@ibm-cloud/secrets-manager 1.0.33 → 1.0.36

package/secrets-manager/v1.d.ts

@@ -21,7 +21,7 @@ import { BaseService, UserOptions } from 'ibm-cloud-sdk-core';
  * services or your custom-built applications. Secrets are stored in a dedicated instance of Secrets Manager, which is
  * built on open source HashiCorp Vault.
  *
- * API Version: 1.0.33
+ * API Version: 1.0.0
  * See: https://cloud.ibm.com/docs/secrets-manager
  */
 declare class SecretsManagerV1 extends BaseService {
@@ -153,12 +153,12 @@ declare class SecretsManagerV1 extends BaseService {
      * resources.
      *
      * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-     * `../secrets/{secret-type}?limit=5`.
+     * `../secrets/{secret_type}?limit=5`.
      * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
      * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
      *
      * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-     * `../secrets/{secret-type}?offset=25&limit=25`.
+     * `..?offset=25&limit=25`.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecrets>>}
      */
@@ -174,28 +174,28 @@ declare class SecretsManagerV1 extends BaseService {
      * resources.
      *
      * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-     * `../secrets/{secret-type}?limit=5`.
+     * `../secrets/{secret_type}?limit=5`.
      * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
      * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
      *
      * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-     * `../secrets/{secret-type}?offset=25&limit=25`.
+     * `..?offset=25&limit=25`.
      * @param {string} [params.search] - Filter secrets that contain the specified string. The fields that are searched
      * include: id, name, description, labels, secret_type.
      *
      * **Usage:** If you want to list only the secrets that contain the string "text", use
-     * `../secrets/{secret-type}?search=text`.
+     * `../secrets/{secret_type}?search=text`.
      * @param {string} [params.sortBy] - Sort a list of secrets by the specified field.
      *
      * **Usage:** To sort a list of secrets by their creation date, use
-     * `../secrets/{secret-type}?sort_by=creation_date`.
+     * `../secrets/{secret_type}?sort_by=creation_date`.
      * @param {string[]} [params.groups] - Filter secrets by groups.
      *
      * You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter secrets
      * that are in the default secret group, use the `default` keyword.
      *
      * **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
-     * use `../secrets?groups={secret_group_ID},default`.
+     * use `..?groups={secret_group_ID},default`.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecrets>>}
      */
@@ -225,6 +225,7 @@ declare class SecretsManagerV1 extends BaseService {
      * - `restore`: Restore a previous version of an `iam_credentials` secret.
      * - `revoke`: Revoke a private certificate.
      * - `delete_credentials`: Delete the API key that is associated with an `iam_credentials` secret.
+     * - `validate_dns_challenge`: Validate challenge for public certificate order with manual dns provider.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -302,7 +303,7 @@ declare class SecretsManagerV1 extends BaseService {
      */
     updateSecretVersion(params: SecretsManagerV1.UpdateSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>;
     /**
-     * Get secret version metadata.
+     * Get the metadata of a secret version.
      *
      * Get the metadata of a secret version by specifying the ID of the version or the alias `previous`.
      *
@@ -321,7 +322,26 @@ declare class SecretsManagerV1 extends BaseService {
      */
     getSecretVersionMetadata(params: SecretsManagerV1.GetSecretVersionMetadataParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersionMetadata>>;
     /**
-     * Get secret metadata.
+     * Update the metadata of a secret version.
+     *
+     * Update the metadata of a secret version, such as `version_custom_metadata`.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {CollectionMetadata} params.metadata - The metadata that describes the resource array.
+     * @param {UpdateSecretVersionMetadata[]} params.resources - A collection of resources.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersionMetadata>>}
+     */
+    updateSecretVersionMetadata(params: SecretsManagerV1.UpdateSecretVersionMetadataParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersionMetadata>>;
+    /**
+     * Get the metadata of a secret.
      *
      * Get the details of a secret by specifying its ID.
      *
@@ -352,6 +372,214 @@ declare class SecretsManagerV1 extends BaseService {
      * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.SecretMetadataRequest>>}
      */
     updateSecretMetadata(params: SecretsManagerV1.UpdateSecretMetadataParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.SecretMetadataRequest>>;
+    /*************************
+     * locks
+     ************************/
+    /**
+     * List secret locks.
