@ibm-cloud/secrets-manager 1.0.35 → 1.0.37

package/secrets-manager/v1.d.ts

@@ -114,9 +114,9 @@ declare class SecretsManagerV1 extends BaseService {
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret group.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
-     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>}
      */
-    deleteSecretGroup(params: SecretsManagerV1.DeleteSecretGroupParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    deleteSecretGroup(params: SecretsManagerV1.DeleteSecretGroupParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>;
     /*************************
      * secrets
      ************************/
@@ -225,6 +225,8 @@ declare class SecretsManagerV1 extends BaseService {
      * - `restore`: Restore a previous version of an `iam_credentials` secret.
      * - `revoke`: Revoke a private certificate.
      * - `delete_credentials`: Delete the API key that is associated with an `iam_credentials` secret.
+     * - `validate_dns_challenge`: Validate challenges for a public certificate that is ordered with a manual DNS
+     * provider.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -244,9 +246,9 @@ declare class SecretsManagerV1 extends BaseService {
      * @param {string} params.secretType - The secret type.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
-     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>}
      */
-    deleteSecret(params: SecretsManagerV1.DeleteSecretParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    deleteSecret(params: SecretsManagerV1.DeleteSecretParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>;
     /**
      * List versions of a secret.
      *
@@ -302,7 +304,7 @@ declare class SecretsManagerV1 extends BaseService {
      */
     updateSecretVersion(params: SecretsManagerV1.UpdateSecretVersionParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecret>>;
     /**
-     * Get secret version metadata.
+     * Get the metadata of a secret version.
      *
      * Get the metadata of a secret version by specifying the ID of the version or the alias `previous`.
      *
@@ -321,7 +323,26 @@ declare class SecretsManagerV1 extends BaseService {
      */
     getSecretVersionMetadata(params: SecretsManagerV1.GetSecretVersionMetadataParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersionMetadata>>;
     /**
-     * Get secret metadata.
+     * Update the metadata of a secret version.
+     *
+     * Update the metadata of a secret version, such as `version_custom_metadata`.
+     *
+     * @param {Object} params - The parameters to send to the service.
+     * @param {string} params.secretType - The secret type.
+     * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
+     * @param {string} params.versionId - The v4 UUID that uniquely identifies the secret version. You can also use
+     * `previous` to retrieve the previous version.
+     *
+     * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
+     * the response details.
+     * @param {CollectionMetadata} params.metadata - The metadata that describes the resource array.
+     * @param {UpdateSecretVersionMetadata[]} params.resources - A collection of resources.
+     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersionMetadata>>}
+     */
+    updateSecretVersionMetadata(params: SecretsManagerV1.UpdateSecretVersionMetadataParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.GetSecretVersionMetadata>>;
+    /**
+     * Get the metadata of a secret.
      *
      * Get the details of a secret by specifying its ID.
      *
@@ -363,16 +384,15 @@ declare class SecretsManagerV1 extends BaseService {
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
-     * @param {number} [params.limit] - The number of secrets with locks to retrieve. By default, list operations return
-     * the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page through your available
-     * resources.
+     * @param {number} [params.limit] - The number of locks to retrieve. By default, list operations return the first 25
+     * items. To retrieve a different set of items, use `limit` with `offset` to page through your available resources.
      *
-     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+     * **Usage:** If you have 20 locks associated with your secret, and you want to retrieve only the first 5 locks, use
      * `..?limit=5`.
-     * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
+     * @param {number} [params.offset] - The number of locks to skip. By specifying `offset`, you retrieve a subset of
      * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
      *
-     * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+     * **Usage:** If you have 100 locks on your secret, and you want to retrieve locks 26 through 50, use
      * `..?offset=25&limit=25`.
      * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
      *
@@ -404,7 +424,8 @@ declare class SecretsManagerV1 extends BaseService {
      * @param {string} params.id - The v4 UUID that uniquely identifies the secret.
      * @param {LockSecretBodyLocksItem[]} [params.locks] - The lock data to be attached to a secret version.
      * @param {string} [params.mode] - An optional lock mode. At lock creation, you can set one of the following modes to
-     * clear any matching locks on a secret version.
+     * clear any matching locks on a secret version. Note: When you are locking the `previous` version, the mode parameter
+     * is ignored.
