@tapis/tapis-typescript-sk 0.0.2 → 0.0.3

package/dist/apis/VaultApi.js

@@ -3,9 +3,9 @@
 /* eslint-disable */
 /**
  * Tapis Security API
- * The Tapis Security API provides access to the Tapis Security Kernel authorization and secrets facilities.
+ * The Tapis Security API provides for management of Security Kernel (SK) role-based authorization and secrets resources.
  *
- * The version of the OpenAPI document: 0.1
+ * The version of the OpenAPI document: 1.8.2
  * Contact: cicsupport@tacc.utexas.edu
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -13,30 +13,36 @@
  * Do not edit the class manually.
  */
 var __extends = (this && this.__extends) || (function () {
-    var extendStatics = Object.setPrototypeOf ||
-        ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
-        function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
     return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
         extendStatics(d, b);
         function __() { this.constructor = d; }
         d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
     };
 })();
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
         function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
         function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
 var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
     function verb(n) { return function (v) { return step([n, v]); }; }
     function step(op) {
         if (f) throw new TypeError("Generator is already executing.");
-        while (_) try {
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
             if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
             if (y = 0, t) op = [op[0] & 2, t.value];
             switch (op[0]) {
@@ -58,8 +64,9 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
     }
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.VaultApi = void 0;
 var runtime = require("../runtime");
-var models_1 = require("../models");
+var index_1 = require("../models/index");
 /**
  *
  */
@@ -69,66 +76,67 @@ var VaultApi = /** @class */ (function (_super) {
         return _super !== null && _super.apply(this, arguments) || this;
     }
     /**
-     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.deleteSecretRaw = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
-            var queryParameters, headerParameters, response;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
                     case 0:
-                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling deleteSecret.');
+                        if (requestParameters['secretType'] == null) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter "secretType" was null or undefined when calling deleteSecret().');
                         }
-                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling deleteSecret.');
+                        if (requestParameters['secretName'] == null) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter "secretName" was null or undefined when calling deleteSecret().');
                         }
-                        if (requestParameters.reqVersions === null || requestParameters.reqVersions === undefined) {
-                            throw new runtime.RequiredError('reqVersions', 'Required parameter requestParameters.reqVersions was null or undefined when calling deleteSecret.');
+                        if (requestParameters['reqVersions'] == null) {
+                            throw new runtime.RequiredError('reqVersions', 'Required parameter "reqVersions" was null or undefined when calling deleteSecret().');
                         }
                         queryParameters = {};
-                        if (requestParameters.pretty !== undefined) {
-                            queryParameters['pretty'] = requestParameters.pretty;
-                        }
-                        if (requestParameters.sysid !== undefined) {
-                            queryParameters['sysid'] = requestParameters.sysid;
+                        if (requestParameters['sysid'] != null) {
+                            queryParameters['sysid'] = requestParameters['sysid'];
                         }
-                        if (requestParameters.sysuser !== undefined) {
-                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        if (requestParameters['sysuser'] != null) {
+                            queryParameters['sysuser'] = requestParameters['sysuser'];
                         }
-                        if (requestParameters.keytype !== undefined) {
-                            queryParameters['keytype'] = requestParameters.keytype;
+                        if (requestParameters['keytype'] != null) {
+                            queryParameters['keytype'] = requestParameters['keytype'];
                         }
-                        if (requestParameters.dbhost !== undefined) {
-                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        if (requestParameters['dbhost'] != null) {
+                            queryParameters['dbhost'] = requestParameters['dbhost'];
                         }
-                        if (requestParameters.dbname !== undefined) {
-                            queryParameters['dbname'] = requestParameters.dbname;
+                        if (requestParameters['dbname'] != null) {
+                            queryParameters['dbname'] = requestParameters['dbname'];
                         }
-                        if (requestParameters.dbservice !== undefined) {
-                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        if (requestParameters['dbservice'] != null) {
+                            queryParameters['dbservice'] = requestParameters['dbservice'];
                         }
                         headerParameters = {};
                         headerParameters['Content-Type'] = 'application/json';
-                        if (this.configuration && this.configuration.apiKey) {
-                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
-                        }
-                        return [4 /*yield*/, this.request({
-                                path: "/security/vault/secret/delete/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
-                                method: 'POST',
-                                headers: headerParameters,
-                                query: queryParameters,
-                                body: models_1.ReqVersionsToJSON(requestParameters.reqVersions),
-                            }, initOverrides)];
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
                     case 1:
-                        response = _a.sent();
-                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespVersionsFromJSON(jsonValue); })];
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/delete/{secretType}/{secretName}".replace("{".concat("secretType", "}"), encodeURIComponent(String(requestParameters['secretType']))).replace("{".concat("secretName", "}"), encodeURIComponent(String(requestParameters['secretName']))),
+                            method: 'POST',
+                            headers: headerParameters,
+                            query: queryParameters,
+                            body: (0, index_1.ReqVersionsToJSON)(requestParameters['reqVersions']),
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespVersionsFromJSON)(jsonValue); })];
                 }
             });
         });
     };
     /**
-     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Soft delete one or more versions of a secret. Each version can be deleted individually or as part of a group specified in the input array. Deletion can be reversed using the *secret/undelete/{secretName}* endpoint, which make this a _soft_ deletion operation.  The input versions array is interpreted as follows:     * [-] - empty = delete all versions    * [0] - zero = delete only the latest version    * [1, 3, ...] - list = delete the specified versions  A valid tenant and user must also be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.deleteSecret = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
@@ -145,66 +153,67 @@ var VaultApi = /** @class */ (function (_super) {
         });
     };
     /**
-     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.destroySecretRaw = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
