diff --git a/clients/client-secrets-manager/README.md b/clients/client-secrets-manager/README.md index 6b28a1fb74df..616ed984717b 100644 --- a/clients/client-secrets-manager/README.md +++ b/clients/client-secrets-manager/README.md @@ -229,6 +229,14 @@ see LICENSE for more information. ## Client Commands (Operations List) +
+ +BatchGetSecretValue + + +[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/secrets-manager/command/BatchGetSecretValueCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-secrets-manager/Interface/BatchGetSecretValueCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-secrets-manager/Interface/BatchGetSecretValueCommandOutput/) + +
CancelRotateSecret diff --git a/clients/client-secrets-manager/src/SecretsManager.ts b/clients/client-secrets-manager/src/SecretsManager.ts index 44ac55afd619..b6033668fb47 100644 --- a/clients/client-secrets-manager/src/SecretsManager.ts +++ b/clients/client-secrets-manager/src/SecretsManager.ts @@ -2,6 +2,11 @@ import { createAggregatedClient } from "@smithy/smithy-client"; import { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types"; +import { + BatchGetSecretValueCommand, + BatchGetSecretValueCommandInput, + BatchGetSecretValueCommandOutput, +} from "./commands/BatchGetSecretValueCommand"; import { CancelRotateSecretCommand, CancelRotateSecretCommandInput, @@ -107,6 +112,7 @@ import { import { SecretsManagerClient, SecretsManagerClientConfig } from "./SecretsManagerClient"; const commands = { + BatchGetSecretValueCommand, CancelRotateSecretCommand, CreateSecretCommand, DeleteResourcePolicyCommand, @@ -132,6 +138,23 @@ const commands = { }; export interface SecretsManager { + /** + * @see {@link BatchGetSecretValueCommand} + */ + batchGetSecretValue( + args: BatchGetSecretValueCommandInput, + options?: __HttpHandlerOptions + ): Promise; + batchGetSecretValue( + args: BatchGetSecretValueCommandInput, + cb: (err: any, data?: BatchGetSecretValueCommandOutput) => void + ): void; + batchGetSecretValue( + args: BatchGetSecretValueCommandInput, + options: __HttpHandlerOptions, + cb: (err: any, data?: BatchGetSecretValueCommandOutput) => void + ): void; + /** * @see {@link CancelRotateSecretCommand} */ diff --git a/clients/client-secrets-manager/src/SecretsManagerClient.ts b/clients/client-secrets-manager/src/SecretsManagerClient.ts index d0740c2654e2..75437bd4468d 100644 --- a/clients/client-secrets-manager/src/SecretsManagerClient.ts +++ b/clients/client-secrets-manager/src/SecretsManagerClient.ts @@ -50,6 +50,10 @@ import { UserAgent as __UserAgent, } from "@smithy/types"; +import { + BatchGetSecretValueCommandInput, + BatchGetSecretValueCommandOutput, +} from "./commands/BatchGetSecretValueCommand"; import { CancelRotateSecretCommandInput, CancelRotateSecretCommandOutput } from "./commands/CancelRotateSecretCommand"; import { CreateSecretCommandInput, CreateSecretCommandOutput } from "./commands/CreateSecretCommand"; import { @@ -108,6 +112,7 @@ export { __Client }; * @public */ export type ServiceInputTypes = + | BatchGetSecretValueCommandInput | CancelRotateSecretCommandInput | CreateSecretCommandInput | DeleteResourcePolicyCommandInput @@ -135,6 +140,7 @@ export type ServiceInputTypes = * @public */ export type ServiceOutputTypes = + | BatchGetSecretValueCommandOutput | CancelRotateSecretCommandOutput | CreateSecretCommandOutput | DeleteResourcePolicyCommandOutput diff --git a/clients/client-secrets-manager/src/commands/BatchGetSecretValueCommand.ts b/clients/client-secrets-manager/src/commands/BatchGetSecretValueCommand.ts new file mode 100644 index 000000000000..bb4f33924d6f --- /dev/null +++ b/clients/client-secrets-manager/src/commands/BatchGetSecretValueCommand.ts @@ -0,0 +1,217 @@ +// smithy-typescript generated code +import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; +import { getSerdePlugin } from "@smithy/middleware-serde"; +import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; +import { Command as $Command } from "@smithy/smithy-client"; +import { + FinalizeHandlerArguments, + Handler, + HandlerExecutionContext, + HttpHandlerOptions as __HttpHandlerOptions, + MetadataBearer as __MetadataBearer, + MiddlewareStack, + SerdeContext as __SerdeContext, + SMITHY_CONTEXT_KEY, +} from "@smithy/types"; + +import { + BatchGetSecretValueRequest, + BatchGetSecretValueResponse, + BatchGetSecretValueResponseFilterSensitiveLog, +} from "../models/models_0"; +import { de_BatchGetSecretValueCommand, se_BatchGetSecretValueCommand } from "../protocols/Aws_json1_1"; +import { SecretsManagerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../SecretsManagerClient"; + +/** + * @public + */ +export { __MetadataBearer, $Command }; +/** + * @public + * + * The input for {@link BatchGetSecretValueCommand}. + */ +export interface BatchGetSecretValueCommandInput extends BatchGetSecretValueRequest {} +/** + * @public + * + * The output of {@link BatchGetSecretValueCommand}. + */ +export interface BatchGetSecretValueCommandOutput extends BatchGetSecretValueResponse, __MetadataBearer {} + +/** + * @public + *

Retrieves the contents of the encrypted fields SecretString or SecretBinary for up to 20 secrets. To retrieve a single secret, call GetSecretValue.

+ *

To choose which secrets to retrieve, you can specify a list of secrets by name or ARN, or you can use filters. If Secrets Manager encounters errors such as AccessDeniedException while attempting to retrieve any of the secrets, you can see the errors in Errors in the response.

+ *

Secrets Manager generates CloudTrail GetSecretValue log entries for each secret you request when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

+ *

+ * Required permissions: + * secretsmanager:BatchGetSecretValue, and you must have secretsmanager:GetSecretValue for each secret. If you use filters, you must also have secretsmanager:ListSecrets. If the secrets are encrypted using customer-managed keys instead of the Amazon Web Services managed key + * aws/secretsmanager, then you also need kms:Decrypt permissions for the keys. + * For more information, see + * IAM policy actions for Secrets Manager and Authentication + * and access control in Secrets Manager.