+     *
+     * List the locks that are associated with a specified secret.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {number} [params.limit] - The number of locks to retrieve. By default, list operations return the first 25
+     * items. To retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+     *
+     * **Usage:** If you have 20 locks associated with your secret, and you want to retrieve only the first 5 locks, use
+     * `..?limit=5`.
+     * @param {number} [params.offset] - The number of locks to skip. By specifying `offset`, you retrieve a subset of
+     * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
+     *
+     * **Usage:** If you have 100 locks on your secret, and you want to retrieve locks 26 through 50, use
+     * `..?offset=25&limit=25`.
+     * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
+     *
+     * **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+     * `..?search=text`.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>}
+     */
+    getLocks(params: SecretsManagerV1.GetLocksParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>;
+    /**
+     * Lock a secret.
+     *
+     * Create a lock on the current version of a secret.
+     *
+     * A lock can be used to prevent a secret from being deleted or modified while it's in use by your applications. A
+     * successful request attaches a new lock to your secret, or replaces a lock of the same name if it already exists.
+     * Additionally, you can use this method to clear any matching locks on a secret by using one of the following
+     * optional lock modes:
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     *
+     * For more information about locking secrets, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secret-locks).
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {LockSecretBodyLocksItem[]} [params.locks] - The lock data to be attached to a secret version.
+     * @param {string} [params.mode] - An optional lock mode. At lock creation, you can set one of the following modes to
+     * clear any matching locks on a secret version. Note: When you are locking the `previous` version, the mode parameter
+     * is ignored.
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    lockSecret(params: SecretsManagerV1.LockSecretParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * Unlock a secret.
+     *
+     * Delete one or more locks that are associated with the current version of a secret.
+     *
+     * A successful request deletes the locks that you specify. To remove all locks, you can pass `{"locks": ["*"]}` in in
+     * the request body. Otherwise, specify the names of the locks that you want to delete. For example, `{"locks":
+     * ["lock1", "lock2"]}`.
+     *
+     * **Note:** A secret is considered unlocked and able to be revoked or deleted only after all of its locks are
+     * removed. To understand whether a secret contains locks, check the `locks_total` field that is returned as part of
+     * the metadata of your secret.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string[]} [params.locks] - A comma-separated list of locks to delete.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    unlockSecret(params: SecretsManagerV1.UnlockSecretParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * List secret version locks.
+     *
+     * List the locks that are associated with a specified secret version.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {number} [params.limit] - The number of locks to retrieve. By default, list operations return the first 25
+     * items. To retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+     *
+     * **Usage:** If you have 20 locks associated with your secret, and you want to retrieve only the first 5 locks, use
+     * `..?limit=5`.
+     * @param {number} [params.offset] - The number of locks to skip. By specifying `offset`, you retrieve a subset of
+     * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
+     *
+     * **Usage:** If you have 100 locks on your secret, and you want to retrieve locks 26 through 50, use
+     * `..?offset=25&limit=25`.
+     * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
+     *
+     * **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+     * `..?search=text`.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>}
+     */
+    getSecretVersionLocks(params: SecretsManagerV1.GetSecretVersionLocksParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.ListSecretLocks>>;
+    /**
+     * Lock a secret version.
+     *
+     * Create a lock on the specified version of a secret.
+     *
+     * A lock can be used to prevent a secret from being deleted or modified while it's in use by your applications. A
+     * successful request attaches a new lock to the specified version, or replaces a lock of the same name if it already
+     * exists. Additionally, you can use this method to clear any matching locks on a secret version by using one of the
+     * following optional lock modes:
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     *
+     * For more information about locking secrets, check out the
+     * [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-secret-locks).
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {LockSecretBodyLocksItem[]} [params.locks] - The lock data to be attached to a secret version.
+     * @param {string} [params.mode] - An optional lock mode. At lock creation, you can set one of the following modes to
+     * clear any matching locks on a secret version. Note: When you are locking the `previous` version, the mode parameter
+     * is ignored.
+     *
+     * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
+     * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
+     * it doesn't have any locks.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    lockSecretVersion(params: SecretsManagerV1.LockSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * Unlock a secret version.
