# WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SecretsManager module Types # @note When making an API call, you may pass CancelRotateSecretRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # } # # @!attribute [rw] secret_id # Specifies the secret for which you want to cancel a rotation # request. You can specify either the Amazon Resource Name (ARN) or # the friendly name of the secret. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecretRequest AWS API Documentation # class CancelRotateSecretRequest < Struct.new( :secret_id) include Aws::Structure end # @!attribute [rw] arn # The ARN of the secret for which rotation was canceled. # @return [String] # # @!attribute [rw] name # The friendly name of the secret for which rotation was canceled. # @return [String] # # @!attribute [rw] version_id # The unique identifier of the version of the secret that was created # during the rotation. This version might not be complete, and should # be evaluated for possible deletion. At the very least, you should # remove the `VersionStage` value `AWSPENDING` to enable this version # to be deleted. Failing to clean up a cancelled rotation can block # you from successfully starting future rotations. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecretResponse AWS API Documentation # class CancelRotateSecretResponse < Struct.new( :arn, :name, :version_id) include Aws::Structure end # @note When making an API call, you may pass CreateSecretRequest # data as a hash: # # { # name: "NameType", # required # client_request_token: "ClientRequestTokenType", # description: "DescriptionType", # kms_key_id: "KmsKeyIdType", # secret_binary: "data", # secret_string: "SecretStringType", # tags: [ # { # key: "TagKeyType", # value: "TagValueType", # }, # ], # } # # @!attribute [rw] name # Specifies the friendly name of the new secret. The secret name can # consist of uppercase letters, lowercase letters, digits, and any of # the following characters: /\_+=.@-    Spaces are not permitted. # @return [String] # # @!attribute [rw] client_request_token # (Optional) If you include `SecretString` or `SecretBinary`, then an # initial version is created as part of the secret, and this parameter # specifies a unique identifier for the new version. # # If you use the AWS CLI or one of the AWS SDK to call this operation, # then you can leave this parameter empty. The CLI or SDK generates a # random UUID for you and includes as the value for this parameter in # the request. If you don't use the SDK and instead generate a raw # HTTP request to the AWS Secrets Manager service endpoint, then you # must generate a `ClientRequestToken` yourself for the new version # and include that value in the request. # # # # This value helps ensure idempotency. Secrets Manager uses this value # to prevent the accidental creation of duplicate versions if there # are failures and retries during a rotation. We recommend that you # generate a [UUID-type][1] value to ensure uniqueness of your # versions within the specified secret. # # * If the `ClientRequestToken` value isn't already associated with a # version of the secret then a new version of the secret is created. # # * If a version with this value already exists and that version's # `SecretString` and `SecretBinary` values are the same as those in # the request, then the request is ignored (the operation is # idempotent). # # * If a version with this value already exists and that version's # `SecretString` and `SecretBinary` values are different from those # in the request then the request fails because you cannot modify an # existing version. Instead, use PutSecretValue to create a new # version. # # This value becomes the `SecretVersionId` of the new version. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option. # # # # [1]: https://wikipedia.org/wiki/Universally_unique_identifier # @return [String] # # @!attribute [rw] description # (Optional) Specifies a user-provided description of the secret. # @return [String] # # @!attribute [rw] kms_key_id # (Optional) Specifies the ARN or alias of the AWS KMS customer master # key (CMK) to be used to encrypt the `SecretString` and # `SecretBinary` values in the versions stored in this secret. # # If you don't specify this value, then Secrets Manager defaults to # using the AWS account's default CMK (the one named # `aws/secretsmanager`). If a KMS CMK with that name doesn't yet # exist, then AWS Secrets Manager creates it for you automatically the # first time it needs to encrypt a version's `SecretString` or # `SecretBinary` fields. # # You can use the account's default CMK to encrypt and decrypt only # if you call this operation using credentials from the same account # that owns the secret. If the secret is in a different account, then # you must create a custom CMK and specify the ARN in this field. # @return [String] # # @!attribute [rw] secret_binary # (Optional) Specifies binary data that you want to encrypt and store # in the new version of the secret. To use this parameter in the # command-line tools, we recommend that you store your binary data in # a file and then use the appropriate technique for your tool to pass # the contents of the file as a parameter. # # Either `SecretString`, `SecretBinary`, or both must have a value. # They cannot both be empty. # # This `SecretBinary` value is stored separately from the # `SecretString`, but the two parameters jointly share a maximum size # limit. # # This parameter is not available using the Secrets Manager console. # It can be accessed only by using the AWS CLI or one of the AWS SDKs. # @return [String] # # @!attribute [rw] secret_string # (Optional) Specifies text data that you want to encrypt and store in # this new version of the secret. # # Either `SecretString`, `SecretBinary`, or both must have a value. # They cannot both be empty. # # This string value is stored separately from the `SecretBinary`, but # the two parameters jointly share a maximum size limit. # # If you create a secret by using the Secrets Manager console then # Secrets Manager puts the protected secret text in only the # `SecretString` parameter. The Secrets Manager console stores the # information as a JSON structure of key/value pairs that the Lambda # rotation function knows how to parse. # # For storing multiple values, we recommend that you use a JSON text # string argument and specify key/value pairs. For information on how # to format a JSON parameter for the various command line tool # environments, see [Using JSON for Parameters][1] in the *AWS CLI # User Guide*. For example: # # `[\{"Key":"username","Value":"bob"\},\{"Key":"password","Value":"abc123xyz456"\}]` # # If your command-line tool or SDK requires quotation marks around the # parameter, you should use single quotes to avoid confusion with the # double quotes required in the JSON text. # # # # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json # @return [String] # # @!attribute [rw] tags # (Optional) Specifies a list of user-defined tags that are attached # to the secret. Each tag is a "Key" and "Value" pair of strings. # This operation only appends tags to the existing list of tags. To # remove tags, you must use UntagResource. # # * AWS Secrets Manager tag key names are case sensitive. A tag with # the key "ABC" is a different tag from one with key "abc". # # * If you check tags in IAM policy `Condition` elements as part of # your security strategy, then adding or removing a tag can change # permissions. If the successful completion of this operation would # result in you losing your permissions for this secret, then this # operation is blocked and returns an `Access Denied` error. # # This parameter requires a JSON text string argument. For information # on how to format a JSON parameter for the various command line tool # environments, see [Using JSON for Parameters][1] in the *AWS CLI # User Guide*. For example: # # `[\{"Key":"CostCenter","Value":"12345"\},\{"Key":"environment","Value":"production"\}]` # # If your command-line tool or SDK requires quotation marks around the # parameter, you should use single quotes to avoid confusion with the # double quotes required in the JSON text. # # The following basic restrictions apply to tags: # # * Maximum number of tags per secret—50 # # * Maximum key length—127 Unicode characters in UTF-8 # # * Maximum value length—255 Unicode characters in UTF-8 # # * Tag keys and values are case sensitive. # # * Do not use the `aws:` prefix in your tag names or values because # it is reserved for AWS use. You can't edit or delete tag names or # values with this prefix. Tags with this prefix do not count # against your tags per secret limit. # # * If your tagging schema will be used across multiple services and # resources, remember that other services might have restrictions on # allowed characters. Generally allowed characters are: letters, # spaces, and numbers representable in UTF-8, plus the following # special characters: + - = . \_ : / @. # # # # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretRequest AWS API Documentation # class CreateSecretRequest < Struct.new( :name, :client_request_token, :description, :kms_key_id, :secret_binary, :secret_string, :tags) include Aws::Structure end # @!attribute [rw] arn # The Amazon Resource Name (ARN) of the secret that you just created. # # AWS Secrets Manager automatically adds several random characters to # the name at the end of the ARN when you initially create a secret. # This affects only the ARN and not the actual friendly name. This # ensures that if you create a new secret with the same name as an old # secret that you previously deleted, then users with access to the # old secret *don't* automatically get access to the new secret # because the ARNs are different. # # # @return [String] # # @!attribute [rw] name # The friendly name of the secret that you just created. # @return [String] # # @!attribute [rw] version_id # The unique identifier that's associated with the version of the # secret you just created. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretResponse AWS API Documentation # class CreateSecretResponse < Struct.new( :arn, :name, :version_id) include Aws::Structure end # @note When making an API call, you may pass DeleteSecretRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # recovery_window_in_days: 1, # } # # @!attribute [rw] secret_id # Specifies the secret that you want to delete. You can specify either # the Amazon Resource Name (ARN) or the friendly name of the secret. # @return [String] # # @!attribute [rw] recovery_window_in_days # (Optional) Specifies the number of days that AWS Secrets Manager # waits before it can delete the secret. # # This value can range from 7 to 30 days. The default value is 30. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretRequest AWS API Documentation # class DeleteSecretRequest < Struct.new( :secret_id, :recovery_window_in_days) include Aws::Structure end # @!attribute [rw] arn # The ARN of the secret that is now scheduled for deletion. # @return [String] # # @!attribute [rw] name # The friendly name of the secret that is now scheduled for deletion. # @return [String] # # @!attribute [rw] deletion_date # The date and time after which this secret will be deleted by AWS # Secrets Manager and is no longer recoverable. This value is the date # and time of the delete request plus the number of days specified in # `RecoveryWindowInDays`. # @return [Time] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretResponse AWS API Documentation # class DeleteSecretResponse < Struct.new( :arn, :name, :deletion_date) include Aws::Structure end # @note When making an API call, you may pass DescribeSecretRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # } # # @!attribute [rw] secret_id # The identifier of the secret whose details you want to retrieve. You # can specify either the Amazon Resource Name (ARN) or the friendly # name of the secret. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretRequest AWS API Documentation # class DescribeSecretRequest < Struct.new( :secret_id) include Aws::Structure end # @!attribute [rw] arn # The ARN of the secret. # @return [String] # # @!attribute [rw] name # The user-provided friendly name of the secret. # @return [String] # # @!attribute [rw] description # The user-provided description of the secret. # @return [String] # # @!attribute [rw] kms_key_id # The ARN or alias of the AWS KMS customer master key (CMK) that's # used to encrypt the `SecretString` and `SecretBinary` fields in each # version of the secret. If you don't provide a key, then AWS Secrets # Manager defaults to encrypting the secret fields with the default # KMS CMK (the one named `awssecretsmanager`) for this account. # @return [String] # # @!attribute [rw] rotation_enabled # Specifies whether automatic rotation is enabled for this secret. # # To enable rotation, use RotateSecret with # `AutomaticallyRotateAfterDays` set to a value greater than 0. To # disable rotation, use CancelRotateSecret. # @return [Boolean] # # @!attribute [rw] rotation_lambda_arn # The ARN of a Lambda function that's invoked by AWS Secrets Manager # to rotate the secret either automatically per