+ * @example + * Use a bare-bones client and the command you need to make an API call. + * ```javascript + * import { SecretsManagerClient, BatchGetSecretValueCommand } from "@aws-sdk/client-secrets-manager"; // ES Modules import + * // const { SecretsManagerClient, BatchGetSecretValueCommand } = require("@aws-sdk/client-secrets-manager"); // CommonJS import + * const client = new SecretsManagerClient(config); + * const input = { // BatchGetSecretValueRequest + * SecretIdList: [ // SecretIdListType + * "STRING_VALUE", + * ], + * Filters: [ // FiltersListType + * { // Filter + * Key: "description" || "name" || "tag-key" || "tag-value" || "primary-region" || "owning-service" || "all", + * Values: [ // FilterValuesStringList + * "STRING_VALUE", + * ], + * }, + * ], + * MaxResults: Number("int"), + * NextToken: "STRING_VALUE", + * }; + * const command = new BatchGetSecretValueCommand(input); + * const response = await client.send(command); + * // { // BatchGetSecretValueResponse + * // SecretValues: [ // SecretValuesType + * // { // SecretValueEntry + * // ARN: "STRING_VALUE", + * // Name: "STRING_VALUE", + * // VersionId: "STRING_VALUE", + * // SecretBinary: "BLOB_VALUE", + * // SecretString: "STRING_VALUE", + * // VersionStages: [ // SecretVersionStagesType + * // "STRING_VALUE", + * // ], + * // CreatedDate: new Date("TIMESTAMP"), + * // }, + * // ], + * // NextToken: "STRING_VALUE", + * // Errors: [ // APIErrorListType + * // { // APIErrorType + * // SecretId: "STRING_VALUE", + * // ErrorCode: "STRING_VALUE", + * // Message: "STRING_VALUE", + * // }, + * // ], + * // }; + * + * ``` + * + * @param BatchGetSecretValueCommandInput - {@link BatchGetSecretValueCommandInput} + * @returns {@link BatchGetSecretValueCommandOutput} + * @see {@link BatchGetSecretValueCommandInput} for command's `input` shape. + * @see {@link BatchGetSecretValueCommandOutput} for command's `response` shape. + * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape. + * + * @throws {@link DecryptionFailure} (client fault) + *

Secrets Manager can't decrypt the protected secret text using the provided KMS key.

+ * + * @throws {@link InternalServiceError} (server fault) + *

An error occurred on the server side.

+ * + * @throws {@link InvalidNextTokenException} (client fault) + *

The NextToken value is invalid.

+ * + * @throws {@link InvalidParameterException} (client fault) + *

The parameter name or value is invalid.

+ * + * @throws {@link InvalidRequestException} (client fault) + *

A parameter value is not valid for the current state of the + * resource.

+ *

Possible causes:

+ *
    + *
  • + *

    The secret is scheduled for deletion.

    + *
    • + *
  • + *

    You tried to enable rotation on a secret that doesn't already have a Lambda function + * ARN configured and you didn't include such an ARN as a parameter in this call.

    + *
    • + *
  • + *

    The secret is managed by another service, and you must use that service to update it. + * For more information, see Secrets managed by other Amazon Web Services services.

    + *
    • + *
+ * + * @throws {@link ResourceNotFoundException} (client fault) + *

Secrets Manager can't find the resource that you asked for.

+ * + * @throws {@link SecretsManagerServiceException} + *

Base exception class for all service exceptions from SecretsManager service.

+ * + */ +export class BatchGetSecretValueCommand extends $Command< + BatchGetSecretValueCommandInput, + BatchGetSecretValueCommandOutput, + SecretsManagerClientResolvedConfig +> { + public static getEndpointParameterInstructions(): EndpointParameterInstructions { + return { + UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" }, + Endpoint: { type: "builtInParams", name: "endpoint" }, + Region: { type: "builtInParams", name: "region" }, + UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" }, + }; + } + + /** + * @public + */ + constructor(readonly input: BatchGetSecretValueCommandInput) { + super(); + } + + /** + * @internal + */ + resolveMiddleware( + clientStack: MiddlewareStack, + configuration: SecretsManagerClientResolvedConfig, + options?: __HttpHandlerOptions + ): Handler { + this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use( + getEndpointPlugin(configuration, BatchGetSecretValueCommand.getEndpointParameterInstructions()) + ); + + const stack = clientStack.concat(this.middlewareStack); + + const { logger } = configuration; + const clientName = "SecretsManagerClient"; + const commandName = "BatchGetSecretValueCommand"; + const handlerExecutionContext: HandlerExecutionContext = { + logger, + clientName, + commandName, + inputFilterSensitiveLog: (_: any) => _, + outputFilterSensitiveLog: BatchGetSecretValueResponseFilterSensitiveLog, + [SMITHY_CONTEXT_KEY]: { + service: "secretsmanager", + operation: "BatchGetSecretValue", + }, + }; + const { requestHandler } = configuration; + return stack.resolve( + (request: FinalizeHandlerArguments) => + requestHandler.handle(request.request as __HttpRequest, options || {}), + handlerExecutionContext + ); + } + + /** + * @internal + */ + private serialize(input: BatchGetSecretValueCommandInput, context: __SerdeContext): Promise<__HttpRequest> { + return se_BatchGetSecretValueCommand(input, context); + } + + /** + * @internal + */ + private deserialize(output: __HttpResponse, context: __SerdeContext): Promise { + return de_BatchGetSecretValueCommand(output, context); + } +} diff --git a/clients/client-secrets-manager/src/commands/GetSecretValueCommand.ts b/clients/client-secrets-manager/src/commands/GetSecretValueCommand.ts index c43f61b11d03..9067842168cc 100644 --- a/clients/client-secrets-manager/src/commands/GetSecretValueCommand.ts +++ b/clients/client-secrets-manager/src/commands/GetSecretValueCommand.ts @@ -44,6 +44,7 @@ export interface GetSecretValueCommandOutput extends GetSecretValueResponse, __M *

Retrieves the contents of the encrypted fields SecretString or * SecretBinary from the specified version of a secret, whichever contains * content.