+     *
+     * Delete one or more locks that are associated with the specified secret version.
+     *
+     * A successful request deletes the locks that you specify. To remove all locks, you can pass `{"locks": ["*"]}` in in
+     * the request body. Otherwise, specify the names of the locks that you want to delete. For example, `{"locks":
+     * ["lock-1", "lock-2"]}`.
+     *
+     * **Note:** A secret is considered unlocked and able to be revoked or deleted only after all of its locks are
+     * removed. To understand whether a secret contains locks, check the `locks_total` field that is returned as part of
+     * the metadata of your secret.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {string[]} [params.locks] - A comma-separated list of locks to delete.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>}
+     */
+    unlockSecretVersion(params: SecretsManagerV1.UnlockSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretLocks>>;
+    /**
+     * List all secrets and locks.
+     *
+     * List the lock details that are associated with all secrets in your Secrets Manager instance.
+     *
+     * @param {Object} [params] - The parameters to send to the service.
+     * @param {number} [params.limit] - The number of secrets with associated locks to retrieve. By default, list
+     * operations return the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page
+     * through your available resources.
+     *
+     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5, use
+     * `..?limit=5`.
+     * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
+     * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
+     *
+     * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+     * `..?offset=25&limit=25`.
+     * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
+     *
+     * **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+     * `..?search=text`.
+     * @param {string[]} [params.groups] - Filter secrets by groups.
+     *
+     * You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter secrets
+     * that are in the default secret group, use the `default` keyword.
+     *
+     * **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
+     * use `..?groups={secret_group_ID},default`.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetInstanceLocks>>}
+     */
+    listInstanceSecretsLocks(params?: SecretsManagerV1.ListInstanceSecretsLocksParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetInstanceLocks>>;
     /*************************
      * policies
      ************************/
@@ -667,14 +895,14 @@ declare namespace SecretsManagerV1 {
          *  different set of items, use `limit` with `offset` to page through your available resources.
          *
          *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-         *  `../secrets/{secret-type}?limit=5`.
+         *  `../secrets/{secret_type}?limit=5`.
          */
         limit?: number;
         /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
          *  `offset` value. Use `offset` with `limit` to page through your available resources.
          *
          *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-         *  `../secrets/{secret-type}?offset=25&limit=25`.
+         *  `..?offset=25&limit=25`.
          */
         offset?: number;
         headers?: OutgoingHttpHeaders;
@@ -698,27 +926,27 @@ declare namespace SecretsManagerV1 {
          *  different set of items, use `limit` with `offset` to page through your available resources.
          *
          *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 secrets, use
-         *  `../secrets/{secret-type}?limit=5`.
+         *  `../secrets/{secret_type}?limit=5`.
          */
         limit?: number;
         /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
          *  `offset` value. Use `offset` with `limit` to page through your available resources.
          *
          *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
-         *  `../secrets/{secret-type}?offset=25&limit=25`.
+         *  `..?offset=25&limit=25`.
          */
         offset?: number;
         /** Filter secrets that contain the specified string. The fields that are searched include: id, name,
          *  description, labels, secret_type.
          *
          *  **Usage:** If you want to list only the secrets that contain the string "text", use
-         *  `../secrets/{secret-type}?search=text`.
+         *  `../secrets/{secret_type}?search=text`.
          */
         search?: string;
         /** Sort a list of secrets by the specified field.
          *
          *  **Usage:** To sort a list of secrets by their creation date, use
-         *  `../secrets/{secret-type}?sort_by=creation_date`.
+         *  `../secrets/{secret_type}?sort_by=creation_date`.
          */
         sortBy?: ListAllSecretsConstants.SortBy | string;
         /** Filter secrets by groups.
@@ -727,14 +955,14 @@ declare namespace SecretsManagerV1 {
          *  secrets that are in the default secret group, use the `default` keyword.
          *
          *  **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
-         *  use `../secrets?groups={secret_group_ID},default`.
+         *  use `..?groups={secret_group_ID},default`.
