listInstanceSecretsLocks` operation. */
+    interface ListInstanceSecretsLocksParams {
+        /** The number of secrets with locks to retrieve. By default, list operations return the first 25 items. To
+         *  retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+         *
+         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+         *  `..?limit=5`.
+         */
+        limit?: number;
+        /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+         *  `offset` value. Use `offset` with `limit` to page through your available resources.
+         *
+         *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+         *  `..?offset=25&limit=25`.
+         */
+        offset?: number;
+        /** Filter locks that contain the specified string in the field "name".
+         *
+         *  **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+         *  `..?search=text`.
+         */
+        search?: string;
+        /** Filter secrets by groups.
+         *
+         *  You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter
+         *  secrets that are in the default secret group, use the `default` keyword.
+         *
+         *  **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
+         *  use `..?groups={secret_group_ID},default`.
+         */
+        groups?: string[];
+        headers?: OutgoingHttpHeaders;
+    }
     /** Parameters for the `putPolicy` operation. */
     interface PutPolicyParams {
         /** The secret type. */
@@ -1270,6 +1734,21 @@ declare namespace SecretsManagerV1 {
     /** The data that is associated with the secret version. The data object contains the following fields: - `certificate`: The contents of the certificate. - `private_key`: The private key that is associated with the certificate. - `intermediate`: The intermediate certificate that is associated with the certificate. */
     interface CertificateSecretData {
     }
+    /** Certificate templates configuration. */
+    interface CertificateTemplatesConfigItem {
+        /** The human-readable name to assign to your configuration. */
+        name: string;
+        /** The type of configuration. Value options differ depending on the `config_element` property that you want to
+         *  define.
+         */
+        type: string;
+        /** Properties that describe a certificate template. You can use a certificate template to control the
+         *  parameters that
+         *  are applied to your issued private certificates. For more information, see the
+         *  [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-certificate-templates).
+         */
+        config?: CertificateTemplateConfig;
+    }
     /** The metadata that describes the resource array. */
     interface CollectionMetadata {
         /** The type of resources in the resource array. */
@@ -1353,6 +1832,13 @@ declare namespace SecretsManagerV1 {
     /** GetConfigResourcesItem. */
     interface GetConfigResourcesItem {
     }
+    /** Properties that describe the locks that are associated with an instance. */
+    interface GetInstanceLocks {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: InstanceSecretsLocks[];
+    }
     /** Properties that describe an existing registration with Event Notifications. */
     interface GetNotificationsSettings {
         /** The metadata that describes the resource array. */
@@ -1367,6 +1853,13 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources: SecretResource[];
     }
+    /** Properties that describe the lock of a secret or a secret version. */
+    interface GetSecretLocks {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: SecretsLocks[];
+    }
     /** GetSecretPolicies. */
     interface GetSecretPolicies {
     }
@@ -1391,6 +1884,22 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources: ConfigElementDef[];
     }
+    /** Properties that describe the locks that are associated with an instance. */
+    interface InstanceSecretsLocks {
+        /** The unique ID of the secret. */
+        secret_id?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** A collection of locks that are attached to a secret version. */
+        versions?: SecretLockVersion[];
+        /** InstanceSecretsLocks accepts additional properties. */
+        [propName: string]: any;
+    }
     /** Intermediate certificate authorities configuration. */
     interface IntermediateCertificateAuthoritiesConfigItem {
         /** The human-readable name to assign to your configuration. */
@@ -1429,6 +1938,13 @@ declare namespace SecretsManagerV1 {
         /** The name that was assigned to the DNS provider configuration. */
         dns?: string;
     }
+    /** Properties that describe the locks of a secret or a secret version. */
+    interface ListSecretLocks {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: SecretLockData[];
+    }
     /** Properties that describe a list of versions of a secret. */
     interface ListSecretVersions {
         /** The metadata that describes the resource array. */
@@ -1443,6 +1959,23 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources?: SecretResource[];
     }
+    /** LockSecretBodyLocksItem. */
+    interface LockSecretBodyLocksItem {
+        /** A human-readable name to assign to the lock. The lock name must be unique per secret version.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a name for your secret
+         *  lock.