-            var queryParameters, headerParameters, response;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
                     case 0:
-                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling destroySecret.');
+                        if (requestParameters['secretType'] == null) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter "secretType" was null or undefined when calling destroySecret().');
                         }
-                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling destroySecret.');
+                        if (requestParameters['secretName'] == null) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter "secretName" was null or undefined when calling destroySecret().');
                         }
-                        if (requestParameters.reqVersions === null || requestParameters.reqVersions === undefined) {
-                            throw new runtime.RequiredError('reqVersions', 'Required parameter requestParameters.reqVersions was null or undefined when calling destroySecret.');
+                        if (requestParameters['reqVersions'] == null) {
+                            throw new runtime.RequiredError('reqVersions', 'Required parameter "reqVersions" was null or undefined when calling destroySecret().');
                         }
                         queryParameters = {};
-                        if (requestParameters.pretty !== undefined) {
-                            queryParameters['pretty'] = requestParameters.pretty;
-                        }
-                        if (requestParameters.sysid !== undefined) {
-                            queryParameters['sysid'] = requestParameters.sysid;
+                        if (requestParameters['sysid'] != null) {
+                            queryParameters['sysid'] = requestParameters['sysid'];
                         }
-                        if (requestParameters.sysuser !== undefined) {
-                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        if (requestParameters['sysuser'] != null) {
+                            queryParameters['sysuser'] = requestParameters['sysuser'];
                         }
-                        if (requestParameters.keytype !== undefined) {
-                            queryParameters['keytype'] = requestParameters.keytype;
+                        if (requestParameters['keytype'] != null) {
+                            queryParameters['keytype'] = requestParameters['keytype'];
                         }
-                        if (requestParameters.dbhost !== undefined) {
-                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        if (requestParameters['dbhost'] != null) {
+                            queryParameters['dbhost'] = requestParameters['dbhost'];
                         }
-                        if (requestParameters.dbname !== undefined) {
-                            queryParameters['dbname'] = requestParameters.dbname;
+                        if (requestParameters['dbname'] != null) {
+                            queryParameters['dbname'] = requestParameters['dbname'];
                         }
-                        if (requestParameters.dbservice !== undefined) {
-                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        if (requestParameters['dbservice'] != null) {
+                            queryParameters['dbservice'] = requestParameters['dbservice'];
                         }
                         headerParameters = {};
                         headerParameters['Content-Type'] = 'application/json';
-                        if (this.configuration && this.configuration.apiKey) {
-                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
-                        }
-                        return [4 /*yield*/, this.request({
-                                path: "/security/vault/secret/destroy/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
-                                method: 'POST',
-                                headers: headerParameters,
-                                query: queryParameters,
-                                body: models_1.ReqVersionsToJSON(requestParameters.reqVersions),
-                            }, initOverrides)];
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
                     case 1:
-                        response = _a.sent();
-                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespVersionsFromJSON(jsonValue); })];
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/destroy/{secretType}/{secretName}".replace("{".concat("secretType", "}"), encodeURIComponent(String(requestParameters['secretType']))).replace("{".concat("secretName", "}"), encodeURIComponent(String(requestParameters['secretName']))),
+                            method: 'POST',
+                            headers: headerParameters,
+                            query: queryParameters,
+                            body: (0, index_1.ReqVersionsToJSON)(requestParameters['reqVersions']),
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespVersionsFromJSON)(jsonValue); })];
                 }
             });
         });
     };
     /**
-     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Destroy one or more versions of a secret. Destroy implements a hard delete which delete that cannot be undone. It does not, however, remove any metadata associated with the secret.  The input versions array is interpreted as follows:     * [-] - empty = destroy all versions    * [0] - zero = destroy only the latest version    * [1, 3, ...] - list = destroy the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.destroySecret = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
@@ -221,67 +230,68 @@ var VaultApi = /** @class */ (function (_super) {
         });
     };
     /**
-     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.destroySecretMetaRaw = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
-            var queryParameters, headerParameters, response;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
                     case 0:
-                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling destroySecretMeta.');
+                        if (requestParameters['secretType'] == null) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter "secretType" was null or undefined when calling destroySecretMeta().');
                         }
-                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling destroySecretMeta.');
+                        if (requestParameters['secretName'] == null) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter "secretName" was null or undefined when calling destroySecretMeta().');
                         }
                         queryParameters = {};
-                        if (requestParameters.tenant !== undefined) {
-                            queryParameters['tenant'] = requestParameters.tenant;
-                        }
-                        if (requestParameters.user !== undefined) {
-                            queryParameters['user'] = requestParameters.user;
+                        if (requestParameters['tenant'] != null) {
+                            queryParameters['tenant'] = requestParameters['tenant'];
                         }
-                        if (requestParameters.pretty !== undefined) {
-                            queryParameters['pretty'] = requestParameters.pretty;
+                        if (requestParameters['user'] != null) {
+                            queryParameters['user'] = requestParameters['user'];
                         }
-                        if (requestParameters.sysid !== undefined) {
-                            queryParameters['sysid'] = requestParameters.sysid;
+                        if (requestParameters['sysid'] != null) {
+                            queryParameters['sysid'] = requestParameters['sysid'];
                         }
-                        if (requestParameters.sysuser !== undefined) {
-                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        if (requestParameters['sysuser'] != null) {
+                            queryParameters['sysuser'] = requestParameters['sysuser'];
                         }
-                        if (requestParameters.keytype !== undefined) {
