@tapis/tapis-typescript-sk 0.0.2 → 0.0.3

package/src/apis/VaultApi.ts

@@ -2,9 +2,9 @@
 /* eslint-disable */
 /**
  * Tapis Security API
- * The Tapis Security API provides access to the Tapis Security Kernel authorization and secrets facilities.
+ * The Tapis Security API provides for management of Security Kernel (SK) role-based authorization and secrets resources. 
  *
- * The version of the OpenAPI document: 0.1
+ * The version of the OpenAPI document: 1.8.2
  * Contact: cicsupport@tacc.utexas.edu
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -14,44 +14,45 @@
 
 
 import * as runtime from '../runtime';
+import type {
+  ReqValidatePwd,
+  ReqVersions,
+  ReqWriteSecret,
+  RespAuthorized,
+  RespBasic,
+  RespSecret,
+  RespSecretList,
+  RespSecretMeta,
+  RespSecretVersionMetadata,
+  RespVersions,
+} from '../models/index';
 import {
-    ReqValidateServicePwd,
-    ReqValidateServicePwdFromJSON,
-    ReqValidateServicePwdToJSON,
-    ReqVersions,
+    ReqValidatePwdFromJSON,
+    ReqValidatePwdToJSON,
     ReqVersionsFromJSON,
     ReqVersionsToJSON,
-    ReqWriteSecret,
     ReqWriteSecretFromJSON,
     ReqWriteSecretToJSON,
-    RespAuthorized,
     RespAuthorizedFromJSON,
     RespAuthorizedToJSON,
-    RespBasic,
     RespBasicFromJSON,
     RespBasicToJSON,
-    RespSecret,
     RespSecretFromJSON,
     RespSecretToJSON,
-    RespSecretList,
     RespSecretListFromJSON,
     RespSecretListToJSON,
-    RespSecretMeta,
     RespSecretMetaFromJSON,
     RespSecretMetaToJSON,
-    RespSecretVersionMetadata,
     RespSecretVersionMetadataFromJSON,
     RespSecretVersionMetadataToJSON,
-    RespVersions,
     RespVersionsFromJSON,
     RespVersionsToJSON,
-} from '../models';
+} from '../models/index';
 
 export interface DeleteSecretRequest {
     secretType: string;
     secretName: string;
     reqVersions: ReqVersions;
-    pretty?: boolean;
     sysid?: string;
     sysuser?: string;
     keytype?: string;
@@ -64,7 +65,6 @@ export interface DestroySecretRequest {
     secretType: string;
     secretName: string;
     reqVersions: ReqVersions;
-    pretty?: boolean;
     sysid?: string;
     sysuser?: string;
     keytype?: string;
@@ -78,7 +78,6 @@ export interface DestroySecretMetaRequest {
     secretName: string;
     tenant?: string;
     user?: string;
-    pretty?: boolean;
     sysid?: string;
     sysuser?: string;
     keytype?: string;
@@ -91,7 +90,6 @@ export interface ListSecretMetaRequest {
     secretType: string;
     tenant?: string;
     user?: string;
-    pretty?: boolean;
     sysid?: string;
     sysuser?: string;
     keytype?: string;
@@ -106,7 +104,6 @@ export interface ReadSecretRequest {
     tenant?: string;
     user?: string;
     version?: number;
-    pretty?: boolean;
     sysid?: string;
     sysuser?: string;
     keytype?: string;
@@ -120,7 +117,6 @@ export interface ReadSecretMetaRequest {
     secretName: string;
     tenant?: string;
     user?: string;
-    pretty?: boolean;
     sysid?: string;
     sysuser?: string;
     keytype?: string;
@@ -133,7 +129,6 @@ export interface UndeleteSecretRequest {
     secretType: string;
     secretName: string;
     reqVersions: ReqVersions;
-    pretty?: boolean;
     sysid?: string;
     sysuser?: string;
     keytype?: string;
@@ -144,15 +139,18 @@ export interface UndeleteSecretRequest {
 
 export interface ValidateServicePasswordRequest {
     secretName: string;
-    reqValidateServicePwd: ReqValidateServicePwd;
-    pretty?: boolean;
+    reqValidatePwd: ReqValidatePwd;
+}
+
+export interface ValidateSiteAdminPasswordRequest {
+    secretName: string;
+    reqValidatePwd: ReqValidatePwd;
 }
 
 export interface WriteSecretRequest {
     secretType: string;
     secretName: string;
     reqWriteSecret: ReqWriteSecret;
-    pretty?: boolean;
     sysid?: string;
     sysuser?: string;
     keytype?: string;
@@ -167,49 +165,54 @@ export interface WriteSecretRequest {
 export class VaultApi extends runtime.BaseAPI {
 
     /**
-     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async deleteSecretRaw(requestParameters: DeleteSecretRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespVersions>> {
-        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-            throw new runtime.RequiredError('secretType','Required parameter requestParameters.secretType was null or undefined when calling deleteSecret.');
+    async deleteSecretRaw(requestParameters: DeleteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespVersions>> {
+        if (requestParameters['secretType'] == null) {
+            throw new runtime.RequiredError(
+                'secretType',
+                'Required parameter "secretType" was null or undefined when calling deleteSecret().'
+            );
         }
 
-        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-            throw new runtime.RequiredError('secretName','Required parameter requestParameters.secretName was null or undefined when calling deleteSecret.');
+        if (requestParameters['secretName'] == null) {
+            throw new runtime.RequiredError(
+                'secretName',
+                'Required parameter "secretName" was null or undefined when calling deleteSecret().'
+            );
         }
 