          */
         groups?: string[];
         headers?: OutgoingHttpHeaders;
     }
     /** Constants for the `listAllSecrets` operation. */
     namespace ListAllSecretsConstants {
-        /** Sort a list of secrets by the specified field. **Usage:** To sort a list of secrets by their creation date, use `../secrets/{secret-type}?sort_by=creation_date`. */
+        /** Sort a list of secrets by the specified field. **Usage:** To sort a list of secrets by their creation date, use `../secrets/{secret_type}?sort_by=creation_date`. */
         enum SortBy {
             ID = "id",
             CREATION_DATE = "creation_date",
@@ -793,7 +1021,8 @@ declare namespace SecretsManagerV1 {
             ROTATE = "rotate",
             RESTORE = "restore",
             REVOKE = "revoke",
-            DELETE_CREDENTIALS = "delete_credentials"
+            DELETE_CREDENTIALS = "delete_credentials",
+            VALIDATE_DNS_CHALLENGE = "validate_dns_challenge"
         }
     }
     /** Parameters for the `deleteSecret` operation. */
@@ -922,6 +1151,38 @@ declare namespace SecretsManagerV1 {
             KV = "kv"
         }
     }
+    /** Parameters for the `updateSecretVersionMetadata` operation. */
+    interface UpdateSecretVersionMetadataParams {
+        /** The secret type. */
+        secretType: UpdateSecretVersionMetadataConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: UpdateSecretVersionMetadata[];
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `updateSecretVersionMetadata` operation. */
+    namespace UpdateSecretVersionMetadataConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
     /** Parameters for the `getSecretMetadata` operation. */
     interface GetSecretMetadataParams {
         /** The secret type. */
@@ -968,6 +1229,264 @@ declare namespace SecretsManagerV1 {
             KV = "kv"
         }
     }
+    /** Parameters for the `getLocks` operation. */
+    interface GetLocksParams {
+        /** The secret type. */
+        secretType: GetLocksConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The number of locks to retrieve. By default, list operations return the first 25 items. To retrieve a
+         *  different set of items, use `limit` with `offset` to page through your available resources.
+         *
+         *  **Usage:** If you have 20 locks associated with your secret, and you want to retrieve only the first 5 locks,
+         *  use
+         *  `..?limit=5`.
+         */
+        limit?: number;
+        /** The number of locks to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+         *  `offset` value. Use `offset` with `limit` to page through your available resources.
+         *
+         *  **Usage:** If you have 100 locks on your secret, and you want to retrieve locks 26 through 50, use
+         *  `..?offset=25&limit=25`.
+         */
+        offset?: number;
+        /** Filter locks that contain the specified string in the field "name".
+         *
+         *  **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+         *  `..?search=text`.
+         */
+        search?: string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `getLocks` operation. */
+    namespace GetLocksConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `lockSecret` operation. */
+    interface LockSecretParams {
+        /** The secret type. */
+        secretType: LockSecretConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The lock data to be attached to a secret version. */
+        locks?: LockSecretBodyLocksItem[];
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks
+         *  on a secret version. Note: When you are locking the `previous` version, the mode parameter is ignored.
+         *
+         *  - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the
+         *  secret.
+         *  - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version
+         *  if it doesn't have any locks.
+         */
+        mode?: LockSecretConstants.Mode | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `lockSecret` operation. */
+    namespace LockSecretConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. Note: When you are locking the `previous` version, the mode parameter is ignored. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
+        enum Mode {
+            EXCLUSIVE = "exclusive",
+            EXCLUSIVE_DELETE = "exclusive_delete"
+        }
+    }
+    /** Parameters for the `unlockSecret` operation. */
+    interface UnlockSecretParams {
+        /** The secret type. */
+        secretType: UnlockSecretConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** A comma-separated list of locks to delete. */
+        locks?: string[];
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `unlockSecret` operation. */
+    namespace UnlockSecretConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `getSecretVersionLocks` operation. */
+    interface GetSecretVersionLocksParams {
+        /** The secret type. */
+        secretType: GetSecretVersionLocksConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The number of locks to retrieve. By default, list operations return the first 25 items. To retrieve a
+         *  different set of items, use `limit` with `offset` to page through your available resources.
+         *
+         *  **Usage:** If you have 20 locks associated with your secret, and you want to retrieve only the first 5 locks,
+         *  use
+         *  `..?limit=5`.
+         */
+        limit?: number;
+        /** The number of locks to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+         *  `offset` value. Use `offset` with `limit` to page through your available resources.
