1 /** 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * SPDX-License-Identifier: Apache-2.0. 4 */ 5 6 #pragma once 7 #include <aws/secretsmanager/SecretsManager_EXPORTS.h> 8 #include <aws/secretsmanager/SecretsManagerErrors.h> 9 #include <aws/core/client/AWSError.h> 10 #include <aws/core/client/ClientConfiguration.h> 11 #include <aws/core/client/AWSClient.h> 12 #include <aws/core/utils/memory/stl/AWSString.h> 13 #include <aws/core/utils/json/JsonSerializer.h> 14 #include <aws/secretsmanager/model/CancelRotateSecretResult.h> 15 #include <aws/secretsmanager/model/CreateSecretResult.h> 16 #include <aws/secretsmanager/model/DeleteResourcePolicyResult.h> 17 #include <aws/secretsmanager/model/DeleteSecretResult.h> 18 #include <aws/secretsmanager/model/DescribeSecretResult.h> 19 #include <aws/secretsmanager/model/GetRandomPasswordResult.h> 20 #include <aws/secretsmanager/model/GetResourcePolicyResult.h> 21 #include <aws/secretsmanager/model/GetSecretValueResult.h> 22 #include <aws/secretsmanager/model/ListSecretVersionIdsResult.h> 23 #include <aws/secretsmanager/model/ListSecretsResult.h> 24 #include <aws/secretsmanager/model/PutResourcePolicyResult.h> 25 #include <aws/secretsmanager/model/PutSecretValueResult.h> 26 #include <aws/secretsmanager/model/RemoveRegionsFromReplicationResult.h> 27 #include <aws/secretsmanager/model/ReplicateSecretToRegionsResult.h> 28 #include <aws/secretsmanager/model/RestoreSecretResult.h> 29 #include <aws/secretsmanager/model/RotateSecretResult.h> 30 #include <aws/secretsmanager/model/StopReplicationToReplicaResult.h> 31 #include <aws/secretsmanager/model/UpdateSecretResult.h> 32 #include <aws/secretsmanager/model/UpdateSecretVersionStageResult.h> 33 #include <aws/secretsmanager/model/ValidateResourcePolicyResult.h> 34 #include <aws/core/NoResult.h> 35 #include <aws/core/client/AsyncCallerContext.h> 36 #include <aws/core/http/HttpTypes.h> 37 #include <future> 38 #include <functional> 39 40 namespace Aws 41 { 42 43 namespace Http 44 { 45 class HttpClient; 46 class HttpClientFactory; 47 } // namespace Http 48 49 namespace Utils 50 { 51 template< typename R, typename E> class Outcome; 52 namespace Threading 53 { 54 class Executor; 55 } // namespace Threading 56 } // namespace Utils 57 58 namespace Auth 59 { 60 class AWSCredentials; 61 class AWSCredentialsProvider; 62 } // namespace Auth 63 64 namespace Client 65 { 66 class RetryStrategy; 67 } // namespace Client 68 69 namespace SecretsManager 70 { 71 72 namespace Model 73 { 74 class CancelRotateSecretRequest; 75 class CreateSecretRequest; 76 class DeleteResourcePolicyRequest; 77 class DeleteSecretRequest; 78 class DescribeSecretRequest; 79 class GetRandomPasswordRequest; 80 class GetResourcePolicyRequest; 81 class GetSecretValueRequest; 82 class ListSecretVersionIdsRequest; 83 class ListSecretsRequest; 84 class PutResourcePolicyRequest; 85 class PutSecretValueRequest; 86 class RemoveRegionsFromReplicationRequest; 87 class ReplicateSecretToRegionsRequest; 88 class RestoreSecretRequest; 89 class RotateSecretRequest; 90 class StopReplicationToReplicaRequest; 91 class TagResourceRequest; 92 class UntagResourceRequest; 93 class UpdateSecretRequest; 94 class UpdateSecretVersionStageRequest; 95 class ValidateResourcePolicyRequest; 96 97 typedef Aws::Utils::Outcome<CancelRotateSecretResult, SecretsManagerError> CancelRotateSecretOutcome; 98 typedef Aws::Utils::Outcome<CreateSecretResult, SecretsManagerError> CreateSecretOutcome; 99 typedef Aws::Utils::Outcome<DeleteResourcePolicyResult, SecretsManagerError> DeleteResourcePolicyOutcome; 100 typedef Aws::Utils::Outcome<DeleteSecretResult, SecretsManagerError> DeleteSecretOutcome; 101 typedef Aws::Utils::Outcome<DescribeSecretResult, SecretsManagerError> DescribeSecretOutcome; 102 typedef Aws::Utils::Outcome<GetRandomPasswordResult, SecretsManagerError> GetRandomPasswordOutcome; 103 typedef Aws::Utils::Outcome<GetResourcePolicyResult, SecretsManagerError> GetResourcePolicyOutcome; 104 typedef Aws::Utils::Outcome<GetSecretValueResult, SecretsManagerError> GetSecretValueOutcome; 105 typedef Aws::Utils::Outcome<ListSecretVersionIdsResult, SecretsManagerError> ListSecretVersionIdsOutcome; 106 typedef Aws::Utils::Outcome<ListSecretsResult, SecretsManagerError> ListSecretsOutcome; 107 typedef Aws::Utils::Outcome<PutResourcePolicyResult, SecretsManagerError> PutResourcePolicyOutcome; 108 typedef Aws::Utils::Outcome<PutSecretValueResult, SecretsManagerError> PutSecretValueOutcome; 109 typedef Aws::Utils::Outcome<RemoveRegionsFromReplicationResult, SecretsManagerError> RemoveRegionsFromReplicationOutcome; 110 typedef Aws::Utils::Outcome<ReplicateSecretToRegionsResult, SecretsManagerError> ReplicateSecretToRegionsOutcome; 111 typedef Aws::Utils::Outcome<RestoreSecretResult, SecretsManagerError> RestoreSecretOutcome; 112 typedef Aws::Utils::Outcome<RotateSecretResult, SecretsManagerError> RotateSecretOutcome; 113 typedef Aws::Utils::Outcome<StopReplicationToReplicaResult, SecretsManagerError> StopReplicationToReplicaOutcome; 114 typedef Aws::Utils::Outcome<Aws::NoResult, SecretsManagerError> TagResourceOutcome; 115 typedef Aws::Utils::Outcome<Aws::NoResult, SecretsManagerError> UntagResourceOutcome; 116 typedef Aws::Utils::Outcome<UpdateSecretResult, SecretsManagerError> UpdateSecretOutcome; 117 typedef Aws::Utils::Outcome<UpdateSecretVersionStageResult, SecretsManagerError> UpdateSecretVersionStageOutcome; 118 typedef Aws::Utils::Outcome<ValidateResourcePolicyResult, SecretsManagerError> ValidateResourcePolicyOutcome; 119 120 typedef std::future<CancelRotateSecretOutcome> CancelRotateSecretOutcomeCallable; 121 typedef std::future<CreateSecretOutcome> CreateSecretOutcomeCallable; 122 typedef std::future<DeleteResourcePolicyOutcome> DeleteResourcePolicyOutcomeCallable; 123 typedef std::future<DeleteSecretOutcome> DeleteSecretOutcomeCallable; 124 typedef std::future<DescribeSecretOutcome> DescribeSecretOutcomeCallable; 125 typedef std::future<GetRandomPasswordOutcome> GetRandomPasswordOutcomeCallable; 126 typedef std::future<GetResourcePolicyOutcome> GetResourcePolicyOutcomeCallable; 127 typedef std::future<GetSecretValueOutcome> GetSecretValueOutcomeCallable; 128 typedef std::future<ListSecretVersionIdsOutcome> ListSecretVersionIdsOutcomeCallable; 129 typedef std::future<ListSecretsOutcome> ListSecretsOutcomeCallable; 130 typedef std::future<PutResourcePolicyOutcome> PutResourcePolicyOutcomeCallable; 131 typedef std::future<PutSecretValueOutcome> PutSecretValueOutcomeCallable; 132 typedef std::future<RemoveRegionsFromReplicationOutcome> RemoveRegionsFromReplicationOutcomeCallable; 133 typedef std::future<ReplicateSecretToRegionsOutcome> ReplicateSecretToRegionsOutcomeCallable; 134 typedef std::future<RestoreSecretOutcome> RestoreSecretOutcomeCallable; 135 typedef std::future<RotateSecretOutcome> RotateSecretOutcomeCallable; 136 typedef std::future<StopReplicationToReplicaOutcome> StopReplicationToReplicaOutcomeCallable; 137 typedef std::future<TagResourceOutcome> TagResourceOutcomeCallable; 138 typedef std::future<UntagResourceOutcome> UntagResourceOutcomeCallable; 139 typedef std::future<UpdateSecretOutcome> UpdateSecretOutcomeCallable; 140 typedef std::future<UpdateSecretVersionStageOutcome> UpdateSecretVersionStageOutcomeCallable; 141 typedef std::future<ValidateResourcePolicyOutcome> ValidateResourcePolicyOutcomeCallable; 142 } // namespace Model 143 144 class SecretsManagerClient; 145 146 typedef std::function<void(const SecretsManagerClient*, const Model::CancelRotateSecretRequest&, const Model::CancelRotateSecretOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > CancelRotateSecretResponseReceivedHandler; 147 typedef std::function<void(const SecretsManagerClient*, const Model::CreateSecretRequest&, const Model::CreateSecretOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > CreateSecretResponseReceivedHandler; 148 typedef std::function<void(const SecretsManagerClient*, const Model::DeleteResourcePolicyRequest&, const Model::DeleteResourcePolicyOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > DeleteResourcePolicyResponseReceivedHandler; 149 typedef std::function<void(const SecretsManagerClient*, const Model::DeleteSecretRequest&, const Model::DeleteSecretOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > DeleteSecretResponseReceivedHandler; 150 typedef std::function<void(const SecretsManagerClient*, const Model::DescribeSecretRequest&, const Model::DescribeSecretOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > DescribeSecretResponseReceivedHandler; 151 typedef std::function<void(const SecretsManagerClient*, const Model::GetRandomPasswordRequest&, const Model::GetRandomPasswordOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetRandomPasswordResponseReceivedHandler; 152 typedef std::function<void(const SecretsManagerClient*, const Model::GetResourcePolicyRequest&, const Model::GetResourcePolicyOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetResourcePolicyResponseReceivedHandler; 153 typedef std::function<void(const SecretsManagerClient*, const Model::GetSecretValueRequest&, const Model::GetSecretValueOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetSecretValueResponseReceivedHandler; 154 typedef std::function<void(const SecretsManagerClient*, const Model::ListSecretVersionIdsRequest&, const Model::ListSecretVersionIdsOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > ListSecretVersionIdsResponseReceivedHandler; 155 typedef std::function<void(const SecretsManagerClient*, const Model::ListSecretsRequest&, const Model::ListSecretsOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > ListSecretsResponseReceivedHandler; 156 typedef std::function<void(const SecretsManagerClient*, const Model::PutResourcePolicyRequest&, const Model::PutResourcePolicyOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > PutResourcePolicyResponseReceivedHandler; 157 typedef std::function<void(const SecretsManagerClient*, const Model::PutSecretValueRequest&, const Model::PutSecretValueOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > PutSecretValueResponseReceivedHandler; 158 typedef std::function<void(const SecretsManagerClient*, const Model::RemoveRegionsFromReplicationRequest&, const Model::RemoveRegionsFromReplicationOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > RemoveRegionsFromReplicationResponseReceivedHandler; 159 typedef std::function<void(const SecretsManagerClient*, const Model::ReplicateSecretToRegionsRequest&, const Model::ReplicateSecretToRegionsOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > ReplicateSecretToRegionsResponseReceivedHandler; 160 typedef std::function<void(const SecretsManagerClient*, const Model::RestoreSecretRequest&, const Model::RestoreSecretOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > RestoreSecretResponseReceivedHandler; 161 typedef std::function<void(const SecretsManagerClient*, const Model::RotateSecretRequest&, const Model::RotateSecretOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > RotateSecretResponseReceivedHandler; 162 typedef std::function<void(const SecretsManagerClient*, const Model::StopReplicationToReplicaRequest&, const Model::StopReplicationToReplicaOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > StopReplicationToReplicaResponseReceivedHandler; 163 typedef std::function<void(const SecretsManagerClient*, const Model::TagResourceRequest&, const Model::TagResourceOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > TagResourceResponseReceivedHandler; 164 typedef std::function<void(const SecretsManagerClient*, const Model::UntagResourceRequest&, const Model::UntagResourceOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > UntagResourceResponseReceivedHandler; 165 typedef std::function<void(const SecretsManagerClient*, const Model::UpdateSecretRequest&, const Model::UpdateSecretOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > UpdateSecretResponseReceivedHandler; 166 typedef std::function<void(const SecretsManagerClient*, const Model::UpdateSecretVersionStageRequest&, const Model::UpdateSecretVersionStageOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > UpdateSecretVersionStageResponseReceivedHandler; 167 typedef std::function<void(const SecretsManagerClient*, const Model::ValidateResourcePolicyRequest&, const Model::ValidateResourcePolicyOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > ValidateResourcePolicyResponseReceivedHandler; 168 169 /** 170 * <fullname>Amazon Web Services Secrets Manager</fullname> <p>Amazon Web Services 171 * Secrets Manager provides a service to enable you to store, manage, and retrieve, 172 * secrets.</p> <p>This guide provides descriptions of the Secrets Manager API. For 173 * more information about using this service, see the <a 174 * href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html">Amazon 175 * Web Services Secrets Manager User Guide</a>.</p> <p> <b>API Version</b> </p> 176 * <p>This version of the Secrets Manager API Reference documents the Secrets 177 * Manager API version 2017-10-17.</p> <p>As an alternative to using the 178 * API, you can use one of the Amazon Web Services SDKs, which consist of libraries 179 * and sample code for various programming languages and platforms such as Java, 180 * Ruby, .NET, iOS, and Android. The SDKs provide a convenient way to create 181 * programmatic access to Amazon Web Services Secrets Manager. For example, the 182 * SDKs provide cryptographically signing requests, managing errors, and retrying 183 * requests automatically. For more information about the Amazon Web Services SDKs, 184 * including downloading and installing them, see <a 185 * href="http://aws.amazon.com/tools/">Tools for Amazon Web Services</a>.</p> 186 * <p>We recommend you use the Amazon Web Services SDKs to make 187 * programmatic API calls to Secrets Manager. However, you also can use the Secrets 188 * Manager HTTP Query API to make direct calls to the Secrets Manager web service. 189 * To learn more about the Secrets Manager HTTP Query API, see <a 190 * href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/query-requests.html">Making 191 * Query Requests</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. 192 * </p> <p>Secrets Manager API supports GET and POST requests for all actions, and 193 * doesn't require you to use GET for some actions and POST for others. However, 194 * GET requests are subject to the limitation size of a URL. Therefore, for 195 * operations that require larger sizes, use a POST request.</p> <p> <b>Support and 196 * Feedback for Amazon Web Services Secrets Manager</b> </p> <p>We welcome your 197 * feedback. Send your comments to <a 198 * href="mailto:awssecretsmanager-feedback@amazon.com">awssecretsmanager-feedback@amazon.com</a>, 199 * or post your feedback and questions in the <a 200 * href="http://forums.aws.amazon.com/forum.jspa?forumID=296">Amazon Web Services 201 * Secrets Manager Discussion Forum</a>. For more information about the Amazon Web 202 * Services Discussion Forums, see <a 203 * href="http://forums.aws.amazon.com/help.jspa">Forums Help</a>.</p> <p> <b>How 204 * examples are presented</b> </p> <p>The JSON that Amazon Web Services Secrets 205 * Manager expects as your request parameters and the service returns as a response 206 * to HTTP query requests contain single, long strings without line breaks or white 207 * space formatting. The JSON shown in the examples displays the code formatted 208 * with both line breaks and white space to improve readability. When example input 209 * parameters can also cause long strings extending beyond the screen, you can 210 * insert line breaks to enhance readability. You should always submit the input as 211 * a single JSON text string.</p> <p> <b>Logging API Requests</b> </p> <p>Amazon 212 * Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service 213 * that records Amazon Web Services API calls for your Amazon Web Services account 214 * and delivers log files to an Amazon S3 bucket. By using information that's 215 * collected by Amazon Web Services CloudTrail, you can determine the requests 216 * successfully made to Secrets Manager, who made the request, when it was made, 217 * and so on. For more about Amazon Web Services Secrets Manager and support for 218 * Amazon Web Services CloudTrail, see <a 219 * href="http://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail">Logging 220 * Amazon Web Services Secrets Manager Events with Amazon Web Services 221 * CloudTrail</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. To 222 * learn more about CloudTrail, including enabling it and find your log files, see 223 * the <a 224 * href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html">Amazon 225 * Web Services CloudTrail User Guide</a>.</p> 226 */ 227 class AWS_SECRETSMANAGER_API SecretsManagerClient : public Aws::Client::AWSJsonClient 228 { 229 public: 230 typedef Aws::Client::AWSJsonClient BASECLASS; 231 232 /** 233 * Initializes client to use DefaultCredentialProviderChain, with default http client factory, and optional client config. If client config 234 * is not specified, it will be initialized to default values. 235 */ 236 SecretsManagerClient(const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration()); 237 238 /** 239 * Initializes client to use SimpleAWSCredentialsProvider, with default http client factory, and optional client config. If client config 240 * is not specified, it will be initialized to default values. 241 */ 242 SecretsManagerClient(const Aws::Auth::AWSCredentials& credentials, const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration()); 243 244 /** 245 * Initializes client to use specified credentials provider with specified client config. If http client factory is not supplied, 246 * the default http client factory will be used 247 */ 248 SecretsManagerClient(const std::shared_ptr<Aws::Auth::AWSCredentialsProvider>& credentialsProvider, 249 const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration()); 250 251 virtual ~SecretsManagerClient(); 252 253 254 /** 255 * <p>Disables automatic scheduled rotation and cancels the rotation of a secret if 256 * currently in progress.</p> <p>To re-enable scheduled rotation, call 257 * <a>RotateSecret</a> with <code>AutomaticallyRotateAfterDays</code> set to a 258 * value greater than 0. This immediately rotates your secret and then enables the 259 * automatic schedule.