Skip to content

Commit

Permalink
docs(client-secrets-manager): Doc only update for Secrets Manager
Browse files Browse the repository at this point in the history
  • Loading branch information
awstools committed Jan 11, 2024
1 parent 7a28cab commit fbbd00f
Show file tree
Hide file tree
Showing 4 changed files with 51 additions and 14 deletions.
3 changes: 2 additions & 1 deletion clients/client-secrets-manager/src/commands/GetRandomPasswordCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,8 @@ export interface GetRandomPasswordCommandOutput extends GetRandomPasswordRespons
* @public
* <p>Generates a random password. We recommend that you specify the
* maximum length and include every character type that the system you are generating a password
* for can support.</p>
* for can support. By default, Secrets Manager uses uppercase and lowercase letters, numbers, and the following characters in passwords: <code>!\"#$%&'()*+,-./:;<=>?@[\\]^_`\{|\}~</code>
* </p>
* <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
* <p>
* <b>Required permissions: </b>
Expand Down
2 changes: 1 addition & 1 deletion clients/client-secrets-manager/src/commands/ReplicateSecretToRegionsCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ export interface ReplicateSecretToRegionsCommandOutput extends ReplicateSecretTo
* <p>
* <b>Required permissions: </b>
* <code>secretsmanager:ReplicateSecretToRegions</code>.
* For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
* If the primary secret is encrypted with a KMS key other than <code>aws/secretsmanager</code>, you also need <code>kms:Decrypt</code> permission to the key. To encrypt the replicated secret with a KMS key other than <code>aws/secretsmanager</code>, you need <code>kms:GenerateDataKey</code> and <code>kms:Encrypt</code> to the key. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions">
* IAM policy actions for Secrets Manager</a> and <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html">Authentication
* and access control in Secrets Manager</a>. </p>
* @example
Expand Down
10 changes: 4 additions & 6 deletions clients/client-secrets-manager/src/models/models_0.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -991,7 +991,7 @@ export interface DescribeSecretResponse {
/**
* @public
* <p>The last date and time that Secrets Manager rotated the secret.
* If the secret isn't configured for rotation, Secrets Manager returns null.</p>
* If the secret isn't configured for rotation or rotation has been disabled, Secrets Manager returns null.</p>
*/
LastRotatedDate?: Date;

Expand Down Expand Up @@ -1020,7 +1020,7 @@ export interface DescribeSecretResponse {

/**
* @public
* <p>The next rotation is scheduled to occur on or before this date. If the secret isn't configured for rotation, Secrets Manager returns null.</p>
* <p>The next rotation is scheduled to occur on or before this date. If the secret isn't configured for rotation or rotation has been disabled, Secrets Manager returns null.</p>
*/
NextRotationDate?: Date;

Expand Down Expand Up @@ -1269,9 +1269,7 @@ export interface GetSecretValueResponse {
/**
* @public
* <p>The decrypted secret value, if the secret value was originally provided as
* binary data in the form of a byte array. The response parameter represents the binary data as
* a <a href="https://tools.ietf.org/html/rfc4648#section-4">base64-encoded</a>
* string.</p>
* binary data in the form of a byte array. When you retrieve a <code>SecretBinary</code> using the HTTP API, the Python SDK, or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not encoded.</p>
* <p>If the secret was created by using the Secrets Manager console, or if the secret value was
* originally provided as a string, then this field is omitted. The secret value appears in
* <code>SecretString</code> instead.</p>
Expand Down Expand Up @@ -1441,7 +1439,7 @@ export interface SecretListEntry {

/**
* @public
* <p>The next rotation is scheduled to occur on or before this date. If the secret isn't configured for rotation, Secrets Manager returns null.</p>
* <p>The next rotation is scheduled to occur on or before this date. If the secret isn't configured for rotation or rotation has been disabled, Secrets Manager returns null.</p>
*/
NextRotationDate?: Date;