+         */
+        name: string;
+        /** An extended description of the lock.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret lock.
+         */
+        description: string;
+        /** Optional information to associate with a lock, such as resources CRNs to be used by automation. */
+        attributes: JsonObject;
+    }
     /** The Event Notifications details. */
     interface NotificationsSettings {
         /** The Cloud Resource Name (CRN) of the connected Event Notifications instance. */
@@ -1540,6 +2073,56 @@ declare namespace SecretsManagerV1 {
         /** SecretGroupResource accepts additional properties. */
         [propName: string]: any;
     }
+    /** Properties that describe a lock. */
+    interface SecretLockData {
+        /** A human-readable name to assign to the secret lock.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a name for the secret lock.
+         */
+        name?: string;
+        /** An extended description of the secret lock.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for the
+         *  secret lock.
+         */
+        description?: string;
+        /** The date the secret lock was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret lock. */
+        created_by?: string;
+        /** The information that is associated with a lock, such as resources CRNs to be used by automation. */
+        attributes?: JsonObject;
+        /** The v4 UUID that uniquely identifies the secret version. */
+        secret_version_id?: string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        secret_id?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** Updates when the actual secret is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** A representation for the 2 last secret versions. Could be "current" for version (n) or "previous" for
+         *  version (n-1).
+         */
+        secret_version_alias?: string;
+    }
+    /** Properties that describe the secret locks. */
+    interface SecretLockVersion {
+        /** The v4 UUID that uniquely identifies the lock. */
+        id?: string;
+        /** A human-readable alias that describes the secret version. 'Current' is used for version `n` and 'previous'
+         *  is used for version `n-1`.
+         */
+        alias?: string;
+        /** The names of all locks that are associated with this secret. */
+        locks?: string[];
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** SecretLockVersion accepts additional properties. */
+        [propName: string]: any;
+    }
     /** SecretMetadata. */
     interface SecretMetadata {
     }
@@ -1571,6 +2154,20 @@ declare namespace SecretsManagerV1 {
     /** SecretVersionMetadata. */
     interface SecretVersionMetadata {
     }
+    /** Properties that describe the secret locks. */
+    interface SecretsLocks {
+        /** The unique ID of the secret. */
+        secret_id?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** A collection of locks that are attached to a secret version. */
+        versions?: SecretLockVersion[];
+        /** SecretsLocks accepts additional properties. */
+        [propName: string]: any;
+    }
     /** Properties that are returned with a successful `sign` action. */
     interface SignActionResultData {
         /** The PEM-encoded certificate. */
@@ -1649,8 +2246,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -1712,6 +2311,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -1740,6 +2341,8 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** The data that is associated with the secret version.
          *
          *  The data object contains the field `payload`.
@@ -1777,6 +2380,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
     }
     /** Metadata properties that describe a certificate secret. */
     interface CertificateSecretMetadata extends SecretMetadata {
@@ -1823,8 +2428,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
@@ -1899,6 +2506,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The contents of your certificate. The data must be formatted on a single line with embedded newline
          *  characters.
          */
@@ -1937,8 +2546,13 @@ declare namespace SecretsManagerV1 {
         intermediate_included?: boolean;
         /** Indicates whether the certificate was imported with an associated private key. */
         private_key_included?: boolean;
-        /** The alternative names that are defined for the certificate. */
-        alt_names?: string[];
+        /** The alternative names that are defined for the certificate.
+         *
+         *  For public certificates, this value is provided as an array of strings. For private certificates, this value is
+         *  provided as a comma-delimited list (string). In the API response, this value is returned as an array of strings
+         *  for all the types of certificate secrets.
+         */
+        alt_names?: any;
         /** The date that the certificate expires. The date format follows RFC 3339. */
         expiration_date?: string;
     }
@@ -1952,6 +2566,8 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         validity?: CertificateValidity;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
@@ -2001,6 +2617,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -2016,20 +2634,21 @@ declare namespace SecretsManagerV1 {
          *  This field can be supplied as a comma-delimited list of secret group IDs.
          */
         allowed_secret_groups?: string;
-        /** The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a
-         *  string representation of a duration in hours, for example '8760h'. Note that in the API response the value is
-         *  returned in seconds (integer).