</p> <p>If you cancel a rotation while in progress, it 260 * can leave the <code>VersionStage</code> labels in an unexpected state. Depending 261 * on the step of the rotation in progress, you might need to remove the staging 262 * label <code>AWSPENDING</code> from the partially created version, specified by 263 * the <code>VersionId</code> response value. You should also evaluate the 264 * partially rotated new version to see if it should be deleted, which you can do 265 * by removing all staging labels from the new version <code>VersionStage</code> 266 * field.</p> <p>To successfully start a rotation, the staging label 267 * <code>AWSPENDING</code> must be in one of the following states:</p> <ul> <li> 268 * <p>Not attached to any version at all</p> </li> <li> <p>Attached to the same 269 * version as the staging label <code>AWSCURRENT</code> </p> </li> </ul> <p>If the 270 * staging label <code>AWSPENDING</code> attached to a different version than the 271 * version with <code>AWSCURRENT</code> then the attempt to rotate fails.</p> <p> 272 * <b>Minimum permissions</b> </p> <p>To run this command, you must have the 273 * following permissions:</p> <ul> <li> <p>secretsmanager:CancelRotateSecret</p> 274 * </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To configure 275 * rotation for a secret or to manually trigger a rotation, use 276 * <a>RotateSecret</a>.</p> </li> <li> <p>To get the rotation configuration details 277 * for a secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To list all of the 278 * currently available secrets, use <a>ListSecrets</a>.</p> </li> <li> <p>To list 279 * all of the versions currently associated with a secret, use 280 * <a>ListSecretVersionIds</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 281 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret">AWS 282 * API Reference</a></p> 283 */ 284 virtual Model::CancelRotateSecretOutcome CancelRotateSecret(const Model::CancelRotateSecretRequest& request) const; 285 286 /** 287 * <p>Disables automatic scheduled rotation and cancels the rotation of a secret if 288 * currently in progress.</p> <p>To re-enable scheduled rotation, call 289 * <a>RotateSecret</a> with <code>AutomaticallyRotateAfterDays</code> set to a 290 * value greater than 0. This immediately rotates your secret and then enables the 291 * automatic schedule.</p> <p>If you cancel a rotation while in progress, it 292 * can leave the <code>VersionStage</code> labels in an unexpected state. Depending 293 * on the step of the rotation in progress, you might need to remove the staging 294 * label <code>AWSPENDING</code> from the partially created version, specified by 295 * the <code>VersionId</code> response value. You should also evaluate the 296 * partially rotated new version to see if it should be deleted, which you can do 297 * by removing all staging labels from the new version <code>VersionStage</code> 298 * field.</p> <p>To successfully start a rotation, the staging label 299 * <code>AWSPENDING</code> must be in one of the following states:</p> <ul> <li> 300 * <p>Not attached to any version at all</p> </li> <li> <p>Attached to the same 301 * version as the staging label <code>AWSCURRENT</code> </p> </li> </ul> <p>If the 302 * staging label <code>AWSPENDING</code> attached to a different version than the 303 * version with <code>AWSCURRENT</code> then the attempt to rotate fails.</p> <p> 304 * <b>Minimum permissions</b> </p> <p>To run this command, you must have the 305 * following permissions:</p> <ul> <li> <p>secretsmanager:CancelRotateSecret</p> 306 * </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To configure 307 * rotation for a secret or to manually trigger a rotation, use 308 * <a>RotateSecret</a>.</p> </li> <li> <p>To get the rotation configuration details 309 * for a secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To list all of the 310 * currently available secrets, use <a>ListSecrets</a>.</p> </li> <li> <p>To list 311 * all of the versions currently associated with a secret, use 312 * <a>ListSecretVersionIds</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 313 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret">AWS 314 * API Reference</a></p> 315 * 316 * returns a future to the operation so that it can be executed in parallel to other requests. 317 */ 318 virtual Model::CancelRotateSecretOutcomeCallable CancelRotateSecretCallable(const Model::CancelRotateSecretRequest& request) const; 319 320 /** 321 * <p>Disables automatic scheduled rotation and cancels the rotation of a secret if 322 * currently in progress.</p> <p>To re-enable scheduled rotation, call 323 * <a>RotateSecret</a> with <code>AutomaticallyRotateAfterDays</code> set to a 324 * value greater than 0. This immediately rotates your secret and then enables the 325 * automatic schedule.</p> <p>If you cancel a rotation while in progress, it 326 * can leave the <code>VersionStage</code> labels in an unexpected state. Depending 327 * on the step of the rotation in progress, you might need to remove the staging 328 * label <code>AWSPENDING</code> from the partially created version, specified by 329 * the <code>VersionId</code> response value. You should also evaluate the 330 * partially rotated new version to see if it should be deleted, which you can do 331 * by removing all staging labels from the new version <code>VersionStage</code> 332 * field.</p> <p>To successfully start a rotation, the staging label 333 * <code>AWSPENDING</code> must be in one of the following states:</p> <ul> <li> 334 * <p>Not attached to any version at all</p> </li> <li> <p>Attached to the same 335 * version as the staging label <code>AWSCURRENT</code> </p> </li> </ul> <p>If the 336 * staging label <code>AWSPENDING</code> attached to a different version than the 337 * version with <code>AWSCURRENT</code> then the attempt to rotate fails.</p> <p> 338 * <b>Minimum permissions</b> </p> <p>To run this command, you must have the 339 * following permissions:</p> <ul> <li> <p>secretsmanager:CancelRotateSecret</p> 340 * </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To configure 341 * rotation for a secret or to manually trigger a rotation, use 342 * <a>RotateSecret</a>.</p> </li> <li> <p>To get the rotation configuration details 343 * for a secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To list all of the 344 * currently available secrets, use <a>ListSecrets</a>.</p> </li> <li> <p>To list 345 * all of the versions currently associated with a secret, use 346 * <a>ListSecretVersionIds</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 347 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret">AWS 348 * API Reference</a></p> 349 * 350 * Queues the request into a thread executor and triggers associated callback when operation has finished. 351 */ 352 virtual void CancelRotateSecretAsync(const Model::CancelRotateSecretRequest& request, const CancelRotateSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 353 354 /** 355 * <p>Creates a new secret. A secret in Secrets Manager consists of both the 356 * protected secret data and the important information needed to manage the 357 * secret.</p> <p>Secrets Manager stores the encrypted secret data in one of a 358 * collection of "versions" associated with the secret. Each version contains a 359 * copy of the encrypted secret data. Each version is associated with one or more 360 * "staging labels" that identify where the version is in the rotation cycle. The 361 * <code>SecretVersionsToStages</code> field of the secret contains the mapping of 362 * staging labels to the active versions of the secret. Versions without a staging 363 * label are considered deprecated and not included in the list.</p> <p>You provide 364 * the secret data to be encrypted by putting text in either the 365 * <code>SecretString</code> parameter or binary data in the 366 * <code>SecretBinary</code> parameter, but not both. If you include 367 * <code>SecretString</code> or <code>SecretBinary</code> then Secrets Manager also 368 * creates an initial secret version and automatically attaches the staging label 369 * <code>AWSCURRENT</code> to the new version.</p> <ul> <li> <p>If you call 370 * an operation to encrypt or decrypt the <code>SecretString</code> or 371 * <code>SecretBinary</code> for a secret in the same account as the calling user 372 * and that secret doesn't specify a Amazon Web Services KMS encryption key, 373 * Secrets Manager uses the account's default Amazon Web Services managed customer 374 * master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key 375 * doesn't already exist in your account then Secrets Manager creates it for you 376 * automatically. All users and roles in the same Amazon Web Services account 377 * automatically have access to use the default CMK. Note that if an Secrets 378 * Manager API call results in Amazon Web Services creating the account's Amazon 379 * Web Services-managed CMK, it can result in a one-time significant delay in 380 * returning the result.</p> </li> <li> <p>If the secret resides in a different 381 * Amazon Web Services account from the credentials calling an API that requires 382 * encryption or decryption of the secret value then you must create and use a 383 * custom Amazon Web Services KMS CMK because you can't access the default CMK for 384 * the account using credentials from a different Amazon Web Services account. 385 * Store the ARN of the CMK in the secret when you create the secret or when you 386 * update it by including it in the <code>KMSKeyId</code>. If you call an API that 387 * must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> 388 * using credentials from a different account then the Amazon Web Services KMS key 389 * policy must grant cross-account access to that other account's user or role for 390 * both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> 391 * <p> </p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must 392 * have the following permissions:</p> <ul> <li> <p>secretsmanager:CreateSecret</p> 393 * </li> <li> <p>kms:GenerateDataKey - needed only if you use a customer-managed 394 * Amazon Web Services KMS key to encrypt the secret. You do not need this 395 * permission to use the account default Amazon Web Services managed CMK for 396 * Secrets Manager.</p> </li> <li> <p>kms:Decrypt - needed only if you use a 397 * customer-managed Amazon Web Services KMS key to encrypt the secret. You do not 398 * need this permission to use the account default Amazon Web Services managed CMK 399 * for Secrets Manager.</p> </li> <li> <p>secretsmanager:TagResource - needed only 400 * if you include the <code>Tags</code> parameter. </p> </li> </ul> <p> <b>Related 401 * operations</b> </p> <ul> <li> <p>To delete a secret, use 402 * <a>DeleteSecret</a>.</p> </li> <li> <p>To modify an existing secret, use 403 * <a>UpdateSecret</a>.</p> </li> <li> <p>To create a new version of a secret, use 404 * <a>PutSecretValue</a>.</p> </li> <li> <p>To retrieve the encrypted secure string 405 * and secure binary values, use <a>GetSecretValue</a>.</p> </li> <li> <p>To 406 * retrieve all other details for a secret, use <a>DescribeSecret</a>. This does 407 * not include the encrypted secure string and secure binary values.</p> </li> <li> 408 * <p>To retrieve the list of secret versions associated with the current secret, 409 * use <a>DescribeSecret</a> and examine the <code>SecretVersionsToStages</code> 410 * response value.</p> </li> </ul><p><h3>See Also:</h3> <a 411 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret">AWS 412 * API Reference</a></p> 413 */ 414 virtual Model::CreateSecretOutcome CreateSecret(const Model::CreateSecretRequest& request) const; 415 416 /** 417 * <p>Creates a new secret. A secret in Secrets Manager consists of both the 418 * protected secret data and the important information needed to manage the 419 * secret.</p> <p>Secrets Manager stores the encrypted secret data in one of a 420 * collection of "versions" associated with the secret. Each version contains a 421 * copy of the encrypted secret data. Each version is associated with one or more 422 * "staging labels" that identify where the version is in the rotation cycle. The 423 * <code>SecretVersionsToStages</code> field of the secret contains the mapping of 424 * staging labels to the active versions of the secret. Versions without a staging 425 * label are considered deprecated and not included in the list.</p> <p>You provide 426 * the secret data to be encrypted by putting text in either the 427 * <code>SecretString</code> parameter or binary data in the 428 * <code>SecretBinary</code> parameter, but not both. If you include 429 * <code>SecretString</code> or <code>SecretBinary</code> then Secrets Manager also 430 * creates an initial secret version and automatically attaches the staging label 431 * <code>AWSCURRENT</code> to the new version.</p> <ul> <li> <p>If you call 432 * an operation to encrypt or decrypt the <code>SecretString</code> or 433 * <code>SecretBinary</code> for a secret in the same account as the calling user 434 * and that secret doesn't specify a Amazon Web Services KMS encryption key, 435 * Secrets Manager uses the account's default Amazon Web Services managed customer 436 * master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key 437 * doesn't already exist in your account then Secrets Manager creates it for you 438 * automatically. All users and roles in the same Amazon Web Services account 439 * automatically have access to use the default CMK. Note that if an Secrets 440 * Manager API call results in Amazon Web Services creating the account's Amazon 441 * Web Services-managed CMK, it can result in a one-time significant delay in 442 * returning the result.</p> </li> <li> <p>If the secret resides in a different 443 * Amazon Web Services account from the credentials calling an API that requires 444 * encryption or decryption of the secret value then you must create and use a 445 * custom Amazon Web Services KMS CMK because you can't access the default CMK for 446 * the account using credentials from a different Amazon Web Services account. 447 * Store the ARN of the CMK in the secret when you create the secret or when you 448 * update it by including it in the <code>KMSKeyId</code>. If you call an API that 449 * must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> 450 * using credentials from a different account then the Amazon Web Services KMS key 451 * policy must grant cross-account access to that other account's user or role for 452 * both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> 453 * <p> </p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must 454 * have the following permissions:</p> <ul> <li> <p>secretsmanager:CreateSecret</p> 455 * </li> <li> <p>kms:GenerateDataKey - needed only if you use a customer-managed 456 * Amazon Web Services KMS key to encrypt the secret. You do not need this 457 * permission to use the account default Amazon Web Services managed CMK for 458 * Secrets Manager.</p> </li> <li> <p>kms:Decrypt - needed only if you use a 459 * customer-managed Amazon Web Services KMS key to encrypt the secret. You do not 460 * need this permission to use the account default Amazon Web Services managed CMK 461 * for Secrets Manager.</p> </li> <li> <p>secretsmanager:TagResource - needed only 462 * if you include the <code>Tags</code> parameter. </p> </li> </ul> <p> <b>Related 463 * operations</b> </p> <ul> <li> <p>To delete a secret, use 464 * <a>DeleteSecret</a>.</p> </li> <li> <p>To modify an existing secret, use 465 * <a>UpdateSecret</a>.</p> </li> <li> <p>To create a new version of a secret, use 466 * <a>PutSecretValue</a>.</p> </li> <li> <p>To retrieve the encrypted secure string 467 * and secure binary values, use <a>GetSecretValue</a>.</p> </li> <li> <p>To 468 * retrieve all other details for a secret, use <a>DescribeSecret</a>. This does 469 * not include the encrypted secure string and secure binary values.</p> </li> <li> 470 * <p>To retrieve the list of secret versions associated with the current secret, 471 * use <a>DescribeSecret</a> and examine the <code>SecretVersionsToStages</code> 472 * response value.</p> </li> </ul><p><h3>See Also:</h3> <a 473 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret">AWS 474 * API Reference</a></p> 475 * 476 * returns a future to the operation so that it can be executed in parallel to other requests. 477 */ 478 virtual Model::CreateSecretOutcomeCallable CreateSecretCallable(const Model::CreateSecretRequest& request) const; 479 480 /** 481 * <p>Creates a new secret. A secret in Secrets Manager consists of both the 482 * protected secret data and the important information needed to manage the 483 * secret.</p> <p>Secrets Manager stores the encrypted secret data in one of a 484 * collection of "versions" associated with the secret. Each version contains a 485 * copy of the encrypted secret data. Each version is associated with one or more 486 * "staging labels" that identify where the version is in the rotation cycle. The 487 * <code>SecretVersionsToStages</code> field of the secret contains the mapping of 488 * staging labels to the active versions of the secret. Versions without a staging 489 * label are considered deprecated and not included in the list.</p> <p>You provide 490 * the secret data to be encrypted by putting text in either the 491 * <code>SecretString</code> parameter or binary data in the 492 * <code>SecretBinary</code> parameter, but not both. If you include 493 * <code>SecretString</code> or <code>SecretBinary</code> then Secrets Manager also 494 * creates an initial secret version and automatically attaches the staging label 495 * <code>AWSCURRENT</code> to the new version.</p> <ul> <li> <p>If you call 496 * an operation to encrypt or decrypt the <code>SecretString</code> or 497 * <code>SecretBinary</code> for a secret in the same account as the calling user 498 * and that secret doesn't specify a Amazon Web Services KMS encryption key, 499 * Secrets Manager uses the account's default Amazon Web Services managed customer 500 * master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key 501 * doesn't already exist in your account then Secrets Manager creates it for you 502 * automatically. All users and roles in the same Amazon Web Services account 503 * automatically have access to use the default CMK. Note that if an Secrets 504 * Manager API call results in Amazon Web Services creating the account's Amazon 505 * Web Services-managed CMK, it can result in a one-time significant delay in 506 * returning the result.