lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.69.0 vs lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.70.0

- old
+ new

@@ -469,27 +469,23 @@ # Manager. The secret also includes the connection information to access # a database or other service, which Secrets Manager doesn't encrypt. A # secret in Secrets Manager consists of both the protected secret data # and the important information needed to manage the secret. # - # For secrets that use *managed rotation*, you need to create the secret - # through the managing service. For more information, see [Secrets - # Manager secrets managed by other Amazon Web Services services][1]. - # # For information about creating a secret in the console, see [Create a - # secret][2]. + # secret][1]. # # To create a secret, you can provide the secret value to be encrypted # in either the `SecretString` parameter or the `SecretBinary` # parameter, but not both. If you include `SecretString` or # `SecretBinary` then Secrets Manager creates an initial secret version # and automatically attaches the staging label `AWSCURRENT` to it. # # For database credentials you want to rotate, for Secrets Manager to be # able to rotate the secret, you must make sure the JSON you store in # the `SecretString` matches the [JSON structure of a database - # secret][3]. + # secret][2]. # # If you don't specify an KMS encryption key, Secrets Manager uses the # Amazon Web Services managed key `aws/secretsmanager`. If this key # doesn't already exist in your account, then Secrets Manager creates # it for you automatically. All users and roles in the Amazon Web @@ -504,30 +500,29 @@ # # Secrets Manager generates a CloudTrail log entry when you call this # action. Do not include sensitive information in request parameters # except `SecretBinary` or `SecretString` because it might be logged. # For more information, see [Logging Secrets Manager events with - # CloudTrail][4]. + # CloudTrail][3]. # # <b>Required permissions: </b> `secretsmanager:CreateSecret`. If you # include tags in the secret, you also need # `secretsmanager:TagResource`. For more information, see [ IAM policy - # actions for Secrets Manager][5] and [Authentication and access control - # in Secrets Manager][6]. + # actions for Secrets Manager][4] and [Authentication and access control + # in Secrets Manager][5]. # # To encrypt the secret with a KMS key other than `aws/secretsmanager`, # you need `kms:GenerateDataKey` and `kms:Decrypt` permission to the # key. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html - # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html - # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :name # The name of the new secret. # # The secret name can contain ASCII letters, numbers, and the following @@ -1004,10 +999,11 @@ # * {Types::DescribeSecretResponse#rotation_rules #rotation_rules} => Types::RotationRulesType # * {Types::DescribeSecretResponse#last_rotated_date #last_rotated_date} => Time # * {Types::DescribeSecretResponse#last_changed_date #last_changed_date} => Time # * {Types::DescribeSecretResponse#last_accessed_date #last_accessed_date} => Time # * {Types::DescribeSecretResponse#deleted_date #deleted_date} => Time + # * {Types::DescribeSecretResponse#next_rotation_date #next_rotation_date} => Time # * {Types::DescribeSecretResponse#tags #tags} => Array&lt;Types::Tag&gt; # * {Types::DescribeSecretResponse#version_ids_to_stages #version_ids_to_stages} => Hash&lt;String,Array&lt;String&gt;&gt; # * {Types::DescribeSecretResponse#owning_service #owning_service} => String # * {Types::DescribeSecretResponse#created_date #created_date} => Time # * {Types::DescribeSecretResponse#primary_region #primary_region} => String @@ -1077,10 +1073,11 @@ # resp.rotation_rules.schedule_expression #=> String # resp.last_rotated_date #=> Time # resp.last_changed_date #=> Time # resp.last_accessed_date #=> Time # resp.deleted_date #=> Time + # resp.next_rotation_date #=> Time # resp.tags #=> Array # resp.tags[0].key #=> String # resp.tags[0].value #=> String # resp.version_ids_to_stages #=> Hash # resp.version_ids_to_stages["SecretVersionIdType"] #=> Array @@ -1562,10 +1559,12 @@ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # + # @option params [Boolean] :include_planned_deletion + # # @option params [Integer] :max_results # The number of results to include in the response. # # If there are more results available, in the response, Secrets Manager # includes `NextToken`. To get the next results, call `ListSecrets` @@ -1626,15 +1625,16 @@ # } # # @example Request syntax with placeholder values # # resp = client.list_secrets({ + # include_planned_deletion: false, # max_results: 1, # next_token: "NextTokenType", # filters: [ # { - # key: "description", # accepts description, name, tag-key, tag-value, primary-region, all + # key: "description", # accepts description, name, tag-key, tag-value, primary-region, owning-service, all # values: ["FilterValueStringType"], # }, # ], # sort_order: "asc", # accepts asc, desc # }) @@ -1653,10 +1653,11 @@ # resp.secret_list[0].rotation_rules.schedule_expression #=> String # resp.secret_list[0].last_rotated_date #=> Time # resp.secret_list[0].last_changed_date #=> Time # resp.secret_list[0].last_accessed_date #=> Time # resp.secret_list[0].deleted_date #=> Time + # resp.secret_list[0].next_rotation_date #=> Time # resp.secret_list[0].tags #=> Array # resp.secret_list[0].tags[0].key #=> String # resp.secret_list[0].tags[0].value #=> String # resp.secret_list[0].secret_versions_to_stages #=> Hash # resp.secret_list[0].secret_versions_to_stages["SecretVersionIdType"] #=> Array @@ -2142,46 +2143,70 @@ req = build_request(:restore_secret, params) req.send_request(options) end # Configures and starts the asynchronous process of rotating the secret. - # For information about rotation, see [Rotate secrets][1] in the - # *Secrets Manager User Guide*. If you include the configuration - # parameters, the operation sets the values for the secret and then - # immediately starts a rotation. If you don't include the configuration - # parameters, the operation starts a rotation with the values already - # stored in the secret. + # For more information about rotation, see [Rotate secrets][1]. # + # If you include the configuration parameters, the operation sets the + # values for the secret and then immediately starts a rotation. If you + # don't include the configuration parameters, the operation starts a + # rotation with the values already stored in the secret. + # + # For database credentials you want to rotate, for Secrets Manager to be + # able to rotate the secret, you must make sure the secret value is in + # the [ JSON structure of a database secret][2]. In particular, if you + # want to use the [ alternating users strategy][3], your secret must + # contain the ARN of