-        if (requestParameters.reqVersions === null || requestParameters.reqVersions === undefined) {
-            throw new runtime.RequiredError('reqVersions','Required parameter requestParameters.reqVersions was null or undefined when calling deleteSecret.');
+        if (requestParameters['reqVersions'] == null) {
+            throw new runtime.RequiredError(
+                'reqVersions',
+                'Required parameter "reqVersions" was null or undefined when calling deleteSecret().'
+            );
         }
 
         const queryParameters: any = {};
 
-        if (requestParameters.pretty !== undefined) {
-            queryParameters['pretty'] = requestParameters.pretty;
+        if (requestParameters['sysid'] != null) {
+            queryParameters['sysid'] = requestParameters['sysid'];
         }
 
-        if (requestParameters.sysid !== undefined) {
-            queryParameters['sysid'] = requestParameters.sysid;
+        if (requestParameters['sysuser'] != null) {
+            queryParameters['sysuser'] = requestParameters['sysuser'];
         }
 
-        if (requestParameters.sysuser !== undefined) {
-            queryParameters['sysuser'] = requestParameters.sysuser;
+        if (requestParameters['keytype'] != null) {
+            queryParameters['keytype'] = requestParameters['keytype'];
         }
 
-        if (requestParameters.keytype !== undefined) {
-            queryParameters['keytype'] = requestParameters.keytype;
+        if (requestParameters['dbhost'] != null) {
+            queryParameters['dbhost'] = requestParameters['dbhost'];
         }
 
-        if (requestParameters.dbhost !== undefined) {
-            queryParameters['dbhost'] = requestParameters.dbhost;
+        if (requestParameters['dbname'] != null) {
+            queryParameters['dbname'] = requestParameters['dbname'];
         }
 
-        if (requestParameters.dbname !== undefined) {
-            queryParameters['dbname'] = requestParameters.dbname;
-        }
-
-        if (requestParameters.dbservice !== undefined) {
-            queryParameters['dbservice'] = requestParameters.dbservice;
+        if (requestParameters['dbservice'] != null) {
+            queryParameters['dbservice'] = requestParameters['dbservice'];
         }
 
         const headerParameters: runtime.HTTPHeaders = {};
@@ -217,72 +220,77 @@ export class VaultApi extends runtime.BaseAPI {
         headerParameters['Content-Type'] = 'application/json';
 
         if (this.configuration && this.configuration.apiKey) {
-            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
         const response = await this.request({
-            path: `/security/vault/secret/delete/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters.secretType))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters.secretName))),
+            path: `/security/vault/secret/delete/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters['secretType']))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters['secretName']))),
             method: 'POST',
             headers: headerParameters,
             query: queryParameters,
-            body: ReqVersionsToJSON(requestParameters.reqVersions),
+            body: ReqVersionsToJSON(requestParameters['reqVersions']),
         }, initOverrides);
 
         return new runtime.JSONApiResponse(response, (jsonValue) => RespVersionsFromJSON(jsonValue));
     }
 
     /**
-     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async deleteSecret(requestParameters: DeleteSecretRequest, initOverrides?: RequestInit): Promise<RespVersions> {
+    async deleteSecret(requestParameters: DeleteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespVersions> {
         const response = await this.deleteSecretRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
     /**
-     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async destroySecretRaw(requestParameters: DestroySecretRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespVersions>> {
-        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-            throw new runtime.RequiredError('secretType','Required parameter requestParameters.secretType was null or undefined when calling destroySecret.');
+    async destroySecretRaw(requestParameters: DestroySecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespVersions>> {
+        if (requestParameters['secretType'] == null) {
+            throw new runtime.RequiredError(
+                'secretType',
+                'Required parameter "secretType" was null or undefined when calling destroySecret().'
+            );
         }
 
-        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-            throw new runtime.RequiredError('secretName','Required parameter requestParameters.secretName was null or undefined when calling destroySecret.');
+        if (requestParameters['secretName'] == null) {
+            throw new runtime.RequiredError(
+                'secretName',
+                'Required parameter "secretName" was null or undefined when calling destroySecret().'
+            );
         }
 
-        if (requestParameters.reqVersions === null || requestParameters.reqVersions === undefined) {
-            throw new runtime.RequiredError('reqVersions','Required parameter requestParameters.reqVersions was null or undefined when calling destroySecret.');
+        if (requestParameters['reqVersions'] == null) {
+            throw new runtime.RequiredError(
+                'reqVersions',
+                'Required parameter "reqVersions" was null or undefined when calling destroySecret().'
+            );
         }
 
         const queryParameters: any = {};
 
-        if (requestParameters.pretty !== undefined) {
-            queryParameters['pretty'] = requestParameters.pretty;
-        }
-
-        if (requestParameters.sysid !== undefined) {
-            queryParameters['sysid'] = requestParameters.sysid;
+        if (requestParameters['sysid'] != null) {
+            queryParameters['sysid'] = requestParameters['sysid'];
         }
 
-        if (requestParameters.sysuser !== undefined) {
-            queryParameters['sysuser'] = requestParameters.sysuser;
+        if (requestParameters['sysuser'] != null) {
+            queryParameters['sysuser'] = requestParameters['sysuser'];
         }
 
