lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.49.0 vs lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.50.0

- old
+ new

@@ -390,31 +390,13 @@ # @option params [required, String] :secret_id # Specifies the secret to cancel a rotation request. You can specify # either the Amazon Resource Name (ARN) or the friendly name of the # secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @return [Types::CancelRotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::CancelRotateSecretResponse#arn #arn} => String # * {Types::CancelRotateSecretResponse#name #name} => String # * {Types::CancelRotateSecretResponse#version_id #version_id} => String @@ -652,25 +634,18 @@ # `SecretString` parameter. The Secrets Manager console stores the # information as a JSON structure of key/value pairs that the Lambda # rotation function knows how to parse. # # For storing multiple values, we recommend that you use a JSON text - # string argument and specify key/value pairs. For information on how to - # format a JSON parameter for the various command line tool - # environments, see [Using JSON for Parameters][1] in the *CLI User - # Guide*. For example: + # string argument and specify key/value pairs. For more information, see + # [Specifying parameter values for the Amazon Web Services CLI][1] in + # the Amazon Web Services CLI User Guide. # - # `\{"username":"bob","password":"abc123xyz456"\}` # - # If your command-line tool or SDK requires quotation marks around the - # parameter, you should use single quotes to avoid confusion with the - # double quotes required in the JSON text. # + # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html # - # - # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json - # # @option params [Array<Types::Tag>] :tags # (Optional) Specifies a list of user-defined tags that are attached to # the secret. Each tag is a "Key" and "Value" pair of strings. This # operation only appends tags to the existing list of tags. To remove # tags, you must use UntagResource. @@ -823,31 +798,13 @@ # @option params [required, String] :secret_id # Specifies the secret that you want to delete the attached # resource-based policy for. You can specify either the Amazon Resource # Name (ARN) or the friendly name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @return [Types::DeleteResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::DeleteResourcePolicyResponse#arn #arn} => String # * {Types::DeleteResourcePolicyResponse#name #name} => String # @@ -932,31 +889,13 @@ # # @option params [required, String] :secret_id # Specifies the secret to delete. You can specify either the Amazon # Resource Name (ARN) or the friendly name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [Integer] :recovery_window_in_days # (Optional) Specifies the number of days that Secrets Manager waits # before Secrets Manager can delete the secret. You can't use both this # parameter and the `ForceDeleteWithoutRecovery` parameter in the same # API call. @@ -1060,31 +999,13 @@ # @option params [required, String] :secret_id # The identifier of the secret whose details you want to retrieve. You # can specify either the Amazon Resource Name (ARN) or the friendly name # of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @return [Types::DescribeSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::DescribeSecretResponse#arn #arn} => String # * {Types::DescribeSecretResponse#name #name} => String # * {Types::DescribeSecretResponse#description #description} => String @@ -1323,31 +1244,13 @@ # @option params [required, String] :secret_id # Specifies the secret that you want to retrieve the attached # resource-based policy for. You can specify either the Amazon Resource # Name (ARN) or the friendly name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @return [Types::GetResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::GetResourcePolicyResponse#arn #arn} => String # * {Types::GetResourcePolicyResponse#name #name} => String # * {Types::GetResourcePolicyResponse#resource_policy #resource_policy} => String @@ -1415,31 +1318,13 @@ # @option params [required, String] :secret_id # Specifies the secret containing the version that you want to retrieve. # You can specify either the Amazon Resource Name (ARN) or the friendly # name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [String] :version_id # Specifies the unique identifier of the version of the secret that you # want to retrieve. If you specify both this parameter and # `VersionStage`, the two parameters must refer to the same secret # version. If you don't specify either a `VersionStage` or `VersionId` @@ -1557,31 +1442,13 @@ # @option params [required, String] :secret_id # The identifier for the secret containing the versions you want to # list. You can specify either the Amazon Resource Name (ARN) or the # friendly name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [Integer] :max_results # (Optional) Limits the number of results you want to include in the # response. If you don't include this parameter, it defaults