+ *

To retrieve the values for a group of secrets, call BatchGetSecretValue.

*

We recommend that you cache your secret values by using client-side caching. * Caching secrets improves speed and reduces your costs. For more information, see Cache secrets for * your applications.

diff --git a/clients/client-secrets-manager/src/commands/ListSecretsCommand.ts b/clients/client-secrets-manager/src/commands/ListSecretsCommand.ts index 367baff68820..1c6495bd75b5 100644 --- a/clients/client-secrets-manager/src/commands/ListSecretsCommand.ts +++ b/clients/client-secrets-manager/src/commands/ListSecretsCommand.ts @@ -42,8 +42,7 @@ export interface ListSecretsCommandOutput extends ListSecretsResponse, __Metadat *

ListSecrets is eventually consistent, however it might not reflect changes from the last five minutes. * To get the latest information for a specific secret, use DescribeSecret.

*

To list the versions of a secret, use ListSecretVersionIds.

- *

To get the secret value from SecretString or SecretBinary, - * call GetSecretValue.

+ *

To retrieve the values for the secrets, call BatchGetSecretValue or GetSecretValue.

*

For information about finding secrets in the console, see Find secrets in Secrets Manager.

*

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

*

diff --git a/clients/client-secrets-manager/src/commands/index.ts b/clients/client-secrets-manager/src/commands/index.ts index 214445e8f4b3..2b1413e768cc 100644 --- a/clients/client-secrets-manager/src/commands/index.ts +++ b/clients/client-secrets-manager/src/commands/index.ts @@ -1,4 +1,5 @@ // smithy-typescript generated code +export * from "./BatchGetSecretValueCommand"; export * from "./CancelRotateSecretCommand"; export * from "./CreateSecretCommand"; export * from "./DeleteResourcePolicyCommand"; diff --git a/clients/client-secrets-manager/src/models/models_0.ts b/clients/client-secrets-manager/src/models/models_0.ts index bcb79d9bd0fd..5604e211c3e4 100644 --- a/clients/client-secrets-manager/src/models/models_0.ts +++ b/clients/client-secrets-manager/src/models/models_0.ts @@ -23,42 +23,230 @@ export interface ReplicaRegionType { /** * @public + *

The error Secrets Manager encountered while retrieving an individual secret as part of BatchGetSecretValue.

*/ -export interface CancelRotateSecretRequest { +export interface APIErrorType { /** * @public *

The ARN or name of the secret.

- *

For an ARN, we recommend that you specify a complete ARN rather - * than a partial ARN. See Finding a secret from a partial ARN.

*/ - SecretId: string | undefined; + SecretId?: string; + + /** + * @public + *

The error Secrets Manager encountered while retrieving an individual secret as part of BatchGetSecretValue, for example ResourceNotFoundException,InvalidParameterException, InvalidRequestException, DecryptionFailure, or AccessDeniedException.

+ */ + ErrorCode?: string; + + /** + * @public + *

A message describing the error.

+ */ + Message?: string; } /** * @public + * @enum */ -export interface CancelRotateSecretResponse { +export const FilterNameStringType = { + all: "all", + description: "description", + name: "name", + owning_service: "owning-service", + primary_region: "primary-region", + tag_key: "tag-key", + tag_value: "tag-value", +} as const; + +/** + * @public + */ +export type FilterNameStringType = (typeof FilterNameStringType)[keyof typeof FilterNameStringType]; + +/** + * @public + *

Allows you to add filters when you use the search function in Secrets Manager. For more information, see Find secrets in Secrets Manager.

+ */ +export interface Filter { /** * @public - *

The ARN of the secret.

+ *

The following are keys you can use:

+ *
    + *
  • + *

    + * description: Prefix match, not case-sensitive.

    + *
    • + *
  • + *

    + * name: Prefix match, case-sensitive.

    + *
    • + *
  • + *

    + * tag-key: Prefix match, case-sensitive.

    + *
    • + *
  • + *

    + * tag-value: Prefix match, case-sensitive.

    + *
    • + *
  • + *

    + * primary-region: Prefix match, case-sensitive.

    + *
    • + *
  • + *

    + * owning-service: Prefix match, case-sensitive.

    + *
    • + *
  • + *

    + * all: Breaks the filter value string into words and then searches all attributes for matches. Not case-sensitive.

    + *
    • + *
+ */ + Key?: FilterNameStringType; + + /** + * @public + *

The keyword to filter for.

+ *

You can prefix your search value with an exclamation mark (!) in order to perform negation filters.

+ */ + Values?: string[]; +} + +/** + * @public + */ +export interface BatchGetSecretValueRequest { + /** + * @public + *

The ARN or names of the secrets to retrieve. You must include Filters or SecretIdList, but not both.

+ */ + SecretIdList?: string[]; + + /** + * @public + *

The filters to choose which secrets to retrieve. You must include Filters or SecretIdList, but not both.

+ */ + Filters?: Filter[]; + + /** + * @public + *

The number of results to include in the response.

+ *

If there are more results available, in the response, Secrets Manager includes NextToken. + * To get the next results, call BatchGetSecretValue again with the value from + * NextToken.

+ */ + MaxResults?: number; + + /** + * @public + *

A token that indicates where the output should continue from, if a + * previous call did not show all results. To get the next results, call BatchGetSecretValue again + * with this value.

+ */ + NextToken?: string; +} + +/** + * @public + *

A structure that contains the secret value and other details for a secret.

+ */ +export interface SecretValueEntry { + /** + * @public + *

The Amazon Resource Name (ARN) of the secret.

*/ ARN?: string; /** * @public - *

The name of the secret.

+ *

The friendly name of the secret.

*/ Name?: string; /** * @public - *

The unique identifier of the version of the secret created during the rotation. This - * version might not be complete, and should be evaluated for possible deletion. We recommend - * that you remove the VersionStage value AWSPENDING from this version so that - * Secrets Manager can delete it. Failing to clean up a cancelled rotation can block you from - * starting future rotations.