-        if (requestParameters.keytype !== undefined) {
-            queryParameters['keytype'] = requestParameters.keytype;
+        if (requestParameters['keytype'] != null) {
+            queryParameters['keytype'] = requestParameters['keytype'];
         }
 
-        if (requestParameters.dbhost !== undefined) {
-            queryParameters['dbhost'] = requestParameters.dbhost;
+        if (requestParameters['dbhost'] != null) {
+            queryParameters['dbhost'] = requestParameters['dbhost'];
         }
 
-        if (requestParameters.dbname !== undefined) {
-            queryParameters['dbname'] = requestParameters.dbname;
+        if (requestParameters['dbname'] != null) {
+            queryParameters['dbname'] = requestParameters['dbname'];
         }
 
-        if (requestParameters.dbservice !== undefined) {
-            queryParameters['dbservice'] = requestParameters.dbservice;
+        if (requestParameters['dbservice'] != null) {
+            queryParameters['dbservice'] = requestParameters['dbservice'];
         }
 
         const headerParameters: runtime.HTTPHeaders = {};
@@ -290,86 +298,88 @@ export class VaultApi extends runtime.BaseAPI {
         headerParameters['Content-Type'] = 'application/json';
 
         if (this.configuration && this.configuration.apiKey) {
-            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
         const response = await this.request({
-            path: `/security/vault/secret/destroy/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters.secretType))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters.secretName))),
+            path: `/security/vault/secret/destroy/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters['secretType']))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters['secretName']))),
             method: 'POST',
             headers: headerParameters,
             query: queryParameters,
-            body: ReqVersionsToJSON(requestParameters.reqVersions),
+            body: ReqVersionsToJSON(requestParameters['reqVersions']),
         }, initOverrides);
 
         return new runtime.JSONApiResponse(response, (jsonValue) => RespVersionsFromJSON(jsonValue));
     }
 
     /**
-     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async destroySecret(requestParameters: DestroySecretRequest, initOverrides?: RequestInit): Promise<RespVersions> {
+    async destroySecret(requestParameters: DestroySecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespVersions> {
         const response = await this.destroySecretRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
     /**
-     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async destroySecretMetaRaw(requestParameters: DestroySecretMetaRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
-        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-            throw new runtime.RequiredError('secretType','Required parameter requestParameters.secretType was null or undefined when calling destroySecretMeta.');
+    async destroySecretMetaRaw(requestParameters: DestroySecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespBasic>> {
+        if (requestParameters['secretType'] == null) {
+            throw new runtime.RequiredError(
+                'secretType',
+                'Required parameter "secretType" was null or undefined when calling destroySecretMeta().'
+            );
         }
 
-        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-            throw new runtime.RequiredError('secretName','Required parameter requestParameters.secretName was null or undefined when calling destroySecretMeta.');
+        if (requestParameters['secretName'] == null) {
+            throw new runtime.RequiredError(
+                'secretName',
+                'Required parameter "secretName" was null or undefined when calling destroySecretMeta().'
+            );
         }
 
         const queryParameters: any = {};
 
-        if (requestParameters.tenant !== undefined) {
-            queryParameters['tenant'] = requestParameters.tenant;
-        }
-
-        if (requestParameters.user !== undefined) {
-            queryParameters['user'] = requestParameters.user;
+        if (requestParameters['tenant'] != null) {
+            queryParameters['tenant'] = requestParameters['tenant'];
         }
 
-        if (requestParameters.pretty !== undefined) {
-            queryParameters['pretty'] = requestParameters.pretty;
+        if (requestParameters['user'] != null) {
+            queryParameters['user'] = requestParameters['user'];
         }
 
-        if (requestParameters.sysid !== undefined) {
-            queryParameters['sysid'] = requestParameters.sysid;
+        if (requestParameters['sysid'] != null) {
+            queryParameters['sysid'] = requestParameters['sysid'];
         }
 
-        if (requestParameters.sysuser !== undefined) {
-            queryParameters['sysuser'] = requestParameters.sysuser;
+        if (requestParameters['sysuser'] != null) {
+            queryParameters['sysuser'] = requestParameters['sysuser'];
         }
 
-        if (requestParameters.keytype !== undefined) {
-            queryParameters['keytype'] = requestParameters.keytype;
+        if (requestParameters['keytype'] != null) {
+            queryParameters['keytype'] = requestParameters['keytype'];
         }
 
-        if (requestParameters.dbhost !== undefined) {
-            queryParameters['dbhost'] = requestParameters.dbhost;
+        if (requestParameters['dbhost'] != null) {
+            queryParameters['dbhost'] = requestParameters['dbhost'];
         }
 
-        if (requestParameters.dbname !== undefined) {
-            queryParameters['dbname'] = requestParameters.dbname;
+        if (requestParameters['dbname'] != null) {
+            queryParameters['dbname'] = requestParameters['dbname'];
         }
 
-        if (requestParameters.dbservice !== undefined) {
-            queryParameters['dbservice'] = requestParameters.dbservice;
+        if (requestParameters['dbservice'] != null) {
+            queryParameters['dbservice'] = requestParameters['dbservice'];
         }
 
         const headerParameters: runtime.HTTPHeaders = {};
 
         if (this.configuration && this.configuration.apiKey) {
-            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
         const response = await this.request({
-            path: `/security/vault/secret/destroy/meta/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters.secretType))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters.secretName))),
+            path: `/security/vault/secret/destroy/meta/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters['secretType']))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters['secretName']))),
             method: 'DELETE',
             headers: headerParameters,
             query: queryParameters,
@@ -379,67 +389,66 @@ export class VaultApi extends runtime.BaseAPI {
     }
 