+         *
+         *  **Usage:** If you have 100 locks on your secret, and you want to retrieve locks 26 through 50, use
+         *  `..?offset=25&limit=25`.
+         */
+        offset?: number;
+        /** Filter locks that contain the specified string in the field "name".
+         *
+         *  **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+         *  `..?search=text`.
+         */
+        search?: string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `getSecretVersionLocks` operation. */
+    namespace GetSecretVersionLocksConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `lockSecretVersion` operation. */
+    interface LockSecretVersionParams {
+        /** The secret type. */
+        secretType: LockSecretVersionConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The lock data to be attached to a secret version. */
+        locks?: LockSecretBodyLocksItem[];
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks
+         *  on a secret version. Note: When you are locking the `previous` version, the mode parameter is ignored.
+         *
+         *  - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the
+         *  secret.
+         *  - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version
+         *  if it doesn't have any locks.
+         */
+        mode?: LockSecretVersionConstants.Mode | string;
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `lockSecretVersion` operation. */
+    namespace LockSecretVersionConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. Note: When you are locking the `previous` version, the mode parameter is ignored. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
+        enum Mode {
+            EXCLUSIVE = "exclusive",
+            EXCLUSIVE_DELETE = "exclusive_delete"
+        }
+    }
+    /** Parameters for the `unlockSecretVersion` operation. */
+    interface UnlockSecretVersionParams {
+        /** The secret type. */
+        secretType: UnlockSecretVersionConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** A comma-separated list of locks to delete. */
+        locks?: string[];
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `unlockSecretVersion` operation. */
+    namespace UnlockSecretVersionConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
+    /** Parameters for the `listInstanceSecretsLocks` operation. */
+    interface ListInstanceSecretsLocksParams {
+        /** The number of secrets with associated locks to retrieve. By default, list operations return the first 25
+         *  items. To retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+         *
+         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5, use
+         *  `..?limit=5`.
+         */
+        limit?: number;
+        /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+         *  `offset` value. Use `offset` with `limit` to page through your available resources.
+         *
+         *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+         *  `..?offset=25&limit=25`.
+         */
+        offset?: number;
+        /** Filter locks that contain the specified string in the field "name".
+         *
+         *  **Usage:** If you want to list only the locks that contain the string "text" in the field "name", use
+         *  `..?search=text`.
+         */
+        search?: string;
+        /** Filter secrets by groups.
+         *
+         *  You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter
+         *  secrets that are in the default secret group, use the `default` keyword.
+         *
+         *  **Usage:** To retrieve a list of secrets that are associated with an existing secret group or the default group,
+         *  use `..?groups={secret_group_ID},default`.
+         */
+        groups?: string[];
+        headers?: OutgoingHttpHeaders;
+    }
     /** Parameters for the `putPolicy` operation. */
     interface PutPolicyParams {
         /** The secret type. */
@@ -987,6 +1506,7 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             USERNAME_PASSWORD = "username_password",
+            IAM_CREDENTIALS = "iam_credentials",
             PUBLIC_CERT = "public_cert",
             PRIVATE_CERT = "private_cert"
         }
@@ -1010,6 +1530,7 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             USERNAME_PASSWORD = "username_password",
+            IAM_CREDENTIALS = "iam_credentials",
             PUBLIC_CERT = "public_cert",
             PRIVATE_CERT = "private_cert"
         }
@@ -1368,6 +1889,13 @@ declare namespace SecretsManagerV1 {
     /** GetConfigResourcesItem. */
     interface GetConfigResourcesItem {
     }
+    /** Properties that describe the locks that are associated with an instance. */
+    interface GetInstanceLocks {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: InstanceSecretsLocks[];
+    }
     /** Properties that describe an existing registration with Event Notifications. */
     interface GetNotificationsSettings {
         /** The metadata that describes the resource array. */
@@ -1382,6 +1910,13 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources: SecretResource[];
     }
+    /** Properties that describe the lock of a secret or a secret version. */
+    interface GetSecretLocks {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: SecretsLocks[];