      *
      * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
      * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
@@ -447,16 +468,15 @@ declare class SecretsManagerV1 extends BaseService {
      *
      * **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and check
      * the response details.
-     * @param {number} [params.limit] - The number of secrets with locks to retrieve. By default, list operations return
-     * the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page through your available
-     * resources.
+     * @param {number} [params.limit] - The number of locks to retrieve. By default, list operations return the first 25
+     * items. To retrieve a different set of items, use `limit` with `offset` to page through your available resources.
      *
-     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+     * **Usage:** If you have 20 locks associated with your secret, and you want to retrieve only the first 5 locks, use
      * `..?limit=5`.
-     * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
+     * @param {number} [params.offset] - The number of locks to skip. By specifying `offset`, you retrieve a subset of
      * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
      *
-     * **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+     * **Usage:** If you have 100 locks on your secret, and you want to retrieve locks 26 through 50, use
      * `..?offset=25&limit=25`.
      * @param {string} [params.search] - Filter locks that contain the specified string in the field "name".
      *
@@ -493,7 +513,8 @@ declare class SecretsManagerV1 extends BaseService {
      * the response details.
      * @param {LockSecretBodyLocksItem[]} [params.locks] - The lock data to be attached to a secret version.
      * @param {string} [params.mode] - An optional lock mode. At lock creation, you can set one of the following modes to
-     * clear any matching locks on a secret version.
+     * clear any matching locks on a secret version. Note: When you are locking the `previous` version, the mode parameter
+     * is ignored.
      *
      * - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret.
      * - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if
@@ -534,11 +555,11 @@ declare class SecretsManagerV1 extends BaseService {
      * List the lock details that are associated with all secrets in your Secrets Manager instance.
      *
      * @param {Object} [params] - The parameters to send to the service.
-     * @param {number} [params.limit] - The number of secrets with locks to retrieve. By default, list operations return
-     * the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page through your available
-     * resources.
+     * @param {number} [params.limit] - The number of secrets with associated locks to retrieve. By default, list
+     * operations return the first 25 items. To retrieve a different set of items, use `limit` with `offset` to page
+     * through your available resources.
      *
-     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+     * **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5, use
      * `..?limit=5`.
      * @param {number} [params.offset] - The number of secrets to skip. By specifying `offset`, you retrieve a subset of
      * items that starts with the `offset` value. Use `offset` with `limit` to page through your available resources.
@@ -568,7 +589,7 @@ declare class SecretsManagerV1 extends BaseService {
      *
      * Create or update one or more policies, such as an [automatic rotation
      * policy](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-automatic-rotation), for the specified
-     * secret.
+     * secret. To remove a policy, keep the resources block empty.
      *
      * @param {Object} params - The parameters to send to the service.
      * @param {string} params.secretType - The secret type.
@@ -609,9 +630,9 @@ declare class SecretsManagerV1 extends BaseService {
      * @param {string} params.secretType - The secret type.
      * @param {EngineConfig} params.engineConfig - Properties to update for a secrets engine.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
-     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>}
      */
-    putConfig(params: SecretsManagerV1.PutConfigParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    putConfig(params: SecretsManagerV1.PutConfigParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>;
     /**
      * Get the configuration of a secret type.
      *
@@ -722,9 +743,9 @@ declare class SecretsManagerV1 extends BaseService {
      * @param {string} params.configElement - The configuration element to define or manage.
      * @param {string} params.configName - The name of your configuration.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
-     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>}
      */
-    deleteConfigElement(params: SecretsManagerV1.DeleteConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    deleteConfigElement(params: SecretsManagerV1.DeleteConfigElementParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>;
     /*************************
      * notifications
      ************************/
@@ -768,9 +789,9 @@ declare class SecretsManagerV1 extends BaseService {
      *
      * @param {Object} [params] - The parameters to send to the service.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
-     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>}
      */
-    deleteNotificationsRegistration(params?: SecretsManagerV1.DeleteNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    deleteNotificationsRegistration(params?: SecretsManagerV1.DeleteNotificationsRegistrationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>;
     /**
      * Send a test event.
      *
@@ -783,9 +804,9 @@ declare class SecretsManagerV1 extends BaseService {
      *
      * @param {Object} [params] - The parameters to send to the service.
      * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
-     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>}
+     * @returns {Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>}
      */
-    sendTestNotification(params?: SecretsManagerV1.SendTestNotificationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.Empty>>;
+    sendTestNotification(params?: SecretsManagerV1.SendTestNotificationParams): Promise<SecretsManagerV1.Response<SecretsManagerV1.EmptyObject>>;
 }
 /*************************
  * interfaces
@@ -801,7 +822,7 @@ declare namespace SecretsManagerV1 {
     /** The callback for a service request. */
     type Callback<T> = (error: any, response?: Response<T>) => void;
     /** The body of a service request that returns no response data. */
-    interface Empty {
+    interface EmptyObject {
     }
     /** A standard JS object, defined to avoid the limitations of `Object` and `object` */
     interface JsonObject {
@@ -1001,7 +1022,8 @@ declare namespace SecretsManagerV1 {
             ROTATE = "rotate",
             RESTORE = "restore",
             REVOKE = "revoke",
-            DELETE_CREDENTIALS = "delete_credentials"
+            DELETE_CREDENTIALS = "delete_credentials",
+            VALIDATE_DNS_CHALLENGE = "validate_dns_challenge"
         }
     }
     /** Parameters for the `deleteSecret` operation. */
@@ -1130,6 +1152,38 @@ declare namespace SecretsManagerV1 {
             KV = "kv"
         }
     }
+    /** Parameters for the `updateSecretVersionMetadata` operation. */
+    interface UpdateSecretVersionMetadataParams {
+        /** The secret type. */
+        secretType: UpdateSecretVersionMetadataConstants.SecretType | string;
+        /** The v4 UUID that uniquely identifies the secret. */
+        id: string;
+        /** The v4 UUID that uniquely identifies the secret version. You can also use `previous` to retrieve the
+         *  previous version.
+         *
+         *  **Note:** To find the version ID of a secret, use the [Get secret metadata](#get-secret-metadata) method and
+         *  check the response details.
+         */
+        versionId: string;
+        /** The metadata that describes the resource array. */
+        metadata: CollectionMetadata;
+        /** A collection of resources. */
+        resources: UpdateSecretVersionMetadata[];
+        headers?: OutgoingHttpHeaders;
+    }
+    /** Constants for the `updateSecretVersionMetadata` operation. */
+    namespace UpdateSecretVersionMetadataConstants {
+        /** The secret type. */
+        enum SecretType {
+            ARBITRARY = "arbitrary",
+            IAM_CREDENTIALS = "iam_credentials",
+            IMPORTED_CERT = "imported_cert",
+            PUBLIC_CERT = "public_cert",
+            PRIVATE_CERT = "private_cert",
+            USERNAME_PASSWORD = "username_password",
+            KV = "kv"
+        }
+    }
     /** Parameters for the `getSecretMetadata` operation. */
     interface GetSecretMetadataParams {
         /** The secret type. */
@@ -1182,17 +1236,18 @@ declare namespace SecretsManagerV1 {
         secretType: GetLocksConstants.SecretType | string;
         /** The v4 UUID that uniquely identifies the secret. */
         id: string;
-        /** The number of secrets with locks to retrieve. By default, list operations return the first 25 items. To
-         *  retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+        /** The number of locks to retrieve. By default, list operations return the first 25 items. To retrieve a
+         *  different set of items, use `limit` with `offset` to page through your available resources.
          *
-         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+         *  **Usage:** If you have 20 locks associated with your secret, and you want to retrieve only the first 5 locks,
+         *  use
          *  `..?limit=5`.
          */
         limit?: number;
-        /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+        /** The number of locks to skip. By specifying `offset`, you retrieve a subset of items that starts with the
          *  `offset` value. Use `offset` with `limit` to page through your available resources.
          *
-         *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+         *  **Usage:** If you have 100 locks on your secret, and you want to retrieve locks 26 through 50, use
          *  `..?offset=25&limit=25`.
          */
         offset?: number;
@@ -1226,7 +1281,7 @@ declare namespace SecretsManagerV1 {
         /** The lock data to be attached to a secret version. */
         locks?: LockSecretBodyLocksItem[];
         /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks
-         *  on a secret version.
+         *  on a secret version. Note: When you are locking the `previous` version, the mode parameter is ignored.
          *
          *  - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the
          *  secret.
@@ -1248,7 +1303,7 @@ declare namespace SecretsManagerV1 {
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
-        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. Note: When you are locking the `previous` version, the mode parameter is ignored. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
         enum Mode {
             EXCLUSIVE = "exclusive",
             EXCLUSIVE_DELETE = "exclusive_delete"
@@ -1290,17 +1345,18 @@ declare namespace SecretsManagerV1 {
          *  check the response details.
