lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.65.0 vs lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.66.0

- old
+ new

@@ -374,19 +374,25 @@ # change staging labels. For more information, see [How rotation # works][1]. # # To turn on automatic rotation again, call RotateSecret. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][2]. + # # <b>Required permissions: </b> `secretsmanager:CancelRotateSecret`. For - # more information, see [ IAM policy actions for Secrets Manager][2] and - # [Authentication and access control in Secrets Manager][3]. + # more information, see [ IAM policy actions for Secrets Manager][3] and + # [Authentication and access control in Secrets Manager][4]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -473,26 +479,33 @@ # If the secret is in a different Amazon Web Services account from the # credentials calling the API, then you can't use `aws/secretsmanager` # to encrypt the secret, and you must create and use a customer managed # KMS key. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # except `SecretBinary` or `SecretString` because it might be logged. + # For more information, see [Logging Secrets Manager events with + # CloudTrail][3]. + # # <b>Required permissions: </b> `secretsmanager:CreateSecret`. If you # include tags in the secret, you also need # `secretsmanager:TagResource`. For more information, see [ IAM policy - # actions for Secrets Manager][3] and [Authentication and access control - # in Secrets Manager][4]. + # actions for Secrets Manager][4] and [Authentication and access control + # in Secrets Manager][5]. # # To encrypt the secret with a KMS key other than `aws/secretsmanager`, # you need `kms:GenerateDataKey` and `kms:Decrypt` permission to the # key. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :name # The name of the new secret. # # The secret name can contain ASCII letters, numbers, and the following @@ -728,18 +741,24 @@ end # Deletes the resource-based permission policy attached to the secret. # To attach a policy to a secret, use PutResourcePolicy. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][1]. + # # <b>Required permissions: </b> `secretsmanager:DeleteResourcePolicy`. - # For more information, see [ IAM policy actions for Secrets Manager][1] - # and [Authentication and access control in Secrets Manager][2]. + # For more information, see [ IAM policy actions for Secrets Manager][2] + # and [Authentication and access control in Secrets Manager][3]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to delete the attached resource-based # policy for. # @@ -822,19 +841,25 @@ # # When a secret is scheduled for deletion, you cannot retrieve the # secret value. You must first cancel the deletion with RestoreSecret # and then you can retrieve the secret. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][2]. + # # <b>Required permissions: </b> `secretsmanager:DeleteSecret`. For more - # information, see [ IAM policy actions for Secrets Manager][2] and - # [Authentication and access control in Secrets Manager][3]. + # information, see [ IAM policy actions for Secrets Manager][3] and + # [Authentication and access control in Secrets Manager][4]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to delete. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -919,18 +944,24 @@ # Retrieves the details of a secret. It does not include the encrypted # secret value. Secrets Manager only returns fields that have a value in # the response. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][1]. + # # <b>Required permissions: </b> `secretsmanager:DescribeSecret`. For - # more information, see [ IAM policy actions for Secrets Manager][1] and - # [Authentication and access control in Secrets Manager][2]. + # more information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -1053,18 +1084,24 @@ # Generates a random password. We recommend that you specify the maximum # length and include every character type that the system you are # generating a password for can support. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][1]. + # # <b>Required permissions: </b> `secretsmanager:GetRandomPassword`. For - # more information, see [ IAM policy actions for Secrets Manager][1] and - # [Authentication and access control in Secrets Manager][2]. + # more information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [Integer] :password_length # The length of the password. If you don't include this parameter, the # default length is 32 characters. # @@ -1150,19 +1187,25 @@ # Retrieves the JSON text of the resource-based policy document attached # to the secret. For more information about permissions policies # attached to a secret, see [Permissions policies attached to a # secret][1]. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][2]. + # # <b>Required permissions: </b> `secretsmanager:GetResourcePolicy`. For - # more information, see [ IAM policy actions for Secrets Manager][2] and - # [Authentication and access control in Secrets Manager][3]. + # more information, see [ IAM policy actions for Secrets Manager][3] and + # [Authentication and access control in Secrets Manager][4]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to retrieve the attached resource-based # policy for. # @@ -1226,23 +1269,29 @@ # # To retrieve the previous version of a secret, use `VersionStage` and # specify AWSPREVIOUS. To revert to the previous version of a secret, # call [UpdateSecretVersionStage][2]. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][3]. + # # <b>Required permissions: </b> `secretsmanager:GetSecretValue`. If the # secret is encrypted using a customer-managed key instead of the Amazon # Web Services managed key `aws/secretsmanager`, then you also need # `kms:Decrypt` permissions for that key. For more information, see [ - # IAM policy actions for Secrets Manager][3] and [Authentication and - # access control in Secrets Manager][4]. + # IAM policy actions for Secrets Manager][4] and [Authentication and + # access control in Secrets Manager][5]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html # [2]: https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to retrieve. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -1338,19 +1387,25 @@ # indicate the different versions of a secret. For more information, see # [ Secrets Manager concepts: Versions][1]. # # To list the secrets in the account, use ListSecrets. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][2]. + # # <b>Required permissions: </b> `secretsmanager:ListSecretVersionIds`. - # For more information, see [ IAM policy actions for Secrets Manager][2] - # and [Authentication and access control in Secrets Manager][3]. + # For more information, see [ IAM policy actions for Secrets Manager][3] + # and [Authentication and access control in Secrets Manager][4]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret whose versions you want to list. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -1469,19 +1524,25 @@ # GetSecretValue. # # For information about finding secrets in the console, see [Find # secrets in Secrets Manager][1]. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][2]. + # # <b>Required permissions: </b> `secretsmanager:ListSecrets`. For more - # information, see [ IAM policy actions for Secrets Manager][2] and - # [Authentication and access control in Secrets Manager][3]. + # information, see [ IAM policy actions for Secrets Manager][3] and + # [Authentication and access control in Secrets Manager][4]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [Integer] :max_results # The number of results to include in the response. # # If there are more results available, in the response, Secrets Manager @@ -1597,19 +1658,25 @@ # [Authentication and access control for Secrets Manager][1] # # For information about attaching a policy in the console, see [Attach a # permissions policy to a secret][2]. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][3]. + # # <b>Required permissions: </b> `secretsmanager:PutResourcePolicy`. For - # more information, see [ IAM policy actions for Secrets Manager][3] and + # more information, see [ IAM policy actions for Secrets Manager][4] and # [Authentication and access control in Secrets Manager][1]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions # # @option params [required, String] :secret_id # The ARN or name of the secret to attach the resource-based policy. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -1691,32 +1758,37 @@ # You can specify the staging labels to attach to the new version in # `VersionStages`. If you don't include `VersionStages`, then Secrets # Manager automatically moves the staging label `AWSCURRENT` to this # version. If this operation creates the first version for the secret, # then Secrets Manager automatically attaches the staging label - # `AWSCURRENT` to it . + # `AWSCURRENT` to it. If this operation moves the staging label + # `AWSCURRENT` from another version to this version, then Secrets + # Manager also automatically moves the staging label `AWSPREVIOUS` to + # the version that `AWSCURRENT` was removed from. # - # If this operation moves the staging label `AWSCURRENT` from another - # version to this version, then Secrets Manager also automatically moves - # the staging label `AWSPREVIOUS` to the version that `AWSCURRENT` was - # removed from. - # # This operation is idempotent. If you call this operation with a # `ClientRequestToken` that matches an existing version's VersionId, # and you specify the same secret data, the operation succeeds but does # nothing. However, if the secret data is different, then the operation # fails because you can't modify an existing version; you can only # create new ones. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # except `SecretBinary` or `SecretString` because it might be logged. + # For more information, see [Logging Secrets Manager events with + # CloudTrail][1]. + # # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For - # more information, see [ IAM policy actions for Secrets Manager][1] and - # [Authentication and access control in Secrets Manager][2]. + # more information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to add a new version to. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -1859,19 +1931,25 @@ end # For a secret that is replicated to other Regions, deletes the secret # replicas from the Regions you specify. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][1]. + # # <b>Required permissions: </b> # `secretsmanager:RemoveRegionsFromReplication`. For more information, - # see [ IAM policy actions for Secrets Manager][1] and [Authentication - # and access control in Secrets Manager][2]. + # see [ IAM policy actions for Secrets Manager][2] and [Authentication + # and access control in Secrets Manager][3]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret. # # @option params [required, Array<String>] :remove_replica_regions @@ -1908,20 +1986,26 @@ req.send_request(options) end # Replicates the secret to a new Regions. See [Multi-Region secrets][1]. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][2]. + # # <b>Required permissions: </b> # `secretsmanager:ReplicateSecretToRegions`. For more information, see [ - # IAM policy actions for Secrets Manager][2] and [Authentication and - # access control in Secrets Manager][3]. + # IAM policy actions for Secrets Manager][3] and [Authentication and + # access control in Secrets Manager][4]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to replicate. # # @option params [required, Array<Types::ReplicaRegionType>] :add_replica_regions @@ -1970,18 +2054,24 @@ # Cancels the scheduled deletion of a secret by removing the # `DeletedDate` time stamp. You can access a secret again after it has # been restored. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][1]. + # # <b>Required permissions: </b> `secretsmanager:RestoreSecret`. For more - # information, see [ IAM policy actions for Secrets Manager][1] and - # [Authentication and access control in Secrets Manager][2]. + # information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to restore. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -2062,27 +2152,33 @@ # not be attached to any version. If the `AWSPENDING` staging label is # present but not attached to the same version as `AWSCURRENT`, then any # later invocation of `RotateSecret` assumes that a previous rotation # request is still in progress and returns an error. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][7]. + # # <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more - # information, see [ IAM policy actions for Secrets Manager][7] and - # [Authentication and access control in Secrets Manager][8]. You also + # information, see [ IAM policy actions for Secrets Manager][8] and + # [Authentication and access control in Secrets Manager][9]. You also # need `lambda:InvokeFunction` permissions on the rotation function. For - # more information, see [ Permissions for rotation][9]. + # more information, see [ Permissions for rotation][10]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html # [6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html - # [7]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [8]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html - # [9]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html + # [7]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [8]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [9]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [10]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html # # @option params [required, String] :secret_id # The ARN or name of the secret to rotate. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -2220,19 +2316,25 @@ # promotes the replica to a primary secret in the replica Region. # # You must call this operation from the Region in which you want to # promote the replica to a primary secret. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][1]. + # # <b>Required permissions: </b> # `secretsmanager:StopReplicationToReplica`. For more information, see [ - # IAM policy actions for Secrets Manager][1] and [Authentication and - # access control in Secrets Manager][2]. + # IAM policy actions for Secrets Manager][2] and [Authentication and + # access control in Secrets Manager][3]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN of the primary secret. # # @return [Types::StopReplicationToReplicaResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: @@ -2287,18 +2389,24 @@ # If you use tags as part of your security strategy, then adding or # removing a tag can change permissions. If successfully completing this # operation would result in you losing your permissions for this secret, # then the operation is blocked and returns an Access Denied error. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][1]. + # # <b>Required permissions: </b> `secretsmanager:TagResource`. For more - # information, see [ IAM policy actions for Secrets Manager][1] and - # [Authentication and access control in Secrets Manager][2]. + # information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The identifier for the secret to attach tags to. You can specify # either the Amazon Resource Name (ARN) or the friendly name of the # secret. @@ -2374,18 +2482,24 @@ # If you use tags as part of your security strategy, then removing a tag # can change permissions. If successfully completing this operation # would result in you losing your permissions for this secret, then the # operation is blocked and returns an Access Denied error. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][1]. + # # <b>Required permissions: </b> `secretsmanager:UntagResource`. For more - # information, see [ IAM policy actions for Secrets Manager][1] and - # [Authentication and access control in Secrets Manager][2]. + # information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -2456,31 +2570,39 @@ # ago. If you update the secret value more than once every 10 minutes, # you create more versions than Secrets Manager removes, and you will # reach the quota for secret versions. # # If you include `SecretString` or `SecretBinary` to create a new secret - # version, Secrets Manager automatically attaches the staging label - # `AWSCURRENT` to the new version. + # version, Secrets Manager automatically moves the staging label + # `AWSCURRENT` to the new version. Then it attaches the label + # `AWSPREVIOUS` to the version that `AWSCURRENT` was removed from. # # If you call this operation with a `ClientRequestToken` that matches an # existing version's `VersionId`, the operation results in an error. # You can't modify an existing version, you can only create a new # version. To remove a version, remove all staging labels from it. See # UpdateSecretVersionStage. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # except `SecretBinary` or `SecretString` because it might be logged. + # For more information, see [Logging Secrets Manager events with + # CloudTrail][1]. + # # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more - # information, see [ IAM policy actions for Secrets Manager][1] and - # [Authentication and access control in Secrets Manager][2]. If you use + # information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. If you use # a customer managed key, you must also have `kms:GenerateDataKey` and # `kms:Decrypt` permissions on the key. For more information, see [ - # Secret encryption and decryption][3]. + # Secret encryption and decryption][4]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html # # @option params [required, String] :secret_id # The ARN or name of the secret. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -2669,20 +2791,26 @@ # # If this action results in the last label being removed from a version, # then the version is considered to be 'deprecated' and can be deleted # by Secrets Manager. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][2]. + # # <b>Required permissions: </b> # `secretsmanager:UpdateSecretVersionStage`. For more information, see [ - # IAM policy actions for Secrets Manager][2] and [Authentication and - # access control in Secrets Manager][3]. + # IAM policy actions for Secrets Manager][3] and [Authentication and + # access control in Secrets Manager][4]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or the name of the secret with the version and staging # labelsto modify. # @@ -2807,19 +2935,25 @@ # # * Checks for correct syntax in a policy. # # * Verifies the policy does not lock out a caller. # + # Secrets Manager generates a CloudTrail log entry when you call this + # action. Do not include sensitive information in request parameters + # because it might be logged. For more information, see [Logging Secrets + # Manager events with CloudTrail][2]. + # # <b>Required permissions: </b> `secretsmanager:ValidateResourcePolicy`. - # For more information, see [ IAM policy actions for Secrets Manager][2] - # and [Authentication and access control in Secrets Manager][3]. + # For more information, see [ IAM policy actions for Secrets Manager][3] + # and [Authentication and access control in Secrets Manager][4]. # # # # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/ - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [String] :secret_id # This field is reserved for internal use. # # @option params [required, String] :resource_policy @@ -2888,10 +3022,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-secretsmanager' - context[:gem_version] = '1.65.0' + context[:gem_version] = '1.66.0' Seahorse::Client::Request.new(handlers, context) end # @api private # @deprecated