-
Notifications
You must be signed in to change notification settings - Fork 588
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(client-secrets-manager): Documentation updates for Secrets Manager
- Loading branch information
awstools
committed
Dec 22, 2022
1 parent
a13751f
commit 153fc89
Showing
13 changed files
with
74 additions
and
159 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,23 +12,20 @@ AWS SDK for JavaScript SecretsManager Client for Node.js, Browser and React Nati | |
| <fullname>Amazon Web Services Secrets Manager</fullname> | ||
|
|
||
| <p>Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.</p> | ||
|
|
||
| <p>This guide provides descriptions of the Secrets Manager API. For more information about using this | ||
| service, see the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html">Amazon Web Services Secrets Manager User Guide</a>.</p> | ||
|
|
||
| <p> | ||
| <b>API Version</b> | ||
| </p> | ||
|
|
||
| <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p> | ||
|
|
||
| <p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager | ||
| endpoints</a>.</p> | ||
| <p> | ||
| <b>Support and Feedback for Amazon Web Services Secrets Manager</b> | ||
| </p> | ||
| <p>We welcome your feedback. Send your comments to <a href="mailto:[email protected]">[email protected]</a>, or post your feedback and questions in the <a href="http://forums.aws.amazon.com/forum.jspa?forumID=296">Amazon Web Services Secrets Manager Discussion Forum</a>. For more | ||
| information about the Amazon Web Services Discussion Forums, see <a href="http://forums.aws.amazon.com/help.jspa">Forums | ||
| Help</a>.</p> | ||
|
|
||
| <p> | ||
| <b>Logging API Requests</b> | ||
| </p> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -108,37 +108,20 @@ import { SecretsManagerClient } from "./SecretsManagerClient"; | |
| /** | ||
| * <fullname>Amazon Web Services Secrets Manager</fullname> | ||
| * <p>Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.</p> | ||
| * | ||
| * <p>This guide provides descriptions of the Secrets Manager API. For more information about using this | ||
| * service, see the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html">Amazon Web Services Secrets Manager User Guide</a>.</p> | ||
| * | ||
| * <p> | ||
| * <b>API Version</b> | ||
| * </p> | ||
| * | ||
| * <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p> | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * <p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager | ||
| * endpoints</a>.</p> | ||
| * <p> | ||
| * <b>Support and Feedback for Amazon Web Services Secrets Manager</b> | ||
| * </p> | ||
| * <p>We welcome your feedback. Send your comments to <a href="mailto:[email protected]">[email protected]</a>, or post your feedback and questions in the <a href="http://forums.aws.amazon.com/forum.jspa?forumID=296">Amazon Web Services Secrets Manager Discussion Forum</a>. For more | ||
| * information about the Amazon Web Services Discussion Forums, see <a href="http://forums.aws.amazon.com/help.jspa">Forums | ||
| * Help</a>.</p> | ||
| * | ||
| * <p> | ||
| * <b>Logging API Requests</b> | ||
| * </p> | ||
|
|
@@ -208,6 +191,9 @@ export class SecretsManager extends SecretsManagerClient { | |
| * includes the connection information to access a database or other service, which Secrets Manager | ||
| * doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the | ||
| * important information needed to manage the secret.</p> | ||
| * <p>For secrets that use <i>managed rotation</i>, you need to create the secret through the managing service. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>. | ||
| * | ||
| * </p> | ||
| * <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a secret</a>.</p> | ||
| * <p>To create a secret, you can provide the secret value to be encrypted in either the | ||
| * <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both. | ||
|
|
@@ -445,7 +431,7 @@ export class SecretsManager extends SecretsManagerClient { | |
| * secret. For more information about permissions policies attached to a secret, see | ||
| * <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html">Permissions | ||
| * policies attached to a secret</a>.</p> | ||
| * <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p> | ||
| * <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p> | ||
| * <p> | ||
| * <b>Required permissions: </b> | ||
| * <code>secretsmanager:GetResourcePolicy</code>. | ||
|
|
@@ -491,7 +477,6 @@ export class SecretsManager extends SecretsManagerClient { | |
| * your applications</a>.</p> | ||
| * <p>To retrieve the previous version of a secret, use <code>VersionStage</code> and specify | ||
| * AWSPREVIOUS. To revert to the previous version of a secret, call <a href="https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html">UpdateSecretVersionStage</a>.</p> | ||
| * | ||
| * <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p> | ||
| * <p> | ||
| * <b>Required permissions: </b> | ||
|
|
@@ -834,32 +819,13 @@ export class SecretsManager extends SecretsManagerClient { | |
| } | ||
|
|
||
| /** | ||
| * <p>Configures and starts the asynchronous process of rotating the secret. For more information about rotation, | ||
| * see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a>.</p> | ||
| * <p>If you include the | ||
| * configuration parameters, the operation sets the values for the secret and then immediately | ||
| * starts a rotation. If you don't include the configuration parameters, the operation starts a | ||
| * rotation with the values already stored in the secret. </p> | ||
| * <p>For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must | ||
| * make sure the secret value is in the | ||
| * <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html"> JSON structure | ||