+ *

The unique version identifier of this version of the secret.

*/ VersionId?: string; + + /** + * @public + *

The decrypted secret value, if the secret value was originally provided as + * binary data in the form of a byte array. The parameter represents the binary data as + * a base64-encoded + * string.

+ */ + SecretBinary?: Uint8Array; + + /** + * @public + *

The decrypted secret value, if the secret value was originally provided as a string or + * through the Secrets Manager console.

+ */ + SecretString?: string; + + /** + * @public + *

A list of all of the staging labels currently attached to this version of the + * secret.

+ */ + VersionStages?: string[]; + + /** + * @public + *

The date the secret was created.

+ */ + CreatedDate?: Date; +} + +/** + * @public + */ +export interface BatchGetSecretValueResponse { + /** + * @public + *

A list of secret values.

+ */ + SecretValues?: SecretValueEntry[]; + + /** + * @public + *

Secrets Manager includes this value if + * there's more output available than what is included in the current response. This can + * occur even when the response includes no values at all, such as when you ask for a filtered view + * of a long list. To get the next results, call BatchGetSecretValue again + * with this value.

+ */ + NextToken?: string; + + /** + * @public + *

A list of errors Secrets Manager encountered while attempting to retrieve individual secrets.

+ */ + Errors?: APIErrorType[]; +} + +/** + * @public + *

Secrets Manager can't decrypt the protected secret text using the provided KMS key.

+ */ +export class DecryptionFailure extends __BaseException { + readonly name: "DecryptionFailure" = "DecryptionFailure"; + readonly $fault: "client" = "client"; + Message?: string; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "DecryptionFailure", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, DecryptionFailure.prototype); + this.Message = opts.Message; + } } /** @@ -83,6 +271,28 @@ export class InternalServiceError extends __BaseException { } } +/** + * @public + *

The NextToken value is invalid.

+ */ +export class InvalidNextTokenException extends __BaseException { + readonly name: "InvalidNextTokenException" = "InvalidNextTokenException"; + readonly $fault: "client" = "client"; + Message?: string; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "InvalidNextTokenException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, InvalidNextTokenException.prototype); + this.Message = opts.Message; + } +} + /** * @public *

The parameter name or value is invalid.

@@ -164,6 +374,46 @@ export class ResourceNotFoundException extends __BaseException { } } +/** + * @public + */ +export interface CancelRotateSecretRequest { + /** + * @public + *

The ARN or name of the secret.

+ *

For an ARN, we recommend that you specify a complete ARN rather + * than a partial ARN. See Finding a secret from a partial ARN.

+ */ + SecretId: string | undefined; +} + +/** + * @public + */ +export interface CancelRotateSecretResponse { + /** + * @public + *

The ARN of the secret.

+ */ + ARN?: string; + + /** + * @public + *

The name of the secret.

+ */ + Name?: string; + + /** + * @public + *

The unique identifier of the version of the secret created during the rotation. This + * version might not be complete, and should be evaluated for possible deletion. We recommend + * that you remove the VersionStage value AWSPENDING from this version so that + * Secrets Manager can delete it. Failing to clean up a cancelled rotation can block you from + * starting future rotations.

+ */ + VersionId?: string; +} + /** * @public *

A structure that contains information about a tag.

@@ -408,28 +658,6 @@ export interface CreateSecretResponse { ReplicationStatus?: ReplicationStatusType[]; } -/** - * @public - *

Secrets Manager can't decrypt the protected secret text using the provided KMS key.

- */ -export class DecryptionFailure extends __BaseException { - readonly name: "DecryptionFailure" = "DecryptionFailure"; - readonly $fault: "client" = "client"; - Message?: string; - /** - * @internal - */ - constructor(opts: __ExceptionOptionType) { - super({ - name: "DecryptionFailure", - $fault: "client", - ...opts, - }); - Object.setPrototypeOf(this, DecryptionFailure.prototype); - this.Message = opts.Message; - } -} - /** * @public *

Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the @@ -872,74 +1100,6 @@ export interface DescribeSecretResponse { ReplicationStatus?: ReplicationStatusType[]; } -/** - * @public - * @enum - */ -export const FilterNameStringType = { - all: "all", - description: "description", - name: "name", - owning_service: "owning-service", - primary_region: "primary-region", - tag_key: "tag-key", - tag_value: "tag-value", -} as const; - -/** - * @public - */ -export type FilterNameStringType = (typeof FilterNameStringType)[keyof typeof FilterNameStringType]; - -/** - * @public - *

Allows you to add filters when you use the search function in Secrets Manager. For more information, see Find secrets in Secrets Manager.

- */ -export interface Filter { - /** - * @public - *

The following are keys you can use:

- *
    - *
  • - *

    - * description: Prefix match, not case-sensitive.

    - *
    • - *
  • - *

    - * name: Prefix match, case-sensitive.

    - *
    • - *
  • - *

    - * tag-key: Prefix match, case-sensitive.

    - *
    • - *
  • - *

    - * tag-value: Prefix match, case-sensitive.

    - *
    • - *
  • - *

    - * primary-region: Prefix match, case-sensitive.

    - *
    • - *
  • - *

    - * owning-service: Prefix match, case-sensitive.

    - *
    • - *
  • - *

    - * all: Breaks the filter value string into words and then searches all attributes for matches. Not case-sensitive.

    - *
    • - *
- */ - Key?: FilterNameStringType; - - /** - * @public - *

The keyword to filter for.

- *

You can prefix your search value with an exclamation mark (!) in order to perform negation filters.

- */ - Values?: string[]; -} - /** * @public */ @@ -1143,28 +1303,6 @@ export interface GetSecretValueResponse { CreatedDate?: Date; } -/** - * @public - *

The NextToken value is invalid.