     /**
-     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async destroySecretMeta(requestParameters: DestroySecretMetaRequest, initOverrides?: RequestInit): Promise<RespBasic> {
+    async destroySecretMeta(requestParameters: DestroySecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespBasic> {
         const response = await this.destroySecretMetaRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
     /**
-     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async listSecretMetaRaw(requestParameters: ListSecretMetaRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespSecretList>> {
-        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-            throw new runtime.RequiredError('secretType','Required parameter requestParameters.secretType was null or undefined when calling listSecretMeta.');
+    async listSecretMetaRaw(requestParameters: ListSecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespSecretList>> {
+        if (requestParameters['secretType'] == null) {
+            throw new runtime.RequiredError(
+                'secretType',
+                'Required parameter "secretType" was null or undefined when calling listSecretMeta().'
+            );
         }
 
         const queryParameters: any = {};
 
-        if (requestParameters.tenant !== undefined) {
-            queryParameters['tenant'] = requestParameters.tenant;
+        if (requestParameters['tenant'] != null) {
+            queryParameters['tenant'] = requestParameters['tenant'];
         }
 
-        if (requestParameters.user !== undefined) {
-            queryParameters['user'] = requestParameters.user;
+        if (requestParameters['user'] != null) {
+            queryParameters['user'] = requestParameters['user'];
         }
 
-        if (requestParameters.pretty !== undefined) {
-            queryParameters['pretty'] = requestParameters.pretty;
+        if (requestParameters['sysid'] != null) {
+            queryParameters['sysid'] = requestParameters['sysid'];
         }
 
-        if (requestParameters.sysid !== undefined) {
-            queryParameters['sysid'] = requestParameters.sysid;
+        if (requestParameters['sysuser'] != null) {
+            queryParameters['sysuser'] = requestParameters['sysuser'];
         }
 
-        if (requestParameters.sysuser !== undefined) {
-            queryParameters['sysuser'] = requestParameters.sysuser;
+        if (requestParameters['keytype'] != null) {
+            queryParameters['keytype'] = requestParameters['keytype'];
         }
 
-        if (requestParameters.keytype !== undefined) {
-            queryParameters['keytype'] = requestParameters.keytype;
+        if (requestParameters['dbhost'] != null) {
+            queryParameters['dbhost'] = requestParameters['dbhost'];
         }
 
-        if (requestParameters.dbhost !== undefined) {
-            queryParameters['dbhost'] = requestParameters.dbhost;
+        if (requestParameters['dbname'] != null) {
+            queryParameters['dbname'] = requestParameters['dbname'];
         }
 
-        if (requestParameters.dbname !== undefined) {
-            queryParameters['dbname'] = requestParameters.dbname;
-        }
-
-        if (requestParameters.dbservice !== undefined) {
-            queryParameters['dbservice'] = requestParameters.dbservice;
+        if (requestParameters['dbservice'] != null) {
+            queryParameters['dbservice'] = requestParameters['dbservice'];
         }
 
         const headerParameters: runtime.HTTPHeaders = {};
 
         if (this.configuration && this.configuration.apiKey) {
-            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
         const response = await this.request({
-            path: `/security/vault/secret/list/meta/{secretType}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters.secretType))),
+            path: `/security/vault/secret/list/meta/{secretType}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters['secretType']))),
             method: 'GET',
             headers: headerParameters,
             query: queryParameters,
@@ -449,75 +458,77 @@ export class VaultApi extends runtime.BaseAPI {
     }
 
     /**
-     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async listSecretMeta(requestParameters: ListSecretMetaRequest, initOverrides?: RequestInit): Promise<RespSecretList> {
+    async listSecretMeta(requestParameters: ListSecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespSecretList> {
         const response = await this.listSecretMetaRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
     /**
-     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read.  The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read. The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async readSecretRaw(requestParameters: ReadSecretRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespSecret>> {
-        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-            throw new runtime.RequiredError('secretType','Required parameter requestParameters.secretType was null or undefined when calling readSecret.');
+    async readSecretRaw(requestParameters: ReadSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespSecret>> {
+        if (requestParameters['secretType'] == null) {
+            throw new runtime.RequiredError(
+                'secretType',
+                'Required parameter "secretType" was null or undefined when calling readSecret().'
+            );
         }
 
-        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-            throw new runtime.RequiredError('secretName','Required parameter requestParameters.secretName was null or undefined when calling readSecret.');
+        if (requestParameters['secretName'] == null) {
+            throw new runtime.RequiredError(
+                'secretName',
+                'Required parameter "secretName" was null or undefined when calling readSecret().'
+            );
         }
 
         const queryParameters: any = {};
 
-        if (requestParameters.tenant !== undefined) {
-            queryParameters['tenant'] = requestParameters.tenant;
-        }
-
-        if (requestParameters.user !== undefined) {
-            queryParameters['user'] = requestParameters.user;
+        if (requestParameters['tenant'] != null) {
+            queryParameters['tenant'] = requestParameters['tenant'];
         }
 
-        if (requestParameters.version !== undefined) {
-            queryParameters['version'] = requestParameters.version;
+        if (requestParameters['user'] != null) {
+            queryParameters['user'] = requestParameters['user'];
         }
 