</p> </li> <li> <p>If the secret resides in a different 507 * Amazon Web Services account from the credentials calling an API that requires 508 * encryption or decryption of the secret value then you must create and use a 509 * custom Amazon Web Services KMS CMK because you can't access the default CMK for 510 * the account using credentials from a different Amazon Web Services account. 511 * Store the ARN of the CMK in the secret when you create the secret or when you 512 * update it by including it in the <code>KMSKeyId</code>. If you call an API that 513 * must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> 514 * using credentials from a different account then the Amazon Web Services KMS key 515 * policy must grant cross-account access to that other account's user or role for 516 * both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> 517 * <p> </p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must 518 * have the following permissions:</p> <ul> <li> <p>secretsmanager:CreateSecret</p> 519 * </li> <li> <p>kms:GenerateDataKey - needed only if you use a customer-managed 520 * Amazon Web Services KMS key to encrypt the secret. You do not need this 521 * permission to use the account default Amazon Web Services managed CMK for 522 * Secrets Manager.</p> </li> <li> <p>kms:Decrypt - needed only if you use a 523 * customer-managed Amazon Web Services KMS key to encrypt the secret. You do not 524 * need this permission to use the account default Amazon Web Services managed CMK 525 * for Secrets Manager.</p> </li> <li> <p>secretsmanager:TagResource - needed only 526 * if you include the <code>Tags</code> parameter. </p> </li> </ul> <p> <b>Related 527 * operations</b> </p> <ul> <li> <p>To delete a secret, use 528 * <a>DeleteSecret</a>.</p> </li> <li> <p>To modify an existing secret, use 529 * <a>UpdateSecret</a>.</p> </li> <li> <p>To create a new version of a secret, use 530 * <a>PutSecretValue</a>.</p> </li> <li> <p>To retrieve the encrypted secure string 531 * and secure binary values, use <a>GetSecretValue</a>.</p> </li> <li> <p>To 532 * retrieve all other details for a secret, use <a>DescribeSecret</a>. This does 533 * not include the encrypted secure string and secure binary values.</p> </li> <li> 534 * <p>To retrieve the list of secret versions associated with the current secret, 535 * use <a>DescribeSecret</a> and examine the <code>SecretVersionsToStages</code> 536 * response value.</p> </li> </ul><p><h3>See Also:</h3> <a 537 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret">AWS 538 * API Reference</a></p> 539 * 540 * Queues the request into a thread executor and triggers associated callback when operation has finished. 541 */ 542 virtual void CreateSecretAsync(const Model::CreateSecretRequest& request, const CreateSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 543 544 /** 545 * <p>Deletes the resource-based permission policy attached to the secret.</p> <p> 546 * <b>Minimum permissions</b> </p> <p>To run this command, you must have the 547 * following permissions:</p> <ul> <li> <p>secretsmanager:DeleteResourcePolicy</p> 548 * </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To attach a resource 549 * policy to a secret, use <a>PutResourcePolicy</a>.</p> </li> <li> <p>To retrieve 550 * the current resource-based policy attached to a secret, use 551 * <a>GetResourcePolicy</a>.</p> </li> <li> <p>To list all of the currently 552 * available secrets, use <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> 553 * <a 554 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy">AWS 555 * API Reference</a></p> 556 */ 557 virtual Model::DeleteResourcePolicyOutcome DeleteResourcePolicy(const Model::DeleteResourcePolicyRequest& request) const; 558 559 /** 560 * <p>Deletes the resource-based permission policy attached to the secret.</p> <p> 561 * <b>Minimum permissions</b> </p> <p>To run this command, you must have the 562 * following permissions:</p> <ul> <li> <p>secretsmanager:DeleteResourcePolicy</p> 563 * </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To attach a resource 564 * policy to a secret, use <a>PutResourcePolicy</a>.</p> </li> <li> <p>To retrieve 565 * the current resource-based policy attached to a secret, use 566 * <a>GetResourcePolicy</a>.</p> </li> <li> <p>To list all of the currently 567 * available secrets, use <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> 568 * <a 569 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy">AWS 570 * API Reference</a></p> 571 * 572 * returns a future to the operation so that it can be executed in parallel to other requests. 573 */ 574 virtual Model::DeleteResourcePolicyOutcomeCallable DeleteResourcePolicyCallable(const Model::DeleteResourcePolicyRequest& request) const; 575 576 /** 577 * <p>Deletes the resource-based permission policy attached to the secret.</p> <p> 578 * <b>Minimum permissions</b> </p> <p>To run this command, you must have the 579 * following permissions:</p> <ul> <li> <p>secretsmanager:DeleteResourcePolicy</p> 580 * </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To attach a resource 581 * policy to a secret, use <a>PutResourcePolicy</a>.</p> </li> <li> <p>To retrieve 582 * the current resource-based policy attached to a secret, use 583 * <a>GetResourcePolicy</a>.</p> </li> <li> <p>To list all of the currently 584 * available secrets, use <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> 585 * <a 586 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy">AWS 587 * API Reference</a></p> 588 * 589 * Queues the request into a thread executor and triggers associated callback when operation has finished. 590 */ 591 virtual void DeleteResourcePolicyAsync(const Model::DeleteResourcePolicyRequest& request, const DeleteResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 592 593 /** 594 * <p>Deletes an entire secret and all of the versions. You can optionally include 595 * a recovery window during which you can restore the secret. If you don't specify 596 * a recovery window value, the operation defaults to 30 days. Secrets Manager 597 * attaches a <code>DeletionDate</code> stamp to the secret that specifies the end 598 * of the recovery window. At the end of the recovery window, Secrets Manager 599 * deletes the secret permanently.</p> <p>At any time before recovery window ends, 600 * you can use <a>RestoreSecret</a> to remove the <code>DeletionDate</code> and 601 * cancel the deletion of the secret.</p> <p>You cannot access the encrypted secret 602 * information in any secret scheduled for deletion. If you need to access that 603 * information, you must cancel the deletion with <a>RestoreSecret</a> and then 604 * retrieve the information.</p> <ul> <li> <p>There is no explicit operation 605 * to delete a version of a secret. Instead, remove all staging labels from the 606 * <code>VersionStage</code> field of a version. That marks the version as 607 * deprecated and allows Secrets Manager to delete it as needed. Versions without 608 * any staging labels do not show up in <a>ListSecretVersionIds</a> unless you 609 * specify <code>IncludeDeprecated</code>.</p> </li> <li> <p>The permanent secret 610 * deletion at the end of the waiting period is performed as a background task with 611 * low priority. There is no guarantee of a specific time after the recovery window 612 * for the actual delete operation to occur.</p> </li> </ul> <p> <b>Minimum 613 * permissions</b> </p> <p>To run this command, you must have the following 614 * permissions:</p> <ul> <li> <p>secretsmanager:DeleteSecret</p> </li> </ul> <p> 615 * <b>Related operations</b> </p> <ul> <li> <p>To create a secret, use 616 * <a>CreateSecret</a>.</p> </li> <li> <p>To cancel deletion of a version of a 617 * secret before the recovery window has expired, use <a>RestoreSecret</a>.</p> 618 * </li> </ul><p><h3>See Also:</h3> <a 619 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret">AWS 620 * API Reference</a></p> 621 */ 622 virtual Model::DeleteSecretOutcome DeleteSecret(const Model::DeleteSecretRequest& request) const; 623 624 /** 625 * <p>Deletes an entire secret and all of the versions. You can optionally include 626 * a recovery window during which you can restore the secret. If you don't specify 627 * a recovery window value, the operation defaults to 30 days. Secrets Manager 628 * attaches a <code>DeletionDate</code> stamp to the secret that specifies the end 629 * of the recovery window. At the end of the recovery window, Secrets Manager 630 * deletes the secret permanently.</p> <p>At any time before recovery window ends, 631 * you can use <a>RestoreSecret</a> to remove the <code>DeletionDate</code> and 632 * cancel the deletion of the secret.</p> <p>You cannot access the encrypted secret 633 * information in any secret scheduled for deletion. If you need to access that 634 * information, you must cancel the deletion with <a>RestoreSecret</a> and then 635 * retrieve the information.</p> <ul> <li> <p>There is no explicit operation 636 * to delete a version of a secret. Instead, remove all staging labels from the 637 * <code>VersionStage</code> field of a version. That marks the version as 638 * deprecated and allows Secrets Manager to delete it as needed. Versions without 639 * any staging labels do not show up in <a>ListSecretVersionIds</a> unless you 640 * specify <code>IncludeDeprecated</code>.</p> </li> <li> <p>The permanent secret 641 * deletion at the end of the waiting period is performed as a background task with 642 * low priority. There is no guarantee of a specific time after the recovery window 643 * for the actual delete operation to occur.</p> </li> </ul> <p> <b>Minimum 644 * permissions</b> </p> <p>To run this command, you must have the following 645 * permissions:</p> <ul> <li> <p>secretsmanager:DeleteSecret</p> </li> </ul> <p> 646 * <b>Related operations</b> </p> <ul> <li> <p>To create a secret, use 647 * <a>CreateSecret</a>.</p> </li> <li> <p>To cancel deletion of a version of a 648 * secret before the recovery window has expired, use <a>RestoreSecret</a>.</p> 649 * </li> </ul><p><h3>See Also:</h3> <a 650 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret">AWS 651 * API Reference</a></p> 652 * 653 * returns a future to the operation so that it can be executed in parallel to other requests. 654 */ 655 virtual Model::DeleteSecretOutcomeCallable DeleteSecretCallable(const Model::DeleteSecretRequest& request) const; 656 657 /** 658 * <p>Deletes an entire secret and all of the versions. You can optionally include 659 * a recovery window during which you can restore the secret. If you don't specify 660 * a recovery window value, the operation defaults to 30 days. Secrets Manager 661 * attaches a <code>DeletionDate</code> stamp to the secret that specifies the end 662 * of the recovery window. At the end of the recovery window, Secrets Manager 663 * deletes the secret permanently.</p> <p>At any time before recovery window ends, 664 * you can use <a>RestoreSecret</a> to remove the <code>DeletionDate</code> and 665 * cancel the deletion of the secret.</p> <p>You cannot access the encrypted secret 666 * information in any secret scheduled for deletion. If you need to access that 667 * information, you must cancel the deletion with <a>RestoreSecret</a> and then 668 * retrieve the information.</p> <ul> <li> <p>There is no explicit operation 669 * to delete a version of a secret. Instead, remove all staging labels from the 670 * <code>VersionStage</code> field of a version. That marks the version as 671 * deprecated and allows Secrets Manager to delete it as needed. Versions without 672 * any staging labels do not show up in <a>ListSecretVersionIds</a> unless you 673 * specify <code>IncludeDeprecated</code>.</p> </li> <li> <p>The permanent secret 674 * deletion at the end of the waiting period is performed as a background task with 675 * low priority. There is no guarantee of a specific time after the recovery window 676 * for the actual delete operation to occur.</p> </li> </ul> <p> <b>Minimum 677 * permissions</b> </p> <p>To run this command, you must have the following 678 * permissions:</p> <ul> <li> <p>secretsmanager:DeleteSecret</p> </li> </ul> <p> 679 * <b>Related operations</b> </p> <ul> <li> <p>To create a secret, use 680 * <a>CreateSecret</a>.</p> </li> <li> <p>To cancel deletion of a version of a 681 * secret before the recovery window has expired, use <a>RestoreSecret</a>.</p> 682 * </li> </ul><p><h3>See Also:</h3> <a 683 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret">AWS 684 * API Reference</a></p> 685 * 686 * Queues the request into a thread executor and triggers associated callback when operation has finished. 687 */ 688 virtual void DeleteSecretAsync(const Model::DeleteSecretRequest& request, const DeleteSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 689 690 /** 691 * <p>Retrieves the details of a secret. It does not include the encrypted fields. 692 * Secrets Manager only returns fields populated with a value in the response. </p> 693 * <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the 694 * following permissions:</p> <ul> <li> <p>secretsmanager:DescribeSecret</p> </li> 695 * </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To create a secret, use 696 * <a>CreateSecret</a>.</p> </li> <li> <p>To modify a secret, use 697 * <a>UpdateSecret</a>.</p> </li> <li> <p>To retrieve the encrypted secret 698 * information in a version of the secret, use <a>GetSecretValue</a>.</p> </li> 699 * <li> <p>To list all of the secrets in the Amazon Web Services account, use 700 * <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 701 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret">AWS 702 * API Reference</a></p> 703 */ 704 virtual Model::DescribeSecretOutcome DescribeSecret(const Model::DescribeSecretRequest& request) const; 705 706 /** 707 * <p>Retrieves the details of a secret. It does not include the encrypted fields. 708 * Secrets Manager only returns fields populated with a value in the response. </p> 709 * <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the 710 * following permissions:</p> <ul> <li> <p>secretsmanager:DescribeSecret</p> </li> 711 * </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To create a secret, use 712 * <a>CreateSecret</a>.</p> </li> <li> <p>To modify a secret, use 713 * <a>UpdateSecret</a>.</p> </li> <li> <p>To retrieve the encrypted secret 714 * information in a version of the secret, use <a>GetSecretValue</a>.</p> </li> 715 * <li> <p>To list all of the secrets in the Amazon Web Services account, use 716 * <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 717 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret">AWS 718 * API Reference</a></p> 719 * 720 * returns a future to the operation so that it can be executed in parallel to other requests. 721 */ 722 virtual Model::DescribeSecretOutcomeCallable DescribeSecretCallable(const Model::DescribeSecretRequest& request) const; 723 724 /** 725 * <p>Retrieves the details of a secret. It does not include the encrypted fields. 726 * Secrets Manager only returns fields populated with a value in the response. </p> 727 * <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the 728 * following permissions:</p> <ul> <li> <p>secretsmanager:DescribeSecret</p> </li> 729 * </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To create a secret, use 730 * <a>CreateSecret</a>.</p> </li> <li> <p>To modify a secret, use 731 * <a>UpdateSecret</a>.</p> </li> <li> <p>To retrieve the encrypted secret 732 * information in a version of the secret, use <a>GetSecretValue</a>.</p> </li> 733 * <li> <p>To list all of the secrets in the Amazon Web Services account, use 734 * <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 735 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret">AWS 736 * API Reference</a></p> 737 * 738 * Queues the request into a thread executor and triggers associated callback when operation has finished. 739 */ 740 virtual void DescribeSecretAsync(const Model::DescribeSecretRequest& request, const DescribeSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 741 742 /** 743 * <p>Generates a random password of the specified complexity. This operation is 744 * intended for use in the Lambda rotation function. Per best practice, we 745 * recommend that you specify the maximum length and include every character type 746 * that the system you are generating a password for can support.</p> <p> 747 * <b>Minimum permissions</b> </p> <p>To run this command, you must have the 748 * following permissions:</p> <ul> <li> <p>secretsmanager:GetRandomPassword</p> 749 * </li> </ul><p><h3>See Also:</h3> <a 750 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword">AWS 751 * API Reference</a></p> 752 */ 753 virtual Model::GetRandomPasswordOutcome GetRandomPassword(const Model::GetRandomPasswordRequest& request) const; 754 755 /** 756 * <p>Generates a random password of the specified complexity. This operation is 757 * intended for use in the Lambda rotation function. Per best practice, we 758 * recommend that you specify the maximum length and include every character type 759 * that the system you are generating a password for can support.</p> <p> 760 * <b>Minimum permissions</b> </p> <p>To run this command, you must have the 761 * following permissions:</p> <ul> <li> <p>secretsmanager:GetRandomPassword</p> 762 * </li> </ul><p><h3>See Also:</h3> <a 763 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword">AWS 764 * API Reference</a></p> 765 * 766 * returns a future to the operation so that it can be executed in parallel to other requests. 767 */ 768 virtual Model::GetRandomPasswordOutcomeCallable GetRandomPasswordCallable(const Model::GetRandomPasswordRequest& request) const; 769 770 /** 771 * <p>Generates a random password of the specified complexity. This operation is 772 * intended for use in the Lambda rotation function. Per best practice, we 773 * recommend that you specify the maximum length and include every character type 774 * that the system you are generating a password for can support.