-                            queryParameters['keytype'] = requestParameters.keytype;
+                        if (requestParameters['keytype'] != null) {
+                            queryParameters['keytype'] = requestParameters['keytype'];
                         }
-                        if (requestParameters.dbhost !== undefined) {
-                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        if (requestParameters['dbhost'] != null) {
+                            queryParameters['dbhost'] = requestParameters['dbhost'];
                         }
-                        if (requestParameters.dbname !== undefined) {
-                            queryParameters['dbname'] = requestParameters.dbname;
+                        if (requestParameters['dbname'] != null) {
+                            queryParameters['dbname'] = requestParameters['dbname'];
                         }
-                        if (requestParameters.dbservice !== undefined) {
-                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        if (requestParameters['dbservice'] != null) {
+                            queryParameters['dbservice'] = requestParameters['dbservice'];
                         }
                         headerParameters = {};
-                        if (this.configuration && this.configuration.apiKey) {
-                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
-                        }
-                        return [4 /*yield*/, this.request({
-                                path: "/security/vault/secret/destroy/meta/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
-                                method: 'DELETE',
-                                headers: headerParameters,
-                                query: queryParameters,
-                            }, initOverrides)];
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
                     case 1:
-                        response = _a.sent();
-                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespBasicFromJSON(jsonValue); })];
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/destroy/meta/{secretType}/{secretName}".replace("{".concat("secretType", "}"), encodeURIComponent(String(requestParameters['secretType']))).replace("{".concat("secretName", "}"), encodeURIComponent(String(requestParameters['secretName']))),
+                            method: 'DELETE',
+                            headers: headerParameters,
+                            query: queryParameters,
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespBasicFromJSON)(jsonValue); })];
                 }
             });
         });
     };
     /**
-     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Erase all traces of a secret: its key, all versions of its value and all its metadata. Specifying a folder erases all secrets in that folder.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.destroySecretMeta = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
@@ -298,64 +308,65 @@ var VaultApi = /** @class */ (function (_super) {
         });
     };
     /**
-     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.listSecretMetaRaw = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
-            var queryParameters, headerParameters, response;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
                     case 0:
-                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling listSecretMeta.');
+                        if (requestParameters['secretType'] == null) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter "secretType" was null or undefined when calling listSecretMeta().');
                         }
                         queryParameters = {};
-                        if (requestParameters.tenant !== undefined) {
-                            queryParameters['tenant'] = requestParameters.tenant;
-                        }
-                        if (requestParameters.user !== undefined) {
-                            queryParameters['user'] = requestParameters.user;
+                        if (requestParameters['tenant'] != null) {
+                            queryParameters['tenant'] = requestParameters['tenant'];
                         }
-                        if (requestParameters.pretty !== undefined) {
-                            queryParameters['pretty'] = requestParameters.pretty;
+                        if (requestParameters['user'] != null) {
+                            queryParameters['user'] = requestParameters['user'];
                         }
-                        if (requestParameters.sysid !== undefined) {
-                            queryParameters['sysid'] = requestParameters.sysid;
+                        if (requestParameters['sysid'] != null) {
+                            queryParameters['sysid'] = requestParameters['sysid'];
                         }
-                        if (requestParameters.sysuser !== undefined) {
-                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        if (requestParameters['sysuser'] != null) {
+                            queryParameters['sysuser'] = requestParameters['sysuser'];
                         }
-                        if (requestParameters.keytype !== undefined) {
-                            queryParameters['keytype'] = requestParameters.keytype;
+                        if (requestParameters['keytype'] != null) {
+                            queryParameters['keytype'] = requestParameters['keytype'];
                         }
-                        if (requestParameters.dbhost !== undefined) {
-                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        if (requestParameters['dbhost'] != null) {
+                            queryParameters['dbhost'] = requestParameters['dbhost'];
                         }
-                        if (requestParameters.dbname !== undefined) {
-                            queryParameters['dbname'] = requestParameters.dbname;
+                        if (requestParameters['dbname'] != null) {
+                            queryParameters['dbname'] = requestParameters['dbname'];
                         }
-                        if (requestParameters.dbservice !== undefined) {
-                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        if (requestParameters['dbservice'] != null) {
+                            queryParameters['dbservice'] = requestParameters['dbservice'];
                         }
                         headerParameters = {};
-                        if (this.configuration && this.configuration.apiKey) {
-                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
-                        }
-                        return [4 /*yield*/, this.request({
-                                path: "/security/vault/secret/list/meta/{secretType}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))),
-                                method: 'GET',
-                                headers: headerParameters,
-                                query: queryParameters,
-                            }, initOverrides)];
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
                     case 1:
-                        response = _a.sent();
-                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespSecretListFromJSON(jsonValue); })];
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/list/meta/{secretType}".replace("{".concat("secretType", "}"), encodeURIComponent(String(requestParameters['secretType']))),
+                            method: 'GET',
+                            headers: headerParameters,
+                            query: queryParameters,
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespSecretListFromJSON)(jsonValue); })];
                 }
             });
         });
     };
     /**
-     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * List the secret names at the specified path. The path must represent a folder, not an actual secret name. If the path does not have a trailing slash one will be inserted. Secret names should not encode private information.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the secret name. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* path parameter and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.listSecretMeta = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