          */
         versionId: string;
-        /** The number of secrets with locks to retrieve. By default, list operations return the first 25 items. To
-         *  retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+        /** The number of locks to retrieve. By default, list operations return the first 25 items. To retrieve a
+         *  different set of items, use `limit` with `offset` to page through your available resources.
          *
-         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+         *  **Usage:** If you have 20 locks associated with your secret, and you want to retrieve only the first 5 locks,
+         *  use
          *  `..?limit=5`.
          */
         limit?: number;
-        /** The number of secrets to skip. By specifying `offset`, you retrieve a subset of items that starts with the
+        /** The number of locks to skip. By specifying `offset`, you retrieve a subset of items that starts with the
          *  `offset` value. Use `offset` with `limit` to page through your available resources.
          *
-         *  **Usage:** If you have 100 secrets in your instance, and you want to retrieve secrets 26 through 50, use
+         *  **Usage:** If you have 100 locks on your secret, and you want to retrieve locks 26 through 50, use
          *  `..?offset=25&limit=25`.
          */
         offset?: number;
@@ -1341,7 +1397,7 @@ declare namespace SecretsManagerV1 {
         /** The lock data to be attached to a secret version. */
         locks?: LockSecretBodyLocksItem[];
         /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks
-         *  on a secret version.
+         *  on a secret version. Note: When you are locking the `previous` version, the mode parameter is ignored.
          *
          *  - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the
          *  secret.
@@ -1363,7 +1419,7 @@ declare namespace SecretsManagerV1 {
             USERNAME_PASSWORD = "username_password",
             KV = "kv"
         }
-        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
+        /** An optional lock mode. At lock creation, you can set one of the following modes to clear any matching locks on a secret version. Note: When you are locking the `previous` version, the mode parameter is ignored. - `exclusive`: Removes any other locks with matching names if they are found in the previous version of the secret. - `exclusive_delete`: Same as `exclusive`, but also permanently deletes the data of the previous secret version if it doesn't have any locks. */
         enum Mode {
             EXCLUSIVE = "exclusive",
             EXCLUSIVE_DELETE = "exclusive_delete"
@@ -1401,10 +1457,10 @@ declare namespace SecretsManagerV1 {
     }
     /** Parameters for the `listInstanceSecretsLocks` operation. */
     interface ListInstanceSecretsLocksParams {
-        /** The number of secrets with locks to retrieve. By default, list operations return the first 25 items. To
-         *  retrieve a different set of items, use `limit` with `offset` to page through your available resources.
+        /** The number of secrets with associated locks to retrieve. By default, list operations return the first 25
+         *  items. To retrieve a different set of items, use `limit` with `offset` to page through your available resources.
          *
-         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5 with locks, use
+         *  **Usage:** If you have 20 secrets in your instance, and you want to retrieve only the first 5, use
          *  `..?limit=5`.
          */
         limit?: number;
@@ -1451,6 +1507,7 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             USERNAME_PASSWORD = "username_password",
+            IAM_CREDENTIALS = "iam_credentials",
             PUBLIC_CERT = "public_cert",
             PRIVATE_CERT = "private_cert"
         }
@@ -1474,6 +1531,7 @@ declare namespace SecretsManagerV1 {
         /** The secret type. */
         enum SecretType {
             USERNAME_PASSWORD = "username_password",
+            IAM_CREDENTIALS = "iam_credentials",
             PUBLIC_CERT = "public_cert",
             PRIVATE_CERT = "private_cert"
         }
@@ -1733,6 +1791,8 @@ declare namespace SecretsManagerV1 {
      ************************/
     /** The data that is associated with the secret version. The data object contains the following fields: - `certificate`: The contents of the certificate. - `private_key`: The private key that is associated with the certificate. - `intermediate`: The intermediate certificate that is associated with the certificate. */
     interface CertificateSecretData {
+        /** CertificateSecretData accepts additional properties. */
+        [propName: string]: any;
     }
     /** Certificate templates configuration. */
     interface CertificateTemplatesConfigItem {
@@ -1749,6 +1809,19 @@ declare namespace SecretsManagerV1 {
          */
         config?: CertificateTemplateConfig;
     }
+    /** Properties that describe a challenge. */
+    interface ChallengeResource {
+        /** The challenge domain. */
+        domain?: string;
+        /** The challenge expiration date. The date format follows RFC 3339. */
+        expiration?: string;
+        /** The challenge status. */
+        status?: string;
+        /** The txt_record_name. */
+        txt_record_name?: string;
+        /** The txt_record_value. */
+        txt_record_value?: string;
+    }
     /** The metadata that describes the resource array. */
     interface CollectionMetadata {
         /** The type of resources in the resource array. */
@@ -1937,6 +2010,14 @@ declare namespace SecretsManagerV1 {
         ca?: string;
         /** The name that was assigned to the DNS provider configuration. */
         dns?: string;
+        /** The set of challenges, will be returned only when ordering public certificate using manual DNS
+         *  configuration.