a superuser secret. + # + # To configure rotation, you also need the ARN of an Amazon Web Services + # Lambda function and the schedule for the rotation. The Lambda rotation + # function creates a new version of the secret and creates or updates + # the credentials on the database or service to match. After testing the + # new credentials, the function marks the new secret version with the + # staging label `AWSCURRENT`. Then anyone who retrieves the secret gets + # the new version. For more information, see [How rotation works][4]. + # + # You can create the Lambda rotation function based on the [rotation + # function templates][5] that Secrets Manager provides. Choose a + # template that matches your [Rotation strategy][6]. + # # When rotation is successful, the `AWSPENDING` staging label might be # attached to the same version as the `AWSCURRENT` version, or it might # not be attached to any version. If the `AWSPENDING` staging label is # present but not attached to the same version as `AWSCURRENT`, then any # later invocation of `RotateSecret` assumes that a previous rotation - # request is still in progress and returns an error. When rotation is - # unsuccessful, the `AWSPENDING` staging label might be attached to an - # empty secret version. For more information, see [Troubleshoot - # rotation][2] in the *Secrets Manager User Guide*. + # request is still in progress and returns an error. # + # When rotation is unsuccessful, the `AWSPENDING` staging label might be + # attached to an empty secret version. For more information, see + # [Troubleshoot rotation][7] in the *Secrets Manager User Guide*. + # # Secrets Manager generates a CloudTrail log entry when you call this # action. Do not include sensitive information in request parameters # because it might be logged. For more information, see [Logging Secrets - # Manager events with CloudTrail][3]. + # Manager events with CloudTrail][8]. # # <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more - # information, see [ IAM policy actions for Secrets Manager][4] and - # [Authentication and access control in Secrets Manager][5]. You also + # information, see [ IAM policy actions for Secrets Manager][9] and + # [Authentication and access control in Secrets Manager][10]. You also # need `lambda:InvokeFunction` permissions on the rotation function. For - # more information, see [ Permissions for rotation][6]. + # more information, see [ Permissions for rotation][11]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html - # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html - # [6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html + # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html + # [6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html + # [7]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html + # [8]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [9]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [10]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [11]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html # # @option params [required, String] :secret_id # The ARN or name of the secret to rotate. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -2217,31 +2242,21 @@ # # # [1]: https://wikipedia.org/wiki/Universally_unique_identifier # # @option params [String] :rotation_lambda_arn - # For secrets that use a Lambda rotation function to rotate, the ARN of - # the Lambda rotation function. + # The ARN of the Lambda rotation function that can rotate the secret. # - # For secrets that use *managed rotation*, omit this field. For more - # information, see [Managed rotation][1] in the *Secrets Manager User - # Guide*. - # - # - # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html - # # @option params [Types::RotationRulesType] :rotation_rules # A structure that defines the rotation configuration for this secret. # # @option params [Boolean] :rotate_immediately # Specifies whether to rotate the secret immediately or wait until the # next scheduled rotation window. The rotation schedule is defined in # RotateSecretRequest$RotationRules. # - # For secrets that use a Lambda rotation function to rotate, if you - # don't immediately rotate the secret, Secrets Manager tests the + # If you don't immediately rotate the secret, Secrets Manager tests the # rotation configuration by running the [ `testSecret` step][1] of the # Lambda rotation function. The test creates an `AWSPENDING` version of # the secret and then removes it. # # If you don't specify this value, then by default, Secrets Manager @@ -2573,14 +2588,10 @@ # value. To change the secret value, you can also use PutSecretValue. # # To change the rotation configuration of a secret, use RotateSecret # instead. # - # To change a secret so that it is managed by another service, you need - # to recreate the secret in that service. See [Secrets Manager secrets - # managed by other Amazon Web Services services][1]. - # # We recommend you avoid calling `UpdateSecret` at a sustained rate of # more than once every 10 minutes. When you call `UpdateSecret` to # update the secret value, Secrets Manager creates a new version of the # secret. Secrets Manager removes outdated versions when there are more # than 100, but it does not remove versions created less than 24 hours @@ -2601,26 +2612,25 @@ # # Secrets Manager generates a CloudTrail log entry when you call this # action. Do not include sensitive information in request parameters # except `SecretBinary` or `SecretString` because it might be logged. # For more information, see [Logging Secrets Manager events with - # CloudTrail][2]. + # CloudTrail][1]. # # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more - # information, see [ IAM policy actions for Secrets Manager][3] and - # [Authentication and access control in Secrets Manager][4]. If you use + # information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. If you use # a customer managed key, you must also have `kms:GenerateDataKey` and # `kms:Decrypt` permissions on the key. For more information, see [ - # Secret encryption and decryption][5]. + # Secret encryption and decryption][4]. # # # - # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html - # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html - # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions - # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html - # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html # # @option params [required, String] :secret_id # The ARN or name of the secret. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -3040,10 +3050,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-secretsmanager' - context[:gem_version] = '1.69.0' + context[:gem_version] = '1.70.0' Seahorse::Client::Request.new(handlers, context) end # @api private # @deprecated