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API
+         *  response, this value is returned in seconds (integer).
          *
          *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
          */
         max_ttl?: any;
-        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+        /** The time-to-live (TTL) to assign to a private certificate.
          *
          *  The value can be supplied as a string representation of a duration, such as `12h`. Hour (`h`) is the largest
-         *  time suffix. The value can't exceed the `max_ttl` that is defined in the associated certificate template. Note
-         *  that in the API response the value is returned in seconds (integer).
+         *  time suffix. The value can't exceed the `max_ttl` that is defined in the associated certificate template. In the
+         *  API response, this value is returned in seconds (integer).
          */
-        ttl?: string;
+        ttl?: any;
         /** Determines whether to allow `localhost` to be included as one of the requested common names. */
         allow_localhost?: boolean;
         /** The domains to define for the certificate template. This property is used along with the
@@ -2102,8 +2721,8 @@ declare namespace SecretsManagerV1 {
         key_type?: string;
         /** The number of bits to use when generating the private key.
          *
-         *  Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384 And 521. The
-         *  default for RSA keys is 2048, and the default for EC keys is 256.
+         *  Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and
+         *  `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
          */
         key_bits?: number;
         /** The allowed key usage constraint to define for private certificates.
@@ -2136,22 +2755,22 @@ declare namespace SecretsManagerV1 {
          *  Does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property.
          */
         use_csr_sans?: boolean;
-        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
         ou?: string[];
-        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
         organization?: string[];
-        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
         country?: string[];
-        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
         locality?: string[];
-        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
         province?: string[];
-        /** The Street Address values in the subject field of the resulting CA certificate. */
+        /** The Street Address values in the subject field of the resulting certificate. */
         street_address?: string[];
-        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        /** The Postal Code values in the subject field of the resulting certificate. */
         postal_code?: string[];
-        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
-         *  omit this field.
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
          */
         serial_number?: string;
         /** Determines whether to require a common name to create a private certificate.
@@ -2166,12 +2785,17 @@ declare namespace SecretsManagerV1 {
          *  non-CA certificates.
          */
         basic_constraints_valid_for_non_ca?: boolean;
-        /** The duration in seconds by which to backdate the `not_before` property of an issued private certificate. The
-         *  value can be supplied as a string representation of a duration, such as `30s`. Note that in the API response the
+        /** The duration in seconds by which to backdate the `not_before` property of an issued private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration, such as `30s`. In the API response, this
          *  value is returned in seconds (integer).
          */
         not_before_duration?: any;
     }
+    /** Certificate templates configuration. */
+    interface CertificateTemplatesConfig extends GetConfigElementsResourcesItem {
+        certificate_templates: CertificateTemplatesConfigItem[];
+    }
     /** Properties that describe an IBM Cloud classic infrastructure (SoftLayer) configuration. */
     interface ConfigElementDefConfigClassicInfrastructureConfig extends ConfigElementDefConfig {
         /** The username that is associated with your classic infrastructure account.
@@ -2312,8 +2936,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The time-to-live (TTL) or lease duration that is assigned to the secret. For `iam_credentials` secrets, the
          *  TTL defines for how long each generated API key remains valid.
          */
@@ -2391,6 +3017,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The time-to-live (TTL) or lease duration to assign to generated credentials.
          *
          *  For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can
@@ -2399,7 +3027,7 @@ declare namespace SecretsManagerV1 {
          *
          *  Minimum duration is 1 minute. Maximum is 90 days.
          */
-        ttl?: string;
+        ttl?: any;
         /** The access groups that define the capabilities of the service ID and API key that are generated for an
          *  `iam_credentials` secret. If you prefer to use an existing service ID that is already assigned the access
          *  policies that you require, you can omit this parameter and use the `service_id` field instead.
@@ -2452,6 +3080,8 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** The data that is associated with the secret version. The data object contains the following fields:
          *
          *  - `api_key`: The API key that is generated for this secret.