- */ -export class InvalidNextTokenException extends __BaseException { - readonly name: "InvalidNextTokenException" = "InvalidNextTokenException"; - readonly $fault: "client" = "client"; - Message?: string; - /** - * @internal - */ - constructor(opts: __ExceptionOptionType) { - super({ - name: "InvalidNextTokenException", - $fault: "client", - ...opts, - }); - Object.setPrototypeOf(this, InvalidNextTokenException.prototype); - this.Message = opts.Message; - } -} - /** * @public * @enum @@ -1235,10 +1373,7 @@ export interface SecretListEntry { /** * @public - *

The friendly name of the secret. You can use forward slashes in the name to represent a - * path hierarchy. For example, /prod/databases/dbserver1 could represent the secret - * for a server named dbserver1 in the folder databases in the folder - * prod.

+ *

The friendly name of the secret.

*/ Name?: string; @@ -2110,6 +2245,23 @@ export interface ValidateResourcePolicyResponse { ValidationErrors?: ValidationErrorsEntry[]; } +/** + * @internal + */ +export const SecretValueEntryFilterSensitiveLog = (obj: SecretValueEntry): any => ({ + ...obj, + ...(obj.SecretBinary && { SecretBinary: SENSITIVE_STRING }), + ...(obj.SecretString && { SecretString: SENSITIVE_STRING }), +}); + +/** + * @internal + */ +export const BatchGetSecretValueResponseFilterSensitiveLog = (obj: BatchGetSecretValueResponse): any => ({ + ...obj, + ...(obj.SecretValues && { SecretValues: obj.SecretValues.map((item) => SecretValueEntryFilterSensitiveLog(item)) }), +}); + /** * @internal */ diff --git a/clients/client-secrets-manager/src/pagination/BatchGetSecretValuePaginator.ts b/clients/client-secrets-manager/src/pagination/BatchGetSecretValuePaginator.ts new file mode 100644 index 000000000000..c3e184918a8e --- /dev/null +++ b/clients/client-secrets-manager/src/pagination/BatchGetSecretValuePaginator.ts @@ -0,0 +1,50 @@ +// smithy-typescript generated code +import { Paginator } from "@smithy/types"; + +import { + BatchGetSecretValueCommand, + BatchGetSecretValueCommandInput, + BatchGetSecretValueCommandOutput, +} from "../commands/BatchGetSecretValueCommand"; +import { SecretsManagerClient } from "../SecretsManagerClient"; +import { SecretsManagerPaginationConfiguration } from "./Interfaces"; + +/** + * @internal + */ +const makePagedClientRequest = async ( + client: SecretsManagerClient, + input: BatchGetSecretValueCommandInput, + ...args: any +): Promise => { + // @ts-ignore + return await client.send(new BatchGetSecretValueCommand(input), ...args); +}; +/** + * @public + */ +export async function* paginateBatchGetSecretValue( + config: SecretsManagerPaginationConfiguration, + input: BatchGetSecretValueCommandInput, + ...additionalArguments: any +): Paginator { + // ToDo: replace with actual type instead of typeof input.NextToken + let token: typeof input.NextToken | undefined = config.startingToken || undefined; + let hasNext = true; + let page: BatchGetSecretValueCommandOutput; + while (hasNext) { + input.NextToken = token; + input["MaxResults"] = config.pageSize; + if (config.client instanceof SecretsManagerClient) { + page = await makePagedClientRequest(config.client, input, ...additionalArguments); + } else { + throw new Error("Invalid client, expected SecretsManager | SecretsManagerClient"); + } + yield page; + const prevToken = token; + token = page.NextToken; + hasNext = !!(token && (!config.stopOnSameToken || token !== prevToken)); + } + // @ts-ignore + return undefined; +} diff --git a/clients/client-secrets-manager/src/pagination/index.ts b/clients/client-secrets-manager/src/pagination/index.ts index eee9c7ed54f2..60a927f64e33 100644 --- a/clients/client-secrets-manager/src/pagination/index.ts +++ b/clients/client-secrets-manager/src/pagination/index.ts @@ -1,3 +1,4 @@ +export * from "./BatchGetSecretValuePaginator"; // smithy-typescript generated code export * from "./Interfaces"; export * from "./ListSecretVersionIdsPaginator"; diff --git a/clients/client-secrets-manager/src/protocols/Aws_json1_1.ts b/clients/client-secrets-manager/src/protocols/Aws_json1_1.ts index 848d1cb5a18c..f47f0d4e4429 100644 --- a/clients/client-secrets-manager/src/protocols/Aws_json1_1.ts +++ b/clients/client-secrets-manager/src/protocols/Aws_json1_1.ts @@ -20,6 +20,10 @@ import { } from "@smithy/types"; import { v4 as generateIdempotencyToken } from "uuid"; +import { + BatchGetSecretValueCommandInput, + BatchGetSecretValueCommandOutput, +} from "../commands/BatchGetSecretValueCommand"; import { CancelRotateSecretCommandInput, CancelRotateSecretCommandOutput } from "../commands/CancelRotateSecretCommand"; import { CreateSecretCommandInput, CreateSecretCommandOutput } from "../commands/CreateSecretCommand"; import { @@ -64,6 +68,8 @@ import { ValidateResourcePolicyCommandOutput, } from "../commands/ValidateResourcePolicyCommand"; import { + BatchGetSecretValueRequest, + BatchGetSecretValueResponse, CancelRotateSecretRequest, CreateSecretRequest, CreateSecretResponse, @@ -105,6 +111,7 @@ import { RotateSecretRequest, RotationRulesType, SecretListEntry, + SecretValueEntry, SecretVersionsListEntry, StopReplicationToReplicaRequest, Tag, @@ -116,6 +123,19 @@ import { } from "../models/models_0"; import { SecretsManagerServiceException as __BaseException } from "../models/SecretsManagerServiceException"; +/** + * serializeAws_json1_1BatchGetSecretValueCommand + */ +export const se_BatchGetSecretValueCommand = async ( + input: BatchGetSecretValueCommandInput, + context: __SerdeContext +): Promise<__HttpRequest> => { + const headers: __HeaderBag = sharedHeaders("BatchGetSecretValue"); + let body: any; + body = JSON.stringify(_json(input)); + return buildHttpRpcRequest(context, headers, "/", undefined, body); +}; + /** * serializeAws_json1_1CancelRotateSecretCommand */ @@ -402,6 +422,67 @@ export const se_ValidateResourcePolicyCommand = async ( return buildHttpRpcRequest(context, headers, "/", undefined, body); }; +/** + * deserializeAws_json1_1BatchGetSecretValueCommand + */ +export const de_BatchGetSecretValueCommand = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + if (output.statusCode >= 300) { + return de_BatchGetSecretValueCommandError(output, context); + } + const data: any = await parseBody(output.body, context); + let contents: any = {}; + contents = de_BatchGetSecretValueResponse(data, context); + const response: BatchGetSecretValueCommandOutput = { + $metadata: deserializeMetadata(output), + ...contents, + }; + return response; +}; + +/** + * deserializeAws_json1_1BatchGetSecretValueCommandError + */ +const de_BatchGetSecretValueCommandError = async ( + output: __HttpResponse, + context: __SerdeContext +): Promise => { + const parsedOutput: any = { + ...output, + body: await parseErrorBody(output.body, context), + }; + const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); + switch (errorCode) { + case "DecryptionFailure": + case "com.amazonaws.secretsmanager#DecryptionFailure": + throw await de_DecryptionFailureRes(parsedOutput, context); + case "InternalServiceError": + case "com.amazonaws.secretsmanager#InternalServiceError": + throw await de_InternalServiceErrorRes(parsedOutput, context); + case "InvalidNextTokenException": + case "com.amazonaws.secretsmanager#InvalidNextTokenException": + throw await de_InvalidNextTokenExceptionRes(parsedOutput, context); + case "InvalidParameterException": + case "com.amazonaws.secretsmanager#InvalidParameterException": + throw await de_InvalidParameterExceptionRes(parsedOutput, context); + case "InvalidRequestException": + case "com.amazonaws.secretsmanager#InvalidRequestException": + throw await de_InvalidRequestExceptionRes(parsedOutput, context); + case "ResourceNotFoundException": + case "com.amazonaws.secretsmanager#ResourceNotFoundException": + throw await de_ResourceNotFoundExceptionRes(parsedOutput, context); + default: + const parsedBody = parsedOutput.body; + return throwDefaultError({ + output, + parsedBody, + errorCode, + }); + } +}; + /** * deserializeAws_json1_1CancelRotateSecretCommand */ @@ -1851,6 +1932,8 @@ const de_ResourceNotFoundExceptionRes = async ( // se_AddReplicaRegionListType omitted. +// se_BatchGetSecretValueRequest omitted. + // se_CancelRotateSecretRequest omitted. /** @@ -1932,6 +2015,8 @@ const se_RotateSecretRequest = (input: RotateSecretRequest, context: __SerdeCont // se_RotationRulesType omitted. +// se_SecretIdListType omitted. + // se_SecretVersionStagesType omitted. // se_StopReplicationToReplicaRequest omitted. @@ -1964,6 +2049,21 @@ const se_UpdateSecretRequest = (input: UpdateSecretRequest, context: __SerdeCont // se_ValidateResourcePolicyRequest omitted. +// de_APIErrorListType omitted. + +// de_APIErrorType omitted. + +/** + * deserializeAws_json1_1BatchGetSecretValueResponse + */ +const de_BatchGetSecretValueResponse = (output: any, context: __SerdeContext): BatchGetSecretValueResponse => { + return take(output, { + Errors: _json, + NextToken: __expectString, + SecretValues: (_: any) => de_SecretValuesType(_, context), + }) as any; +}; + // de_CancelRotateSecretResponse omitted. /** @@ -2182,6 +2282,33 @@ const de_SecretListType = (output: any, context: __SerdeContext): SecretListEntr return retVal; }; +/** + * deserializeAws_json1_1SecretValueEntry + */ +const de_SecretValueEntry = (output: any, context: __SerdeContext): SecretValueEntry => { + return take(output, { + ARN: __expectString, + CreatedDate: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), + Name: __expectString, + SecretBinary: context.base64Decoder, + SecretString: __expectString, + VersionId: __expectString, + VersionStages: _json, + }) as any; +}; + +/** + * deserializeAws_json1_1SecretValuesType + */ +const de_SecretValuesType = (output: any, context: __SerdeContext): SecretValueEntry[] => { + const retVal = (output || []) + .filter((e: any) => e != null) + .map((entry: any) => { + return de_SecretValueEntry(entry, context); + }); + return retVal; +}; + /** * deserializeAws_json1_1SecretVersionsListEntry */ diff --git a/codegen/sdk-codegen/aws-models/secrets-manager.json b/codegen/sdk-codegen/aws-models/secrets-manager.json index c47ab42851f9..898bf442a5a8 100644 --- a/codegen/sdk-codegen/aws-models/secrets-manager.json +++ b/codegen/sdk-codegen/aws-models/secrets-manager.json @@ -29,6 +29,38 @@ ] }, "shapes": { + "com.amazonaws.secretsmanager#APIErrorListType": { + "type": "list", + "member": { + "target": "com.amazonaws.secretsmanager#APIErrorType" + } + }, + "com.amazonaws.secretsmanager#APIErrorType": { + "type": "structure", + "members": { + "SecretId": { + "target": "com.amazonaws.secretsmanager#SecretIdType", + "traits": { + "smithy.api#documentation": "