</p> <p> 775 * <b>Minimum permissions</b> </p> <p>To run this command, you must have the 776 * following permissions:</p> <ul> <li> <p>secretsmanager:GetRandomPassword</p> 777 * </li> </ul><p><h3>See Also:</h3> <a 778 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword">AWS 779 * API Reference</a></p> 780 * 781 * Queues the request into a thread executor and triggers associated callback when operation has finished. 782 */ 783 virtual void GetRandomPasswordAsync(const Model::GetRandomPasswordRequest& request, const GetRandomPasswordResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 784 785 /** 786 * <p>Retrieves the JSON text of the resource-based policy document attached to the 787 * specified secret. The JSON request string input and response output displays 788 * formatted code with white space and line breaks for better readability. Submit 789 * your input as a single line JSON string.</p> <p> <b>Minimum permissions</b> </p> 790 * <p>To run this command, you must have the following permissions:</p> <ul> <li> 791 * <p>secretsmanager:GetResourcePolicy</p> </li> </ul> <p> <b>Related 792 * operations</b> </p> <ul> <li> <p>To attach a resource policy to a secret, use 793 * <a>PutResourcePolicy</a>.</p> </li> <li> <p>To delete the resource-based policy 794 * attached to a secret, use <a>DeleteResourcePolicy</a>.</p> </li> <li> <p>To list 795 * all of the currently available secrets, use <a>ListSecrets</a>.</p> </li> 796 * </ul><p><h3>See Also:</h3> <a 797 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy">AWS 798 * API Reference</a></p> 799 */ 800 virtual Model::GetResourcePolicyOutcome GetResourcePolicy(const Model::GetResourcePolicyRequest& request) const; 801 802 /** 803 * <p>Retrieves the JSON text of the resource-based policy document attached to the 804 * specified secret. The JSON request string input and response output displays 805 * formatted code with white space and line breaks for better readability. Submit 806 * your input as a single line JSON string.</p> <p> <b>Minimum permissions</b> </p> 807 * <p>To run this command, you must have the following permissions:</p> <ul> <li> 808 * <p>secretsmanager:GetResourcePolicy</p> </li> </ul> <p> <b>Related 809 * operations</b> </p> <ul> <li> <p>To attach a resource policy to a secret, use 810 * <a>PutResourcePolicy</a>.</p> </li> <li> <p>To delete the resource-based policy 811 * attached to a secret, use <a>DeleteResourcePolicy</a>.</p> </li> <li> <p>To list 812 * all of the currently available secrets, use <a>ListSecrets</a>.</p> </li> 813 * </ul><p><h3>See Also:</h3> <a 814 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy">AWS 815 * API Reference</a></p> 816 * 817 * returns a future to the operation so that it can be executed in parallel to other requests. 818 */ 819 virtual Model::GetResourcePolicyOutcomeCallable GetResourcePolicyCallable(const Model::GetResourcePolicyRequest& request) const; 820 821 /** 822 * <p>Retrieves the JSON text of the resource-based policy document attached to the 823 * specified secret. The JSON request string input and response output displays 824 * formatted code with white space and line breaks for better readability. Submit 825 * your input as a single line JSON string.</p> <p> <b>Minimum permissions</b> </p> 826 * <p>To run this command, you must have the following permissions:</p> <ul> <li> 827 * <p>secretsmanager:GetResourcePolicy</p> </li> </ul> <p> <b>Related 828 * operations</b> </p> <ul> <li> <p>To attach a resource policy to a secret, use 829 * <a>PutResourcePolicy</a>.</p> </li> <li> <p>To delete the resource-based policy 830 * attached to a secret, use <a>DeleteResourcePolicy</a>.</p> </li> <li> <p>To list 831 * all of the currently available secrets, use <a>ListSecrets</a>.</p> </li> 832 * </ul><p><h3>See Also:</h3> <a 833 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy">AWS 834 * API Reference</a></p> 835 * 836 * Queues the request into a thread executor and triggers associated callback when operation has finished. 837 */ 838 virtual void GetResourcePolicyAsync(const Model::GetResourcePolicyRequest& request, const GetResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 839 840 /** 841 * <p>Retrieves the contents of the encrypted fields <code>SecretString</code> or 842 * <code>SecretBinary</code> from the specified version of a secret, whichever 843 * contains content.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 844 * command, you must have the following permissions:</p> <ul> <li> 845 * <p>secretsmanager:GetSecretValue</p> </li> <li> <p>kms:Decrypt - required only 846 * if you use a customer-managed Amazon Web Services KMS key to encrypt the secret. 847 * You do not need this permission to use the account's default Amazon Web Services 848 * managed CMK for Secrets Manager.</p> </li> </ul> <p> <b>Related operations</b> 849 * </p> <ul> <li> <p>To create a new version of the secret with different encrypted 850 * information, use <a>PutSecretValue</a>.</p> </li> <li> <p>To retrieve the 851 * non-encrypted details for the secret, use <a>DescribeSecret</a>.</p> </li> 852 * </ul><p><h3>See Also:</h3> <a 853 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue">AWS 854 * API Reference</a></p> 855 */ 856 virtual Model::GetSecretValueOutcome GetSecretValue(const Model::GetSecretValueRequest& request) const; 857 858 /** 859 * <p>Retrieves the contents of the encrypted fields <code>SecretString</code> or 860 * <code>SecretBinary</code> from the specified version of a secret, whichever 861 * contains content.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 862 * command, you must have the following permissions:</p> <ul> <li> 863 * <p>secretsmanager:GetSecretValue</p> </li> <li> <p>kms:Decrypt - required only 864 * if you use a customer-managed Amazon Web Services KMS key to encrypt the secret. 865 * You do not need this permission to use the account's default Amazon Web Services 866 * managed CMK for Secrets Manager.</p> </li> </ul> <p> <b>Related operations</b> 867 * </p> <ul> <li> <p>To create a new version of the secret with different encrypted 868 * information, use <a>PutSecretValue</a>.</p> </li> <li> <p>To retrieve the 869 * non-encrypted details for the secret, use <a>DescribeSecret</a>.</p> </li> 870 * </ul><p><h3>See Also:</h3> <a 871 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue">AWS 872 * API Reference</a></p> 873 * 874 * returns a future to the operation so that it can be executed in parallel to other requests. 875 */ 876 virtual Model::GetSecretValueOutcomeCallable GetSecretValueCallable(const Model::GetSecretValueRequest& request) const; 877 878 /** 879 * <p>Retrieves the contents of the encrypted fields <code>SecretString</code> or 880 * <code>SecretBinary</code> from the specified version of a secret, whichever 881 * contains content.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 882 * command, you must have the following permissions:</p> <ul> <li> 883 * <p>secretsmanager:GetSecretValue</p> </li> <li> <p>kms:Decrypt - required only 884 * if you use a customer-managed Amazon Web Services KMS key to encrypt the secret. 885 * You do not need this permission to use the account's default Amazon Web Services 886 * managed CMK for Secrets Manager.</p> </li> </ul> <p> <b>Related operations</b> 887 * </p> <ul> <li> <p>To create a new version of the secret with different encrypted 888 * information, use <a>PutSecretValue</a>.</p> </li> <li> <p>To retrieve the 889 * non-encrypted details for the secret, use <a>DescribeSecret</a>.</p> </li> 890 * </ul><p><h3>See Also:</h3> <a 891 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue">AWS 892 * API Reference</a></p> 893 * 894 * Queues the request into a thread executor and triggers associated callback when operation has finished. 895 */ 896 virtual void GetSecretValueAsync(const Model::GetSecretValueRequest& request, const GetSecretValueResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 897 898 /** 899 * <p>Lists all of the versions attached to the specified secret. The output does 900 * not include the <code>SecretString</code> or <code>SecretBinary</code> fields. 901 * By default, the list includes only versions that have at least one staging label 902 * in <code>VersionStage</code> attached.</p> <p>Always check the 903 * <code>NextToken</code> response parameter when calling any of the 904 * <code>List*</code> operations. These operations can occasionally return an empty 905 * or shorter than expected list of results even when there more results become 906 * available. When this happens, the <code>NextToken</code> response parameter 907 * contains a value to pass to the next call to the same API to request the next 908 * part of the list.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 909 * command, you must have the following permissions:</p> <ul> <li> 910 * <p>secretsmanager:ListSecretVersionIds</p> </li> </ul> <p> <b>Related 911 * operations</b> </p> <ul> <li> <p>To list the secrets in an account, use 912 * <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 913 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds">AWS 914 * API Reference</a></p> 915 */ 916 virtual Model::ListSecretVersionIdsOutcome ListSecretVersionIds(const Model::ListSecretVersionIdsRequest& request) const; 917 918 /** 919 * <p>Lists all of the versions attached to the specified secret. The output does 920 * not include the <code>SecretString</code> or <code>SecretBinary</code> fields. 921 * By default, the list includes only versions that have at least one staging label 922 * in <code>VersionStage</code> attached.</p> <p>Always check the 923 * <code>NextToken</code> response parameter when calling any of the 924 * <code>List*</code> operations. These operations can occasionally return an empty 925 * or shorter than expected list of results even when there more results become 926 * available. When this happens, the <code>NextToken</code> response parameter 927 * contains a value to pass to the next call to the same API to request the next 928 * part of the list.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 929 * command, you must have the following permissions:</p> <ul> <li> 930 * <p>secretsmanager:ListSecretVersionIds</p> </li> </ul> <p> <b>Related 931 * operations</b> </p> <ul> <li> <p>To list the secrets in an account, use 932 * <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 933 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds">AWS 934 * API Reference</a></p> 935 * 936 * returns a future to the operation so that it can be executed in parallel to other requests. 937 */ 938 virtual Model::ListSecretVersionIdsOutcomeCallable ListSecretVersionIdsCallable(const Model::ListSecretVersionIdsRequest& request) const; 939 940 /** 941 * <p>Lists all of the versions attached to the specified secret. The output does 942 * not include the <code>SecretString</code> or <code>SecretBinary</code> fields. 943 * By default, the list includes only versions that have at least one staging label 944 * in <code>VersionStage</code> attached.</p> <p>Always check the 945 * <code>NextToken</code> response parameter when calling any of the 946 * <code>List*</code> operations. These operations can occasionally return an empty 947 * or shorter than expected list of results even when there more results become 948 * available. When this happens, the <code>NextToken</code> response parameter 949 * contains a value to pass to the next call to the same API to request the next 950 * part of the list.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 951 * command, you must have the following permissions:</p> <ul> <li> 952 * <p>secretsmanager:ListSecretVersionIds</p> </li> </ul> <p> <b>Related 953 * operations</b> </p> <ul> <li> <p>To list the secrets in an account, use 954 * <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 955 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds">AWS 956 * API Reference</a></p> 957 * 958 * Queues the request into a thread executor and triggers associated callback when operation has finished. 959 */ 960 virtual void ListSecretVersionIdsAsync(const Model::ListSecretVersionIdsRequest& request, const ListSecretVersionIdsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 961 962 /** 963 * <p>Lists all of the secrets that are stored by Secrets Manager in the Amazon Web 964 * Services account. To list the versions currently stored for a specific secret, 965 * use <a>ListSecretVersionIds</a>. The encrypted fields <code>SecretString</code> 966 * and <code>SecretBinary</code> are not included in the output. To get that 967 * information, call the <a>GetSecretValue</a> operation.</p> <p>Always 968 * check the <code>NextToken</code> response parameter when calling any of the 969 * <code>List*</code> operations. These operations can occasionally return an empty 970 * or shorter than expected list of results even when there more results become 971 * available. When this happens, the <code>NextToken</code> response parameter 972 * contains a value to pass to the next call to the same API to request the next 973 * part of the list.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 974 * command, you must have the following permissions:</p> <ul> <li> 975 * <p>secretsmanager:ListSecrets</p> </li> </ul> <p> <b>Related operations</b> </p> 976 * <ul> <li> <p>To list the versions attached to a secret, use 977 * <a>ListSecretVersionIds</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 978 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets">AWS 979 * API Reference</a></p> 980 */ 981 virtual Model::ListSecretsOutcome ListSecrets(const Model::ListSecretsRequest& request) const; 982 983 /** 984 * <p>Lists all of the secrets that are stored by Secrets Manager in the Amazon Web 985 * Services account. To list the versions currently stored for a specific secret, 986 * use <a>ListSecretVersionIds</a>. The encrypted fields <code>SecretString</code> 987 * and <code>SecretBinary</code> are not included in the output. To get that 988 * information, call the <a>GetSecretValue</a> operation.</p> <p>Always 989 * check the <code>NextToken</code> response parameter when calling any of the 990 * <code>List*</code> operations. These operations can occasionally return an empty 991 * or shorter than expected list of results even when there more results become 992 * available. When this happens, the <code>NextToken</code> response parameter 993 * contains a value to pass to the next call to the same API to request the next 994 * part of the list.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 995 * command, you must have the following permissions:</p> <ul> <li> 996 * <p>secretsmanager:ListSecrets</p> </li> </ul> <p> <b>Related operations</b> </p> 997 * <ul> <li> <p>To list the versions attached to a secret, use 998 * <a>ListSecretVersionIds</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 999 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets">AWS 1000 * API Reference</a></p> 1001 * 1002 * returns a future to the operation so that it can be executed in parallel to other requests. 1003 */ 1004 virtual Model::ListSecretsOutcomeCallable ListSecretsCallable(const Model::ListSecretsRequest& request) const; 1005 1006 /** 1007 * <p>Lists all of the secrets that are stored by Secrets Manager in the Amazon Web 1008 * Services account. To list the versions currently stored for a specific secret, 1009 * use <a>ListSecretVersionIds</a>. The encrypted fields <code>SecretString</code> 1010 * and <code>SecretBinary</code> are not included in the output. To get that 1011 * information, call the <a>GetSecretValue</a> operation.</p> <p>Always 1012 * check the <code>NextToken</code> response parameter when calling any of the 1013 * <code>List*</code> operations. These operations can occasionally return an empty 1014 * or shorter than expected list of results even when there more results become 1015 * available. When this happens, the <code>NextToken</code> response parameter 1016 * contains a value to pass to the next call to the same API to request the next 1017 * part of the list.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 1018 * command, you must have the following permissions:</p> <ul> <li> 1019 * <p>secretsmanager:ListSecrets</p> </li> </ul> <p> <b>Related operations</b> </p> 1020 * <ul> <li> <p>To list the versions attached to a secret, use 1021 * <a>ListSecretVersionIds</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 1022 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets">AWS 1023 * API Reference</a></p> 1024 * 1025 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1026 */ 1027 virtual void ListSecretsAsync(const Model::ListSecretsRequest& request, const ListSecretsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1028 1029 /** 1030 * <p>Attaches the contents of the specified resource-based permission policy to a 1031 * secret. A resource-based policy is optional. Alternatively, you can use IAM 1032 * identity-based policies that specify the secret's Amazon Resource Name (ARN) in 1033 * the policy statement's <code>Resources</code> element. You can also use a 1034 * combination of both identity-based and resource-based policies. The affected 1035 * users and roles receive the permissions that are permitted by all of the 1036 * relevant policies. For more information, see <a 1037 * href="http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html">Using 1038 * Resource-Based Policies for Amazon Web Services Secrets Manager</a>. For the 1039 * complete description of the Amazon Web Services policy syntax and grammar, see 1040 * <a 1041 * href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM 1042 * JSON Policy Reference</a> in the <i>IAM User Guide</i>.</p> <p> <b>Minimum 1043 * permissions</b> </p> <p>To run this command, you must have the following 1044 * permissions:</p> <ul> <li> <p>secretsmanager:PutResourcePolicy</p> </li> </ul> 1045 * <p> <b>Related operations</b> </p> <ul> <li> <p>To retrieve the resource policy 1046 * attached to a secret, use <a>GetResourcePolicy</a>.</p> </li> <li> <p>To delete 1047 * the resource-based policy attached to a secret, use 1048 * <a>DeleteResourcePolicy</a>.