| * of a database secret</a>. In particular, if you want to use the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users"> alternating users strategy</a>, your secret must contain the ARN of a superuser | ||
| * secret.</p> | ||
| * | ||
| * <p>To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule | ||
| * for the rotation. The Lambda rotation function creates a new | ||
| * version of the secret and creates or updates the credentials on the database or service to | ||
| * match. After testing the new credentials, the function marks the new secret version with the staging | ||
| * label <code>AWSCURRENT</code>. Then anyone who retrieves the secret gets the new version. For more | ||
| * information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p> | ||
| * <p>You can create the Lambda rotation function based on the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html">rotation function templates</a> that Secrets Manager provides. Choose | ||
| * a template that matches your <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html">Rotation strategy</a>.</p> | ||
| * <p>Configures and starts the asynchronous process of rotating the secret. For information about rotation, | ||
| * see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a> in the <i>Secrets Manager User Guide</i>. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. </p> | ||
| * <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be attached | ||
| * to the same version as the <code>AWSCURRENT</code> version, or it might not be attached to any | ||
| * version. If the <code>AWSPENDING</code> staging label is present but not attached to the same | ||
| * version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code> | ||
| * assumes that a previous rotation request is still in progress and returns an error.</p> | ||
| * <p>When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p> | ||
| * assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p> | ||
| * <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p> | ||
| * <p> | ||
| * <b>Required permissions: </b> | ||
|
|
@@ -939,8 +905,8 @@ export class SecretsManager extends SecretsManagerClient { | |
| /** | ||
| * <p>Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the | ||
| * secret's metadata. They are not associated with specific versions of the secret. This operation appends tags to the existing list of tags.</p> | ||
| * <p>The following restrictions apply to tags:</p> | ||
| * <ul> | ||
| * <p>The following restrictions apply to tags:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>Maximum number of tags per secret: 50</p> | ||
| * </li> | ||
|
|
@@ -965,7 +931,6 @@ export class SecretsManager extends SecretsManagerClient { | |
| * following special characters: + - = . _ : / @.</p> | ||
| * </li> | ||
| * </ul> | ||
| * | ||
| * <important> | ||
| * <p>If you use tags as part of your security strategy, then adding or removing a tag can | ||
| * change permissions. If successfully completing this operation would result in you losing | ||
|
|
@@ -1053,7 +1018,7 @@ export class SecretsManager extends SecretsManagerClient { | |
| /** | ||
| * <p>Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use <a>PutSecretValue</a>.</p> | ||
| * <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p> | ||
| * | ||
| * <p>To change a secret so that it is managed by another service, you need to recreate the secret in that service. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.</p> | ||
| * <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than | ||
| * once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version | ||
| * of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not | ||
|
|
@@ -1064,7 +1029,6 @@ export class SecretsManager extends SecretsManagerClient { | |
| * secret version, Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to the new | ||
| * version. Then it attaches the label <code>AWSPREVIOUS</code> | ||
| * to the version that <code>AWSCURRENT</code> was removed from.</p> | ||
| * | ||
| * <p>If you call this operation with a <code>ClientRequestToken</code> that matches an existing version's | ||
| * <code>VersionId</code>, the operation results in an error. You can't modify an existing | ||
| * version, you can only create a new version. To remove a version, remove all staging labels from it. See | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -298,37 +298,20 @@ export interface SecretsManagerClientResolvedConfig extends SecretsManagerClient | |
| /** | ||
| * <fullname>Amazon Web Services Secrets Manager</fullname> | ||
| * <p>Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.</p> | ||
| * | ||
| * <p>This guide provides descriptions of the Secrets Manager API. For more information about using this | ||
| * service, see the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html">Amazon Web Services Secrets Manager User Guide</a>.</p> | ||
| * | ||
| * <p> | ||
| * <b>API Version</b> | ||
| * </p> | ||
| * | ||
| * <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p> | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * | ||
| * <p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager | ||
| * endpoints</a>.</p> | ||
| * <p> | ||
| * <b>Support and Feedback for Amazon Web Services Secrets Manager</b> | ||
| * </p> | ||
| * <p>We welcome your feedback. Send your comments to <a href="mailto:[email protected]">[email protected]</a>, or post your feedback and questions in the <a href="http://forums.aws.amazon.com/forum.jspa?forumID=296">Amazon Web Services Secrets Manager Discussion Forum</a>. For more | ||
| * information about the Amazon Web Services Discussion Forums, see <a href="http://forums.aws.amazon.com/help.jspa">Forums | ||
| * Help</a>.</p> | ||
| * | ||
| * <p> | ||
| * <b>Logging API Requests</b> | ||
| * </p> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.