the schedule or # manually by a call to `RotateSecret`. # @return [String] # # @!attribute [rw] rotation_rules # A structure that contains the rotation configuration for this # secret. # @return [Types::RotationRulesType] # # @!attribute [rw] last_rotated_date # The last date and time that the Secrets Manager rotation process for # this secret was invoked. # @return [Time] # # @!attribute [rw] last_changed_date # The last date and time that this secret was modified in any way. # @return [Time] # # @!attribute [rw] last_accessed_date # The last date that this secret was accessed. This value is truncated # to midnight of the date and therefore shows only the date, not the # time. # @return [Time] # # @!attribute [rw] deleted_date # This value exists if the secret is scheduled for deletion. Some time # after the specified date and time, Secrets Manager deletes the # secret and all of its versions. # # If a secret is scheduled for deletion, then its details, including # the encrypted secret information, is not accessible. To cancel a # scheduled deletion and restore access, use RestoreSecret. # @return [Time] # # @!attribute [rw] tags # The list of user-defined tags that are associated with the secret. # To add tags to a secret, use TagResource. To remove tags, use # UntagResource. # @return [Array] # # @!attribute [rw] version_ids_to_stages # A list of all of the currently assigned `VersionStage` staging # labels and the `SecretVersionId` that each is attached to. Staging # labels are used to keep track of the different versions during the # rotation process. # # A version that does not have any staging labels attached is # considered deprecated and subject to deletion. Such versions are not # included in this list. # # # @return [Hash>] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretResponse AWS API Documentation # class DescribeSecretResponse < Struct.new( :arn, :name, :description, :kms_key_id, :rotation_enabled, :rotation_lambda_arn, :rotation_rules, :last_rotated_date, :last_changed_date, :last_accessed_date, :deleted_date, :tags, :version_ids_to_stages) include Aws::Structure end # @note When making an API call, you may pass GetRandomPasswordRequest # data as a hash: # # { # password_length: 1, # exclude_characters: "ExcludeCharactersType", # exclude_numbers: false, # exclude_punctuation: false, # exclude_uppercase: false, # exclude_lowercase: false, # include_space: false, # require_each_included_type: false, # } # # @!attribute [rw] password_length # The desired length of the generated password. The default value if # you do not include this parameter is 32 characters. # @return [Integer] # # @!attribute [rw] exclude_characters # A string that includes characters that should not be included in the # generated password. The default is that all characters from the # included sets can be used. # @return [String] # # @!attribute [rw] exclude_numbers # Specifies that the generated password should not include digits. The # default if you do not include this switch parameter is that digits # can be included. # @return [Boolean] # # @!attribute [rw] exclude_punctuation # Specifies that the generated password should not include punctuation # characters. The default if you do not include this switch parameter # is that punctuation characters can be included. # @return [Boolean] # # @!attribute [rw] exclude_uppercase # Specifies that the generated password should not include uppercase # letters. The default if you do not include this switch parameter is # that uppercase letters can be included. # @return [Boolean] # # @!attribute [rw] exclude_lowercase # Specifies that the generated password should not include lowercase # letters. The default if you do not include this switch parameter is # that lowercase letters can be included. # @return [Boolean] # # @!attribute [rw] include_space # Specifies that the generated password can include the space # character. The default if you do not include this switch parameter # is that the space character is not included. # @return [Boolean] # # @!attribute [rw] require_each_included_type # A boolean value that specifies whether the generated password must # include at least one of every allowed character type. The default # value is `True` and the operation requires at least one of every # character type. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPasswordRequest AWS API Documentation # class GetRandomPasswordRequest < Struct.new( :password_length, :exclude_characters, :exclude_numbers, :exclude_punctuation, :exclude_uppercase, :exclude_lowercase, :include_space, :require_each_included_type) include Aws::Structure end # @!attribute [rw] random_password # A string with the generated password. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPasswordResponse AWS API Documentation # class GetRandomPasswordResponse < Struct.new( :random_password) include Aws::Structure end # @note When making an API call, you may pass GetSecretValueRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # version_id: "SecretVersionIdType", # version_stage: "SecretVersionStageType", # } # # @!attribute [rw] secret_id # Specifies the secret containing the version that you want to # retrieve. You can specify either the Amazon Resource Name (ARN) or # the friendly name of the secret. # @return [String] # # @!attribute [rw] version_id # Specifies the unique identifier of the version of the secret that # you want to retrieve. If you specify this parameter then don't # specify `VersionStage`. If you don't specify either a # `VersionStage` or `SecretVersionId` then the default is to perform # the operation on the version with the `VersionStage` value of # `AWSCURRENT`. # # This value is typically a [UUID-type][1] value with 32 hexadecimal # digits. # # # # [1]: https://wikipedia.org/wiki/Universally_unique_identifier # @return [String] # # @!attribute [rw] version_stage # Specifies the secret version that you want to retrieve by the # staging label attached to the version. # # Staging labels are used to keep track of different versions during # the rotation process. If you use this parameter then don't specify # `SecretVersionId`. If you don't specify either a `VersionStage` or # `SecretVersionId`, then the default is to perform the operation on # the version with the `VersionStage` value of `AWSCURRENT`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValueRequest AWS API Documentation # class GetSecretValueRequest < Struct.new( :secret_id, :version_id, :version_stage) include Aws::Structure end # @!attribute [rw] arn # The ARN of the secret. # @return [String] # # @!attribute [rw] name # The friendly name of the secret. # @return [String] # # @!attribute [rw] version_id # The unique identifier of this version of the secret. # @return [String] # # @!attribute [rw] secret_binary # The decrypted part of the protected secret information that was # originally provided as binary data in the form of a byte array. The # response parameter represents the binary data as a # [base64-encoded][1] string. # # This parameter is not used if the secret is created by the Secrets # Manager console. # # If you store custom information in this field of the secret, then # you must code your Lambda rotation function to parse and interpret # whatever you store in the `SecretString` or `SecretBinary` fields. # # # # [1]: https://tools.ietf.org/html/rfc4648#section-4 # @return [String] # # @!attribute [rw] secret_string # The decrypted part of the protected secret information that was # originally provided as a string. # # If you create this secret by using the Secrets Manager console then # only the `SecretString` parameter contains data. Secrets Manager # stores the information as a JSON structure of key/value pairs that # the Lambda rotation function knows how to parse. # # If you store custom information in the secret by using the # CreateSecret, UpdateSecret, or PutSecretValue API operations instead # of the AWS Secrets Manager console, or by using the **Other secret # type** in the console, then you must code your Lambda rotation # function to parse and interpret those values. # @return [String] # # @!attribute [rw] version_stages # A list of all of the staging labels currently attached to this # version of the secret. # @return [Array] # # @!attribute [rw] created_date # The date and time that this version of the secret was created. # @return [Time] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValueResponse AWS API Documentation # class GetSecretValueResponse < Struct.new( :arn, :name, :version_id, :secret_binary, :secret_string, :version_stages, :created_date) include Aws::Structure end # @note When making an API call, you may pass ListSecretVersionIdsRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # max_results: 1, # next_token: "NextTokenType", # include_deprecated: false, # } # # @!attribute [rw] secret_id # The identifier for the secret containing the versions you want to # list. You can specify either the Amazon Resource Name (ARN) or the # friendly name of the secret. # @return [String] # # @!attribute [rw] max_results # (Optional) Limits the number of results that you want to include in # the response. If you don't include this parameter, it defaults to a # value that's specific to the operation. If additional items exist # beyond the maximum you specify, the `NextToken` response element is # present and has a value (isn't null). Include that value as the # `NextToken` request parameter in the next call to the operation to # get the next part of the results. Note that AWS Secrets Manager # might return fewer results than the maximum even when there are more # results available. You should check `NextToken` after every # operation to ensure that you receive all of the results. # @return [Integer] # # @!attribute [rw] next_token # (Optional) Use this parameter in a request if you receive a # `NextToken` response in a previous request that indicates that # there's more output available. In a subsequent call, set it to the # value of the previous call's `NextToken` response to indicate where # the output should continue from. # @return [String] # # @!attribute [rw] include_deprecated # (Optional) Specifies that you want the results to include versions # that do not have any staging labels attached to them. Such versions # are considered deprecated and are subject to deletion by Secrets # Manager as needed. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIdsRequest AWS API Documentation # class ListSecretVersionIdsRequest < Struct.new( :secret_id, :max_results, :next_token, :include_deprecated) include Aws::Structure end # @!attribute [rw] versions # The list of the currently available versions of the specified # secret. # @return [Array] # # @!attribute [rw] next_token # If present in the response, this value indicates that there's more # output available than what's included in the current response. This # can occur even when the response includes no values at all, such as # when you ask for a filtered view of a very long list. Use this value # in the `NextToken` request parameter in a subsequent call to the # operation to continue processing and get the next part of the # output. You should repeat this until the `NextToken` response # element comes back empty (as `null`). # @return [String] # # @!attribute [rw] arn # The Amazon Resource Name (ARN) for the secret. # # AWS Secrets Manager automatically adds several random characters to # the name at the end of the ARN when you initially create a secret. # This affects only the ARN and not the actual friendly name. This # ensures that if you create a new secret with the same name as an old # secret that you previously deleted, then users with access to the # old secret *don't* automatically get access to the new secret # because the ARNs are different. # # # @return [String] # # @!attribute [rw] name # The friendly name of the secret. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIdsResponse AWS API Documentation # class ListSecretVersionIdsResponse < Struct.new( :versions, :next_token, :arn, :name) include Aws::Structure end # @note When making an API call, you may pass ListSecretsRequest # data as a hash: # # { # max_results: 1, # next_token: "NextTokenType", # } # # @!attribute [rw] max_results # (Optional) Limits the number of results that you want to include in # the response. If you don't include this parameter, it defaults to a # value that's specific to the operation. If additional items exist # beyond the maximum you specify, the `NextToken` response element is # present and has a value (isn't null). Include that value as the # `NextToken` request parameter in the next call to the operation to # get the next part of the results. Note that AWS Secrets Manager # might return fewer results than the maximum even when there are more # results available. You should check `NextToken` after every # operation to ensure that you receive all of the results. # @return [Integer] # # @!attribute [rw] next_token # (Optional) Use this parameter in a request if you receive a # `NextToken` response in a previous request that indicates that # there's more output available. In a subsequent call, set it to the # value of the previous call's `NextToken` response to indicate where # the output should continue from. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretsRequest AWS API Documentation # class ListSecretsRequest < Struct.new( :max_results, :next_token) include Aws::Structure end # @!attribute [rw] secret_list # A list of the secrets in the account. # @return [Array] # # @!attribute [rw] next_token # If present in the response, this value indicates that there's more # output available than what's included in the current response. This # can occur even when the response includes no values at all, such as # when you ask for a filtered view of a very long list. Use this value # in the `NextToken` request parameter in a subsequent call to the # operation to continue processing and get the next part of the # output. You should repeat this until the `NextToken` response # element comes back empty (as `null`). # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretsResponse AWS API Documentation # class ListSecretsResponse < Struct.new( :secret_list, :next_token) include Aws::Structure end # @note When making an API call, you may pass PutSecretValueRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # client_request_token: "ClientRequestTokenType", # secret_binary: "data", # secret_string: "SecretStringType", # version_stages: ["SecretVersionStageType"], # } # # @!attribute [rw] secret_id # Specifies the secret to which you want to add a new version. You can # specify either the Amazon Resource Name (ARN) or the friendly name # of the secret. The secret must already exist. # # The secret name can consist of uppercase letters, lowercase letters, # digits, and any of the following characters: /\_+=.@-    Spaces are # not permitted. # @return [String] # # @!attribute [rw] client_request_token # (Optional) Specifies a unique identifier for the new version of the # secret. # # If you use the AWS CLI or one of the AWS SDK to call this operation, # then you can leave this parameter empty. The CLI or SDK generates a # random UUID for you and includes that in the request. If you don't # use the SDK and instead generate a raw HTTP request to the AWS # Secrets Manager service endpoint, then you must generate a # `ClientRequestToken` yourself for new versions and include that # value in the request. # # # # This value helps ensure idempotency. Secrets Manager uses this value # to prevent the accidental creation of duplicate versions if there # are failures and retries during the Lambda rotation function's # processing. We recommend that you generate a [UUID-type][1] value to # ensure uniqueness within the specified secret. # # * If the `ClientRequestToken` value isn't already associated with a # version of the secret then a new version of the secret is created. # # * If a version with this value already exists and that version's # `SecretString` or `SecretBinary` values are the same as those in # the request then the request is ignored (the operation is # idempotent). # # * If a version with this value already exists and that version's # `SecretString` and `SecretBinary` values are different from those # in the request then the request fails because you cannot modify an # existing secret version. You can only create new versions to store # new secret values. # # This value becomes the `SecretVersionId` of the new version. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option. # # # # [1]: https://wikipedia.org/wiki/Universally_unique_identifier # @return [String] # # @!attribute [rw] secret_binary # (Optional) Specifies binary data that you want to encrypt and store # in the new version of the secret. To use this parameter in the # command-line tools, we recommend that you store your binary data in # a file and then use the appropriate technique for your tool to pass # the contents of the file as a parameter. Either `SecretBinary` or # `SecretString` must have a value. They cannot both be empty. # # This parameter is not accessible if the secret using the Secrets # Manager console. # @return [String] # # @!attribute [rw] secret_string # (Optional) Specifies text data that you want to encrypt and store in # this new version of the secret. Either `SecretString` or # `SecretBinary` must have a value. They cannot both be empty. # # If you create this secret by using the Secrets Manager console then # Secrets Manager puts the protected secret text in only the # `SecretString` parameter. The Secrets Manager console stores the # information as a JSON structure of key/value pairs that the default # Lambda rotation function knows how to parse. # # For storing multiple values, we recommend that you use a JSON text # string argument and specify key/value pairs. For information on how # to format a JSON parameter for the various command line tool # environments, see [Using JSON for Parameters][1] in the *AWS CLI # User Guide*. # # # # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json # @return [String] # # @!attribute [rw] version_stages # (Optional) Specifies a list of staging labels that are attached to # this version of the secret. These staging labels are used to track # the versions through the rotation process by the Lambda rotation # function. # # A staging label must be unique to a single version of the secret. If # you specify a staging label that's already associated with a # different version of the same secret then that staging label is # automatically removed from the other version and attached to this # version. # # If you do not specify a value for `VersionStages` then AWS Secrets # Manager automatically moves the staging label `AWSCURRENT` to this # new version. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueRequest AWS API Documentation # class PutSecretValueRequest < Struct.new( :secret_id, :client_request_token, :secret_binary, :secret_string, :version_stages) include Aws::Structure end # @!attribute [rw] arn # The Amazon Resource Name (ARN) for the secret for which you just # created a version. # @return [String] # # @!attribute [rw] name # The friendly name of the secret for which you just created or # updated a version. # @return [String] # # @!attribute [rw] version_id # The unique identifier of the version of the secret you just created # or updated. # @return [String] # # @!attribute [rw] version_stages # The list of staging labels that are currently attached to this # version of the secret. Staging labels are used to track a version as # it progresses through the secret rotation process. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValueResponse AWS API Documentation # class PutSecretValueResponse < Struct.new( :arn, :name, :version_id, :version_stages) include Aws::Structure end # @note When making an API call, you may pass RestoreSecretRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # } # # @!attribute [rw] secret_id # Specifies the secret that you want to restore from a previously # scheduled deletion. You can specify either the Amazon Resource Name # (ARN) or the friendly name of the secret. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecretRequest AWS API Documentation # class RestoreSecretRequest < Struct.new( :secret_id) include Aws::Structure end # @!attribute [rw] arn # The ARN of the secret that was restored. # @return [String] # # @!attribute [rw] name # The friendly name of the secret that was restored. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecretResponse AWS API Documentation # class RestoreSecretResponse < Struct.new( :arn, :name) include Aws::Structure end # @note When making an API call, you may pass RotateSecretRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # client_request_token: "ClientRequestTokenType", # rotation_lambda_arn: "RotationLambdaARNType", # rotation_rules: { # automatically_after_days: 1, # }, # } # # @!attribute [rw] secret_id # Specifies the secret that you want to rotate. You can specify either # the Amazon Resource Name (ARN) or the friendly name of the secret. # @return [String] # # @!attribute [rw] client_request_token # (Optional) Specifies a unique identifier for the new version of the # secret that helps ensure idempotency. # # If you use the AWS CLI or one of the AWS SDK to call this operation, # then you can leave this parameter empty. The CLI or SDK generates a # random UUID for you and includes that in the request for this # parameter. If you don't use the SDK and instead generate a raw HTTP # request to the AWS Secrets Manager service endpoint, then you must # generate a `ClientRequestToken` yourself for new versions and # include that value in the request. # # You only need to specify your own value if you are implementing your # own retry logic and want to ensure that a given secret is not # created twice. We recommend that you generate a [UUID-type][1] value # to ensure uniqueness within the specified secret. # # Secrets Manager uses this value to prevent the accidental creation # of duplicate versions if there are failures and retries during the # function's processing. # # * If the `ClientRequestToken` value isn't already associated with a # version of the secret then a new version of the secret is created. # # * If a version with this value already exists and that version's # `SecretString` and `SecretBinary` values are the same as the # request, then the request is ignored (the operation is # idempotent). # # * If a version with this value already exists and that version's # `SecretString` and `SecretBinary` values are different from the # request then an error occurs because you cannot modify an existing # secret value. # # This value becomes the `SecretVersionId` of the new version. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option. # # # # [1]: https://wikipedia.org/wiki/Universally_unique_identifier # @return [String] # # @!attribute [rw] rotation_lambda_arn # (Optional) Specifies the ARN of the Lambda function that can rotate # the secret. # @return [String] # # @!attribute [rw] rotation_rules # A structure that defines the rotation configuration for this secret. # @return [Types::RotationRulesType] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation # class RotateSecretRequest < Struct.new( :secret_id, :client_request_token, :rotation_lambda_arn, :rotation_rules) include Aws::Structure end # @!attribute [rw] arn # The ARN of the secret. # @return [String] # # @!attribute [rw] name # The friendly name of the secret. # @return [String] # # @!attribute [rw] version_id # The ID of the new version of the secret created by the rotation # started by this request. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretResponse AWS API Documentation # class RotateSecretResponse < Struct.new( :arn, :name, :version_id) include Aws::Structure end # A structure that defines the rotation configuration for the secret. # # @note When making an API call, you may pass RotationRulesType # data as a hash: # # { # automatically_after_days: 1, # } # # @!attribute [rw] automatically_after_days # Specifies the number of days between automatic scheduled rotations # of the secret. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotationRulesType AWS API Documentation # class RotationRulesType < Struct.new( :automatically_after_days) include Aws::Structure end # A structure that contains the details about a secret. It does not # include the encrypted `SecretString` and `SecretBinary` values. To get # those values, use the GetSecretValue operation. # # @!attribute [rw] arn # The Amazon Resource Name (ARN) of the secret. # # For more information about ARNs in AWS Secrets Manager, see [Policy # Resources][1] in the *AWS Secrets Manager User Guide*. # # # # [1]: http://docs.aws.amazon.com/http:/docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources # @return [String] # # @!attribute [rw] name # The friendly name of the secret. You can use forward slashes in the # name to represent a path hierarchy. For example, # `/prod/databases/dbserver1` could represent the secret for a server # named `dbserver1` in the folder `databases` in the folder `prod`. # @return [String] # # @!attribute [rw] description # The user-provided description of the secret. # @return [String] # # @!attribute [rw] kms_key_id # The ARN or alias of the AWS KMS customer master key (CMK) that's # used to encrypt the `SecretString` and `SecretBinary` fields in each # version of the secret. If you don't provide a key, then AWS Secrets # Manager defaults to encrypting the secret fields with the default # KMS CMK (the one named `awssecretsmanager`) for this account. # @return [String] # # @!attribute [rw] rotation_enabled # Indicated whether automatic, scheduled rotation is enabled for this # secret. # @return [Boolean] # # @!attribute [rw] rotation_lambda_arn # The ARN of an AWS Lambda function that's invoked by AWS Secrets # Manager to rotate and expire the secret either automatically per the # schedule or manually by a call to RotateSecret. # @return [String] # # @!attribute [rw] rotation_rules # A structure that defines the rotation configuration for the secret. # @return [Types::RotationRulesType] # # @!attribute [rw] last_rotated_date # The last date and time that the rotation process for this secret was # invoked. # @return [Time] # # @!attribute [rw] last_changed_date # The last date and time that this secret was modified in any way. # @return [Time] # # @!attribute [rw] last_accessed_date # The last date that this secret was accessed. This value is truncated # to midnight of the date and therefore shows only the date, not the # time. # @return [Time] # # @!attribute [rw] deleted_date # The date and time on which this secret was deleted. Not present on # active secrets. The secret can be recovered until the number of days # in the recovery window has passed, as specified in the # `RecoveryWindowInDays` parameter of the DeleteSecret operation. # @return [Time] # # @!attribute [rw] tags # The list of user-defined tags that are associated with the secret. # To add tags to a secret, use TagResource. To remove tags, use # UntagResource. # @return [Array] # # @!attribute [rw] secret_versions_to_stages # A list of all of the currently assigned `SecretVersionStage` staging # labels and the `SecretVersionId` that each is attached to. Staging # labels are used to keep track of the different versions during the # rotation process. # # A version that does not have any `SecretVersionStage` is considered # deprecated and subject to deletion. Such versions are not included # in this list. # # # @return [Hash>] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretListEntry AWS API Documentation # class SecretListEntry < Struct.new( :arn, :name, :description, :kms_key_id, :rotation_enabled, :rotation_lambda_arn, :rotation_rules, :last_rotated_date, :last_changed_date, :last_accessed_date, :deleted_date, :tags, :secret_versions_to_stages) include Aws::Structure end # A structure that contains information about one version of a secret. # # @!attribute [rw] version_id # The unique version identifier of this version of the secret. # @return [String] # # @!attribute [rw] version_stages # An array of staging labels that are currently associated with this # version of the secret. # @return [Array] # # @!attribute [rw] last_accessed_date # The date that this version of the secret was last accessed. Note # that the resolution of this field is at the date level and does not # include the time. # @return [Time] # # @!attribute [rw] created_date # The date and time this version of the secret was created. # @return [Time] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretVersionsListEntry AWS API Documentation # class SecretVersionsListEntry < Struct.new( :version_id, :version_stages, :last_accessed_date, :created_date) include Aws::Structure end # A structure that contains information about a tag. # # @note When making an API call, you may pass Tag # data as a hash: # # { # key: "TagKeyType", # value: "TagValueType", # } # # @!attribute [rw] key # The key identifier, or name, of the tag. # @return [String] # # @!attribute [rw] value # The string value that's associated with the key of the tag. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Tag AWS API Documentation # class Tag < Struct.new( :key, :value) include Aws::Structure end # @note When making an API call, you may pass TagResourceRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # tags: [ # required # { # key: "TagKeyType", # value: "TagValueType", # }, # ], # } # # @!attribute [rw] secret_id # The identifier for the secret that you want to attach tags to. You # can specify either the Amazon Resource Name (ARN) or the friendly # name of the secret. # @return [String] # # @!attribute [rw] tags # The tags to attach to the secret. Each element in the list consists # of a `Key` and a `Value`. # # This parameter to the API requires a JSON text string argument. For # information on how to format a JSON parameter for the various # command line tool environments, see [Using JSON for Parameters][1] # in the *AWS CLI User Guide*. For the AWS CLI, you can also use the # syntax: `--Tags # Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]` # # # # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResourceRequest AWS API Documentation # class TagResourceRequest < Struct.new( :secret_id, :tags) include Aws::Structure end # @note When making an API call, you may pass UntagResourceRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # tag_keys: ["TagKeyType"], # required # } # # @!attribute [rw] secret_id # The identifier for the secret that you want to remove tags from. You # can specify either the Amazon Resource Name (ARN) or the friendly # name of the secret. # @return [String] # # @!attribute [rw] tag_keys # A list of tag key names to remove from the secret. You don't # specify the value. Both the key and its associated value are # removed. # # This parameter to the API requires a JSON text string argument. For # information on how to format a JSON parameter for the various # command line tool environments, see [Using JSON for Parameters][1] # in the *AWS CLI User Guide*. # # # # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResourceRequest AWS API Documentation # class UntagResourceRequest < Struct.new( :secret_id, :tag_keys) include Aws::Structure end # @note When making an API call, you may pass UpdateSecretRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # client_request_token: "ClientRequestTokenType", # description: "DescriptionType", # kms_key_id: "KmsKeyIdType", # secret_binary: "data", # secret_string: "SecretStringType", # } # # @!attribute [rw] secret_id # Specifies the secret that you want to update or to which you want to # add a new version. You can specify either the Amazon Resource Name # (ARN) or the friendly name of the secret. # @return [String] # # @!attribute [rw] client_request_token # (Optional) If you want to add a new version to the secret, this # parameter specifies a unique identifier for the new version that # helps ensure idempotency. # # If you use the AWS CLI or one of the AWS SDK to call this operation, # then you can leave this parameter empty. The CLI or SDK generates a # random UUID for you and includes that in the request. If you don't # use the SDK and instead generate a raw HTTP request to the AWS # Secrets Manager service endpoint, then you must generate a # `ClientRequestToken` yourself for new versions and include that # value in the request. # # You typically only need to interact with this value if you implement # your own retry logic and want to ensure that a given secret is not # created twice. We recommend that you generate a [UUID-type][1] value # to ensure uniqueness within the specified secret. # # Secrets Manager uses this value to prevent the accidental creation # of duplicate versions if there are failures and retries during the # Lambda rotation function's processing. # # * If the `ClientRequestToken` value isn't already associated with a # version of the secret then a new version of the secret is created. # # * If a version with this value already exists and that version's # `SecretString` and `SecretBinary` values are the same as those in # the request then the request is ignored (the operation is # idempotent). # # * If a version with this value already exists and that version's # `SecretString` and `SecretBinary` values are different from the # request then an error occurs because you cannot modify an existing # secret value. # # This value becomes the `SecretVersionId` of the new version. # # **A suitable default value is auto-generated.