+    }
     /** GetSecretPolicies. */
     interface GetSecretPolicies {
     }
@@ -1406,6 +1941,22 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources: ConfigElementDef[];
     }
+    /** Properties that describe the locks that are associated with an instance. */
+    interface InstanceSecretsLocks {
+        /** The unique ID of the secret. */
+        secret_id?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** The secret type. */
+        secret_type?: string;
+        /** A collection of locks that are attached to a secret version. */
+        versions?: SecretLockVersion[];
+        /** InstanceSecretsLocks accepts additional properties. */
+        [propName: string]: any;
+    }
     /** Intermediate certificate authorities configuration. */
     interface IntermediateCertificateAuthoritiesConfigItem {
         /** The human-readable name to assign to your configuration. */
@@ -1444,6 +1995,13 @@ declare namespace SecretsManagerV1 {
         /** The name that was assigned to the DNS provider configuration. */
         dns?: string;
     }
+    /** Properties that describe the locks of a secret or a secret version. */
+    interface ListSecretLocks {
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: SecretLockData[];
+    }
     /** Properties that describe a list of versions of a secret. */
     interface ListSecretVersions {
         /** The metadata that describes the resource array. */
@@ -1458,6 +2016,23 @@ declare namespace SecretsManagerV1 {
         /** A collection of resources. */
         resources?: SecretResource[];
     }
+    /** LockSecretBodyLocksItem. */
+    interface LockSecretBodyLocksItem {
+        /** A human-readable name to assign to the lock. The lock name must be unique per secret version.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a name for your secret
+         *  lock.
+         */
+        name: string;
+        /** An extended description of the lock.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
+         *  secret lock.
+         */
+        description: string;
+        /** Optional information to associate with a lock, such as resources CRNs to be used by automation. */
+        attributes: JsonObject;
+    }
     /** The Event Notifications details. */
     interface NotificationsSettings {
         /** The Cloud Resource Name (CRN) of the connected Event Notifications instance. */
@@ -1555,6 +2130,56 @@ declare namespace SecretsManagerV1 {
         /** SecretGroupResource accepts additional properties. */
         [propName: string]: any;
     }
+    /** Properties that describe a lock. */
+    interface SecretLockData {
+        /** A human-readable name to assign to the secret lock.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a name for the secret lock.
+         */
+        name?: string;
+        /** An extended description of the secret lock.
+         *
+         *  To protect your privacy, do not use personal data, such as your name or location, as a description for the
+         *  secret lock.
+         */
+        description?: string;
+        /** The date the secret lock was created. The date format follows RFC 3339. */
+        creation_date?: string;
+        /** The unique identifier for the entity that created the secret lock. */
+        created_by?: string;
+        /** The information that is associated with a lock, such as resources CRNs to be used by automation. */
+        attributes?: JsonObject;
+        /** The v4 UUID that uniquely identifies the secret version. */
+        secret_version_id?: string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        secret_id?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** Updates when the actual secret is modified. The date format follows RFC 3339. */
+        last_update_date?: string;
+        /** A representation for the 2 last secret versions. Could be "current" for version (n) or "previous" for
+         *  version (n-1).
+         */
+        secret_version_alias?: string;
+    }
+    /** Properties that describe the secret locks. */
+    interface SecretLockVersion {
+        /** The v4 UUID that uniquely identifies the lock. */
+        id?: string;
+        /** A human-readable alias that describes the secret version. 'Current' is used for version `n` and 'previous'
+         *  is used for version `n-1`.
+         */
+        alias?: string;
+        /** The names of all locks that are associated with this secret. */
+        locks?: string[];
+        /** Indicates whether the payload for the secret version is stored and available. */
+        payload_available?: boolean;
+        /** SecretLockVersion accepts additional properties. */
+        [propName: string]: any;
+    }
     /** SecretMetadata. */
     interface SecretMetadata {
     }
@@ -1586,6 +2211,20 @@ declare namespace SecretsManagerV1 {
     /** SecretVersionMetadata. */
     interface SecretVersionMetadata {
     }
+    /** Properties that describe the secret locks. */
+    interface SecretsLocks {
+        /** The unique ID of the secret. */
+        secret_id?: string;
+        /** The v4 UUID that uniquely identifies the secret group to assign to this secret.
+         *
+         *  If you omit this parameter, your secret is assigned to the `default` secret group.