</p> </li> <li> <p>To list all of the currently 1049 * available secrets, use <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> 1050 * <a 1051 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy">AWS 1052 * API Reference</a></p> 1053 */ 1054 virtual Model::PutResourcePolicyOutcome PutResourcePolicy(const Model::PutResourcePolicyRequest& request) const; 1055 1056 /** 1057 * <p>Attaches the contents of the specified resource-based permission policy to a 1058 * secret. A resource-based policy is optional. Alternatively, you can use IAM 1059 * identity-based policies that specify the secret's Amazon Resource Name (ARN) in 1060 * the policy statement's <code>Resources</code> element. You can also use a 1061 * combination of both identity-based and resource-based policies. The affected 1062 * users and roles receive the permissions that are permitted by all of the 1063 * relevant policies. For more information, see <a 1064 * href="http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html">Using 1065 * Resource-Based Policies for Amazon Web Services Secrets Manager</a>. For the 1066 * complete description of the Amazon Web Services policy syntax and grammar, see 1067 * <a 1068 * href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM 1069 * JSON Policy Reference</a> in the <i>IAM User Guide</i>.</p> <p> <b>Minimum 1070 * permissions</b> </p> <p>To run this command, you must have the following 1071 * permissions:</p> <ul> <li> <p>secretsmanager:PutResourcePolicy</p> </li> </ul> 1072 * <p> <b>Related operations</b> </p> <ul> <li> <p>To retrieve the resource policy 1073 * attached to a secret, use <a>GetResourcePolicy</a>.</p> </li> <li> <p>To delete 1074 * the resource-based policy attached to a secret, use 1075 * <a>DeleteResourcePolicy</a>.</p> </li> <li> <p>To list all of the currently 1076 * available secrets, use <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> 1077 * <a 1078 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy">AWS 1079 * API Reference</a></p> 1080 * 1081 * returns a future to the operation so that it can be executed in parallel to other requests. 1082 */ 1083 virtual Model::PutResourcePolicyOutcomeCallable PutResourcePolicyCallable(const Model::PutResourcePolicyRequest& request) const; 1084 1085 /** 1086 * <p>Attaches the contents of the specified resource-based permission policy to a 1087 * secret. A resource-based policy is optional. Alternatively, you can use IAM 1088 * identity-based policies that specify the secret's Amazon Resource Name (ARN) in 1089 * the policy statement's <code>Resources</code> element. You can also use a 1090 * combination of both identity-based and resource-based policies. The affected 1091 * users and roles receive the permissions that are permitted by all of the 1092 * relevant policies. For more information, see <a 1093 * href="http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html">Using 1094 * Resource-Based Policies for Amazon Web Services Secrets Manager</a>. For the 1095 * complete description of the Amazon Web Services policy syntax and grammar, see 1096 * <a 1097 * href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM 1098 * JSON Policy Reference</a> in the <i>IAM User Guide</i>.</p> <p> <b>Minimum 1099 * permissions</b> </p> <p>To run this command, you must have the following 1100 * permissions:</p> <ul> <li> <p>secretsmanager:PutResourcePolicy</p> </li> </ul> 1101 * <p> <b>Related operations</b> </p> <ul> <li> <p>To retrieve the resource policy 1102 * attached to a secret, use <a>GetResourcePolicy</a>.</p> </li> <li> <p>To delete 1103 * the resource-based policy attached to a secret, use 1104 * <a>DeleteResourcePolicy</a>.</p> </li> <li> <p>To list all of the currently 1105 * available secrets, use <a>ListSecrets</a>.</p> </li> </ul><p><h3>See Also:</h3> 1106 * <a 1107 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy">AWS 1108 * API Reference</a></p> 1109 * 1110 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1111 */ 1112 virtual void PutResourcePolicyAsync(const Model::PutResourcePolicyRequest& request, const PutResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1113 1114 /** 1115 * <p>Stores a new encrypted secret value in the specified secret. To do this, the 1116 * operation creates a new version and attaches it to the secret. The version can 1117 * contain a new <code>SecretString</code> value or a new <code>SecretBinary</code> 1118 * value. You can also specify the staging labels that are initially attached to 1119 * the new version.</p> <p>We recommend you avoid calling 1120 * <code>PutSecretValue</code> at a sustained rate of more than once every 10 1121 * minutes. When you update the secret value, Secrets Manager creates a new version 1122 * of the secret. Secrets Manager removes outdated versions when there are more 1123 * than 100, but it does not remove versions created less than 24 hours ago. If you 1124 * call <code>PutSecretValue</code> more than once every 10 minutes, you create 1125 * more versions than Secrets Manager removes, and you will reach the quota for 1126 * secret versions.</p> <ul> <li> <p>If this operation creates the first version 1127 * for the secret then Secrets Manager automatically attaches the staging label 1128 * <code>AWSCURRENT</code> to the new version.</p> </li> <li> <p>If you do not 1129 * specify a value for VersionStages then Secrets Manager automatically moves the 1130 * staging label <code>AWSCURRENT</code> to this new version.</p> </li> <li> <p>If 1131 * this operation moves the staging label <code>AWSCURRENT</code> from another 1132 * version to this version, then Secrets Manager also automatically moves the 1133 * staging label <code>AWSPREVIOUS</code> to the version that 1134 * <code>AWSCURRENT</code> was removed from.</p> </li> <li> <p>This operation is 1135 * idempotent. If a version with a <code>VersionId</code> with the same value as 1136 * the <code>ClientRequestToken</code> parameter already exists and you specify the 1137 * same secret data, the operation succeeds but does nothing. However, if the 1138 * secret data is different, then the operation fails because you cannot modify an 1139 * existing version; you can only create new ones.</p> </li> </ul> <ul> <li> 1140 * <p>If you call an operation to encrypt or decrypt the <code>SecretString</code> 1141 * or <code>SecretBinary</code> for a secret in the same account as the calling 1142 * user and that secret doesn't specify a Amazon Web Services KMS encryption key, 1143 * Secrets Manager uses the account's default Amazon Web Services managed customer 1144 * master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key 1145 * doesn't already exist in your account then Secrets Manager creates it for you 1146 * automatically. All users and roles in the same Amazon Web Services account 1147 * automatically have access to use the default CMK. Note that if an Secrets 1148 * Manager API call results in Amazon Web Services creating the account's Amazon 1149 * Web Services-managed CMK, it can result in a one-time significant delay in 1150 * returning the result.</p> </li> <li> <p>If the secret resides in a different 1151 * Amazon Web Services account from the credentials calling an API that requires 1152 * encryption or decryption of the secret value then you must create and use a 1153 * custom Amazon Web Services KMS CMK because you can't access the default CMK for 1154 * the account using credentials from a different Amazon Web Services account. 1155 * Store the ARN of the CMK in the secret when you create the secret or when you 1156 * update it by including it in the <code>KMSKeyId</code>. If you call an API that 1157 * must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> 1158 * using credentials from a different account then the Amazon Web Services KMS key 1159 * policy must grant cross-account access to that other account's user or role for 1160 * both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> 1161 * <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the 1162 * following permissions:</p> <ul> <li> <p>secretsmanager:PutSecretValue</p> </li> 1163 * <li> <p>kms:GenerateDataKey - needed only if you use a customer-managed Amazon 1164 * Web Services KMS key to encrypt the secret. You do not need this permission to 1165 * use the account's default Amazon Web Services managed CMK for Secrets 1166 * Manager.</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To 1167 * retrieve the encrypted value you store in the version of a secret, use 1168 * <a>GetSecretValue</a>.</p> </li> <li> <p>To create a secret, use 1169 * <a>CreateSecret</a>.</p> </li> <li> <p>To get the details for a secret, use 1170 * <a>DescribeSecret</a>.</p> </li> <li> <p>To list the versions attached to a 1171 * secret, use <a>ListSecretVersionIds</a>.</p> </li> </ul><p><h3>See Also:</h3> 1172 * <a 1173 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue">AWS 1174 * API Reference</a></p> 1175 */ 1176 virtual Model::PutSecretValueOutcome PutSecretValue(const Model::PutSecretValueRequest& request) const; 1177 1178 /** 1179 * <p>Stores a new encrypted secret value in the specified secret. To do this, the 1180 * operation creates a new version and attaches it to the secret. The version can 1181 * contain a new <code>SecretString</code> value or a new <code>SecretBinary</code> 1182 * value. You can also specify the staging labels that are initially attached to 1183 * the new version.</p> <p>We recommend you avoid calling 1184 * <code>PutSecretValue</code> at a sustained rate of more than once every 10 1185 * minutes. When you update the secret value, Secrets Manager creates a new version 1186 * of the secret. Secrets Manager removes outdated versions when there are more 1187 * than 100, but it does not remove versions created less than 24 hours ago. If you 1188 * call <code>PutSecretValue</code> more than once every 10 minutes, you create 1189 * more versions than Secrets Manager removes, and you will reach the quota for 1190 * secret versions.</p> <ul> <li> <p>If this operation creates the first version 1191 * for the secret then Secrets Manager automatically attaches the staging label 1192 * <code>AWSCURRENT</code> to the new version.</p> </li> <li> <p>If you do not 1193 * specify a value for VersionStages then Secrets Manager automatically moves the 1194 * staging label <code>AWSCURRENT</code> to this new version.</p> </li> <li> <p>If 1195 * this operation moves the staging label <code>AWSCURRENT</code> from another 1196 * version to this version, then Secrets Manager also automatically moves the 1197 * staging label <code>AWSPREVIOUS</code> to the version that 1198 * <code>AWSCURRENT</code> was removed from.</p> </li> <li> <p>This operation is 1199 * idempotent. If a version with a <code>VersionId</code> with the same value as 1200 * the <code>ClientRequestToken</code> parameter already exists and you specify the 1201 * same secret data, the operation succeeds but does nothing. However, if the 1202 * secret data is different, then the operation fails because you cannot modify an 1203 * existing version; you can only create new ones.</p> </li> </ul> <ul> <li> 1204 * <p>If you call an operation to encrypt or decrypt the <code>SecretString</code> 1205 * or <code>SecretBinary</code> for a secret in the same account as the calling 1206 * user and that secret doesn't specify a Amazon Web Services KMS encryption key, 1207 * Secrets Manager uses the account's default Amazon Web Services managed customer 1208 * master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key 1209 * doesn't already exist in your account then Secrets Manager creates it for you 1210 * automatically. All users and roles in the same Amazon Web Services account 1211 * automatically have access to use the default CMK. Note that if an Secrets 1212 * Manager API call results in Amazon Web Services creating the account's Amazon 1213 * Web Services-managed CMK, it can result in a one-time significant delay in 1214 * returning the result.</p> </li> <li> <p>If the secret resides in a different 1215 * Amazon Web Services account from the credentials calling an API that requires 1216 * encryption or decryption of the secret value then you must create and use a 1217 * custom Amazon Web Services KMS CMK because you can't access the default CMK for 1218 * the account using credentials from a different Amazon Web Services account. 1219 * Store the ARN of the CMK in the secret when you create the secret or when you 1220 * update it by including it in the <code>KMSKeyId</code>. If you call an API that 1221 * must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> 1222 * using credentials from a different account then the Amazon Web Services KMS key 1223 * policy must grant cross-account access to that other account's user or role for 1224 * both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> 1225 * <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the 1226 * following permissions:</p> <ul> <li> <p>secretsmanager:PutSecretValue</p> </li> 1227 * <li> <p>kms:GenerateDataKey - needed only if you use a customer-managed Amazon 1228 * Web Services KMS key to encrypt the secret. You do not need this permission to 1229 * use the account's default Amazon Web Services managed CMK for Secrets 1230 * Manager.</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To 1231 * retrieve the encrypted value you store in the version of a secret, use 1232 * <a>GetSecretValue</a>.</p> </li> <li> <p>To create a secret, use 1233 * <a>CreateSecret</a>.</p> </li> <li> <p>To get the details for a secret, use 1234 * <a>DescribeSecret</a>.</p> </li> <li> <p>To list the versions attached to a 1235 * secret, use <a>ListSecretVersionIds</a>.</p> </li> </ul><p><h3>See Also:</h3> 1236 * <a 1237 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue">AWS 1238 * API Reference</a></p> 1239 * 1240 * returns a future to the operation so that it can be executed in parallel to other requests. 1241 */ 1242 virtual Model::PutSecretValueOutcomeCallable PutSecretValueCallable(const Model::PutSecretValueRequest& request) const; 1243 1244 /** 1245 * <p>Stores a new encrypted secret value in the specified secret. To do this, the 1246 * operation creates a new version and attaches it to the secret. The version can 1247 * contain a new <code>SecretString</code> value or a new <code>SecretBinary</code> 1248 * value. You can also specify the staging labels that are initially attached to 1249 * the new version.</p> <p>We recommend you avoid calling 1250 * <code>PutSecretValue</code> at a sustained rate of more than once every 10 1251 * minutes. When you update the secret value, Secrets Manager creates a new version 1252 * of the secret. Secrets Manager removes outdated versions when there are more 1253 * than 100, but it does not remove versions created less than 24 hours ago. If you 1254 * call <code>PutSecretValue</code> more than once every 10 minutes, you create 1255 * more versions than Secrets Manager removes, and you will reach the quota for 1256 * secret versions.</p> <ul> <li> <p>If this operation creates the first version 1257 * for the secret then Secrets Manager automatically attaches the staging label 1258 * <code>AWSCURRENT</code> to the new version.</p> </li> <li> <p>If you do not 1259 * specify a value for VersionStages then Secrets Manager automatically moves the 1260 * staging label <code>AWSCURRENT</code> to this new version.</p> </li> <li> <p>If 1261 * this operation moves the staging label <code>AWSCURRENT</code> from another 1262 * version to this version, then Secrets Manager also automatically moves the 1263 * staging label <code>AWSPREVIOUS</code> to the version that 1264 * <code>AWSCURRENT</code> was removed from.</p> </li> <li> <p>This operation is 1265 * idempotent. If a version with a <code>VersionId</code> with the same value as 1266 * the <code>ClientRequestToken</code> parameter already exists and you specify the 1267 * same secret data, the operation succeeds but does nothing. However, if the 1268 * secret data is different, then the operation fails because you cannot modify an 1269 * existing version; you can only create new ones.</p> </li> </ul> <ul> <li> 1270 * <p>If you call an operation to encrypt or decrypt the <code>SecretString</code> 1271 * or <code>SecretBinary</code> for a secret in the same account as the calling 1272 * user and that secret doesn't specify a Amazon Web Services KMS encryption key, 1273 * Secrets Manager uses the account's default Amazon Web Services managed customer 1274 * master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key 1275 * doesn't already exist in your account then Secrets Manager creates it for you 1276 * automatically. All users and roles in the same Amazon Web Services account 1277 * automatically have access to use the default CMK. Note that if an Secrets 1278 * Manager API call results in Amazon Web Services creating the account's Amazon 1279 * Web Services-managed CMK, it can result in a one-time significant delay in 1280 * returning the result.</p> </li> <li> <p>If the secret resides in a different 1281 * Amazon Web Services account from the credentials calling an API that requires 1282 * encryption or decryption of the secret value then you must create and use a 1283 * custom Amazon Web Services KMS CMK because you can't access the default CMK for 1284 * the account using credentials from a different Amazon Web Services account. 1285 * Store the ARN of the CMK in the secret when you create the secret or when you 1286 * update it by including it in the <code>KMSKeyId</code>. If you call an API that 1287 * must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> 1288 * using credentials from a different account then the Amazon Web Services KMS key 1289 * policy must grant cross-account access to that other account's user or role for 1290 * both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> 1291 * <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the 1292 * following permissions:</p> <ul> <li> <p>secretsmanager:PutSecretValue</p> </li> 1293 * <li> <p>kms:GenerateDataKey - needed only if you use a customer-managed Amazon 1294 * Web Services KMS key to encrypt the secret. You do not need this permission to 1295 * use the account's default Amazon Web Services managed CMK for Secrets 1296 * Manager.</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To 1297 * retrieve the encrypted value you store in the version of a secret, use 1298 * <a>GetSecretValue</a>.