@@ -2491,6 +3121,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
     }
     /** Intermediate certificate authorities configuration. */
     interface IntermediateCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
@@ -2498,9 +3130,10 @@ declare namespace SecretsManagerV1 {
     }
     /** Intermediate certificate authority configuration. */
     interface IntermediateCertificateAuthorityConfig extends ConfigElementDefConfig {
-        /** The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a
-         *  string representation of a duration in hours, for example '8760h'. Note that in the API response the value is
-         *  returned in seconds (integer).
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API
+         *  response, this value is returned in seconds (integer).
          *
          *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
          */
@@ -2517,22 +3150,26 @@ declare namespace SecretsManagerV1 {
          *  authority that is configured in the Secrets Manager service instance.
          */
         issuer?: string;
-        /** The time until the certificate revocation list (CRL) expires. The value can be supplied as a string
-         *  representation of a duration in hours, such as `48h`. The default is 72 hours. Note that in the API response the
-         *  value is returned in seconds (integer).
+        /** The time until the certificate revocation list (CRL) expires.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `48h`. The default is 72
+         *  hours. In the API response, this value is returned in seconds (integer).
+         *
+         *  **Note:** The CRL is rotated automatically before it expires.
          */
         crl_expiry?: any;
-        /** Determines whether to disable certificate revocation list (CRL) building.
+        /** Disables or enables certificate revocation list (CRL) building.
          *
-         *  By default, each request rebuilds a CRL. To disable CRL building, set this field to `true`.
+         *  If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building
+         *  is enabled,  it will rebuild the CRL.
          */
         crl_disable?: boolean;
-        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the private
-         *  certificates that are issued by a certificate authority.
+        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates
+         *  that are issued by this certificate authority.
          */
         crl_distribution_points_encoded?: boolean;
-        /** Determines whether to encode the URL of the issuing certificate in the private certificates that are issued
-         *  by a certificate authority.
+        /** Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this
+         *  certificate authority.
          */
         issuing_certificates_urls_encoded?: boolean;
         /** The fully qualified domain name or host domain name for the certificate. */
@@ -2548,7 +3185,7 @@ declare namespace SecretsManagerV1 {
          *
          *  The alternative names can be host names or email addresses.
          */
-        alt_names?: string[];
+        alt_names?: string;
         /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
         ip_sans?: string;
         /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
@@ -2569,8 +3206,8 @@ declare namespace SecretsManagerV1 {
         key_type?: string;
         /** The number of bits to use when generating the private key.
          *
-         *  Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384 And 521. The
-         *  default for RSA keys is 2048, and the default for EC keys is 256.
+         *  Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and
+         *  `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
          */
         key_bits?: number;
         /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
@@ -2579,22 +3216,22 @@ declare namespace SecretsManagerV1 {
          *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
          */
         exclude_cn_from_sans?: boolean;
-        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
         ou?: string[];
-        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
         organization?: string[];
-        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
         country?: string[];
-        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
         locality?: string[];
-        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
         province?: string[];
-        /** The Street Address values in the subject field of the resulting CA certificate. */
+        /** The Street Address values in the subject field of the resulting certificate. */
         street_address?: string[];
-        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        /** The Postal Code values in the subject field of the resulting certificate. */
         postal_code?: string[];
-        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
-         *  omit this field.
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
          */
         serial_number?: string;
         /** The data that is associated with the intermediate certificate authority. The data object contains the
@@ -2651,8 +3288,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
     }
     /** Properties that describe a secret. */
     interface KvSecretResource extends SecretResource {
@@ -2704,6 +3343,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -2733,11 +3374,11 @@ declare namespace SecretsManagerV1 {
     /** Configuration for the private certificates engine. */
     interface PrivateCertSecretEngineRootConfig extends GetConfigResourcesItem {
         /** The root certificate authority configurations that are associated with your instance. */
-        root_certificate_authorities?: RootCertificateAuthorityConfig[];
+        root_certificate_authorities?: RootCertificateAuthoritiesConfigItem[];
         /** The intermediate certificate authority configurations that are associated with your instance. */
-        intermdiate_certificate_authorities?: IntermediateCertificateAuthorityConfig[];
+        intermediate_certificate_authorities?: IntermediateCertificateAuthoritiesConfigItem[];
         /** The certificate templates that are associated with your instance. */
-        certificate_templates?: CertificateTemplateConfig[];
+        certificate_templates?: CertificateTemplatesConfigItem[];
     }
     /** Metadata properties that describe a private certificate secret. */
     interface PrivateCertificateSecretMetadata extends SecretMetadata {
@@ -2784,46 +3425,18 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The name of the certificate template. */
-        certificate_template: string;
+        certificate_template?: string;
         /** The intermediate certificate authority that signed this certificate. */
         certificate_authority?: string;
         /** The fully qualified domain name or host domain name for the certificate. */
-        common_name: string;
-        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
-         *
-         *  The alternative names can be host names or email addresses.