@@ -372,70 +383,71 @@ var VaultApi = /** @class */ (function (_super) {
         });
     };
     /**
-     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read.  The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read. The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.readSecretRaw = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
-            var queryParameters, headerParameters, response;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
                     case 0:
-                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling readSecret.');
+                        if (requestParameters['secretType'] == null) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter "secretType" was null or undefined when calling readSecret().');
                         }
-                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling readSecret.');
+                        if (requestParameters['secretName'] == null) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter "secretName" was null or undefined when calling readSecret().');
                         }
                         queryParameters = {};
-                        if (requestParameters.tenant !== undefined) {
-                            queryParameters['tenant'] = requestParameters.tenant;
-                        }
-                        if (requestParameters.user !== undefined) {
-                            queryParameters['user'] = requestParameters.user;
+                        if (requestParameters['tenant'] != null) {
+                            queryParameters['tenant'] = requestParameters['tenant'];
                         }
-                        if (requestParameters.version !== undefined) {
-                            queryParameters['version'] = requestParameters.version;
+                        if (requestParameters['user'] != null) {
+                            queryParameters['user'] = requestParameters['user'];
                         }
-                        if (requestParameters.pretty !== undefined) {
-                            queryParameters['pretty'] = requestParameters.pretty;
+                        if (requestParameters['version'] != null) {
+                            queryParameters['version'] = requestParameters['version'];
                         }
-                        if (requestParameters.sysid !== undefined) {
-                            queryParameters['sysid'] = requestParameters.sysid;
+                        if (requestParameters['sysid'] != null) {
+                            queryParameters['sysid'] = requestParameters['sysid'];
                         }
-                        if (requestParameters.sysuser !== undefined) {
-                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        if (requestParameters['sysuser'] != null) {
+                            queryParameters['sysuser'] = requestParameters['sysuser'];
                         }
-                        if (requestParameters.keytype !== undefined) {
-                            queryParameters['keytype'] = requestParameters.keytype;
+                        if (requestParameters['keytype'] != null) {
+                            queryParameters['keytype'] = requestParameters['keytype'];
                         }
-                        if (requestParameters.dbhost !== undefined) {
-                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        if (requestParameters['dbhost'] != null) {
+                            queryParameters['dbhost'] = requestParameters['dbhost'];
                         }
-                        if (requestParameters.dbname !== undefined) {
-                            queryParameters['dbname'] = requestParameters.dbname;
+                        if (requestParameters['dbname'] != null) {
+                            queryParameters['dbname'] = requestParameters['dbname'];
                         }
-                        if (requestParameters.dbservice !== undefined) {
-                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        if (requestParameters['dbservice'] != null) {
+                            queryParameters['dbservice'] = requestParameters['dbservice'];
                         }
                         headerParameters = {};
-                        if (this.configuration && this.configuration.apiKey) {
-                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
-                        }
-                        return [4 /*yield*/, this.request({
-                                path: "/security/vault/secret/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
-                                method: 'GET',
-                                headers: headerParameters,
-                                query: queryParameters,
-                            }, initOverrides)];
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
                     case 1:
-                        response = _a.sent();
-                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespSecretFromJSON(jsonValue); })];
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/{secretType}/{secretName}".replace("{".concat("secretType", "}"), encodeURIComponent(String(requestParameters['secretType']))).replace("{".concat("secretName", "}"), encodeURIComponent(String(requestParameters['secretName']))),
+                            method: 'GET',
+                            headers: headerParameters,
+                            query: queryParameters,
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespSecretFromJSON)(jsonValue); })];
                 }
             });
         });
     };
     /**
-     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read.  The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Read a versioned secret. By default, the latest version of the secret is read. If the *version* query parameter is specified then that version of the secret is read. The *version* parameter should be passed as an integer with zero indicating the latest version of the secret. A NOT FOUND status code is returned if the secret version does not exist or if it\'s deleted or destroyed.  The response object includes the map of zero or more key/value pairs and metadata that describes the secret. The metadata includes which version of the secret was returned.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.readSecret = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
@@ -452,67 +464,68 @@ var VaultApi = /** @class */ (function (_super) {
         });
     };
     /**
-     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.readSecretMetaRaw = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
-            var queryParameters, headerParameters, response;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
                     case 0:
-                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling readSecretMeta.');
+                        if (requestParameters['secretType'] == null) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter "secretType" was null or undefined when calling readSecretMeta().');
                         }
-                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling readSecretMeta.');
+                        if (requestParameters['secretName'] == null) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter "secretName" was null or undefined when calling readSecretMeta().');
                         }
                         queryParameters = {};
-                        if (requestParameters.tenant !== undefined) {
-                            queryParameters['tenant'] = requestParameters.tenant;
-                        }
-                        if (requestParameters.user !== undefined) {
-                            queryParameters['user'] = requestParameters.user;
+                        if (requestParameters['tenant'] != null) {
+                            queryParameters['tenant'] = requestParameters['tenant'];
                         }
-                        if (requestParameters.pretty !== undefined) {
-                            queryParameters['pretty'] = requestParameters.pretty;
+                        if (requestParameters['user'] != null) {
+                            queryParameters['user'] = requestParameters['user'];