-        if (requestParameters.pretty !== undefined) {
-            queryParameters['pretty'] = requestParameters.pretty;
+        if (requestParameters['version'] != null) {
+            queryParameters['version'] = requestParameters['version'];
         }
 
-        if (requestParameters.sysid !== undefined) {
-            queryParameters['sysid'] = requestParameters.sysid;
+        if (requestParameters['sysid'] != null) {
+            queryParameters['sysid'] = requestParameters['sysid'];
         }
 
-        if (requestParameters.sysuser !== undefined) {
-            queryParameters['sysuser'] = requestParameters.sysuser;
+        if (requestParameters['sysuser'] != null) {
+            queryParameters['sysuser'] = requestParameters['sysuser'];
         }
 
-        if (requestParameters.keytype !== undefined) {
-            queryParameters['keytype'] = requestParameters.keytype;
+        if (requestParameters['keytype'] != null) {
+            queryParameters['keytype'] = requestParameters['keytype'];
         }
 
-        if (requestParameters.dbhost !== undefined) {
-            queryParameters['dbhost'] = requestParameters.dbhost;
+        if (requestParameters['dbhost'] != null) {
+            queryParameters['dbhost'] = requestParameters['dbhost'];
         }
 
-        if (requestParameters.dbname !== undefined) {
-            queryParameters['dbname'] = requestParameters.dbname;
+        if (requestParameters['dbname'] != null) {
+            queryParameters['dbname'] = requestParameters['dbname'];
         }
 
-        if (requestParameters.dbservice !== undefined) {
-            queryParameters['dbservice'] = requestParameters.dbservice;
+        if (requestParameters['dbservice'] != null) {
+            queryParameters['dbservice'] = requestParameters['dbservice'];
         }
 
         const headerParameters: runtime.HTTPHeaders = {};
 
         if (this.configuration && this.configuration.apiKey) {
-            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
         const response = await this.request({
-            path: `/security/vault/secret/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters.secretType))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters.secretName))),
+            path: `/security/vault/secret/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters['secretType']))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters['secretName']))),
             method: 'GET',
             headers: headerParameters,
             query: queryParameters,
@@ -527,71 +538,73 @@ export class VaultApi extends runtime.BaseAPI {
     }
 
     /**
-     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read.  The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read. The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async readSecret(requestParameters: ReadSecretRequest, initOverrides?: RequestInit): Promise<RespSecret> {
+    async readSecret(requestParameters: ReadSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespSecret> {
         const response = await this.readSecretRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
     /**
-     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async readSecretMetaRaw(requestParameters: ReadSecretMetaRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespSecretVersionMetadata>> {
-        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-            throw new runtime.RequiredError('secretType','Required parameter requestParameters.secretType was null or undefined when calling readSecretMeta.');
+    async readSecretMetaRaw(requestParameters: ReadSecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespSecretVersionMetadata>> {
+        if (requestParameters['secretType'] == null) {
+            throw new runtime.RequiredError(
+                'secretType',
+                'Required parameter "secretType" was null or undefined when calling readSecretMeta().'
+            );
         }
 
-        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-            throw new runtime.RequiredError('secretName','Required parameter requestParameters.secretName was null or undefined when calling readSecretMeta.');
+        if (requestParameters['secretName'] == null) {
+            throw new runtime.RequiredError(
+                'secretName',
+                'Required parameter "secretName" was null or undefined when calling readSecretMeta().'
+            );
         }
 
         const queryParameters: any = {};
 
-        if (requestParameters.tenant !== undefined) {
-            queryParameters['tenant'] = requestParameters.tenant;
-        }
-
-        if (requestParameters.user !== undefined) {
-            queryParameters['user'] = requestParameters.user;
+        if (requestParameters['tenant'] != null) {
+            queryParameters['tenant'] = requestParameters['tenant'];
         }
 
-        if (requestParameters.pretty !== undefined) {
-            queryParameters['pretty'] = requestParameters.pretty;
+        if (requestParameters['user'] != null) {
+            queryParameters['user'] = requestParameters['user'];
         }
 
-        if (requestParameters.sysid !== undefined) {
-            queryParameters['sysid'] = requestParameters.sysid;
+        if (requestParameters['sysid'] != null) {
+            queryParameters['sysid'] = requestParameters['sysid'];
         }
 
-        if (requestParameters.sysuser !== undefined) {
-            queryParameters['sysuser'] = requestParameters.sysuser;
+        if (requestParameters['sysuser'] != null) {
+            queryParameters['sysuser'] = requestParameters['sysuser'];
         }
 
-        if (requestParameters.keytype !== undefined) {
-            queryParameters['keytype'] = requestParameters.keytype;
+        if (requestParameters['keytype'] != null) {
+            queryParameters['keytype'] = requestParameters['keytype'];
         }
 
-        if (requestParameters.dbhost !== undefined) {
-            queryParameters['dbhost'] = requestParameters.dbhost;
+        if (requestParameters['dbhost'] != null) {
+            queryParameters['dbhost'] = requestParameters['dbhost'];
         }
 
-        if (requestParameters.dbname !== undefined) {
-            queryParameters['dbname'] = requestParameters.dbname;
+        if (requestParameters['dbname'] != null) {
+            queryParameters['dbname'] = requestParameters['dbname'];
         }
 