+         */
+        secret_group_id?: string;
+        /** A collection of locks that are attached to a secret version. */
+        versions?: SecretLockVersion[];
+        /** SecretsLocks accepts additional properties. */
+        [propName: string]: any;
+    }
     /** Properties that are returned with a successful `sign` action. */
     interface SignActionResultData {
         /** The PEM-encoded certificate. */
@@ -1612,6 +2251,11 @@ declare namespace SecretsManagerV1 {
         /** The time until the certificate expires. */
         expiration?: number;
     }
+    /** Properties that update the metadata of a secret version. */
+    interface UpdateSecretVersionMetadata {
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+    }
     /** CertificateValidity. */
     interface CertificateValidity {
         /** The date and time that the certificate validity period begins. */
@@ -1664,8 +2308,12 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -1727,6 +2375,12 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -1755,6 +2409,10 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The data that is associated with the secret version.
          *
          *  The data object contains the field `payload`.
@@ -1775,6 +2433,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** Properties that describe a secret version. */
     interface ArbitrarySecretVersionMetadata extends SecretVersionMetadata {
@@ -1792,6 +2452,10 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** Metadata properties that describe a certificate secret. */
     interface CertificateSecretMetadata extends SecretMetadata {
@@ -1838,8 +2502,12 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
@@ -1914,6 +2582,12 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The contents of your certificate. The data must be formatted on a single line with embedded newline
          *  characters.
          */
@@ -1972,6 +2646,10 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         validity?: CertificateValidity;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
@@ -1999,6 +2677,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -2021,6 +2701,10 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -2046,9 +2730,10 @@ declare namespace SecretsManagerV1 {
         max_ttl?: any;
         /** The time-to-live (TTL) to assign to a private certificate.
          *
-         *  The value can be supplied as a string representation of a duration, such as `12h`. Hour (`h`) is the largest
-         *  time suffix. The value can't exceed the `max_ttl` that is defined in the associated certificate template. In the
-         *  API response, this value is returned in seconds (integer).
+         *  The value can be supplied as a string representation of a duration, such as `12h`. The value can be supplied in
+         *  seconds (suffix `s`), minutes (suffix `m`) or hours (suffix `h`). The value can't exceed the `max_ttl` that is
+         *  defined in the associated certificate template. In the API response, this value is returned in seconds
+         *  (integer).
          */
         ttl?: any;
         /** Determines whether to allow `localhost` to be included as one of the requested common names. */
@@ -2338,8 +3023,12 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The time-to-live (TTL) or lease duration that is assigned to the secret. For `iam_credentials` secrets, the
          *  TTL defines for how long each generated API key remains valid.
          */
@@ -2417,6 +3106,12 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The time-to-live (TTL) or lease duration to assign to generated credentials.
          *
          *  For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can
@@ -2467,6 +3162,12 @@ declare namespace SecretsManagerV1 {
          *  are generated each time that the secret is read or accessed.
          */
         reuse_api_key?: boolean;
+        /** The date that the secret is scheduled for automatic rotation.
+         *
+         *  The service automatically creates a new version of the secret on its next rotation date. This field exists only
+         *  for secrets that have an existing rotation policy.
+         */
+        next_rotation_date?: string;
     }
     /** IAMCredentialsSecretVersion. */
     interface IAMCredentialsSecretVersion extends SecretVersion {
@@ -2478,6 +3179,12 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
         /** The data that is associated with the secret version. The data object contains the following fields:
          *
          *  - `api_key`: The API key that is generated for this secret.
@@ -2500,6 +3207,10 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
     }
     /** Properties that describe a secret version. */
     interface IAMCredentialsSecretVersionMetadata extends SecretVersionMetadata {
@@ -2517,6 +3228,12 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
     }
     /** Intermediate certificate authorities configuration. */
     interface IntermediateCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
@@ -2682,8 +3399,12 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
     }
     /** Properties that describe a secret. */
     interface KvSecretResource extends SecretResource {
@@ -2735,6 +3456,12 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -2815,8 +3542,12 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The name of the certificate template. */
         certificate_template?: string;
         /** The intermediate certificate authority that signed this certificate. */
@@ -2894,6 +3625,12 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The name of the certificate template. */
         certificate_template: string;
         /** The intermediate certificate authority that signed this certificate. */
@@ -2972,6 +3709,10 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         validity?: CertificateValidity;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
@@ -3011,6 +3752,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -3045,6 +3788,10 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -3115,8 +3862,12 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
         issuer?: string;
         /** Determines whether your issued certificate is bundled with intermediate certificates.