                         }
-                        if (requestParameters.sysid !== undefined) {
-                            queryParameters['sysid'] = requestParameters.sysid;
+                        if (requestParameters['sysid'] != null) {
+                            queryParameters['sysid'] = requestParameters['sysid'];
                         }
-                        if (requestParameters.sysuser !== undefined) {
-                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        if (requestParameters['sysuser'] != null) {
+                            queryParameters['sysuser'] = requestParameters['sysuser'];
                         }
-                        if (requestParameters.keytype !== undefined) {
-                            queryParameters['keytype'] = requestParameters.keytype;
+                        if (requestParameters['keytype'] != null) {
+                            queryParameters['keytype'] = requestParameters['keytype'];
                         }
-                        if (requestParameters.dbhost !== undefined) {
-                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        if (requestParameters['dbhost'] != null) {
+                            queryParameters['dbhost'] = requestParameters['dbhost'];
                         }
-                        if (requestParameters.dbname !== undefined) {
-                            queryParameters['dbname'] = requestParameters.dbname;
+                        if (requestParameters['dbname'] != null) {
+                            queryParameters['dbname'] = requestParameters['dbname'];
                         }
-                        if (requestParameters.dbservice !== undefined) {
-                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        if (requestParameters['dbservice'] != null) {
+                            queryParameters['dbservice'] = requestParameters['dbservice'];
                         }
                         headerParameters = {};
-                        if (this.configuration && this.configuration.apiKey) {
-                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
-                        }
-                        return [4 /*yield*/, this.request({
-                                path: "/security/vault/secret/read/meta/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
-                                method: 'GET',
-                                headers: headerParameters,
-                                query: queryParameters,
-                            }, initOverrides)];
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
                     case 1:
-                        response = _a.sent();
-                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespSecretVersionMetadataFromJSON(jsonValue); })];
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/read/meta/{secretType}/{secretName}".replace("{".concat("secretType", "}"), encodeURIComponent(String(requestParameters['secretType']))).replace("{".concat("secretName", "}"), encodeURIComponent(String(requestParameters['secretName']))),
+                            method: 'GET',
+                            headers: headerParameters,
+                            query: queryParameters,
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespSecretVersionMetadataFromJSON)(jsonValue); })];
                 }
             });
         });
     };
     /**
-     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * List a secret\'s metadata including its version information. The input parameter must be a secret name, not a folder. The result includes which version of the secret is the latest.  A valid tenant and user must be specified as query parameters.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.readSecretMeta = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
@@ -529,66 +542,67 @@ var VaultApi = /** @class */ (function (_super) {
         });
     };
     /**
-     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.undeleteSecretRaw = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
-            var queryParameters, headerParameters, response;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
                     case 0:
-                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling undeleteSecret.');
+                        if (requestParameters['secretType'] == null) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter "secretType" was null or undefined when calling undeleteSecret().');
                         }
-                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling undeleteSecret.');
+                        if (requestParameters['secretName'] == null) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter "secretName" was null or undefined when calling undeleteSecret().');
                         }
-                        if (requestParameters.reqVersions === null || requestParameters.reqVersions === undefined) {
-                            throw new runtime.RequiredError('reqVersions', 'Required parameter requestParameters.reqVersions was null or undefined when calling undeleteSecret.');
+                        if (requestParameters['reqVersions'] == null) {
+                            throw new runtime.RequiredError('reqVersions', 'Required parameter "reqVersions" was null or undefined when calling undeleteSecret().');
                         }
                         queryParameters = {};
-                        if (requestParameters.pretty !== undefined) {
-                            queryParameters['pretty'] = requestParameters.pretty;
-                        }
-                        if (requestParameters.sysid !== undefined) {
-                            queryParameters['sysid'] = requestParameters.sysid;
+                        if (requestParameters['sysid'] != null) {
+                            queryParameters['sysid'] = requestParameters['sysid'];
                         }
-                        if (requestParameters.sysuser !== undefined) {
-                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        if (requestParameters['sysuser'] != null) {
+                            queryParameters['sysuser'] = requestParameters['sysuser'];
                         }
-                        if (requestParameters.keytype !== undefined) {
-                            queryParameters['keytype'] = requestParameters.keytype;
+                        if (requestParameters['keytype'] != null) {
+                            queryParameters['keytype'] = requestParameters['keytype'];
                         }
-                        if (requestParameters.dbhost !== undefined) {
-                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        if (requestParameters['dbhost'] != null) {
+                            queryParameters['dbhost'] = requestParameters['dbhost'];
                         }
-                        if (requestParameters.dbname !== undefined) {
-                            queryParameters['dbname'] = requestParameters.dbname;
+                        if (requestParameters['dbname'] != null) {
+                            queryParameters['dbname'] = requestParameters['dbname'];
                         }
-                        if (requestParameters.dbservice !== undefined) {
-                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        if (requestParameters['dbservice'] != null) {
+                            queryParameters['dbservice'] = requestParameters['dbservice'];
                         }
                         headerParameters = {};
                         headerParameters['Content-Type'] = 'application/json';
-                        if (this.configuration && this.configuration.apiKey) {
-                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
-                        }
-                        return [4 /*yield*/, this.request({
-                                path: "/security/vault/secret/undelete/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
-                                method: 'POST',
-                                headers: headerParameters,
-                                query: queryParameters,
-                                body: models_1.ReqVersionsToJSON(requestParameters.reqVersions),
-                            }, initOverrides)];