</p> </li> <li> <p>To create a secret, use 1299 * <a>CreateSecret</a>.</p> </li> <li> <p>To get the details for a secret, use 1300 * <a>DescribeSecret</a>.</p> </li> <li> <p>To list the versions attached to a 1301 * secret, use <a>ListSecretVersionIds</a>.</p> </li> </ul><p><h3>See Also:</h3> 1302 * <a 1303 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue">AWS 1304 * API Reference</a></p> 1305 * 1306 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1307 */ 1308 virtual void PutSecretValueAsync(const Model::PutSecretValueRequest& request, const PutSecretValueResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1309 1310 /** 1311 * <p>Remove regions from replication.</p><p><h3>See Also:</h3> <a 1312 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication">AWS 1313 * API Reference</a></p> 1314 */ 1315 virtual Model::RemoveRegionsFromReplicationOutcome RemoveRegionsFromReplication(const Model::RemoveRegionsFromReplicationRequest& request) const; 1316 1317 /** 1318 * <p>Remove regions from replication.</p><p><h3>See Also:</h3> <a 1319 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication">AWS 1320 * API Reference</a></p> 1321 * 1322 * returns a future to the operation so that it can be executed in parallel to other requests. 1323 */ 1324 virtual Model::RemoveRegionsFromReplicationOutcomeCallable RemoveRegionsFromReplicationCallable(const Model::RemoveRegionsFromReplicationRequest& request) const; 1325 1326 /** 1327 * <p>Remove regions from replication.</p><p><h3>See Also:</h3> <a 1328 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication">AWS 1329 * API Reference</a></p> 1330 * 1331 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1332 */ 1333 virtual void RemoveRegionsFromReplicationAsync(const Model::RemoveRegionsFromReplicationRequest& request, const RemoveRegionsFromReplicationResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1334 1335 /** 1336 * <p>Converts an existing secret to a multi-Region secret and begins replication 1337 * the secret to a list of new regions. </p><p><h3>See Also:</h3> <a 1338 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions">AWS 1339 * API Reference</a></p> 1340 */ 1341 virtual Model::ReplicateSecretToRegionsOutcome ReplicateSecretToRegions(const Model::ReplicateSecretToRegionsRequest& request) const; 1342 1343 /** 1344 * <p>Converts an existing secret to a multi-Region secret and begins replication 1345 * the secret to a list of new regions. </p><p><h3>See Also:</h3> <a 1346 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions">AWS 1347 * API Reference</a></p> 1348 * 1349 * returns a future to the operation so that it can be executed in parallel to other requests. 1350 */ 1351 virtual Model::ReplicateSecretToRegionsOutcomeCallable ReplicateSecretToRegionsCallable(const Model::ReplicateSecretToRegionsRequest& request) const; 1352 1353 /** 1354 * <p>Converts an existing secret to a multi-Region secret and begins replication 1355 * the secret to a list of new regions. </p><p><h3>See Also:</h3> <a 1356 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions">AWS 1357 * API Reference</a></p> 1358 * 1359 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1360 */ 1361 virtual void ReplicateSecretToRegionsAsync(const Model::ReplicateSecretToRegionsRequest& request, const ReplicateSecretToRegionsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1362 1363 /** 1364 * <p>Cancels the scheduled deletion of a secret by removing the 1365 * <code>DeletedDate</code> time stamp. This makes the secret accessible to query 1366 * once again.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you 1367 * must have the following permissions:</p> <ul> <li> 1368 * <p>secretsmanager:RestoreSecret</p> </li> </ul> <p> <b>Related operations</b> 1369 * </p> <ul> <li> <p>To delete a secret, use <a>DeleteSecret</a>.</p> </li> 1370 * </ul><p><h3>See Also:</h3> <a 1371 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret">AWS 1372 * API Reference</a></p> 1373 */ 1374 virtual Model::RestoreSecretOutcome RestoreSecret(const Model::RestoreSecretRequest& request) const; 1375 1376 /** 1377 * <p>Cancels the scheduled deletion of a secret by removing the 1378 * <code>DeletedDate</code> time stamp. This makes the secret accessible to query 1379 * once again.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you 1380 * must have the following permissions:</p> <ul> <li> 1381 * <p>secretsmanager:RestoreSecret</p> </li> </ul> <p> <b>Related operations</b> 1382 * </p> <ul> <li> <p>To delete a secret, use <a>DeleteSecret</a>.</p> </li> 1383 * </ul><p><h3>See Also:</h3> <a 1384 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret">AWS 1385 * API Reference</a></p> 1386 * 1387 * returns a future to the operation so that it can be executed in parallel to other requests. 1388 */ 1389 virtual Model::RestoreSecretOutcomeCallable RestoreSecretCallable(const Model::RestoreSecretRequest& request) const; 1390 1391 /** 1392 * <p>Cancels the scheduled deletion of a secret by removing the 1393 * <code>DeletedDate</code> time stamp. This makes the secret accessible to query 1394 * once again.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you 1395 * must have the following permissions:</p> <ul> <li> 1396 * <p>secretsmanager:RestoreSecret</p> </li> </ul> <p> <b>Related operations</b> 1397 * </p> <ul> <li> <p>To delete a secret, use <a>DeleteSecret</a>.</p> </li> 1398 * </ul><p><h3>See Also:</h3> <a 1399 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret">AWS 1400 * API Reference</a></p> 1401 * 1402 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1403 */ 1404 virtual void RestoreSecretAsync(const Model::RestoreSecretRequest& request, const RestoreSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1405 1406 /** 1407 * <p>Configures and starts the asynchronous process of rotating this secret. If 1408 * you include the configuration parameters, the operation sets those values for 1409 * the secret and then immediately starts a rotation. If you do not include the 1410 * configuration parameters, the operation starts a rotation with the values 1411 * already stored in the secret. After the rotation completes, the protected 1412 * service and its clients all use the new version of the secret. </p> <p>This 1413 * required configuration information includes the ARN of an Amazon Web Services 1414 * Lambda function and optionally, the time between scheduled rotations. The Lambda 1415 * rotation function creates a new version of the secret and creates or updates the 1416 * credentials on the protected service to match. After testing the new 1417 * credentials, the function marks the new secret with the staging label 1418 * <code>AWSCURRENT</code> so that your clients all immediately begin to use the 1419 * new version. For more information about rotating secrets and how to configure a 1420 * Lambda function to rotate the secrets for your protected service, see <a 1421 * href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotating 1422 * Secrets in Amazon Web Services Secrets Manager</a> in the <i>Amazon Web Services 1423 * Secrets Manager User Guide</i>.</p> <p>Secrets Manager schedules the next 1424 * rotation when the previous one completes. Secrets Manager schedules the date by 1425 * adding the rotation interval (number of days) to the actual date of the last 1426 * rotation. The service chooses the hour within that 24-hour date window randomly. 1427 * The minute is also chosen somewhat randomly, but weighted towards the top of the 1428 * hour and influenced by a variety of factors that help distribute load.</p> 1429 * <p>The rotation function must end with the versions of the secret in one of two 1430 * states:</p> <ul> <li> <p>The <code>AWSPENDING</code> and <code>AWSCURRENT</code> 1431 * staging labels are attached to the same version of the secret, or</p> </li> <li> 1432 * <p>The <code>AWSPENDING</code> staging label is not attached to any version of 1433 * the secret.</p> </li> </ul> <p>If the <code>AWSPENDING</code> staging label is 1434 * present but not attached to the same version as <code>AWSCURRENT</code> then any 1435 * later invocation of <code>RotateSecret</code> assumes that a previous rotation 1436 * request is still in progress and returns an error.</p> <p> <b>Minimum 1437 * permissions</b> </p> <p>To run this command, you must have the following 1438 * permissions:</p> <ul> <li> <p>secretsmanager:RotateSecret</p> </li> <li> 1439 * <p>lambda:InvokeFunction (on the function specified in the secret's 1440 * metadata)</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To 1441 * list the secrets in your account, use <a>ListSecrets</a>.</p> </li> <li> <p>To 1442 * get the details for a version of a secret, use <a>DescribeSecret</a>.</p> </li> 1443 * <li> <p>To create a new version of a secret, use <a>CreateSecret</a>.</p> </li> 1444 * <li> <p>To attach staging labels to or remove staging labels from a version of a 1445 * secret, use <a>UpdateSecretVersionStage</a>.</p> </li> </ul><p><h3>See 1446 * Also:</h3> <a 1447 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret">AWS 1448 * API Reference</a></p> 1449 */ 1450 virtual Model::RotateSecretOutcome RotateSecret(const Model::RotateSecretRequest& request) const; 1451 1452 /** 1453 * <p>Configures and starts the asynchronous process of rotating this secret. If 1454 * you include the configuration parameters, the operation sets those values for 1455 * the secret and then immediately starts a rotation. If you do not include the 1456 * configuration parameters, the operation starts a rotation with the values 1457 * already stored in the secret. After the rotation completes, the protected 1458 * service and its clients all use the new version of the secret. </p> <p>This 1459 * required configuration information includes the ARN of an Amazon Web Services 1460 * Lambda function and optionally, the time between scheduled rotations. The Lambda 1461 * rotation function creates a new version of the secret and creates or updates the 1462 * credentials on the protected service to match. After testing the new 1463 * credentials, the function marks the new secret with the staging label 1464 * <code>AWSCURRENT</code> so that your clients all immediately begin to use the 1465 * new version. For more information about rotating secrets and how to configure a 1466 * Lambda function to rotate the secrets for your protected service, see <a 1467 * href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotating 1468 * Secrets in Amazon Web Services Secrets Manager</a> in the <i>Amazon Web Services 1469 * Secrets Manager User Guide</i>.</p> <p>Secrets Manager schedules the next 1470 * rotation when the previous one completes. Secrets Manager schedules the date by 1471 * adding the rotation interval (number of days) to the actual date of the last 1472 * rotation. The service chooses the hour within that 24-hour date window randomly. 1473 * The minute is also chosen somewhat randomly, but weighted towards the top of the 1474 * hour and influenced by a variety of factors that help distribute load.</p> 1475 * <p>The rotation function must end with the versions of the secret in one of two 1476 * states:</p> <ul> <li> <p>The <code>AWSPENDING</code> and <code>AWSCURRENT</code> 1477 * staging labels are attached to the same version of the secret, or</p> </li> <li> 1478 * <p>The <code>AWSPENDING</code> staging label is not attached to any version of 1479 * the secret.</p> </li> </ul> <p>If the <code>AWSPENDING</code> staging label is 1480 * present but not attached to the same version as <code>AWSCURRENT</code> then any 1481 * later invocation of <code>RotateSecret</code> assumes that a previous rotation 1482 * request is still in progress and returns an error.</p> <p> <b>Minimum 1483 * permissions</b> </p> <p>To run this command, you must have the following 1484 * permissions:</p> <ul> <li> <p>secretsmanager:RotateSecret</p> </li> <li> 1485 * <p>lambda:InvokeFunction (on the function specified in the secret's 1486 * metadata)</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To 1487 * list the secrets in your account, use <a>ListSecrets</a>.</p> </li> <li> <p>To 1488 * get the details for a version of a secret, use <a>DescribeSecret</a>.</p> </li> 1489 * <li> <p>To create a new version of a secret, use <a>CreateSecret</a>.</p> </li> 1490 * <li> <p>To attach staging labels to or remove staging labels from a version of a 1491 * secret, use <a>UpdateSecretVersionStage</a>.</p> </li> </ul><p><h3>See 1492 * Also:</h3> <a 1493 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret">AWS 1494 * API Reference</a></p> 1495 * 1496 * returns a future to the operation so that it can be executed in parallel to other requests. 1497 */ 1498 virtual Model::RotateSecretOutcomeCallable RotateSecretCallable(const Model::RotateSecretRequest& request) const; 1499 1500 /** 1501 * <p>Configures and starts the asynchronous process of rotating this secret. If 1502 * you include the configuration parameters, the operation sets those values for 1503 * the secret and then immediately starts a rotation. If you do not include the 1504 * configuration parameters, the operation starts a rotation with the values 1505 * already stored in the secret. After the rotation completes, the protected 1506 * service and its clients all use the new version of the secret. </p> <p>This 1507 * required configuration information includes the ARN of an Amazon Web Services 1508 * Lambda function and optionally, the time between scheduled rotations. The Lambda 1509 * rotation function creates a new version of the secret and creates or updates the 1510 * credentials on the protected service to match. After testing the new 1511 * credentials, the function marks the new secret with the staging label 1512 * <code>AWSCURRENT</code> so that your clients all immediately begin to use the 1513 * new version. For more information about rotating secrets and how to configure a 1514 * Lambda function to rotate the secrets for your protected service, see <a 1515 * href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotating 1516 * Secrets in Amazon Web Services Secrets Manager</a> in the <i>Amazon Web Services 1517 * Secrets Manager User Guide</i>.</p> <p>Secrets Manager schedules the next 1518 * rotation when the previous one completes. Secrets Manager schedules the date by 1519 * adding the rotation interval (number of days) to the actual date of the last 1520 * rotation. The service chooses the hour within that 24-hour date window randomly. 1521 * The minute is also chosen somewhat randomly, but weighted towards the top of the 1522 * hour and influenced by a variety of factors that help distribute load.</p> 1523 * <p>The rotation function must end with the versions of the secret in one of two 1524 * states:</p> <ul> <li> <p>The <code>AWSPENDING</code> and <code>AWSCURRENT</code> 1525 * staging labels are attached to the same version of the secret, or</p> </li> <li> 1526 * <p>The <code>AWSPENDING</code> staging label is not attached to any version of 1527 * the secret.</p> </li> </ul> <p>If the <code>AWSPENDING</code> staging label is 1528 * present but not attached to the same version as <code>AWSCURRENT</code> then any 1529 * later invocation of <code>RotateSecret</code> assumes that a previous rotation 1530 * request is still in progress and returns an error.</p> <p> <b>Minimum 1531 * permissions</b> </p> <p>To run this command, you must have the following 1532 * permissions:</p> <ul> <li> <p>secretsmanager:RotateSecret</p> </li> <li> 1533 * <p>lambda:InvokeFunction (on the function specified in the secret's 1534 * metadata)</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To 1535 * list the secrets in your account, use <a>ListSecrets</a>.</p> </li> <li> <p>To 1536 * get the details for a version of a secret, use <a>DescribeSecret</a>.</p> </li> 1537 * <li> <p>To create a new version of a secret, use <a>CreateSecret</a>.</p> </li> 1538 * <li> <p>To attach staging labels to or remove staging labels from a version of a 1539 * secret, use <a>UpdateSecretVersionStage</a>.</p> </li> </ul><p><h3>See 1540 * Also:</h3> <a 1541 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret">AWS 1542 * API Reference</a></p> 1543 * 1544 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1545 */ 1546 virtual void RotateSecretAsync(const Model::RotateSecretRequest& request, const RotateSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1547 1548 /** 1549 * <p>Removes the secret from replication and promotes the secret to a regional 1550 * secret in the replica Region.</p><p><h3>See Also:</h3> <a 1551 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica">AWS 1552 * API Reference</a></p> 1553 */ 1554 virtual Model::StopReplicationToReplicaOutcome StopReplicationToReplica(const Model::StopReplicationToReplicaRequest& request) const; 1555 1556 /** 1557 * <p>Removes the secret from replication and promotes the secret to a regional 1558 * secret in the replica Region.</p><p><h3>See Also:</h3> <a 1559 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica">AWS 1560 * API Reference</a></p> 1561 * 1562 * returns a future to the operation so that it can be executed in parallel to other requests. 1563 */ 1564 virtual Model::StopReplicationToReplicaOutcomeCallable StopReplicationToReplicaCallable(const Model::StopReplicationToReplicaRequest& request) const; 1565 1566 /** 1567 * <p>Removes the secret from replication and promotes the secret to a regional 1568 * secret in the replica Region.</p><p><h3>See Also:</h3> <a 1569 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica">AWS 1570 * API Reference</a></p> 1571 * 1572 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1573 */ 1574 virtual void StopReplicationToReplicaAsync(const Model::StopReplicationToReplicaRequest& request, const StopReplicationToReplicaResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1575 1576 /** 1577 * <p>Attaches one or more tags, each consisting of a key name and a value, to the 1578 * specified secret. Tags are part of the secret's overall metadata, and are not 1579 * associated with any specific version of the secret. This operation only appends 1580 * tags to the existing list of tags. To remove tags, you must use 1581 * <a>UntagResource</a>.