Expand Down
50 changes: 44 additions & 6 deletions codegen/sdk-codegen/aws-models/secrets-manager.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,44 @@
],
"traits": {
"smithy.api#documentation": "<p>Retrieves the contents of the encrypted fields <code>SecretString</code> or <code>SecretBinary</code> for up to 20 secrets. To retrieve a single secret, call <a>GetSecretValue</a>. </p>\n <p>To choose which secrets to retrieve, you can specify a list of secrets by name or ARN, or you can use filters. If Secrets Manager encounters errors such as <code>AccessDeniedException</code> while attempting to retrieve any of the secrets, you can see the errors in <code>Errors</code> in the response.</p>\n <p>Secrets Manager generates CloudTrail <code>GetSecretValue</code> log entries for each secret you request when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html\">Logging Secrets Manager events with CloudTrail</a>.</p>\n <p>\n <b>Required permissions: </b>\n <code>secretsmanager:BatchGetSecretValue</code>, and you must have <code>secretsmanager:GetSecretValue</code> for each secret. If you use filters, you must also have <code>secretsmanager:ListSecrets</code>. If the secrets are encrypted using customer-managed keys instead of the Amazon Web Services managed key \n <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code> permissions for the keys.\n For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions\">\n IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication \n and access control in Secrets Manager</a>. </p>",
"smithy.api#examples": [
{
"title": "To retrieve the secret values for a group of secrets listed by name",
"documentation": "The following example gets the values for three secrets.",
"input": {
"SecretIdList": ["MySecret1", "MySecret2", "MySecret3"]
},
"output": {
"SecretValues": [
{
"ARN": "&region-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret1-a1b2c3",
"CreatedDate": 1.700591229801e9,
"Name": "MySecret1",
"SecretString": "{\"username\":\"diego_ramirez\",\"password\":\"EXAMPLE-PASSWORD\",\"engine\":\"mysql\",\"host\":\"secretsmanagertutorial.cluster.us-west-2.rds.amazonaws.com\",\"port\":3306,\"dbClusterIdentifier\":\"secretsmanagertutorial\"}",
"VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLEaaaaa",
"VersionStages": ["AWSCURRENT"]
},
{
"ARN": "&region-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret2-a1b2c3",
"CreatedDate": 1.699911394105e9,
"Name": "MySecret2",
"SecretString": "{\"username\":\"akua_mansa\",\"password\":\"EXAMPLE-PASSWORD\"",
"VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb",
"VersionStages": ["AWSCURRENT"]
},
{
"ARN": "&region-arn;&asm-service-name;:us-west-2:&ExampleAccountId;:secret:MySecret3-a1b2c3",
"CreatedDate": 1.699911394105e9,
"Name": "MySecret3",
"SecretString": "{\"username\":\"jie_liu\",\"password\":\"EXAMPLE-PASSWORD\"",
"VersionId": "a1b2c3d4-5678-90ab-cdef-EXAMPLEccccc",
"VersionStages": ["AWSCURRENT"]
}
],
"Errors": []
}
}
],
"smithy.api#paginated": {
"inputToken": "NextToken",
"outputToken": "NextToken",
Expand Down Expand Up @@ -692,7 +730,7 @@
"LastRotatedDate": {
"target": "com.amazonaws.secretsmanager#LastRotatedDateType",
"traits": {
"smithy.api#documentation": "<p>The last date and time that Secrets Manager rotated the secret. \n If the secret isn't configured for rotation, Secrets Manager returns null.</p>"
"smithy.api#documentation": "<p>The last date and time that Secrets Manager rotated the secret. \n If the secret isn't configured for rotation or rotation has been disabled, Secrets Manager returns null.</p>"
}
},
"LastChangedDate": {
Expand All @@ -716,7 +754,7 @@
"NextRotationDate": {
"target": "com.amazonaws.secretsmanager#NextRotationDateType",
"traits": {
"smithy.api#documentation": "<p>The next rotation is scheduled to occur on or before this date. If the secret isn't configured for rotation, Secrets Manager returns null.</p>"
"smithy.api#documentation": "<p>The next rotation is scheduled to occur on or before this date. If the secret isn't configured for rotation or rotation has been disabled, Secrets Manager returns null.</p>"
}
},
"Tags": {
Expand Down Expand Up @@ -951,7 +989,7 @@
}
],
"traits": {
"smithy.api#documentation": "<p>Generates a random password. We recommend that you specify the\n maximum length and include every character type that the system you are generating a password\n for can support.</p>\n <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html\">Logging Secrets Manager events with CloudTrail</a>.</p>\n <p>\n <b>Required permissions: </b>\n <code>secretsmanager:GetRandomPassword</code>. \n For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions\">\n IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication \n and access control in Secrets Manager</a>. </p>",