-         */
+        common_name?: string;
+        /** The alternative names that are defined for the certificate. */
         alt_names?: string[];
-        /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
-        ip_sans?: string;
-        /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
-        uri_sans?: string;
-        /** The custom Object Identifier (OID) or UTF8-string Subject Alternative Names to define for the CA
-         *  certificate.
-         *
-         *  The alternative names must match the values that are specified in the `allowed_other_sans` field in the
-         *  associated certificate template. The format is the same as OpenSSL: `<oid>:<type>:<value>` where the current
-         *  valid type is `UTF8`.
-         */
-        other_sans?: string[];
-        /** The time-to-live (TTL) or lease duration to assign to a private certificate. The value can be supplied as a
-         *  string representation of a duration in hours, for example '12h'. The value can't exceed the `max_ttl` that is
-         *  defined in the associated certificate template.
-         */
-        ttl?: string;
-        /** The format of the returned data. */
-        format?: string;
-        /** The format of the generated private key. */
-        private_key_format?: string;
-        /** Controls whether the common name is excluded from Subject Alternative Names (SANs).
-         *
-         *  If set to `true`, the common name is is not included in DNS or Email SANs if they apply. This field can be
-         *  useful if the common name is not a hostname or an email address, but is instead a human-readable identifier.
-         */
-        exclude_cn_from_sans?: boolean;
         rotation?: Rotation;
         /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
          *  the certificate.
@@ -2893,17 +3506,21 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The name of the certificate template. */
         certificate_template: string;
         /** The intermediate certificate authority that signed this certificate. */
         certificate_authority?: string;
         /** The fully qualified domain name or host domain name for the certificate. */
         common_name: string;
-        /** The Subject Alternative Names to define for the CA certificate, in a comma-delimited list.
+        /** The alternative names that are defined for the certificate.
          *
-         *  The alternative names can be host names or email addresses.
+         *  For public certificates, this value is provided as an array of strings. For private certificates, this value is
+         *  provided as a comma-delimited list (string). In the API response, this value is returned as an array of strings
+         *  for all the types of certificate secrets.
          */
-        alt_names?: string[];
+        alt_names?: any;
         /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
         ip_sans?: string;
         /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
@@ -2916,11 +3533,12 @@ declare namespace SecretsManagerV1 {
          *  valid type is `UTF8`.
          */
         other_sans?: string[];
-        /** The time-to-live (TTL) or lease duration to assign to a private certificate. The value can be supplied as a
-         *  string representation of a duration in hours, for example '12h'. The value can't exceed the `max_ttl` that is
-         *  defined in the associated certificate template.
+        /** The time-to-live (TTL) to assign to a private certificate.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '12h'. The value can't
+         *  exceed the `max_ttl` that is defined in the associated certificate template.
          */
-        ttl?: string;
+        ttl?: any;
         /** The format of the returned data. */
         format?: string;
         /** The format of the generated private key. */
@@ -2968,6 +3586,8 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         validity?: CertificateValidity;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
@@ -3041,6 +3661,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -3111,8 +3733,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
         issuer?: string;
         /** Determines whether your issued certificate is bundled with intermediate certificates.
@@ -3193,6 +3817,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
         issuer?: string;
         /** Determines whether your issued certificate is bundled with intermediate certificates.
@@ -3222,8 +3848,13 @@ declare namespace SecretsManagerV1 {
          *  provide more encryption protection.