-        if (requestParameters.dbservice !== undefined) {
-            queryParameters['dbservice'] = requestParameters.dbservice;
+        if (requestParameters['dbservice'] != null) {
+            queryParameters['dbservice'] = requestParameters['dbservice'];
         }
 
         const headerParameters: runtime.HTTPHeaders = {};
 
         if (this.configuration && this.configuration.apiKey) {
-            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
         const response = await this.request({
-            path: `/security/vault/secret/read/meta/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters.secretType))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters.secretName))),
+            path: `/security/vault/secret/read/meta/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters['secretType']))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters['secretName']))),
             method: 'GET',
             headers: headerParameters,
             query: queryParameters,
@@ -601,57 +614,62 @@ export class VaultApi extends runtime.BaseAPI {
     }
 
     /**
-     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async readSecretMeta(requestParameters: ReadSecretMetaRequest, initOverrides?: RequestInit): Promise<RespSecretVersionMetadata> {
+    async readSecretMeta(requestParameters: ReadSecretMetaRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespSecretVersionMetadata> {
         const response = await this.readSecretMetaRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
     /**
-     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async undeleteSecretRaw(requestParameters: UndeleteSecretRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespVersions>> {
-        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-            throw new runtime.RequiredError('secretType','Required parameter requestParameters.secretType was null or undefined when calling undeleteSecret.');
+    async undeleteSecretRaw(requestParameters: UndeleteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespVersions>> {
+        if (requestParameters['secretType'] == null) {
+            throw new runtime.RequiredError(
+                'secretType',
+                'Required parameter "secretType" was null or undefined when calling undeleteSecret().'
+            );
         }
 
-        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-            throw new runtime.RequiredError('secretName','Required parameter requestParameters.secretName was null or undefined when calling undeleteSecret.');
+        if (requestParameters['secretName'] == null) {
+            throw new runtime.RequiredError(
+                'secretName',
+                'Required parameter "secretName" was null or undefined when calling undeleteSecret().'
+            );
         }
 
-        if (requestParameters.reqVersions === null || requestParameters.reqVersions === undefined) {
-            throw new runtime.RequiredError('reqVersions','Required parameter requestParameters.reqVersions was null or undefined when calling undeleteSecret.');
+        if (requestParameters['reqVersions'] == null) {
+            throw new runtime.RequiredError(
+                'reqVersions',
+                'Required parameter "reqVersions" was null or undefined when calling undeleteSecret().'
+            );
         }
 
         const queryParameters: any = {};
 
-        if (requestParameters.pretty !== undefined) {
-            queryParameters['pretty'] = requestParameters.pretty;
+        if (requestParameters['sysid'] != null) {
+            queryParameters['sysid'] = requestParameters['sysid'];
         }
 
-        if (requestParameters.sysid !== undefined) {
-            queryParameters['sysid'] = requestParameters.sysid;
+        if (requestParameters['sysuser'] != null) {
+            queryParameters['sysuser'] = requestParameters['sysuser'];
         }
 
-        if (requestParameters.sysuser !== undefined) {
-            queryParameters['sysuser'] = requestParameters.sysuser;
+        if (requestParameters['keytype'] != null) {
+            queryParameters['keytype'] = requestParameters['keytype'];
         }
 
-        if (requestParameters.keytype !== undefined) {
-            queryParameters['keytype'] = requestParameters.keytype;
+        if (requestParameters['dbhost'] != null) {
+            queryParameters['dbhost'] = requestParameters['dbhost'];
         }
 
-        if (requestParameters.dbhost !== undefined) {
-            queryParameters['dbhost'] = requestParameters.dbhost;
+        if (requestParameters['dbname'] != null) {
+            queryParameters['dbname'] = requestParameters['dbname'];
         }
 
-        if (requestParameters.dbname !== undefined) {
-            queryParameters['dbname'] = requestParameters.dbname;
-        }
-
-        if (requestParameters.dbservice !== undefined) {
-            queryParameters['dbservice'] = requestParameters.dbservice;
+        if (requestParameters['dbservice'] != null) {
+            queryParameters['dbservice'] = requestParameters['dbservice'];
         }
 
         const headerParameters: runtime.HTTPHeaders = {};
@@ -659,117 +677,171 @@ export class VaultApi extends runtime.BaseAPI {
         headerParameters['Content-Type'] = 'application/json';
 
         if (this.configuration && this.configuration.apiKey) {
-            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
         const response = await this.request({
-            path: `/security/vault/secret/undelete/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters.secretType))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters.secretName))),
+            path: `/security/vault/secret/undelete/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters['secretType']))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters['secretName']))),
             method: 'POST',
             headers: headerParameters,
             query: queryParameters,
-            body: ReqVersionsToJSON(requestParameters.reqVersions),
+            body: ReqVersionsToJSON(requestParameters['reqVersions']),
         }, initOverrides);
 
         return new runtime.JSONApiResponse(response, (jsonValue) => RespVersionsFromJSON(jsonValue));
     }
 
     /**
-     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service 
      */
-    async undeleteSecret(requestParameters: UndeleteSecretRequest, initOverrides?: RequestInit): Promise<RespVersions> {
+    async undeleteSecret(requestParameters: UndeleteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespVersions> {
         const response = await this.undeleteSecretRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
     /**
-     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifiedin the X-Tapis-User header. The secret name is the path under whichthe password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
+     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifie din the X-Tapis-User header. The secret name is the path under which the password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request. 
      */
-    async validateServicePasswordRaw(requestParameters: ValidateServicePasswordRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespAuthorized>> {
-        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-            throw new runtime.RequiredError('secretName','Required parameter requestParameters.secretName was null or undefined when calling validateServicePassword.');
+    async validateServicePasswordRaw(requestParameters: ValidateServicePasswordRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespAuthorized>> {
+        if (requestParameters['secretName'] == null) {
+            throw new runtime.RequiredError(
+                'secretName',
+                'Required parameter "secretName" was null or undefined when calling validateServicePassword().'
+            );
         }
 