"smithy.api#documentation": "<p>Generates a random password. We recommend that you specify the\n maximum length and include every character type that the system you are generating a password\n for can support. By default, Secrets Manager uses uppercase and lowercase letters, numbers, and the following characters in passwords: <code>!\\\"#$%&'()*+,-./:;<=>?@[\\\\]^_`{|}~</code>\n </p>\n <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html\">Logging Secrets Manager events with CloudTrail</a>.</p>\n <p>\n <b>Required permissions: </b>\n <code>secretsmanager:GetRandomPassword</code>. \n For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions\">\n IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication \n and access control in Secrets Manager</a>. </p>",
"smithy.api#examples": [
{
"title": "To generate a random password",
Expand Down Expand Up @@ -1222,7 +1260,7 @@
"SecretBinary": {
"target": "com.amazonaws.secretsmanager#SecretBinaryType",
"traits": {
"smithy.api#documentation": "<p>The decrypted secret value, if the secret value was originally provided as\n binary data in the form of a byte array. The response parameter represents the binary data as\n a <a href=\"https://tools.ietf.org/html/rfc4648#section-4\">base64-encoded</a>\n string.</p>\n <p>If the secret was created by using the Secrets Manager console, or if the secret value was \n originally provided as a string, then this field is omitted. The secret value appears in \n <code>SecretString</code> instead.</p>"
"smithy.api#documentation": "<p>The decrypted secret value, if the secret value was originally provided as\n binary data in the form of a byte array. When you retrieve a <code>SecretBinary</code> using the HTTP API, the Python SDK, or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not encoded.</p>\n <p>If the secret was created by using the Secrets Manager console, or if the secret value was \n originally provided as a string, then this field is omitted. The secret value appears in \n <code>SecretString</code> instead.</p>"
}
},
"SecretString": {
Expand Down Expand Up @@ -2055,7 +2093,7 @@
}
],
"traits": {
"smithy.api#documentation": "<p>Replicates the secret to a new Regions. See <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html\">Multi-Region secrets</a>.</p>\n <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html\">Logging Secrets Manager events with CloudTrail</a>.</p>\n <p>\n <b>Required permissions: </b>\n <code>secretsmanager:ReplicateSecretToRegions</code>. \n For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions\">\n IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication \n and access control in Secrets Manager</a>. </p>",
"smithy.api#documentation": "<p>Replicates the secret to a new Regions. See <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html\">Multi-Region secrets</a>.</p>\n <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html\">Logging Secrets Manager events with CloudTrail</a>.</p>\n <p>\n <b>Required permissions: </b>\n <code>secretsmanager:ReplicateSecretToRegions</code>. \n If the primary secret is encrypted with a KMS key other than <code>aws/secretsmanager</code>, you also need <code>kms:Decrypt</code> permission to the key. To encrypt the replicated secret with a KMS key other than <code>aws/secretsmanager</code>, you need <code>kms:GenerateDataKey</code> and <code>kms:Encrypt</code> to the key. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions\">\n IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication \n and access control in Secrets Manager</a>. </p>",
"smithy.api#examples": [
{
"title": "Example",
Expand Down Expand Up @@ -2568,7 +2606,7 @@
"NextRotationDate": {
"target": "com.amazonaws.secretsmanager#NextRotationDateType",
"traits": {
"smithy.api#documentation": "<p>The next rotation is scheduled to occur on or before this date. If the secret isn't configured for rotation, Secrets Manager returns null.</p>"
"smithy.api#documentation": "<p>The next rotation is scheduled to occur on or before this date. If the secret isn't configured for rotation or rotation has been disabled, Secrets Manager returns null.</p>"
}
},
"Tags": {
Expand Down

0 comments on commit fbbd00f

Please sign in to comment.