+         */
+        challenges?: ChallengeResource[];
+        /** The date a user called "validate dns challenges" for "manual" DNS provider. The date format follows RFC
+         *  3339.
+         */
+        dns_challenge_validation_time?: string;
     }
     /** Properties that describe the locks of a secret or a secret version. */
     interface ListSecretLocks {
@@ -1972,9 +2053,9 @@ declare namespace SecretsManagerV1 {
          *  To protect your privacy, do not use personal data, such as your name or location, as a description for your
          *  secret lock.
          */
-        description: string;
+        description?: string;
         /** Optional information to associate with a lock, such as resources CRNs to be used by automation. */
-        attributes: JsonObject;
+        attributes?: JsonObject;
     }
     /** The Event Notifications details. */
     interface NotificationsSettings {
@@ -2194,6 +2275,11 @@ declare namespace SecretsManagerV1 {
         /** The time until the certificate expires. */
         expiration?: number;
     }
+    /** Properties that update the metadata of a secret version. */
+    interface UpdateSecretVersionMetadata {
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+    }
     /** CertificateValidity. */
     interface CertificateValidity {
         /** The date and time that the certificate validity period begins. */
@@ -2250,6 +2336,8 @@ declare namespace SecretsManagerV1 {
         versions_total?: number;
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -2313,6 +2401,10 @@ declare namespace SecretsManagerV1 {
         versions?: JsonObject[];
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -2343,6 +2435,8 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The data that is associated with the secret version.
          *
          *  The data object contains the field `payload`.
@@ -2363,6 +2457,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** Properties that describe a secret version. */
     interface ArbitrarySecretVersionMetadata extends SecretVersionMetadata {
@@ -2382,6 +2478,8 @@ declare namespace SecretsManagerV1 {
         downloaded?: boolean;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** Metadata properties that describe a certificate secret. */
     interface CertificateSecretMetadata extends SecretMetadata {
@@ -2432,6 +2530,8 @@ declare namespace SecretsManagerV1 {
         versions_total?: number;
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign
@@ -2508,6 +2608,10 @@ declare namespace SecretsManagerV1 {
         versions?: JsonObject[];
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The contents of your certificate. The data must be formatted on a single line with embedded newline
          *  characters.
          */
@@ -2568,6 +2672,8 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         validity?: CertificateValidity;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
@@ -2595,6 +2701,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -2619,6 +2727,8 @@ declare namespace SecretsManagerV1 {
         downloaded?: boolean;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -2644,9 +2754,10 @@ declare namespace SecretsManagerV1 {
         max_ttl?: any;
         /** The time-to-live (TTL) to assign to a private certificate.
          *
-         *  The value can be supplied as a string representation of a duration, such as `12h`. Hour (`h`) is the largest
-         *  time suffix. The value can't exceed the `max_ttl` that is defined in the associated certificate template. In the
-         *  API response, this value is returned in seconds (integer).
+         *  The value can be supplied as a string representation of a duration, such as `12h`. The value can be supplied in
+         *  seconds (suffix `s`), minutes (suffix `m`) or hours (suffix `h`). The value can't exceed the `max_ttl` that is
+         *  defined in the associated certificate template. In the API response, this value is returned in seconds
+         *  (integer).
          */
         ttl?: any;
         /** Determines whether to allow `localhost` to be included as one of the requested common names. */
@@ -2857,8 +2968,8 @@ declare namespace SecretsManagerV1 {
          *  API key is deleted. Otherwise, the service ID is deleted together with its API key.