-        if (requestParameters.reqValidateServicePwd === null || requestParameters.reqValidateServicePwd === undefined) {
-            throw new runtime.RequiredError('reqValidateServicePwd','Required parameter requestParameters.reqValidateServicePwd was null or undefined when calling validateServicePassword.');
+        if (requestParameters['reqValidatePwd'] == null) {
+            throw new runtime.RequiredError(
+                'reqValidatePwd',
+                'Required parameter "reqValidatePwd" was null or undefined when calling validateServicePassword().'
+            );
         }
 
         const queryParameters: any = {};
 
-        if (requestParameters.pretty !== undefined) {
-            queryParameters['pretty'] = requestParameters.pretty;
-        }
-
         const headerParameters: runtime.HTTPHeaders = {};
 
         headerParameters['Content-Type'] = 'application/json';
 
         if (this.configuration && this.configuration.apiKey) {
-            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
         const response = await this.request({
-            path: `/security/vault/secret/validateServicePassword/{secretName}`.replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters.secretName))),
+            path: `/security/vault/secret/validateServicePassword/{secretName}`.replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters['secretName']))),
             method: 'POST',
             headers: headerParameters,
             query: queryParameters,
-            body: ReqValidateServicePwdToJSON(requestParameters.reqValidateServicePwd),
+            body: ReqValidatePwdToJSON(requestParameters['reqValidatePwd']),
         }, initOverrides);
 
         return new runtime.JSONApiResponse(response, (jsonValue) => RespAuthorizedFromJSON(jsonValue));
     }
 
     /**
-     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifiedin the X-Tapis-User header. The secret name is the path under whichthe password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
+     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifie din the X-Tapis-User header. The secret name is the path under which the password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request. 
      */
-    async validateServicePassword(requestParameters: ValidateServicePasswordRequest, initOverrides?: RequestInit): Promise<RespAuthorized> {
+    async validateServicePassword(requestParameters: ValidateServicePasswordRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespAuthorized> {
         const response = await this.validateServicePasswordRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
     /**
-     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object.  It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version.  CAS stands for check-and-set and will check an existing secret\'s version before updating.  If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Validate a Site Admin\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the site admin specified in the X-Tapis-User header. The secret name is the path under which the password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request. 
      */
-    async writeSecretRaw(requestParameters: WriteSecretRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespSecretMeta>> {
-        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-            throw new runtime.RequiredError('secretType','Required parameter requestParameters.secretType was null or undefined when calling writeSecret.');
+    async validateSiteAdminPasswordRaw(requestParameters: ValidateSiteAdminPasswordRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespAuthorized>> {
+        if (requestParameters['secretName'] == null) {
+            throw new runtime.RequiredError(
+                'secretName',
+                'Required parameter "secretName" was null or undefined when calling validateSiteAdminPassword().'
+            );
+        }
+
+        if (requestParameters['reqValidatePwd'] == null) {
+            throw new runtime.RequiredError(
+                'reqValidatePwd',
+                'Required parameter "reqValidatePwd" was null or undefined when calling validateSiteAdminPassword().'
+            );
         }
 
-        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-            throw new runtime.RequiredError('secretName','Required parameter requestParameters.secretName was null or undefined when calling writeSecret.');
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
-        if (requestParameters.reqWriteSecret === null || requestParameters.reqWriteSecret === undefined) {
-            throw new runtime.RequiredError('reqWriteSecret','Required parameter requestParameters.reqWriteSecret was null or undefined when calling writeSecret.');
+        const response = await this.request({
+            path: `/security/vault/secret/validateSiteAdminPassword/{secretName}`.replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters['secretName']))),
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: ReqValidatePwdToJSON(requestParameters['reqValidatePwd']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => RespAuthorizedFromJSON(jsonValue));
+    }
+
+    /**
+     * Validate a Site Admin\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the site admin specified in the X-Tapis-User header. The secret name is the path under which the password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request. 
+     */
+    async validateSiteAdminPassword(requestParameters: ValidateSiteAdminPasswordRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespAuthorized> {
+        const response = await this.validateSiteAdminPasswordRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object. It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version. CAS stands for check-and-set and will check an existing secret\'s version before updating. If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service  ### Generating Secrets Passwords and public/private key pairs appropriate for Tapis use can be generated as part of this secret write call. To direct SK to create a secret, assign the special value `<generate-secret>` to a key. When SK detects this value, it generates a password or key pair depending on context, and replaces the `<generate-secret>` text with the generated secret. In the case of a key pair, both the public and private keys are saved.  Key pairs are always generated for secrets of type JWTSigning, while passwords are generated for all other secret types unless the key is named *privateKey*.  To generate a key pair, insert the following key/value pair into the payload\'s data map:      key=\"privateKey\", value=\"<generate-secret>\"  When the key pair is generated, the above key/value item is replaced by these two key/value pairs:      key=\"privateKey\", value=<private key in pem format>     key=\"publicKey\",  value=<public key in pem format>  In non-JWTSigning secret types, passwords are generated whenever the following key/value pair is encountered in the payload\'s data map:      key=<name other than privateKey>, value=\"<generate-secret>\"  The generated password simply replaces the item\'s value and the key name is left unchanged. 
+     */
+    async writeSecretRaw(requestParameters: WriteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RespSecretMeta>> {
+        if (requestParameters['secretType'] == null) {
+            throw new runtime.RequiredError(
+                'secretType',
+                'Required parameter "secretType" was null or undefined when calling writeSecret().'
+            );
         }
 