** You should normally # not need to pass this option. # # # # [1]: https://wikipedia.org/wiki/Universally_unique_identifier # @return [String] # # @!attribute [rw] description # (Optional) Specifies a user-provided description of the secret. # @return [String] # # @!attribute [rw] kms_key_id # (Optional) Specifies the ARN or alias of the KMS customer master key # (CMK) to be used to encrypt the protected text in the versions of # this secret. # # If you don't specify this value, then Secrets Manager defaults to # using the default CMK in the account (the one named # `aws/secretsmanager`). If a KMS CMK with that name doesn't exist, # then AWS Secrets Manager creates it for you automatically the first # time it needs to encrypt a version's `Plaintext` or # `PlaintextString` fields. # # You can only use the account's default CMK to encrypt and decrypt # if you call this operation using credentials from the same account # that owns the secret. If the secret is in a different account, then # you must create a custom CMK and provide the ARN in this field. # @return [String] # # @!attribute [rw] secret_binary # (Optional) Specifies binary data that you want to encrypt and store # in the new version of the secret. To use this parameter in the # command-line tools, we recommend that you store your binary data in # a file and then use the appropriate technique for your tool to pass # the contents of the file as a parameter. Either `SecretBinary` or # `SecretString` must have a value. They cannot both be empty. # # This parameter is not accessible using the Secrets Manager console. # @return [String] # # @!attribute [rw] secret_string # (Optional) Specifies text data that you want to encrypt and store in # this new version of the secret. Either `SecretBinary` or # `SecretString` must have a value. They cannot both be empty. # # If you create this secret by using the Secrets Manager console then # Secrets Manager puts the protected secret text in only the # `SecretString` parameter. The Secrets Manager console stores the # information as a JSON structure of key/value pairs that the default # Lambda rotation function knows how to parse. # # For storing multiple values, we recommend that you use a JSON text # string argument and specify key/value pairs. For information on how # to format a JSON parameter for the various command line tool # environments, see [Using JSON for Parameters][1] in the *AWS CLI # User Guide*. # # # # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretRequest AWS API Documentation # class UpdateSecretRequest < Struct.new( :secret_id, :client_request_token, :description, :kms_key_id, :secret_binary, :secret_string) include Aws::Structure end # @!attribute [rw] arn # The ARN of this secret. # # AWS Secrets Manager automatically adds several random characters to # the name at the end of the ARN when you initially create a secret. # This affects only the ARN and not the actual friendly name. This # ensures that if you create a new secret with the same name as an old # secret that you previously deleted, then users with access to the # old secret *don't* automatically get access to the new secret # because the ARNs are different. # # # @return [String] # # @!attribute [rw] name # The friendly name of this secret. # @return [String] # # @!attribute [rw] version_id # If a version of the secret was created or updated by this operation, # then its unique identifier is returned. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretResponse AWS API Documentation # class UpdateSecretResponse < Struct.new( :arn, :name, :version_id) include Aws::Structure end # @note When making an API call, you may pass UpdateSecretVersionStageRequest # data as a hash: # # { # secret_id: "SecretIdType", # required # version_stage: "SecretVersionStageType", # required # remove_from_version_id: "SecretVersionIdType", # move_to_version_id: "SecretVersionIdType", # } # # @!attribute [rw] secret_id # Specifies the secret with the version whose list of staging labels # you want to modify. You can specify either the Amazon Resource Name # (ARN) or the friendly name of the secret. # @return [String] # # @!attribute [rw] version_stage # The list of staging labels to add to this version. # @return [String] # # @!attribute [rw] remove_from_version_id # (Optional) Specifies the secret version ID of the version that the # staging labels are to be removed from. # # If you want to move a label to a new version, you do not have to # explicitly remove it with this parameter. Adding a label using the # `MoveToVersionId` parameter automatically removes it from the old # version. However, if you do include both the "MoveTo" and # "RemoveFrom" parameters, then the move is successful only if the # staging labels are actually present on the "RemoveFrom" version. # If a staging label was on a different version than "RemoveFrom", # then the request fails. # @return [String] # # @!attribute [rw] move_to_version_id # (Optional) The secret version ID that you want to add the staging # labels to. # # If any of the staging labels are already attached to a different # version of the secret, then they are removed from that version # before adding them to this version. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageRequest AWS API Documentation # class UpdateSecretVersionStageRequest < Struct.new( :secret_id, :version_stage, :remove_from_version_id, :move_to_version_id) include Aws::Structure end # @!attribute [rw] arn # The ARN of the secret with the staging labels that were modified. # @return [String] # # @!attribute [rw] name # The friendly name of the secret with the staging labels that were # modified. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStageResponse AWS API Documentation # class UpdateSecretVersionStageResponse < Struct.new( :arn, :name) include Aws::Structure end end end