          */
         api_key_id?: string;
-        /** The service ID that you want to delete. This property can be used instead of the `api_key_id` field, but
-         *  only for secrets that were created with a service ID that was generated by Secrets Manager.
+        /** Deprecated: The service ID that you want to delete. This property can be used instead of the `api_key_id`
+         *  field, but only for secrets that were created with a service ID that was generated by Secrets Manager.
          *
          *  **Deprecated.** Use the `api_key_id` field instead.
          */
@@ -2940,6 +3051,8 @@ declare namespace SecretsManagerV1 {
         versions_total?: number;
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The time-to-live (TTL) or lease duration that is assigned to the secret. For `iam_credentials` secrets, the
          *  TTL defines for how long each generated API key remains valid.
          */
@@ -3019,6 +3132,10 @@ declare namespace SecretsManagerV1 {
         versions?: JsonObject[];
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The time-to-live (TTL) or lease duration to assign to generated credentials.
          *
          *  For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can
@@ -3069,6 +3186,12 @@ declare namespace SecretsManagerV1 {
          *  are generated each time that the secret is read or accessed.
          */
         reuse_api_key?: boolean;
+        /** The date that the secret is scheduled for automatic rotation.
+         *
+         *  The service automatically creates a new version of the secret on its next rotation date. This field exists only
+         *  for secrets that have an existing rotation policy.
+         */
+        next_rotation_date?: string;
     }
     /** IAMCredentialsSecretVersion. */
     interface IAMCredentialsSecretVersion extends SecretVersion {
@@ -3082,6 +3205,10 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
         /** The data that is associated with the secret version. The data object contains the following fields:
          *
          *  - `api_key`: The API key that is generated for this secret.
@@ -3104,6 +3231,10 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
     }
     /** Properties that describe a secret version. */
     interface IAMCredentialsSecretVersionMetadata extends SecretVersionMetadata {
@@ -3123,6 +3254,10 @@ declare namespace SecretsManagerV1 {
         downloaded?: boolean;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+        /** Indicates whether the version of the secret was created by automatic rotation. */
+        auto_rotated?: boolean;
     }
     /** Intermediate certificate authorities configuration. */
     interface IntermediateCertificateAuthoritiesConfig extends GetConfigElementsResourcesItem {
@@ -3292,6 +3427,8 @@ declare namespace SecretsManagerV1 {
         versions_total?: number;
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
     }
     /** Properties that describe a secret. */
     interface KvSecretResource extends SecretResource {
@@ -3345,6 +3482,10 @@ declare namespace SecretsManagerV1 {
         versions?: JsonObject[];
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -3429,6 +3570,8 @@ declare namespace SecretsManagerV1 {
         versions_total?: number;
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The name of the certificate template. */
         certificate_template?: string;
         /** The intermediate certificate authority that signed this certificate. */
@@ -3508,6 +3651,10 @@ declare namespace SecretsManagerV1 {
         versions?: JsonObject[];
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The name of the certificate template. */
         certificate_template: string;
         /** The intermediate certificate authority that signed this certificate. */
@@ -3588,6 +3735,8 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         validity?: CertificateValidity;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
@@ -3627,6 +3776,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -3663,6 +3814,8 @@ declare namespace SecretsManagerV1 {
         downloaded?: boolean;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The unique serial number that was assigned to the certificate by the issuing certificate authority. */
         serial_number?: string;
         /** The date that the certificate expires. The date format follows RFC 3339. */
@@ -3737,6 +3890,8 @@ declare namespace SecretsManagerV1 {
         versions_total?: number;
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
         issuer?: string;
         /** Determines whether your issued certificate is bundled with intermediate certificates.
@@ -3819,6 +3974,10 @@ declare namespace SecretsManagerV1 {
         versions?: JsonObject[];
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The distinguished name that identifies the entity that signed and issued the certificate. */
         issuer?: string;
         /** Determines whether your issued certificate is bundled with intermediate certificates.
@@ -3879,6 +4038,10 @@ declare namespace SecretsManagerV1 {
     interface RestoreIAMCredentialsSecretBody extends SecretAction {
         /** The ID of the target version or the alias `previous`. */
         version_id: string;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** A request to revoke the certificate of an internally signed intermediate certificate authority. */
     interface RevokeAction extends ConfigAction {
@@ -3954,7 +4117,8 @@ declare namespace SecretsManagerV1 {
         other_sans?: string[];
         /** The time-to-live (TTL) to assign to this CA certificate.