          */
         key_algorithm?: string;
-        /** The alternative names that are defined for the certificate. */
-        alt_names?: string[];
+        /** The alternative names that are defined for the certificate.
+         *
+         *  For public certificates, this value is provided as an array of strings. For private certificates, this value is
+         *  provided as a comma-delimited list (string). In the API response, this value is returned as an array of strings
+         *  for all the types of certificate secrets.
+         */
+        alt_names?: any;
         /** The fully qualified domain name or host domain name for the certificate. */
         common_name?: string;
         /** Indicates whether the issued certificate includes a private key. */
@@ -3265,29 +3896,34 @@ declare namespace SecretsManagerV1 {
     }
     /** Root certificate authority configuration. */
     interface RootCertificateAuthorityConfig extends ConfigElementDefConfig {
-        /** The maximum time-to-live (TTL) for certificates that are created by this CA. The value can be supplied as a
-         *  string representation of a duration in hours, for example '8760h'. Note that in the API response the value is
-         *  returned in seconds (integer).
+        /** The maximum time-to-live (TTL) for certificates that are created by this CA.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API
+         *  response, this value is returned in seconds (integer).
          *
          *  Minimum value is one hour (`1h`). Maximum value is 100 years (`876000h`).
          */
         max_ttl: any;
-        /** The time until the certificate revocation list (CRL) expires. The value can be supplied as a string
-         *  representation of a duration in hours, such as `48h`. The default is 72 hours. Note that in the API response the
-         *  value is returned in seconds (integer).
+        /** The time until the certificate revocation list (CRL) expires.
+         *
+         *  The value can be supplied as a string representation of a duration in hours, such as `48h`. The default is 72
+         *  hours. In the API response, this value is returned in seconds (integer).
+         *
+         *  **Note:** The CRL is rotated automatically before it expires.
          */
         crl_expiry?: any;
-        /** Determines whether to disable certificate revocation list (CRL) building.
+        /** Disables or enables certificate revocation list (CRL) building.
          *
-         *  By default, each request rebuilds a CRL. To disable CRL building, set this field to `true`.
+         *  If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building
+         *  is enabled,  it will rebuild the CRL.
          */
         crl_disable?: boolean;
-        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the private
-         *  certificates that are issued by a certificate authority.
+        /** Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates
+         *  that are issued by this certificate authority.
          */
         crl_distribution_points_encoded?: boolean;
-        /** Determines whether to encode the URL of the issuing certificate in the private certificates that are issued
-         *  by a certificate authority.
+        /** Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this
+         *  certificate authority.
          */
         issuing_certificates_urls_encoded?: boolean;
         /** The fully qualified domain name or host domain name for the certificate. */
@@ -3303,7 +3939,7 @@ declare namespace SecretsManagerV1 {
          *
          *  The alternative names can be host names or email addresses.
          */
-        alt_names?: string[];
+        alt_names?: string;
         /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
         ip_sans?: string;
         /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
@@ -3316,13 +3952,13 @@ declare namespace SecretsManagerV1 {
          *  valid type is `UTF8`.
          */
         other_sans?: string[];
-        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+        /** The time-to-live (TTL) to assign to this CA certificate.
          *
          *  The value can be supplied as a string representation of a duration, such as `12h`. The value can't exceed the
-         *  `max_ttl` that is defined in the associated certificate template. Note that in the API response the value is
-         *  returned in seconds (integer).
+         *  `max_ttl` that is defined in the associated certificate template. In the API response, this value is returned in
+         *  seconds (integer).
          */
-        ttl?: string;
+        ttl?: any;
         /** The format of the returned data. */
         format?: string;
         /** The format of the generated private key. */
@@ -3331,8 +3967,8 @@ declare namespace SecretsManagerV1 {
         key_type?: string;
         /** The number of bits to use when generating the private key.
          *
-         *  Allowable values for RSA keys are: 2048 and 4096. Allowable values for EC keys are: 224, 256, 384 And 521. The
-         *  default for RSA keys is 2048, and the default for EC keys is 256.
+         *  Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and
+         *  `521`. The default for RSA keys is `2048`. The default for EC keys is `256`.
          */
         key_bits?: number;
         /** The maximum path length to encode in the generated certificate. `-1` means no limit.