to a value # that's specific to the operation. If additional items exist beyond # the maximum you specify, the `NextToken` response element is present @@ -1866,31 +1733,13 @@ # @option params [required, String] :secret_id # Specifies the secret that you want to attach the resource-based # policy. You can specify either the ARN or the friendly name of the # secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [required, String] :resource_policy # A JSON-formatted string constructed according to the grammar and # syntax for an Amazon Web Services resource-based policy. The policy in # the string identifies who can access or manage this secret and its # versions. For information on how to format a JSON parameter for the @@ -1953,16 +1802,19 @@ # this, the operation creates a new version and attaches it to the # secret. The version can contain a new `SecretString` value or a new # `SecretBinary` value. You can also specify the staging labels that are # initially attached to the new version. # - # <note markdown="1"> The Secrets Manager console uses only the `SecretString` field. To add - # binary data to a secret with the `SecretBinary` field you must use the - # Amazon Web Services CLI or one of the Amazon Web Services SDKs. + # We recommend you avoid calling `PutSecretValue` at a sustained rate of + # more than once every 10 minutes. When you update the secret value, + # Secrets Manager creates a new version of the secret. Secrets Manager + # removes outdated versions when there are more than 100, but it does + # not remove versions created less than 24 hours ago. If you call + # `PutSecretValue` more than once every 10 minutes, you create more + # versions than Secrets Manager removes, and you will reach the quota + # for secret versions. # - # </note> - # # * If this operation creates the first version for the secret then # Secrets Manager automatically attaches the staging label # `AWSCURRENT` to the new version. # # * If you do not specify a value for VersionStages then Secrets Manager @@ -2034,31 +1886,13 @@ # @option params [required, String] :secret_id # Specifies the secret to which you want to add a new version. You can # specify either the Amazon Resource Name (ARN) or the friendly name of # the secret. The secret must already exist. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [String] :client_request_token # (Optional) Specifies a unique identifier for the new version of the # secret. # # <note markdown="1"> If you use the Amazon Web Services CLI or one of the Amazon Web @@ -2122,27 +1956,18 @@ # `SecretString` parameter. The Secrets Manager console stores the # information as a JSON structure of key/value pairs that the default # Lambda rotation function knows how to parse. # # For storing multiple values, we recommend that you use a JSON text - # string argument and specify key/value pairs. For information on how to - # format a JSON parameter for the various command line tool - # environments, see [Using JSON for Parameters][1] in the *CLI User - # Guide*. + # string argument and specify key/value pairs. For more information, see + # [Specifying parameter values for the Amazon Web Services CLI][1] in + # the Amazon Web Services CLI User Guide. # - # For example: # - # `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]` # - # If your command-line tool or SDK requires quotation marks around the - # parameter, you should use single quotes to avoid confusion with the - # double quotes required in the JSON text. + # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html # - # - # - # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json - # # @option params [Array<String>] :version_stages # (Optional) Specifies a list of staging labels that are attached to # this version of the secret. These staging labels are used to track the # versions through the rotation process by the Lambda rotation function. # @@ -2322,31 +2147,13 @@ # @option params [required, String] :secret_id # Specifies the secret that you want to restore from a previously # scheduled deletion. You can specify either the Amazon Resource Name # (ARN) or the friendly name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @return [Types::RestoreSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::RestoreSecretResponse#arn #arn} => String # * {Types::RestoreSecretResponse#name #name} => String # @@ -2453,31 +2260,13 @@ # # @option params [required, String] :secret_id # Specifies the secret that you want to rotate. You can specify either # the Amazon Resource Name (ARN) or the friendly name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [String] :client_request_token # (Optional) Specifies a unique identifier for the new version of the # secret that helps ensure idempotency. # # If you use the Amazon Web Services CLI or one of the Amazon Web @@ -2624,45 +2413,28 @@ # @option params [required, String] :secret_id # The identifier for the secret that you want to attach tags to. You can # specify either the Amazon Resource Name (ARN) or the friendly name of # the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [required, Array<Types::Tag>] :tags # The tags to attach to the secret. Each element in the list consists of # a `Key` and a `Value`. # - # This parameter to the API requires a JSON text string argument. For - # information on how to format a JSON parameter for the various command - # line tool environments, see [Using JSON for Parameters][1] in the *CLI - # User Guide*. For the CLI, you can also use the syntax: `--Tags - # Key="Key1",Value="Value1" Key="Key2",Value="Value2"[,…]` + # This parameter to the API requires a JSON text string argument. # + # For storing multiple values, we recommend that you use a JSON text + # string argument and specify key/value pairs. For more information, see + # [Specifying parameter values for the Amazon Web Services CLI][1] in + # the Amazon Web Services CLI User Guide. # # - # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json # + # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html + # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # # @example Example: To add tags to a secret # @@ -2732,44 +2504,28 @@ # @option params [required, String] :secret_id # The identifier for the secret that you want to remove tags from. You # can specify either the Amazon Resource Name (ARN) or the friendly name # of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [required, Array<String>] :tag_keys # A list of tag key names to remove from the secret. You don't specify # the value. Both the key and its associated value are removed. # - # This parameter to the API requires a JSON text string argument. For - # information on how to format a JSON parameter for the various command - # line tool environments, see [Using JSON for Parameters][1] in the *CLI - # User Guide*. + # This parameter to the API requires a JSON text string argument. # + # For storing multiple values, we recommend that you use a JSON text + # string argument and specify key/value pairs. For more information, see + # [Specifying parameter values for the Amazon Web Services CLI][1] in + # the Amazon Web Services CLI User Guide. # # - # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json # + # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html + # # @return [Struct] Returns an empty {Seahorse::Client::Response response}. # # # @example Example: To remove tags from a secret # @@ -2798,17 +2554,26 @@ def untag_resource(params = {}, options = {}) req = build_request(:untag_resource, params) req.send_request(options) end - # Modifies many of the details of the specified secret. If you include a - # `ClientRequestToken` and *either* `SecretString` or `SecretBinary` - # then it also creates a new version attached to the secret. + # Modifies many of the details of the specified secret. # - # To modify the rotation configuration of a secret, use RotateSecret + # To change the secret value, you can also use PutSecretValue. + # + # To change the rotation configuration of a secret, use RotateSecret # instead. # + # We recommend you avoid calling `UpdateSecret` at a sustained rate of + # more than once every 10 minutes. When you call `UpdateSecret` to + # update the secret value, Secrets Manager creates a new version of the + # secret. Secrets Manager removes outdated versions when there are more + # than 100, but it does not remove versions created less than 24 hours + # ago. If you update the secret value more than once every 10 minutes, + # you create more versions than Secrets Manager removes, and you will + # reach the quota for secret versions. + # # <note markdown="1"> The Secrets Manager console uses only the `SecretString` parameter and # therefore limits you to encrypting and storing only a text string. To # encrypt and store binary data as part of the version of a secret, you # must use either the Amazon Web Services CLI or one of the Amazon Web # Services SDKs. @@ -2882,31 +2647,13 @@ # @option params [required, String] :secret_id # Specifies the secret that you want to modify or to which you want to # add a new version. You can specify either the Amazon Resource Name # (ARN) or the friendly name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [String] :client_request_token # (Optional) If you want to add a new version to the secret, this # parameter specifies a unique identifier for the new version that helps # ensure idempotency. # @@ -2953,20 +2700,28 @@ # (Optional) Specifies an updated user-provided description of the # secret. # # @option params [String] :kms_key_id # (Optional) Specifies an updated ARN or alias of the Amazon Web - # Services KMS customer master key (CMK) to be used to encrypt the - # protected text in new versions of this secret. + # Services KMS customer master key (CMK) that Secrets Manager uses to + # encrypt the protected text in new versions of this secret as well as + # any existing versions of this secret that have the staging labels + # AWSCURRENT, AWSPENDING, or AWSPREVIOUS. For more information about + # staging labels, see [Staging Labels][1] in the *Amazon Web Services + # Secrets Manager User