</p> <p>The following basic restrictions apply to tags:</p> 1582 * <ul> <li> <p>Maximum number of tags per secret—50</p> </li> <li> <p>Maximum key 1583 * length—127 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value 1584 * length—255 Unicode characters in UTF-8</p> </li> <li> <p>Tag keys and values are 1585 * case sensitive.</p> </li> <li> <p>Do not use the <code>aws:</code> prefix in 1586 * your tag names or values because Amazon Web Services reserves it for Amazon Web 1587 * Services use. You can't edit or delete tag names or values with this prefix. 1588 * Tags with this prefix do not count against your tags per secret limit.</p> </li> 1589 * <li> <p>If you use your tagging schema across multiple services and resources, 1590 * remember other services might have restrictions on allowed characters. Generally 1591 * allowed characters: letters, spaces, and numbers representable in UTF-8, plus 1592 * the following special characters: + - = . _ : / @.</p> </li> </ul> 1593 * <p>If you use tags as part of your security strategy, then adding or removing a 1594 * tag can change permissions. If successfully completing this operation would 1595 * result in you losing your permissions for this secret, then the operation is 1596 * blocked and returns an Access Denied error.</p> <p> <b>Minimum 1597 * permissions</b> </p> <p>To run this command, you must have the following 1598 * permissions:</p> <ul> <li> <p>secretsmanager:TagResource</p> </li> </ul> <p> 1599 * <b>Related operations</b> </p> <ul> <li> <p>To remove one or more tags from the 1600 * collection attached to a secret, use <a>UntagResource</a>.</p> </li> <li> <p>To 1601 * view the list of tags attached to a secret, use <a>DescribeSecret</a>.</p> </li> 1602 * </ul><p><h3>See Also:</h3> <a 1603 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource">AWS 1604 * API Reference</a></p> 1605 */ 1606 virtual Model::TagResourceOutcome TagResource(const Model::TagResourceRequest& request) const; 1607 1608 /** 1609 * <p>Attaches one or more tags, each consisting of a key name and a value, to the 1610 * specified secret. Tags are part of the secret's overall metadata, and are not 1611 * associated with any specific version of the secret. This operation only appends 1612 * tags to the existing list of tags. To remove tags, you must use 1613 * <a>UntagResource</a>.</p> <p>The following basic restrictions apply to tags:</p> 1614 * <ul> <li> <p>Maximum number of tags per secret—50</p> </li> <li> <p>Maximum key 1615 * length—127 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value 1616 * length—255 Unicode characters in UTF-8</p> </li> <li> <p>Tag keys and values are 1617 * case sensitive.</p> </li> <li> <p>Do not use the <code>aws:</code> prefix in 1618 * your tag names or values because Amazon Web Services reserves it for Amazon Web 1619 * Services use. You can't edit or delete tag names or values with this prefix. 1620 * Tags with this prefix do not count against your tags per secret limit.</p> </li> 1621 * <li> <p>If you use your tagging schema across multiple services and resources, 1622 * remember other services might have restrictions on allowed characters. Generally 1623 * allowed characters: letters, spaces, and numbers representable in UTF-8, plus 1624 * the following special characters: + - = . _ : / @.</p> </li> </ul> 1625 * <p>If you use tags as part of your security strategy, then adding or removing a 1626 * tag can change permissions. If successfully completing this operation would 1627 * result in you losing your permissions for this secret, then the operation is 1628 * blocked and returns an Access Denied error.</p> <p> <b>Minimum 1629 * permissions</b> </p> <p>To run this command, you must have the following 1630 * permissions:</p> <ul> <li> <p>secretsmanager:TagResource</p> </li> </ul> <p> 1631 * <b>Related operations</b> </p> <ul> <li> <p>To remove one or more tags from the 1632 * collection attached to a secret, use <a>UntagResource</a>.</p> </li> <li> <p>To 1633 * view the list of tags attached to a secret, use <a>DescribeSecret</a>.</p> </li> 1634 * </ul><p><h3>See Also:</h3> <a 1635 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource">AWS 1636 * API Reference</a></p> 1637 * 1638 * returns a future to the operation so that it can be executed in parallel to other requests. 1639 */ 1640 virtual Model::TagResourceOutcomeCallable TagResourceCallable(const Model::TagResourceRequest& request) const; 1641 1642 /** 1643 * <p>Attaches one or more tags, each consisting of a key name and a value, to the 1644 * specified secret. Tags are part of the secret's overall metadata, and are not 1645 * associated with any specific version of the secret. This operation only appends 1646 * tags to the existing list of tags. To remove tags, you must use 1647 * <a>UntagResource</a>.</p> <p>The following basic restrictions apply to tags:</p> 1648 * <ul> <li> <p>Maximum number of tags per secret—50</p> </li> <li> <p>Maximum key 1649 * length—127 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value 1650 * length—255 Unicode characters in UTF-8</p> </li> <li> <p>Tag keys and values are 1651 * case sensitive.</p> </li> <li> <p>Do not use the <code>aws:</code> prefix in 1652 * your tag names or values because Amazon Web Services reserves it for Amazon Web 1653 * Services use. You can't edit or delete tag names or values with this prefix. 1654 * Tags with this prefix do not count against your tags per secret limit.</p> </li> 1655 * <li> <p>If you use your tagging schema across multiple services and resources, 1656 * remember other services might have restrictions on allowed characters. Generally 1657 * allowed characters: letters, spaces, and numbers representable in UTF-8, plus 1658 * the following special characters: + - = . _ : / @.</p> </li> </ul> 1659 * <p>If you use tags as part of your security strategy, then adding or removing a 1660 * tag can change permissions. If successfully completing this operation would 1661 * result in you losing your permissions for this secret, then the operation is 1662 * blocked and returns an Access Denied error.</p> <p> <b>Minimum 1663 * permissions</b> </p> <p>To run this command, you must have the following 1664 * permissions:</p> <ul> <li> <p>secretsmanager:TagResource</p> </li> </ul> <p> 1665 * <b>Related operations</b> </p> <ul> <li> <p>To remove one or more tags from the 1666 * collection attached to a secret, use <a>UntagResource</a>.</p> </li> <li> <p>To 1667 * view the list of tags attached to a secret, use <a>DescribeSecret</a>.</p> </li> 1668 * </ul><p><h3>See Also:</h3> <a 1669 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource">AWS 1670 * API Reference</a></p> 1671 * 1672 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1673 */ 1674 virtual void TagResourceAsync(const Model::TagResourceRequest& request, const TagResourceResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1675 1676 /** 1677 * <p>Removes one or more tags from the specified secret.</p> <p>This operation is 1678 * idempotent. If a requested tag is not attached to the secret, no error is 1679 * returned and the secret metadata is unchanged.</p> <p>If you use 1680 * tags as part of your security strategy, then removing a tag can change 1681 * permissions. If successfully completing this operation would result in you 1682 * losing your permissions for this secret, then the operation is blocked and 1683 * returns an Access Denied error.</p> <p> <b>Minimum permissions</b> 1684 * </p> <p>To run this command, you must have the following permissions:</p> <ul> 1685 * <li> <p>secretsmanager:UntagResource</p> </li> </ul> <p> <b>Related 1686 * operations</b> </p> <ul> <li> <p>To add one or more tags to the collection 1687 * attached to a secret, use <a>TagResource</a>.</p> </li> <li> <p>To view the list 1688 * of tags attached to a secret, use <a>DescribeSecret</a>.</p> </li> 1689 * </ul><p><h3>See Also:</h3> <a 1690 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource">AWS 1691 * API Reference</a></p> 1692 */ 1693 virtual Model::UntagResourceOutcome UntagResource(const Model::UntagResourceRequest& request) const; 1694 1695 /** 1696 * <p>Removes one or more tags from the specified secret.</p> <p>This operation is 1697 * idempotent. If a requested tag is not attached to the secret, no error is 1698 * returned and the secret metadata is unchanged.</p> <p>If you use 1699 * tags as part of your security strategy, then removing a tag can change 1700 * permissions. If successfully completing this operation would result in you 1701 * losing your permissions for this secret, then the operation is blocked and 1702 * returns an Access Denied error.</p> <p> <b>Minimum permissions</b> 1703 * </p> <p>To run this command, you must have the following permissions:</p> <ul> 1704 * <li> <p>secretsmanager:UntagResource</p> </li> </ul> <p> <b>Related 1705 * operations</b> </p> <ul> <li> <p>To add one or more tags to the collection 1706 * attached to a secret, use <a>TagResource</a>.</p> </li> <li> <p>To view the list 1707 * of tags attached to a secret, use <a>DescribeSecret</a>.</p> </li> 1708 * </ul><p><h3>See Also:</h3> <a 1709 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource">AWS 1710 * API Reference</a></p> 1711 * 1712 * returns a future to the operation so that it can be executed in parallel to other requests. 1713 */ 1714 virtual Model::UntagResourceOutcomeCallable UntagResourceCallable(const Model::UntagResourceRequest& request) const; 1715 1716 /** 1717 * <p>Removes one or more tags from the specified secret.</p> <p>This operation is 1718 * idempotent. If a requested tag is not attached to the secret, no error is 1719 * returned and the secret metadata is unchanged.</p> <p>If you use 1720 * tags as part of your security strategy, then removing a tag can change 1721 * permissions. If successfully completing this operation would result in you 1722 * losing your permissions for this secret, then the operation is blocked and 1723 * returns an Access Denied error.</p> <p> <b>Minimum permissions</b> 1724 * </p> <p>To run this command, you must have the following permissions:</p> <ul> 1725 * <li> <p>secretsmanager:UntagResource</p> </li> </ul> <p> <b>Related 1726 * operations</b> </p> <ul> <li> <p>To add one or more tags to the collection 1727 * attached to a secret, use <a>TagResource</a>.</p> </li> <li> <p>To view the list 1728 * of tags attached to a secret, use <a>DescribeSecret</a>.</p> </li> 1729 * </ul><p><h3>See Also:</h3> <a 1730 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource">AWS 1731 * API Reference</a></p> 1732 * 1733 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1734 */ 1735 virtual void UntagResourceAsync(const Model::UntagResourceRequest& request, const UntagResourceResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1736 1737 /** 1738 * <p>Modifies many of the details of the specified secret. </p> <p>To change the 1739 * secret value, you can also use <a>PutSecretValue</a>.</p> <p>To change the 1740 * rotation configuration of a secret, use <a>RotateSecret</a> instead.</p> <p>We 1741 * recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of 1742 * more than once every 10 minutes. When you call <code>UpdateSecret</code> to 1743 * update the secret value, Secrets Manager creates a new version of the secret. 1744 * Secrets Manager removes outdated versions when there are more than 100, but it 1745 * does not remove versions created less than 24 hours ago. If you update the 1746 * secret value more than once every 10 minutes, you create more versions than 1747 * Secrets Manager removes, and you will reach the quota for secret versions.</p> 1748 * <p>The Secrets Manager console uses only the <code>SecretString</code> 1749 * parameter and therefore limits you to encrypting and storing only a text string. 1750 * To encrypt and store binary data as part of the version of a secret, you must 1751 * use either the Amazon Web Services CLI or one of the Amazon Web Services 1752 * SDKs.</p> <ul> <li> <p>If a version with a <code>VersionId</code> with 1753 * the same value as the <code>ClientRequestToken</code> parameter already exists, 1754 * the operation results in an error. You cannot modify an existing version, you 1755 * can only create a new version.</p> </li> <li> <p>If you include 1756 * <code>SecretString</code> or <code>SecretBinary</code> to create a new secret 1757 * version, Secrets Manager automatically attaches the staging label 1758 * <code>AWSCURRENT</code> to the new version. </p> </li> </ul> <ul> <li> 1759 * <p>If you call an operation to encrypt or decrypt the <code>SecretString</code> 1760 * or <code>SecretBinary</code> for a secret in the same account as the calling 1761 * user and that secret doesn't specify a Amazon Web Services KMS encryption key, 1762 * Secrets Manager uses the account's default Amazon Web Services managed customer 1763 * master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key 1764 * doesn't already exist in your account then Secrets Manager creates it for you 1765 * automatically. All users and roles in the same Amazon Web Services account 1766 * automatically have access to use the default CMK. Note that if an Secrets 1767 * Manager API call results in Amazon Web Services creating the account's Amazon 1768 * Web Services-managed CMK, it can result in a one-time significant delay in 1769 * returning the result.</p> </li> <li> <p>If the secret resides in a different 1770 * Amazon Web Services account from the credentials calling an API that requires 1771 * encryption or decryption of the secret value then you must create and use a 1772 * custom Amazon Web Services KMS CMK because you can't access the default CMK for 1773 * the account using credentials from a different Amazon Web Services account. 1774 * Store the ARN of the CMK in the secret when you create the secret or when you 1775 * update it by including it in the <code>KMSKeyId</code>. If you call an API that 1776 * must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> 1777 * using credentials from a different account then the Amazon Web Services KMS key 1778 * policy must grant cross-account access to that other account's user or role for 1779 * both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> 1780 * <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the 1781 * following permissions:</p> <ul> <li> <p>secretsmanager:UpdateSecret</p> </li> 1782 * <li> <p>kms:GenerateDataKey - needed only if you use a custom Amazon Web 1783 * Services KMS key to encrypt the secret. You do not need this permission to use 1784 * the account's Amazon Web Services managed CMK for Secrets Manager.</p> </li> 1785 * <li> <p>kms:Decrypt - needed only if you use a custom Amazon Web Services KMS 1786 * key to encrypt the secret. You do not need this permission to use the account's 1787 * Amazon Web Services managed CMK for Secrets Manager.</p> </li> </ul> <p> 1788 * <b>Related operations</b> </p> <ul> <li> <p>To create a new secret, use 1789 * <a>CreateSecret</a>.</p> </li> <li> <p>To add only a new version to an existing 1790 * secret, use <a>PutSecretValue</a>.</p> </li> <li> <p>To get the details for a 1791 * secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To list the versions 1792 * contained in a secret, use <a>ListSecretVersionIds</a>.</p> </li> 1793 * </ul><p><h3>See Also:</h3> <a 1794 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret">AWS 1795 * API Reference</a></p> 1796 */ 1797 virtual Model::UpdateSecretOutcome UpdateSecret(const Model::UpdateSecretRequest& request) const; 1798 1799 /** 1800 * <p>Modifies many of the details of the specified secret. </p> <p>To change the 1801 * secret value, you can also use <a>PutSecretValue</a>.</p> <p>To change the 1802 * rotation configuration of a secret, use <a>RotateSecret</a> instead.</p> <p>We 1803 * recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of 1804 * more than once every 10 minutes. When you call <code>UpdateSecret</code> to 1805 * update the secret value, Secrets Manager creates a new version of the secret. 1806 * Secrets Manager removes outdated versions when there are more than 100, but it 1807 * does not remove versions created less than 24 hours ago. If you update the 1808 * secret value more than once every 10 minutes, you create more versions than 1809 * Secrets Manager removes, and you will reach the quota for secret versions.</p> 1810 * <p>The Secrets Manager console uses only the <code>SecretString</code> 1811 * parameter and therefore limits you to encrypting and storing only a text string. 1812 * To encrypt and store binary data as part of the version of a secret, you must 1813 * use either the Amazon Web Services CLI or one of the Amazon Web Services 1814 * SDKs.</p> <ul> <li> <p>If a version with a <code>VersionId</code> with 1815 * the same value as the <code>ClientRequestToken</code> parameter already exists, 1816 * the operation results in an error. You cannot modify an existing version, you 1817 * can only create a new version.</p> </li> <li> <p>If you include 1818 * <code>SecretString</code> or <code>SecretBinary</code> to create a new secret 1819 * version, Secrets Manager automatically attaches the staging label 1820 * <code>AWSCURRENT</code> to the new version. </p> </li> </ul> <ul> <li> 1821 * <p>If you call an operation to encrypt or decrypt the <code>SecretString</code> 1822 * or <code>SecretBinary</code> for a secret in the same account as the calling 1823 * user and that secret doesn't specify a Amazon Web Services KMS encryption key, 1824 * Secrets Manager uses the account's default Amazon Web Services managed customer 1825 * master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key 1826 * doesn't already exist in your account then Secrets Manager creates it for you 1827 * automatically. All users and roles in the same Amazon Web Services account 1828 * automatically have access to use the default CMK. Note that if an Secrets 1829 * Manager API call results in Amazon Web Services creating the account's Amazon 1830 * Web Services-managed CMK, it can result in a one-time significant delay in 1831 * returning the result.