@@ -3349,22 +3985,22 @@ declare namespace SecretsManagerV1 {
         exclude_cn_from_sans?: boolean;
         /** The allowed DNS domains or subdomains for the certificates to be signed and issued by this CA certificate. */
         permitted_dns_domains?: string[];
-        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
         ou?: string[];
-        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
         organization?: string[];
-        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
         country?: string[];
-        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
         locality?: string[];
-        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
         province?: string[];
-        /** The Street Address values in the subject field of the resulting CA certificate. */
+        /** The Street Address values in the subject field of the resulting certificate. */
         street_address?: string[];
-        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        /** The Postal Code values in the subject field of the resulting certificate. */
         postal_code?: string[];
-        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
-         *  omit this field.
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
          */
         serial_number?: string;
         /** The data that is associated with the root certificate authority. The data object contains the following
@@ -3436,7 +4072,7 @@ declare namespace SecretsManagerV1 {
          *
          *  The alternative names can be host names or email addresses.
          */
-        alt_names?: string[];
+        alt_names?: string;
         /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
         ip_sans?: string;
         /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
@@ -3449,12 +4085,12 @@ declare namespace SecretsManagerV1 {
          *  valid type is `UTF8`.
          */
         other_sans?: string[];
-        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+        /** The time-to-live (TTL) to assign to a private certificate.
          *
          *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
          *  exceed the `max_ttl` that is defined in the associated certificate template.
          */
-        ttl?: string;
+        ttl?: any;
         /** The format of the returned data. */
         format?: string;
         /** The maximum path length to encode in the generated certificate. `-1` means no limit.
@@ -3483,22 +4119,22 @@ declare namespace SecretsManagerV1 {
          *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
          */
         use_csr_values?: boolean;
-        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
         ou?: string[];
-        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
         organization?: string[];
-        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
         country?: string[];
-        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
         locality?: string[];
-        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
         province?: string[];
-        /** The Street Address values in the subject field of the resulting CA certificate. */
+        /** The Street Address values in the subject field of the resulting certificate. */
         street_address?: string[];
-        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        /** The Postal Code values in the subject field of the resulting certificate. */
         postal_code?: string[];
-        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
-         *  omit this field.
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
          */
         serial_number?: string;
         /** The PEM-encoded certificate signing request (CSR). This field is required for the `sign_csr` action. */
@@ -3512,7 +4148,7 @@ declare namespace SecretsManagerV1 {
          *
          *  The alternative names can be host names or email addresses.
          */
-        alt_names?: string[];
+        alt_names?: string;
         /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
         ip_sans?: string;
         /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
@@ -3525,12 +4161,12 @@ declare namespace SecretsManagerV1 {
          *  valid type is `UTF8`.
          */
         other_sans?: string[];
-        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+        /** The time-to-live (TTL) to assign to a private certificate.
          *
          *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
          *  exceed the `max_ttl` that is defined in the associated certificate template.
          */
-        ttl?: string;
+        ttl?: any;
         /** The format of the returned data. */
         format?: string;
         /** The maximum path length to encode in the generated certificate. `-1` means no limit.
@@ -3559,22 +4195,22 @@ declare namespace SecretsManagerV1 {
          *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
          */
         use_csr_values?: boolean;
-        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
         ou?: string[];
-        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
         organization?: string[];
-        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
         country?: string[];
-        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
         locality?: string[];
-        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
         province?: string[];
-        /** The Street Address values in the subject field of the resulting CA certificate. */
+        /** The Street Address values in the subject field of the resulting certificate. */
         street_address?: string[];
-        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        /** The Postal Code values in the subject field of the resulting certificate. */
         postal_code?: string[];
-        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
-         *  omit this field.
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
          */
         serial_number?: string;
         /** Properties that are returned with a successful `sign` action. */
@@ -3590,7 +4226,7 @@ declare namespace SecretsManagerV1 {
          *
          *  The alternative names can be host names or email addresses.
          */
-        alt_names?: string[];
+        alt_names?: string;
         /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
         ip_sans?: string;
         /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
@@ -3603,12 +4239,12 @@ declare namespace SecretsManagerV1 {
          *  valid type is `UTF8`.