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
                     case 1:
-                        response = _a.sent();
-                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespVersionsFromJSON(jsonValue); })];
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/undelete/{secretType}/{secretName}".replace("{".concat("secretType", "}"), encodeURIComponent(String(requestParameters['secretType']))).replace("{".concat("secretName", "}"), encodeURIComponent(String(requestParameters['secretName']))),
+                            method: 'POST',
+                            headers: headerParameters,
+                            query: queryParameters,
+                            body: (0, index_1.ReqVersionsToJSON)(requestParameters['reqVersions']),
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespVersionsFromJSON)(jsonValue); })];
                 }
             });
         });
     };
     /**
-     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Restore one or more versions of a secret that have previously been deleted. This endpoint undoes soft deletions performed using the *secret/delete/{secretType}/{secretName}* endpoint.  The input versions array is interpreted as follows:     * [-] - empty = undelete all versions    * [0] - zero = undelete only the latest version    * [1, 3, ...] - list = undelete the specified versions  A valid tenant and user must be specified in the body.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
      */
     VaultApi.prototype.undeleteSecret = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
@@ -605,45 +619,46 @@ var VaultApi = /** @class */ (function (_super) {
         });
     };
     /**
-     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifiedin the X-Tapis-User header. The secret name is the path under whichthe password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
+     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifie din the X-Tapis-User header. The secret name is the path under which the password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
      */
     VaultApi.prototype.validateServicePasswordRaw = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
-            var queryParameters, headerParameters, response;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
                     case 0:
-                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling validateServicePassword.');
+                        if (requestParameters['secretName'] == null) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter "secretName" was null or undefined when calling validateServicePassword().');
                         }
-                        if (requestParameters.reqValidateServicePwd === null || requestParameters.reqValidateServicePwd === undefined) {
-                            throw new runtime.RequiredError('reqValidateServicePwd', 'Required parameter requestParameters.reqValidateServicePwd was null or undefined when calling validateServicePassword.');
+                        if (requestParameters['reqValidatePwd'] == null) {
+                            throw new runtime.RequiredError('reqValidatePwd', 'Required parameter "reqValidatePwd" was null or undefined when calling validateServicePassword().');
                         }
                         queryParameters = {};
-                        if (requestParameters.pretty !== undefined) {
-                            queryParameters['pretty'] = requestParameters.pretty;
-                        }
                         headerParameters = {};
                         headerParameters['Content-Type'] = 'application/json';
-                        if (this.configuration && this.configuration.apiKey) {
-                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
-                        }
-                        return [4 /*yield*/, this.request({
-                                path: "/security/vault/secret/validateServicePassword/{secretName}".replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
-                                method: 'POST',
-                                headers: headerParameters,
-                                query: queryParameters,
-                                body: models_1.ReqValidateServicePwdToJSON(requestParameters.reqValidateServicePwd),
-                            }, initOverrides)];
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
                     case 1:
-                        response = _a.sent();
-                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespAuthorizedFromJSON(jsonValue); })];
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/validateServicePassword/{secretName}".replace("{".concat("secretName", "}"), encodeURIComponent(String(requestParameters['secretName']))),
+                            method: 'POST',
+                            headers: headerParameters,
+                            query: queryParameters,
+                            body: (0, index_1.ReqValidatePwdToJSON)(requestParameters['reqValidatePwd']),
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespAuthorizedFromJSON)(jsonValue); })];
                 }
             });
         });
     };
     /**
-     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifiedin the X-Tapis-User header. The secret name is the path under whichthe password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
+     * Validate a service\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the service specifie din the X-Tapis-User header. The secret name is the path under which the password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
      */
     VaultApi.prototype.validateServicePassword = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
@@ -660,66 +675,123 @@ var VaultApi = /** @class */ (function (_super) {
         });
     };
     /**
-     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object.  It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version.  CAS stands for check-and-set and will check an existing secret\'s version before updating.  If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Validate a Site Admin\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the site admin specified in the X-Tapis-User header. The secret name is the path under which the password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
      */
-    VaultApi.prototype.writeSecretRaw = function (requestParameters, initOverrides) {
+    VaultApi.prototype.validateSiteAdminPasswordRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
+                    case 0:
+                        if (requestParameters['secretName'] == null) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter "secretName" was null or undefined when calling validateSiteAdminPassword().');
+                        }
+                        if (requestParameters['reqValidatePwd'] == null) {
+                            throw new runtime.RequiredError('reqValidatePwd', 'Required parameter "reqValidatePwd" was null or undefined when calling validateSiteAdminPassword().');
+                        }
+                        queryParameters = {};
+                        headerParameters = {};
+                        headerParameters['Content-Type'] = 'application/json';
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
+                    case 1:
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/validateSiteAdminPassword/{secretName}".replace("{".concat("secretName", "}"), encodeURIComponent(String(requestParameters['secretName']))),
+                            method: 'POST',
+                            headers: headerParameters,
+                            query: queryParameters,
+                            body: (0, index_1.ReqValidatePwdToJSON)(requestParameters['reqValidatePwd']),
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespAuthorizedFromJSON)(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Validate a Site Admin\'s password. The JSON payload contains the password that needs to be validated against the password stored in the vault for the site admin specified in the X-Tapis-User header. The secret name is the path under which the password was stored.  A valid tenant and user must also be specified in the payload.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  Only services can make this request.