@@ -3197,6 +3948,12 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
         issuer?: string;
         /** Determines whether your issued certificate is bundled with intermediate certificates.
@@ -3257,6 +4014,10 @@ declare namespace SecretsManagerV1 {
     interface RestoreIAMCredentialsSecretBody extends SecretAction {
         /** The ID of the target version or the alias `previous`. */
         version_id: string;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** A request to revoke the certificate of an internally signed intermediate certificate authority. */
     interface RevokeAction extends ConfigAction {
@@ -3332,7 +4093,8 @@ declare namespace SecretsManagerV1 {
         other_sans?: string[];
         /** The time-to-live (TTL) to assign to this CA certificate.
          *
-         *  The value can be supplied as a string representation of a duration, such as `12h`. The value can't exceed the
+         *  The value can be supplied as a string representation of a duration, such as `12h`. The value can be supplied in
+         *  seconds (suffix `s`), minutes (suffix `m`), hours (suffix `h`) or days (suffix `d`). The value can't exceed the
          *  `max_ttl` that is defined in the associated certificate template. In the API response, this value is returned in
          *  seconds (integer).
          */
@@ -3394,6 +4156,10 @@ declare namespace SecretsManagerV1 {
     interface RotateArbitrarySecretBody extends SecretAction {
         /** The new secret data to assign to an `arbitrary` secret. */
         payload: string;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** The request body of a rotate certificate action. */
     interface RotateCertificateBody extends SecretAction {
@@ -3403,6 +4169,10 @@ declare namespace SecretsManagerV1 {
         private_key?: string;
         /** The new intermediate certificate to associate with the certificate. */
         intermediate?: string;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** Properties that are returned with a successful `rotate_crl` action. */
     interface RotateCrlActionResult extends ConfigElementActionResultConfig {
@@ -3411,16 +4181,40 @@ declare namespace SecretsManagerV1 {
     interface RotateKvSecretBody extends SecretAction {
         /** The new secret data to assign to a key-value secret. */
         payload: JsonObject;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+    }
+    /** The request body of a rotate private certificate action. */
+    interface RotatePrivateCertBody extends SecretAction {
+        /** The secret metadata that a user can customize. */
+        custom_metadata: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+    }
+    /** The request body of a rotate private certificate action. */
+    interface RotatePrivateCertBodyWithVersionCustomMetadata extends SecretAction {
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata: JsonObject;
     }
     /** The request body of a `rotate` action. */
     interface RotatePublicCertBody extends SecretAction {
         /** Determine whether keys must be rotated. */
         rotate_keys: boolean;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** The request body of a `rotate` action. */
     interface RotateUsernamePasswordSecretBody extends SecretAction {
         /** The new password to assign to a `username_password` secret. */
         password: string;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** The secret rotation time interval. */
     interface SecretPolicyRotationRotationPolicyRotation extends SecretPolicyRotationRotation {
@@ -3797,8 +4591,12 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** Updates when any part of the secret metadata is modified. The date format follows RFC 3339. */
         last_update_date?: string;
-        /** The number of versions the secret has. */
+        /** The number of versions that are associated with a secret. */
         versions_total?: number;
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -3860,6 +4658,12 @@ declare namespace SecretsManagerV1 {
          *  see [Get secret version metadata](#get-secret-version-metadata).
          */
         versions?: JsonObject[];
+        /** The number of locks that are associated with a secret. */
+        locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The username to assign to this secret. */
         username?: string;
         /** The password to assign to this secret. */
@@ -3897,6 +4701,10 @@ declare namespace SecretsManagerV1 {
         creation_date?: string;
         /** The unique identifier for the entity that created the secret version. */
         created_by?: string;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
         /** The data that is associated with the secret version. The data object contains the following fields:
@@ -3920,6 +4728,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
     }
@@ -3939,6 +4749,10 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The number of locks that are associated with a secret version. */
+        locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
     }