The ARN or name of the secret.

" + } + }, + "ErrorCode": { + "target": "com.amazonaws.secretsmanager#ErrorCode", + "traits": { + "smithy.api#documentation": "

The error Secrets Manager encountered while retrieving an individual secret as part of BatchGetSecretValue, for example ResourceNotFoundException,InvalidParameterException, InvalidRequestException, DecryptionFailure, or AccessDeniedException.

" + } + }, + "Message": { + "target": "com.amazonaws.secretsmanager#ErrorMessage", + "traits": { + "smithy.api#documentation": "

A message describing the error.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

The error Secrets Manager encountered while retrieving an individual secret as part of BatchGetSecretValue.

" + } + }, "com.amazonaws.secretsmanager#AddReplicaRegionListType": { "type": "list", "member": { @@ -49,6 +81,101 @@ } } }, + "com.amazonaws.secretsmanager#BatchGetSecretValue": { + "type": "operation", + "input": { + "target": "com.amazonaws.secretsmanager#BatchGetSecretValueRequest" + }, + "output": { + "target": "com.amazonaws.secretsmanager#BatchGetSecretValueResponse" + }, + "errors": [ + { + "target": "com.amazonaws.secretsmanager#DecryptionFailure" + }, + { + "target": "com.amazonaws.secretsmanager#InternalServiceError" + }, + { + "target": "com.amazonaws.secretsmanager#InvalidNextTokenException" + }, + { + "target": "com.amazonaws.secretsmanager#InvalidParameterException" + }, + { + "target": "com.amazonaws.secretsmanager#InvalidRequestException" + }, + { + "target": "com.amazonaws.secretsmanager#ResourceNotFoundException" + } + ], + "traits": { + "smithy.api#documentation": "

Retrieves the contents of the encrypted fields SecretString or SecretBinary for up to 20 secrets. To retrieve a single secret, call GetSecretValue.

\n

To choose which secrets to retrieve, you can specify a list of secrets by name or ARN, or you can use filters. If Secrets Manager encounters errors such as AccessDeniedException while attempting to retrieve any of the secrets, you can see the errors in Errors in the response.

\n

Secrets Manager generates CloudTrail GetSecretValue log entries for each secret you request when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

\n

\n Required permissions: \n secretsmanager:BatchGetSecretValue, and you must have secretsmanager:GetSecretValue for each secret. If you use filters, you must also have secretsmanager:ListSecrets. If the secrets are encrypted using customer-managed keys instead of the Amazon Web Services managed key \n aws/secretsmanager, then you also need kms:Decrypt permissions for the keys.\n For more information, see \n IAM policy actions for Secrets Manager and Authentication \n and access control in Secrets Manager.

", + "smithy.api#paginated": { + "inputToken": "NextToken", + "outputToken": "NextToken", + "pageSize": "MaxResults" + } + } + }, + "com.amazonaws.secretsmanager#BatchGetSecretValueRequest": { + "type": "structure", + "members": { + "SecretIdList": { + "target": "com.amazonaws.secretsmanager#SecretIdListType", + "traits": { + "smithy.api#documentation": "

The ARN or names of the secrets to retrieve. You must include Filters or SecretIdList, but not both.

" + } + }, + "Filters": { + "target": "com.amazonaws.secretsmanager#FiltersListType", + "traits": { + "smithy.api#documentation": "

The filters to choose which secrets to retrieve. You must include Filters or SecretIdList, but not both.

" + } + }, + "MaxResults": { + "target": "com.amazonaws.secretsmanager#MaxResultsBatchType", + "traits": { + "smithy.api#documentation": "

The number of results to include in the response.

\n

If there are more results available, in the response, Secrets Manager includes NextToken. \n To get the next results, call BatchGetSecretValue again with the value from \n NextToken.

" + } + }, + "NextToken": { + "target": "com.amazonaws.secretsmanager#NextTokenType", + "traits": { + "smithy.api#documentation": "

A token that indicates where the output should continue from, if a \n previous call did not show all results. To get the next results, call BatchGetSecretValue again \n with this value.

" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.secretsmanager#BatchGetSecretValueResponse": { + "type": "structure", + "members": { + "SecretValues": { + "target": "com.amazonaws.secretsmanager#SecretValuesType", + "traits": { + "smithy.api#documentation": "

A list of secret values.

" + } + }, + "NextToken": { + "target": "com.amazonaws.secretsmanager#NextTokenType", + "traits": { + "smithy.api#documentation": "

Secrets Manager includes this value if \n there's more output available than what is included in the current response. This can \n occur even when the response includes no values at all, such as when you ask for a filtered view \n of a long list. To get the next results, call BatchGetSecretValue again \n with this value.

" + } + }, + "Errors": { + "target": "com.amazonaws.secretsmanager#APIErrorListType", + "traits": { + "smithy.api#documentation": "

A list of errors Secrets Manager encountered while attempting to retrieve individual secrets.

" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.secretsmanager#BooleanType": { "type": "boolean", "traits": { @@ -664,6 +791,9 @@ "smithy.api#error": "client" } }, + "com.amazonaws.secretsmanager#ErrorCode": { + "type": "string" + }, "com.amazonaws.secretsmanager#ErrorMessage": { "type": "string" }, @@ -1021,7 +1151,7 @@ } ], "traits": { - "smithy.api#documentation": "

Retrieves the contents of the encrypted fields SecretString or\n SecretBinary from the specified version of a secret, whichever contains\n content.

\n

We recommend that you cache your secret values by using client-side caching. \n Caching secrets improves speed and reduces your costs. For more information, see Cache secrets for \n your applications.

\n

To retrieve the previous version of a secret, use VersionStage and specify \n AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage.

\n

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

\n

\n Required permissions: \n secretsmanager:GetSecretValue. \n If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key \n aws/secretsmanager, then you also need kms:Decrypt permissions for that key.\n For more information, see \n IAM policy actions for Secrets Manager and Authentication \n and access control in Secrets Manager.

", + "smithy.api#documentation": "

Retrieves the contents of the encrypted fields SecretString or\n SecretBinary from the specified version of a secret, whichever contains\n content.

\n

To retrieve the values for a group of secrets, call BatchGetSecretValue.

\n

We recommend that you cache your secret values by using client-side caching. \n Caching secrets improves speed and reduces your costs. For more information, see Cache secrets for \n your applications.

\n

To retrieve the previous version of a secret, use VersionStage and specify \n AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage.

\n

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

\n

\n Required permissions: \n secretsmanager:GetSecretValue. \n If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key \n aws/secretsmanager, then you also need kms:Decrypt permissions for that key.\n For more information, see \n IAM policy actions for Secrets Manager and Authentication \n and access control in Secrets Manager.