-        const queryParameters: any = {};
+        if (requestParameters['secretName'] == null) {
+            throw new runtime.RequiredError(
+                'secretName',
+                'Required parameter "secretName" was null or undefined when calling writeSecret().'
+            );
+        }
 
-        if (requestParameters.pretty !== undefined) {
-            queryParameters['pretty'] = requestParameters.pretty;
+        if (requestParameters['reqWriteSecret'] == null) {
+            throw new runtime.RequiredError(
+                'reqWriteSecret',
+                'Required parameter "reqWriteSecret" was null or undefined when calling writeSecret().'
+            );
         }
 
-        if (requestParameters.sysid !== undefined) {
-            queryParameters['sysid'] = requestParameters.sysid;
+        const queryParameters: any = {};
+
+        if (requestParameters['sysid'] != null) {
+            queryParameters['sysid'] = requestParameters['sysid'];
         }
 
-        if (requestParameters.sysuser !== undefined) {
-            queryParameters['sysuser'] = requestParameters.sysuser;
+        if (requestParameters['sysuser'] != null) {
+            queryParameters['sysuser'] = requestParameters['sysuser'];
         }
 
-        if (requestParameters.keytype !== undefined) {
-            queryParameters['keytype'] = requestParameters.keytype;
+        if (requestParameters['keytype'] != null) {
+            queryParameters['keytype'] = requestParameters['keytype'];
         }
 
-        if (requestParameters.dbhost !== undefined) {
-            queryParameters['dbhost'] = requestParameters.dbhost;
+        if (requestParameters['dbhost'] != null) {
+            queryParameters['dbhost'] = requestParameters['dbhost'];
         }
 
-        if (requestParameters.dbname !== undefined) {
-            queryParameters['dbname'] = requestParameters.dbname;
+        if (requestParameters['dbname'] != null) {
+            queryParameters['dbname'] = requestParameters['dbname'];
         }
 
-        if (requestParameters.dbservice !== undefined) {
-            queryParameters['dbservice'] = requestParameters.dbservice;
+        if (requestParameters['dbservice'] != null) {
+            queryParameters['dbservice'] = requestParameters['dbservice'];
         }
 
         const headerParameters: runtime.HTTPHeaders = {};
@@ -777,24 +849,24 @@ export class VaultApi extends runtime.BaseAPI {
         headerParameters['Content-Type'] = 'application/json';
 
         if (this.configuration && this.configuration.apiKey) {
-            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+            headerParameters["X-Tapis-Token"] = await this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
         }
 
         const response = await this.request({
-            path: `/security/vault/secret/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters.secretType))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters.secretName))),
+            path: `/security/vault/secret/{secretType}/{secretName}`.replace(`{${"secretType"}}`, encodeURIComponent(String(requestParameters['secretType']))).replace(`{${"secretName"}}`, encodeURIComponent(String(requestParameters['secretName']))),
             method: 'POST',
             headers: headerParameters,
             query: queryParameters,
-            body: ReqWriteSecretToJSON(requestParameters.reqWriteSecret),
+            body: ReqWriteSecretToJSON(requestParameters['reqWriteSecret']),
         }, initOverrides);
 
         return new runtime.JSONApiResponse(response, (jsonValue) => RespSecretMetaFromJSON(jsonValue));
     }
 
     /**
-     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object.  It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version.  CAS stands for check-and-set and will check an existing secret\'s version before updating.  If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object. It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version. CAS stands for check-and-set and will check an existing secret\'s version before updating. If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service  ### Generating Secrets Passwords and public/private key pairs appropriate for Tapis use can be generated as part of this secret write call. To direct SK to create a secret, assign the special value `<generate-secret>` to a key. When SK detects this value, it generates a password or key pair depending on context, and replaces the `<generate-secret>` text with the generated secret. In the case of a key pair, both the public and private keys are saved.  Key pairs are always generated for secrets of type JWTSigning, while passwords are generated for all other secret types unless the key is named *privateKey*.  To generate a key pair, insert the following key/value pair into the payload\'s data map:      key=\"privateKey\", value=\"<generate-secret>\"  When the key pair is generated, the above key/value item is replaced by these two key/value pairs:      key=\"privateKey\", value=<private key in pem format>     key=\"publicKey\",  value=<public key in pem format>  In non-JWTSigning secret types, passwords are generated whenever the following key/value pair is encountered in the payload\'s data map:      key=<name other than privateKey>, value=\"<generate-secret>\"  The generated password simply replaces the item\'s value and the key name is left unchanged. 
      */
-    async writeSecret(requestParameters: WriteSecretRequest, initOverrides?: RequestInit): Promise<RespSecretMeta> {
+    async writeSecret(requestParameters: WriteSecretRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RespSecretMeta> {
         const response = await this.writeSecretRaw(requestParameters, initOverrides);
         return await response.value();
     }