          *
-         *  The value can be supplied as a string representation of a duration, such as `12h`. The value can't exceed the
+         *  The value can be supplied as a string representation of a duration, such as `12h`. The value can be supplied in
+         *  seconds (suffix `s`), minutes (suffix `m`), hours (suffix `h`) or days (suffix `d`). The value can't exceed the
          *  `max_ttl` that is defined in the associated certificate template. In the API response, this value is returned in
          *  seconds (integer).
          */
@@ -4016,6 +4180,10 @@ declare namespace SecretsManagerV1 {
     interface RotateArbitrarySecretBody extends SecretAction {
         /** The new secret data to assign to an `arbitrary` secret. */
         payload: string;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** The request body of a rotate certificate action. */
     interface RotateCertificateBody extends SecretAction {
@@ -4025,6 +4193,10 @@ declare namespace SecretsManagerV1 {
         private_key?: string;
         /** The new intermediate certificate to associate with the certificate. */
         intermediate?: string;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** Properties that are returned with a successful `rotate_crl` action. */
     interface RotateCrlActionResult extends ConfigElementActionResultConfig {
@@ -4033,16 +4205,40 @@ declare namespace SecretsManagerV1 {
     interface RotateKvSecretBody extends SecretAction {
         /** The new secret data to assign to a key-value secret. */
         payload: JsonObject;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+    }
+    /** The request body of a rotate private certificate action. */
+    interface RotatePrivateCertBody extends SecretAction {
+        /** The secret metadata that a user can customize. */
+        custom_metadata: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
+    }
+    /** The request body of a rotate private certificate action. */
+    interface RotatePrivateCertBodyWithVersionCustomMetadata extends SecretAction {
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata: JsonObject;
     }
     /** The request body of a `rotate` action. */
     interface RotatePublicCertBody extends SecretAction {
         /** Determine whether keys must be rotated. */
         rotate_keys: boolean;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** The request body of a `rotate` action. */
     interface RotateUsernamePasswordSecretBody extends SecretAction {
         /** The new password to assign to a `username_password` secret. */
         password: string;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
     }
     /** The secret rotation time interval. */
     interface SecretPolicyRotationRotationPolicyRotation extends SecretPolicyRotationRotation {
@@ -4214,7 +4410,7 @@ declare namespace SecretsManagerV1 {
          */
         serial_number?: string;
         /** Properties that are returned with a successful `sign` action. */
-        data: SignActionResultData;
+        data?: SignActionResultData;
         /** The PEM-encoded certificate signing request (CSR). */
         csr: string;
     }
@@ -4370,7 +4566,7 @@ declare namespace SecretsManagerV1 {
          */
         serial_number?: string;
         /** Properties that are returned with a successful `sign` action. */
-        data: SignIntermediateActionResultData;
+        data?: SignIntermediateActionResultData;
         /** The signed intermediate certificate authority. */
         intermediate_certificate_authority: string;
     }
@@ -4423,6 +4619,8 @@ declare namespace SecretsManagerV1 {
         versions_total?: number;
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
         /** The date the secret material expires. The date format follows RFC 3339.
          *
          *  You can set an expiration date on supported secret types at their creation. If you create a secret without
@@ -4486,6 +4684,10 @@ declare namespace SecretsManagerV1 {
         versions?: JsonObject[];
         /** The number of locks that are associated with a secret. */
         locks_total?: number;
+        /** The secret metadata that a user can customize. */
+        custom_metadata?: JsonObject;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** The username to assign to this secret. */
         username?: string;
         /** The password to assign to this secret. */
@@ -4525,6 +4727,8 @@ declare namespace SecretsManagerV1 {
         created_by?: string;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
         /** The data that is associated with the secret version. The data object contains the following fields:
@@ -4548,6 +4752,8 @@ declare namespace SecretsManagerV1 {
          *  service API.
          */
         downloaded?: boolean;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
     }
@@ -4569,6 +4775,8 @@ declare namespace SecretsManagerV1 {
         downloaded?: boolean;
         /** The number of locks that are associated with a secret version. */
         locks_total?: number;
+        /** The secret version metadata that a user can customize. */
+        version_custom_metadata?: JsonObject;
         /** Indicates whether the version of the secret was created by automatic rotation. */
         auto_rotated?: boolean;
     }