", "smithy.api#examples": [ { "title": "To retrieve the encrypted secret value of a secret", @@ -1031,7 +1161,7 @@ }, "output": { "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", - "CreatedDate": 1523477145.713, + "CreatedDate": 1.523477145713e9, "Name": "MyTestDatabaseSecret", "SecretString": "{\n \"username\":\"david\",\n \"password\":\"EXAMPLE-PASSWORD\"\n}\n", "VersionId": "EXAMPLE1-90ab-cdef-fedc-ba987SECRET1", @@ -1245,15 +1375,15 @@ { "VersionId": "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE", "VersionStages": ["AWSPREVIOUS"], - "CreatedDate": 1523477145.713 + "CreatedDate": 1.523477145713e9 }, { "VersionId": "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE", "VersionStages": ["AWSCURRENT"], - "CreatedDate": 1523486221.391 + "CreatedDate": 1.523486221391e9 }, { - "CreatedDate": 1511974462.36, + "CreatedDate": 1.51197446236e9, "VersionId": "EXAMPLE3-90ab-cdef-fedc-ba987EXAMPLE;" } ], @@ -1358,7 +1488,7 @@ } ], "traits": { - "smithy.api#documentation": "

Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets \n that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console.

\n

ListSecrets is eventually consistent, however it might not reflect changes from the last five minutes. \n To get the latest information for a specific secret, use DescribeSecret.

\n

To list the versions of a secret, use ListSecretVersionIds.

\n

To get the secret value from SecretString or SecretBinary, \n call GetSecretValue.

\n

For information about finding secrets in the console, see Find secrets in Secrets Manager.

\n

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

\n

\n Required permissions: \n secretsmanager:ListSecrets. \n For more information, see \n IAM policy actions for Secrets Manager and Authentication \n and access control in Secrets Manager.

", + "smithy.api#documentation": "

Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets \n that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console.

\n

ListSecrets is eventually consistent, however it might not reflect changes from the last five minutes. \n To get the latest information for a specific secret, use DescribeSecret.

\n

To list the versions of a secret, use ListSecretVersionIds.

\n

To retrieve the values for the secrets, call BatchGetSecretValue or GetSecretValue.

\n

For information about finding secrets in the console, see Find secrets in Secrets Manager.

\n

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.

\n

\n Required permissions: \n secretsmanager:ListSecrets. \n For more information, see \n IAM policy actions for Secrets Manager and Authentication \n and access control in Secrets Manager.

", "smithy.api#examples": [ { "title": "To list the secrets in your account", @@ -1369,7 +1499,7 @@ "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3", "Name": "MyTestDatabaseSecret", "Description": "My test database secret", - "LastChangedDate": 1523477145.729, + "LastChangedDate": 1.523477145729e9, "SecretVersionsToStages": { "EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE": ["AWSCURRENT"] } @@ -1378,7 +1508,7 @@ "ARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret1-d4e5f6", "Name": "MyTestDatabaseSecret1", "Description": "Another secret created for a different database", - "LastChangedDate": 1523482025.685, + "LastChangedDate": 1.523482025685e9, "SecretVersionsToStages": { "EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE": ["AWSCURRENT"] } @@ -1465,6 +1595,15 @@ "smithy.api#error": "client" } }, + "com.amazonaws.secretsmanager#MaxResultsBatchType": { + "type": "integer", + "traits": { + "smithy.api#range": { + "min": 1, + "max": 20 + } + } + }, "com.amazonaws.secretsmanager#MaxResultsType": { "type": "integer", "traits": { @@ -2323,6 +2462,18 @@ "smithy.api#sensitive": {} } }, + "com.amazonaws.secretsmanager#SecretIdListType": { + "type": "list", + "member": { + "target": "com.amazonaws.secretsmanager#SecretIdType" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 20 + } + } + }, "com.amazonaws.secretsmanager#SecretIdType": { "type": "string", "traits": { @@ -2344,7 +2495,7 @@ "Name": { "target": "com.amazonaws.secretsmanager#SecretNameType", "traits": { - "smithy.api#documentation": "

The friendly name of the secret. You can use forward slashes in the name to represent a\n path hierarchy. For example, /prod/databases/dbserver1 could represent the secret\n for a server named dbserver1 in the folder databases in the folder\n prod.

" + "smithy.api#documentation": "

The friendly name of the secret.

" } }, "Description": { @@ -2468,6 +2619,62 @@ "smithy.api#sensitive": {} } }, + "com.amazonaws.secretsmanager#SecretValueEntry": { + "type": "structure", + "members": { + "ARN": { + "target": "com.amazonaws.secretsmanager#SecretARNType", + "traits": { + "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the secret.

" + } + }, + "Name": { + "target": "com.amazonaws.secretsmanager#SecretNameType", + "traits": { + "smithy.api#documentation": "

The friendly name of the secret.

" + } + }, + "VersionId": { + "target": "com.amazonaws.secretsmanager#SecretVersionIdType", + "traits": { + "smithy.api#documentation": "

The unique version identifier of this version of the secret.

" + } + }, + "SecretBinary": { + "target": "com.amazonaws.secretsmanager#SecretBinaryType", + "traits": { + "smithy.api#documentation": "

The decrypted secret value, if the secret value was originally provided as\n binary data in the form of a byte array. The parameter represents the binary data as\n a base64-encoded\n string.

" + } + }, + "SecretString": { + "target": "com.amazonaws.secretsmanager#SecretStringType", + "traits": { + "smithy.api#documentation": "

The decrypted secret value, if the secret value was originally provided as a string or \n through the Secrets Manager console.

" + } + }, + "VersionStages": { + "target": "com.amazonaws.secretsmanager#SecretVersionStagesType", + "traits": { + "smithy.api#documentation": "

A list of all of the staging labels currently attached to this version of the\n secret.

" + } + }, + "CreatedDate": { + "target": "com.amazonaws.secretsmanager#CreatedDateType", + "traits": { + "smithy.api#documentation": "

The date the secret was created.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

A structure that contains the secret value and other details for a secret.

" + } + }, + "com.amazonaws.secretsmanager#SecretValuesType": { + "type": "list", + "member": { + "target": "com.amazonaws.secretsmanager#SecretValueEntry" + } + }, "com.amazonaws.secretsmanager#SecretVersionIdType": { "type": "string", "traits": { @@ -3177,6 +3384,9 @@ "type": "service", "version": "2017-10-17", "operations": [ + { + "target": "com.amazonaws.secretsmanager#BatchGetSecretValue" + }, { "target": "com.amazonaws.secretsmanager#CancelRotateSecret" },