lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.64.0 vs lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.65.0

@@ -551,11 +551,13 @@
     # @option params [String] :description
     #   The description of the secret.
     #
     # @option params [String] :kms_key_id
     #   The ARN, key ID, or alias of the KMS key that Secrets Manager uses to
-    #   encrypt the secret value in the secret.
+    #   encrypt the secret value in the secret. An alias is always prefixed by
+    #   `alias/`, for example `alias/aws/secretsmanager`. For more
+    #   information, see [About aliases][1].
     #
     #   To use a KMS key in a different account, use the key ARN or the alias
     #   ARN.
     #
     #   If you don't specify this value, then Secrets Manager uses the key
@@ -566,10 +568,14 @@
     #   If the secret is in a different Amazon Web Services account from the
     #   credentials calling the API, then you can't use `aws/secretsmanager`
     #   to encrypt the secret, and you must create and use a customer managed
     #   KMS key.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html
+    #
     # @option params [String, StringIO, File] :secret_binary
     #   The binary data to encrypt and store in the new version of the secret.
     #   We recommend that you store your binary data in a file and then pass
     #   the contents of the file as a parameter.
     #
@@ -1216,22 +1222,27 @@
     #
     # We recommend that you cache your secret values by using client-side
     # caching. Caching secrets improves speed and reduces your costs. For
     # more information, see [Cache secrets for your applications][1].
     #
+    # To retrieve the previous version of a secret, use `VersionStage` and
+    # specify AWSPREVIOUS. To revert to the previous version of a secret,
+    # call [UpdateSecretVersionStage][2].
+    #
     # <b>Required permissions: </b> `secretsmanager:GetSecretValue`. If the
     # secret is encrypted using a customer-managed key instead of the Amazon
     # Web Services managed key `aws/secretsmanager`, then you also need
     # `kms:Decrypt` permissions for that key. For more information, see [
-    # IAM policy actions for Secrets Manager][2] and [Authentication and
-    # access control in Secrets Manager][3].
+    # IAM policy actions for Secrets Manager][3] and [Authentication and
+    # access control in Secrets Manager][4].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
-    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
-    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [2]: https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to retrieve.
     #
     #   For an ARN, we recommend that you specify a complete ARN rather than a
@@ -2454,23 +2465,10 @@
     # existing version's `VersionId`, the operation results in an error.
     # You can't modify an existing version, you can only create a new
     # version. To remove a version, remove all staging labels from it. See
     # UpdateSecretVersionStage.
     #
-    # If you don't specify an KMS encryption key, Secrets Manager uses the
-    # Amazon Web Services managed key `aws/secretsmanager`. If this key
-    # doesn't already exist in your account, then Secrets Manager creates
-    # it for you automatically. All users and roles in the Amazon Web
-    # Services account automatically have access to use
-    # `aws/secretsmanager`. Creating `aws/secretsmanager` can result in a
-    # one-time significant delay in returning the result.
-    #
-    # If the secret is in a different Amazon Web Services account from the
-    # credentials calling the API, then you can't use `aws/secretsmanager`
-    # to encrypt the secret, and you must create and use a customer managed
-    # key.
-    #
     # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more
     # information, see [ IAM policy actions for Secrets Manager][1] and
     # [Authentication and access control in Secrets Manager][2]. If you use
     # a customer managed key, you must also have `kms:GenerateDataKey` and
     # `kms:Decrypt` permissions on the key. For more information, see [
@@ -2516,15 +2514,27 @@
     # @option params [String] :description
     #   The description of the secret.
     #
     # @option params [String] :kms_key_id
     #   The ARN, key ID, or alias of the KMS key that Secrets Manager uses to
-    #   encrypt new secret versions as well as any existing versions the
+    #   encrypt new secret versions as well as any existing versions with the
     #   staging labels `AWSCURRENT`, `AWSPENDING`, or `AWSPREVIOUS`. For more
     #   information about versions and staging labels, see [Concepts:
     #   Version][1].
     #
+    #   A key alias is always prefixed by `alias/`, for example
+    #   `alias/aws/secretsmanager`. For more information, see [About
+    #   aliases][2].
+    #
+    #   If you set this to an empty string, Secrets Manager uses the Amazon
+    #   Web Services managed key `aws/secretsmanager`. If this key doesn't
+    #   already exist in your account, then Secrets Manager creates it for you
+    #   automatically. All users and roles in the Amazon Web Services account
+    #   automatically have access to use `aws/secretsmanager`. Creating
+    #   `aws/secretsmanager` can result in a one-time significant delay in
+    #   returning the result.
+    #
     #   You can only use the Amazon Web Services managed key
     #   `aws/secretsmanager` if you call this operation using credentials from
     #   the same Amazon Web Services account that owns the secret. If the
     #   secret is in a different account, then you must use a customer managed
     #   key and provide the ARN of that KMS key in this field. The user making
@@ -2532,10 +2542,11 @@
     #   their respective accounts.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html
     #
     # @option params [String, StringIO, File] :secret_binary
     #   The binary data to encrypt and store in the new version of the secret.
     #   We recommend that you store your binary data in a file and then pass
     #   the contents of the file as a parameter.
@@ -2877,10 +2888,10 @@
         operation: config.api.operation(operation_name),
         client: self,
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.64.0'
+      context[:gem_version] = '1.65.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 
     # @api private
     # @deprecated