Guide*. # # You can only use the account's default CMK to encrypt and decrypt if # you call this operation using credentials from the same account that # owns the secret. If the secret is in a different account, then you # must create a custom CMK and provide the ARN of that CMK in this # field. The user making the call must have permissions to both the # secret and the CMK in their respective accounts. # + # + # + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label + # # @option params [String, StringIO, File] :secret_binary # (Optional) Specifies updated binary data that you want to encrypt and # store in the new version of the secret. To use this parameter in the # command-line tools, we recommend that you store your binary data in a # file and then use the appropriate technique for your tool to pass the @@ -2987,30 +2742,18 @@ # `SecretString` parameter. The Secrets Manager console stores the # information as a JSON structure of key/value pairs that the default # Lambda rotation function knows how to parse. # # For storing multiple values, we recommend that you use a JSON text - # string argument and specify key/value pairs. For information on how to - # format a JSON parameter for the various command line tool - # environments, see [Using JSON for Parameters][1] in the *CLI User - # Guide*. For example: + # string argument and specify key/value pairs. For more information, see + # [Specifying parameter values for the Amazon Web Services CLI][1] in + # the Amazon Web Services CLI User Guide. # - # `[\{"username":"bob"\},\{"password":"abc123xyz456"\}]` # - # If your command-line tool or SDK requires quotation marks around the - # parameter, you should use single quotes to avoid confusion with the - # double quotes required in the JSON text. You can also 'escape' the - # double quote character in the embedded JSON text by prefacing each - # with a backslash. For example, the following string is surrounded by - # double-quotes. All of the embedded double quotes are escaped: # - # `"[\{"username":"bob"\},\{"password":"abc123xyz456"\}]"` + # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html # - # - # - # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json - # # @return [Types::UpdateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::UpdateSecretResponse#arn #arn} => String # * {Types::UpdateSecretResponse#name #name} => String # * {Types::UpdateSecretResponse#version_id #version_id} => String @@ -3140,31 +2883,13 @@ # @option params [required, String] :secret_id # Specifies the secret with the version with the list of staging labels # you want to modify. You can specify either the Amazon Resource Name # (ARN) or the friendly name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [required, String] :version_stage # The staging label to add to this version. # # @option params [String] :remove_from_version_id # Specifies the secret version ID of the version that the staging label @@ -3298,31 +3023,13 @@ # @option params [String] :secret_id # (Optional) The identifier of the secret with the resource-based policy # you want to validate. You can specify either the Amazon Resource Name # (ARN) or the friendly name of the secret. # - # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a - # complete ARN. You can specify a partial ARN too—for example, if you - # don’t include the final hyphen and six random characters that Secrets - # Manager adds at the end of the ARN when you created the secret. A - # partial ARN match can work as long as it uniquely matches only one - # secret. However, if your secret has a name that ends in a hyphen - # followed by six characters (before Secrets Manager adds the hyphen and - # six characters to the ARN) and you try to use that as a partial ARN, - # then those characters cause Secrets Manager to assume that you’re - # specifying a complete ARN. This confusion can cause unexpected - # results. To avoid this situation, we recommend that you don’t create - # secret names ending with a hyphen followed by six characters. + # For an ARN, we recommend that you specify a complete ARN rather than a + # partial ARN. # - # If you specify an incomplete ARN without the random suffix, and - # instead provide the 'friendly name', you *must* not include the - # random suffix. If you do include the random suffix added by Secrets - # Manager, you receive either a *ResourceNotFoundException* or an - # *AccessDeniedException* error, depending on your permissions. - # - # </note> - # # @option params [required, String] :resource_policy # A JSON-formatted string constructed according to the grammar and # syntax for an Amazon Web Services resource-based policy. The policy in # the string identifies who can access or manage this secret and its # versions. For information on how to format a JSON parameter for the @@ -3389,10 +3096,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-secretsmanager' - context[:gem_version] = '1.49.0' + context[:gem_version] = '1.50.0' Seahorse::Client::Request.new(handlers, context) end # @api private # @deprecated