          */
         other_sans?: string[];
-        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+        /** The time-to-live (TTL) to assign to a private certificate.
          *
          *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
          *  exceed the `max_ttl` that is defined in the associated certificate template.
          */
-        ttl?: string;
+        ttl?: any;
         /** The format of the returned data. */
         format?: string;
         /** The maximum path length to encode in the generated certificate. `-1` means no limit.
@@ -3637,22 +4273,22 @@ declare namespace SecretsManagerV1 {
          *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
          */
         use_csr_values?: boolean;
-        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
         ou?: string[];
-        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
         organization?: string[];
-        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
         country?: string[];
-        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
         locality?: string[];
-        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
         province?: string[];
-        /** The Street Address values in the subject field of the resulting CA certificate. */
+        /** The Street Address values in the subject field of the resulting certificate. */
         street_address?: string[];
-        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        /** The Postal Code values in the subject field of the resulting certificate. */
         postal_code?: string[];
-        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
-         *  omit this field.
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
          */
         serial_number?: string;
         /** The intermediate certificate authority to be signed. The name must match one of the pre-configured
@@ -3668,7 +4304,7 @@ declare namespace SecretsManagerV1 {
          *
          *  The alternative names can be host names or email addresses.
          */
-        alt_names?: string[];
+        alt_names?: string;
         /** The IP Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
         ip_sans?: string;
         /** The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. */
@@ -3681,12 +4317,12 @@ declare namespace SecretsManagerV1 {
          *  valid type is `UTF8`.
          */
         other_sans?: string[];
-        /** The time-to-live (TTL) or lease duration to assign to a private certificate.
+        /** The time-to-live (TTL) to assign to a private certificate.
          *
          *  The value can be supplied as a string representation of a duration in hours, such as `12h`. The value can't
          *  exceed the `max_ttl` that is defined in the associated certificate template.
          */
-        ttl?: string;
+        ttl?: any;
         /** The format of the returned data. */
         format?: string;
         /** The maximum path length to encode in the generated certificate. `-1` means no limit.
@@ -3715,22 +4351,22 @@ declare namespace SecretsManagerV1 {
          *  3) Extensions that are requested in the CSR are copied into the issued private certificate.
          */
         use_csr_values?: boolean;
-        /** The Organizational Unit (OU) values to define in the subject field of the resulting CA certificate. */
+        /** The Organizational Unit (OU) values to define in the subject field of the resulting certificate. */
         ou?: string[];
-        /** The Organization (O) values to define in the subject field of the resulting CA certificate. */
+        /** The Organization (O) values to define in the subject field of the resulting certificate. */
         organization?: string[];
-        /** The Country (C) values to define in the subject field of the resulting CA certificate. */
+        /** The Country (C) values to define in the subject field of the resulting certificate. */
         country?: string[];
-        /** The Locality (L) values to define in the subject field of the resulting CA certificate. */
+        /** The Locality (L) values to define in the subject field of the resulting certificate. */
         locality?: string[];
-        /** The Province (ST) values to define in the subject field of the resulting CA certificate. */
+        /** The Province (ST) values to define in the subject field of the resulting certificate. */
         province?: string[];
-        /** The Street Address values in the subject field of the resulting CA certificate. */
+        /** The Street Address values in the subject field of the resulting certificate. */
         street_address?: string[];
-        /** The Postal Code values in the subject field of the resulting CA certificate. */
+        /** The Postal Code values in the subject field of the resulting certificate. */
         postal_code?: string[];
-        /** The serial number to assign to the generated private certificate. To assign a random serial number, you can
-         *  omit this field.
+        /** The serial number to assign to the generated certificate. To assign a random serial number, you can omit
+         *  this field.
          */
         serial_number?: string;
         /** Properties that are returned with a successful `sign` action. */
@@ -3783,8 +4419,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -3846,6 +4484,8 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
         /** The username to assign to this secret. */
         username?: string;
         /** The password to assign to this secret. */
@@ -3883,6 +4523,8 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
         /** The data that is associated with the secret version. The data object contains the following fields:
@@ -3925,6 +4567,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
     }