+     */
+    VaultApi.prototype.validateSiteAdminPassword = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {
-            var queryParameters, headerParameters, response;
+            var response;
             return __generator(this, function (_a) {
                 switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.validateSiteAdminPasswordRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object. It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version. CAS stands for check-and-set and will check an existing secret\'s version before updating. If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service  ### Generating Secrets Passwords and public/private key pairs appropriate for Tapis use can be generated as part of this secret write call. To direct SK to create a secret, assign the special value `<generate-secret>` to a key. When SK detects this value, it generates a password or key pair depending on context, and replaces the `<generate-secret>` text with the generated secret. In the case of a key pair, both the public and private keys are saved.  Key pairs are always generated for secrets of type JWTSigning, while passwords are generated for all other secret types unless the key is named *privateKey*.  To generate a key pair, insert the following key/value pair into the payload\'s data map:      key=\"privateKey\", value=\"<generate-secret>\"  When the key pair is generated, the above key/value item is replaced by these two key/value pairs:      key=\"privateKey\", value=<private key in pem format>     key=\"publicKey\",  value=<public key in pem format>  In non-JWTSigning secret types, passwords are generated whenever the following key/value pair is encountered in the payload\'s data map:      key=<name other than privateKey>, value=\"<generate-secret>\"  The generated password simply replaces the item\'s value and the key name is left unchanged.
+     */
+    VaultApi.prototype.writeSecretRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, _a, _b, response;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
                     case 0:
-                        if (requestParameters.secretType === null || requestParameters.secretType === undefined) {
-                            throw new runtime.RequiredError('secretType', 'Required parameter requestParameters.secretType was null or undefined when calling writeSecret.');
+                        if (requestParameters['secretType'] == null) {
+                            throw new runtime.RequiredError('secretType', 'Required parameter "secretType" was null or undefined when calling writeSecret().');
                         }
-                        if (requestParameters.secretName === null || requestParameters.secretName === undefined) {
-                            throw new runtime.RequiredError('secretName', 'Required parameter requestParameters.secretName was null or undefined when calling writeSecret.');
+                        if (requestParameters['secretName'] == null) {
+                            throw new runtime.RequiredError('secretName', 'Required parameter "secretName" was null or undefined when calling writeSecret().');
                         }
-                        if (requestParameters.reqWriteSecret === null || requestParameters.reqWriteSecret === undefined) {
-                            throw new runtime.RequiredError('reqWriteSecret', 'Required parameter requestParameters.reqWriteSecret was null or undefined when calling writeSecret.');
+                        if (requestParameters['reqWriteSecret'] == null) {
+                            throw new runtime.RequiredError('reqWriteSecret', 'Required parameter "reqWriteSecret" was null or undefined when calling writeSecret().');
                         }
                         queryParameters = {};
-                        if (requestParameters.pretty !== undefined) {
-                            queryParameters['pretty'] = requestParameters.pretty;
-                        }
-                        if (requestParameters.sysid !== undefined) {
-                            queryParameters['sysid'] = requestParameters.sysid;
+                        if (requestParameters['sysid'] != null) {
+                            queryParameters['sysid'] = requestParameters['sysid'];
                         }
-                        if (requestParameters.sysuser !== undefined) {
-                            queryParameters['sysuser'] = requestParameters.sysuser;
+                        if (requestParameters['sysuser'] != null) {
+                            queryParameters['sysuser'] = requestParameters['sysuser'];
                         }
-                        if (requestParameters.keytype !== undefined) {
-                            queryParameters['keytype'] = requestParameters.keytype;
+                        if (requestParameters['keytype'] != null) {
+                            queryParameters['keytype'] = requestParameters['keytype'];
                         }
-                        if (requestParameters.dbhost !== undefined) {
-                            queryParameters['dbhost'] = requestParameters.dbhost;
+                        if (requestParameters['dbhost'] != null) {
+                            queryParameters['dbhost'] = requestParameters['dbhost'];
                         }
-                        if (requestParameters.dbname !== undefined) {
-                            queryParameters['dbname'] = requestParameters.dbname;
+                        if (requestParameters['dbname'] != null) {
+                            queryParameters['dbname'] = requestParameters['dbname'];
                         }
-                        if (requestParameters.dbservice !== undefined) {
-                            queryParameters['dbservice'] = requestParameters.dbservice;
+                        if (requestParameters['dbservice'] != null) {
+                            queryParameters['dbservice'] = requestParameters['dbservice'];
                         }
                         headerParameters = {};
                         headerParameters['Content-Type'] = 'application/json';
-                        if (this.configuration && this.configuration.apiKey) {
-                            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
-                        }
-                        return [4 /*yield*/, this.request({
-                                path: "/security/vault/secret/{secretType}/{secretName}".replace("{" + "secretType" + "}", encodeURIComponent(String(requestParameters.secretType))).replace("{" + "secretName" + "}", encodeURIComponent(String(requestParameters.secretName))),
-                                method: 'POST',
-                                headers: headerParameters,
-                                query: queryParameters,
-                                body: models_1.ReqWriteSecretToJSON(requestParameters.reqWriteSecret),
-                            }, initOverrides)];
+                        if (!(this.configuration && this.configuration.apiKey)) return [3 /*break*/, 2];
+                        _a = headerParameters;
+                        _b = "X-Tapis-Token";
+                        return [4 /*yield*/, this.configuration.apiKey("X-Tapis-Token")];
                     case 1:
-                        response = _a.sent();
-                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespSecretMetaFromJSON(jsonValue); })];
+                        _a[_b] = _c.sent(); // TapisJWT authentication
+                        _c.label = 2;
+                    case 2: return [4 /*yield*/, this.request({
+                            path: "/security/vault/secret/{secretType}/{secretName}".replace("{".concat("secretType", "}"), encodeURIComponent(String(requestParameters['secretType']))).replace("{".concat("secretName", "}"), encodeURIComponent(String(requestParameters['secretName']))),
+                            method: 'POST',
+                            headers: headerParameters,
+                            query: queryParameters,
+                            body: (0, index_1.ReqWriteSecretToJSON)(requestParameters['reqWriteSecret']),
+                        }, initOverrides)];
+                    case 3:
+                        response = _c.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return (0, index_1.RespSecretMetaFromJSON)(jsonValue); })];
                 }
             });
         });
     };
     /**
-     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object.  It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version.  CAS stands for check-and-set and will check an existing secret\'s version before updating.  If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*.  These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault.  The *secretType* may require certain query parameters to be present on the request in order to construct the vault path.  See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters* ### Authorization Requestors are authorized based on the secret type specified in the URL path.  The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service
+     * Create or update a secret. The JSON payload contains a required *data* object and an optional *options* object. It also contains the required tenant and user fields.  The *data* object is a JSON object that contains one or more key/value pairs in which both the key and value are strings. These are the individual secrets that are saved under the path name. The secrets are automatically versioned, which allows a pre-configured number of past secret values to be accessible even after new values are assigned. See the various GET operations for details on how to access different aspects of secrets.  NOTE: The *cas* option is currently ignored but documented here for future reference.  The *options* object can contain a *cas* key and with an integer value that represents a secret version. CAS stands for check-and-set and will check an existing secret\'s version before updating. If cas is not set the write will be always be allowed. If set to 0, a write will only be allowed if the key doesn’t exist. If the index is greater than zero, then the write will only be allowed if the key’s current version matches the version specified in the cas parameter.  ### Naming Secrets Secrets can be arranged hierarchically by using the \"+\" characters in the *secretName*. These characters will be converted to slashes upon receipt, allowing secrets to be arranged in folders.  A secret is assigned a path name constructed from the *secretType* and *secretName* path parameters and, optionally, from query parameters determined by the *secretType*. Each *secretType* determines a specific transformation from the url path to a path in the vault. The *secretType* may require certain query parameters to be present on the request in order to construct the vault path. See the next section for details.  ### Secret Types The list below documents each *secretType* and their applicable query parameters. Highlighted parameter names indicate required parameters. When present, default values are listed first and also highlighted.    - **system**     - *sysid*: the unique system id     - *sysuser*: the accessing user (except when keytype=cert)     - keytype: *sshkey* | password | accesskey | token | tmskey | cert   - **dbcred**     - *dbhost*:  the DBMS hostname, IP address or alias     - *dbname*:  the database name or alias     - *dbservice*: service name   - **jwtsigning** - *no query parameters*   - **user** - *no query parameters*   - **service** - *no query parameters*  ### Authorization Requestors are authorized based on the secret type specified in the URL path. The following authorizations are enforced:  - system: limited to the systems service - dbcred: any service - jwtsigning: limited to the tokens service - user: any user - service: any service  ### Generating Secrets Passwords and public/private key pairs appropriate for Tapis use can be generated as part of this secret write call. To direct SK to create a secret, assign the special value `<generate-secret>` to a key. When SK detects this value, it generates a password or key pair depending on context, and replaces the `<generate-secret>` text with the generated secret. In the case of a key pair, both the public and private keys are saved.  Key pairs are always generated for secrets of type JWTSigning, while passwords are generated for all other secret types unless the key is named *privateKey*.  To generate a key pair, insert the following key/value pair into the payload\'s data map:      key=\"privateKey\", value=\"<generate-secret>\"  When the key pair is generated, the above key/value item is replaced by these two key/value pairs:      key=\"privateKey\", value=<private key in pem format>     key=\"publicKey\",  value=<public key in pem format>  In non-JWTSigning secret types, passwords are generated whenever the following key/value pair is encountered in the payload\'s data map:      key=<name other than privateKey>, value=\"<generate-secret>\"  The generated password simply replaces the item\'s value and the key name is left unchanged.
      */
     VaultApi.prototype.writeSecret = function (requestParameters, initOverrides) {
         return __awaiter(this, void 0, void 0, function () {