</p> </li> <li> <p>If the secret resides in a different 1832 * Amazon Web Services account from the credentials calling an API that requires 1833 * encryption or decryption of the secret value then you must create and use a 1834 * custom Amazon Web Services KMS CMK because you can't access the default CMK for 1835 * the account using credentials from a different Amazon Web Services account. 1836 * Store the ARN of the CMK in the secret when you create the secret or when you 1837 * update it by including it in the <code>KMSKeyId</code>. If you call an API that 1838 * must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> 1839 * using credentials from a different account then the Amazon Web Services KMS key 1840 * policy must grant cross-account access to that other account's user or role for 1841 * both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> 1842 * <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the 1843 * following permissions:</p> <ul> <li> <p>secretsmanager:UpdateSecret</p> </li> 1844 * <li> <p>kms:GenerateDataKey - needed only if you use a custom Amazon Web 1845 * Services KMS key to encrypt the secret. You do not need this permission to use 1846 * the account's Amazon Web Services managed CMK for Secrets Manager.</p> </li> 1847 * <li> <p>kms:Decrypt - needed only if you use a custom Amazon Web Services KMS 1848 * key to encrypt the secret. You do not need this permission to use the account's 1849 * Amazon Web Services managed CMK for Secrets Manager.</p> </li> </ul> <p> 1850 * <b>Related operations</b> </p> <ul> <li> <p>To create a new secret, use 1851 * <a>CreateSecret</a>.</p> </li> <li> <p>To add only a new version to an existing 1852 * secret, use <a>PutSecretValue</a>.</p> </li> <li> <p>To get the details for a 1853 * secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To list the versions 1854 * contained in a secret, use <a>ListSecretVersionIds</a>.</p> </li> 1855 * </ul><p><h3>See Also:</h3> <a 1856 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret">AWS 1857 * API Reference</a></p> 1858 * 1859 * returns a future to the operation so that it can be executed in parallel to other requests. 1860 */ 1861 virtual Model::UpdateSecretOutcomeCallable UpdateSecretCallable(const Model::UpdateSecretRequest& request) const; 1862 1863 /** 1864 * <p>Modifies many of the details of the specified secret. </p> <p>To change the 1865 * secret value, you can also use <a>PutSecretValue</a>.</p> <p>To change the 1866 * rotation configuration of a secret, use <a>RotateSecret</a> instead.</p> <p>We 1867 * recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of 1868 * more than once every 10 minutes. When you call <code>UpdateSecret</code> to 1869 * update the secret value, Secrets Manager creates a new version of the secret. 1870 * Secrets Manager removes outdated versions when there are more than 100, but it 1871 * does not remove versions created less than 24 hours ago. If you update the 1872 * secret value more than once every 10 minutes, you create more versions than 1873 * Secrets Manager removes, and you will reach the quota for secret versions.</p> 1874 * <p>The Secrets Manager console uses only the <code>SecretString</code> 1875 * parameter and therefore limits you to encrypting and storing only a text string. 1876 * To encrypt and store binary data as part of the version of a secret, you must 1877 * use either the Amazon Web Services CLI or one of the Amazon Web Services 1878 * SDKs.</p> <ul> <li> <p>If a version with a <code>VersionId</code> with 1879 * the same value as the <code>ClientRequestToken</code> parameter already exists, 1880 * the operation results in an error. You cannot modify an existing version, you 1881 * can only create a new version.</p> </li> <li> <p>If you include 1882 * <code>SecretString</code> or <code>SecretBinary</code> to create a new secret 1883 * version, Secrets Manager automatically attaches the staging label 1884 * <code>AWSCURRENT</code> to the new version. </p> </li> </ul> <ul> <li> 1885 * <p>If you call an operation to encrypt or decrypt the <code>SecretString</code> 1886 * or <code>SecretBinary</code> for a secret in the same account as the calling 1887 * user and that secret doesn't specify a Amazon Web Services KMS encryption key, 1888 * Secrets Manager uses the account's default Amazon Web Services managed customer 1889 * master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key 1890 * doesn't already exist in your account then Secrets Manager creates it for you 1891 * automatically. All users and roles in the same Amazon Web Services account 1892 * automatically have access to use the default CMK. Note that if an Secrets 1893 * Manager API call results in Amazon Web Services creating the account's Amazon 1894 * Web Services-managed CMK, it can result in a one-time significant delay in 1895 * returning the result.</p> </li> <li> <p>If the secret resides in a different 1896 * Amazon Web Services account from the credentials calling an API that requires 1897 * encryption or decryption of the secret value then you must create and use a 1898 * custom Amazon Web Services KMS CMK because you can't access the default CMK for 1899 * the account using credentials from a different Amazon Web Services account. 1900 * Store the ARN of the CMK in the secret when you create the secret or when you 1901 * update it by including it in the <code>KMSKeyId</code>. If you call an API that 1902 * must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> 1903 * using credentials from a different account then the Amazon Web Services KMS key 1904 * policy must grant cross-account access to that other account's user or role for 1905 * both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> 1906 * <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the 1907 * following permissions:</p> <ul> <li> <p>secretsmanager:UpdateSecret</p> </li> 1908 * <li> <p>kms:GenerateDataKey - needed only if you use a custom Amazon Web 1909 * Services KMS key to encrypt the secret. You do not need this permission to use 1910 * the account's Amazon Web Services managed CMK for Secrets Manager.</p> </li> 1911 * <li> <p>kms:Decrypt - needed only if you use a custom Amazon Web Services KMS 1912 * key to encrypt the secret. You do not need this permission to use the account's 1913 * Amazon Web Services managed CMK for Secrets Manager.</p> </li> </ul> <p> 1914 * <b>Related operations</b> </p> <ul> <li> <p>To create a new secret, use 1915 * <a>CreateSecret</a>.</p> </li> <li> <p>To add only a new version to an existing 1916 * secret, use <a>PutSecretValue</a>.</p> </li> <li> <p>To get the details for a 1917 * secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To list the versions 1918 * contained in a secret, use <a>ListSecretVersionIds</a>.</p> </li> 1919 * </ul><p><h3>See Also:</h3> <a 1920 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret">AWS 1921 * API Reference</a></p> 1922 * 1923 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1924 */ 1925 virtual void UpdateSecretAsync(const Model::UpdateSecretRequest& request, const UpdateSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1926 1927 /** 1928 * <p>Modifies the staging labels attached to a version of a secret. Staging labels 1929 * are used to track a version as it progresses through the secret rotation 1930 * process. You can attach a staging label to only one version of a secret at a 1931 * time. If a staging label to be added is already attached to another version, 1932 * then it is moved--removed from the other version first and then attached to this 1933 * one. For more information about staging labels, see <a 1934 * href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label">Staging 1935 * Labels</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. </p> 1936 * <p>The staging labels that you specify in the <code>VersionStage</code> 1937 * parameter are added to the existing list of staging labels--they don't replace 1938 * it.</p> <p>You can move the <code>AWSCURRENT</code> staging label to this 1939 * version by including it in this call.</p> <p>Whenever you move 1940 * <code>AWSCURRENT</code>, Secrets Manager automatically moves the label 1941 * <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed 1942 * from.</p> <p>If this action results in the last label being removed from 1943 * a version, then the version is considered to be 'deprecated' and can be deleted 1944 * by Secrets Manager.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 1945 * command, you must have the following permissions:</p> <ul> <li> 1946 * <p>secretsmanager:UpdateSecretVersionStage</p> </li> </ul> <p> <b>Related 1947 * operations</b> </p> <ul> <li> <p>To get the list of staging labels that are 1948 * currently associated with a version of a secret, use <code> 1949 * <a>DescribeSecret</a> </code> and examine the 1950 * <code>SecretVersionsToStages</code> response value. </p> </li> </ul><p><h3>See 1951 * Also:</h3> <a 1952 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage">AWS 1953 * API Reference</a></p> 1954 */ 1955 virtual Model::UpdateSecretVersionStageOutcome UpdateSecretVersionStage(const Model::UpdateSecretVersionStageRequest& request) const; 1956 1957 /** 1958 * <p>Modifies the staging labels attached to a version of a secret. Staging labels 1959 * are used to track a version as it progresses through the secret rotation 1960 * process. You can attach a staging label to only one version of a secret at a 1961 * time. If a staging label to be added is already attached to another version, 1962 * then it is moved--removed from the other version first and then attached to this 1963 * one. For more information about staging labels, see <a 1964 * href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label">Staging 1965 * Labels</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. </p> 1966 * <p>The staging labels that you specify in the <code>VersionStage</code> 1967 * parameter are added to the existing list of staging labels--they don't replace 1968 * it.</p> <p>You can move the <code>AWSCURRENT</code> staging label to this 1969 * version by including it in this call.</p> <p>Whenever you move 1970 * <code>AWSCURRENT</code>, Secrets Manager automatically moves the label 1971 * <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed 1972 * from.</p> <p>If this action results in the last label being removed from 1973 * a version, then the version is considered to be 'deprecated' and can be deleted 1974 * by Secrets Manager.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 1975 * command, you must have the following permissions:</p> <ul> <li> 1976 * <p>secretsmanager:UpdateSecretVersionStage</p> </li> </ul> <p> <b>Related 1977 * operations</b> </p> <ul> <li> <p>To get the list of staging labels that are 1978 * currently associated with a version of a secret, use <code> 1979 * <a>DescribeSecret</a> </code> and examine the 1980 * <code>SecretVersionsToStages</code> response value. </p> </li> </ul><p><h3>See 1981 * Also:</h3> <a 1982 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage">AWS 1983 * API Reference</a></p> 1984 * 1985 * returns a future to the operation so that it can be executed in parallel to other requests. 1986 */ 1987 virtual Model::UpdateSecretVersionStageOutcomeCallable UpdateSecretVersionStageCallable(const Model::UpdateSecretVersionStageRequest& request) const; 1988 1989 /** 1990 * <p>Modifies the staging labels attached to a version of a secret. Staging labels 1991 * are used to track a version as it progresses through the secret rotation 1992 * process. You can attach a staging label to only one version of a secret at a 1993 * time. If a staging label to be added is already attached to another version, 1994 * then it is moved--removed from the other version first and then attached to this 1995 * one. For more information about staging labels, see <a 1996 * href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label">Staging 1997 * Labels</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. </p> 1998 * <p>The staging labels that you specify in the <code>VersionStage</code> 1999 * parameter are added to the existing list of staging labels--they don't replace 2000 * it.</p> <p>You can move the <code>AWSCURRENT</code> staging label to this 2001 * version by including it in this call.</p> <p>Whenever you move 2002 * <code>AWSCURRENT</code>, Secrets Manager automatically moves the label 2003 * <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed 2004 * from.</p> <p>If this action results in the last label being removed from 2005 * a version, then the version is considered to be 'deprecated' and can be deleted 2006 * by Secrets Manager.</p> <p> <b>Minimum permissions</b> </p> <p>To run this 2007 * command, you must have the following permissions:</p> <ul> <li> 2008 * <p>secretsmanager:UpdateSecretVersionStage</p> </li> </ul> <p> <b>Related 2009 * operations</b> </p> <ul> <li> <p>To get the list of staging labels that are 2010 * currently associated with a version of a secret, use <code> 2011 * <a>DescribeSecret</a> </code> and examine the 2012 * <code>SecretVersionsToStages</code> response value. </p> </li> </ul><p><h3>See 2013 * Also:</h3> <a 2014 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage">AWS 2015 * API Reference</a></p> 2016 * 2017 * Queues the request into a thread executor and triggers associated callback when operation has finished. 2018 */ 2019 virtual void UpdateSecretVersionStageAsync(const Model::UpdateSecretVersionStageRequest& request, const UpdateSecretVersionStageResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 2020 2021 /** 2022 * <p>Validates that the resource policy does not grant a wide range of IAM 2023 * principals access to your secret. The JSON request string input and response 2024 * output displays formatted code with white space and line breaks for better 2025 * readability. Submit your input as a single line JSON string. A resource-based 2026 * policy is optional for secrets.</p> <p>The API performs three checks when 2027 * validating the secret:</p> <ul> <li> <p>Sends a call to <a 2028 * href="https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/">Zelkova</a>, 2029 * an automated reasoning engine, to ensure your Resource Policy does not allow 2030 * broad access to your secret.</p> </li> <li> <p>Checks for correct syntax in a 2031 * policy.</p> </li> <li> <p>Verifies the policy does not lock out a caller.</p> 2032 * </li> </ul> <p> <b>Minimum Permissions</b> </p> <p>You must have the permissions 2033 * required to access the following APIs:</p> <ul> <li> <p> 2034 * <code>secretsmanager:PutResourcePolicy</code> </p> </li> <li> <p> 2035 * <code>secretsmanager:ValidateResourcePolicy</code> </p> </li> </ul><p><h3>See 2036 * Also:</h3> <a 2037 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy">AWS 2038 * API Reference</a></p> 2039 */ 2040 virtual Model::ValidateResourcePolicyOutcome ValidateResourcePolicy(const Model::ValidateResourcePolicyRequest& request) const; 2041 2042 /** 2043 * <p>Validates that the resource policy does not grant a wide range of IAM 2044 * principals access to your secret. The JSON request string input and response 2045 * output displays formatted code with white space and line breaks for better 2046 * readability. Submit your input as a single line JSON string. A resource-based 2047 * policy is optional for secrets.</p> <p>The API performs three checks when 2048 * validating the secret:</p> <ul> <li> <p>Sends a call to <a 2049 * href="https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/">Zelkova</a>, 2050 * an automated reasoning engine, to ensure your Resource Policy does not allow 2051 * broad access to your secret.</p> </li> <li> <p>Checks for correct syntax in a 2052 * policy.</p> </li> <li> <p>Verifies the policy does not lock out a caller.</p> 2053 * </li> </ul> <p> <b>Minimum Permissions</b> </p> <p>You must have the permissions 2054 * required to access the following APIs:</p> <ul> <li> <p> 2055 * <code>secretsmanager:PutResourcePolicy</code> </p> </li> <li> <p> 2056 * <code>secretsmanager:ValidateResourcePolicy</code> </p> </li> </ul><p><h3>See 2057 * Also:</h3> <a 2058 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy">AWS 2059 * API Reference</a></p> 2060 * 2061 * returns a future to the operation so that it can be executed in parallel to other requests. 2062 */ 2063 virtual Model::ValidateResourcePolicyOutcomeCallable ValidateResourcePolicyCallable(const Model::ValidateResourcePolicyRequest& request) const; 2064 2065 /** 2066 * <p>Validates that the resource policy does not grant a wide range of IAM 2067 * principals access to your secret. The JSON request string input and response 2068 * output displays formatted code with white space and line breaks for better 2069 * readability. Submit your input as a single line JSON string. A resource-based 2070 * policy is optional for secrets.</p> <p>The API performs three checks when 2071 * validating the secret:</p> <ul> <li> <p>Sends a call to <a 2072 * href="https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/">Zelkova</a>, 2073 * an automated reasoning engine, to ensure your Resource Policy does not allow 2074 * broad access to your secret.</p> </li> <li> <p>Checks for correct syntax in a 2075 * policy.</p> </li> <li> <p>Verifies the policy does not lock out a caller.</p> 2076 * </li> </ul> <p> <b>Minimum Permissions</b> </p> <p>You must have the permissions 2077 * required to access the following APIs:</p> <ul> <li> <p> 2078 * <code>secretsmanager:PutResourcePolicy</code> </p> </li> <li> <p> 2079 * <code>secretsmanager:ValidateResourcePolicy</code> </p> </li> </ul><p><h3>See 2080 * Also:</h3> <a 2081 * href="http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy">AWS 2082 * API Reference</a></p> 2083 * 2084 * Queues the request into a thread executor and triggers associated callback when operation has finished. 2085 */ 2086 virtual void ValidateResourcePolicyAsync(const Model::ValidateResourcePolicyRequest& request, const ValidateResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 2087 2088 2089 void OverrideEndpoint(const Aws::String& endpoint); 2090 private: 2091 void init(const Aws::Client::ClientConfiguration& clientConfiguration); 2092 void CancelRotateSecretAsyncHelper(const Model::CancelRotateSecretRequest& request, const CancelRotateSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2093 void CreateSecretAsyncHelper(const Model::CreateSecretRequest& request, const CreateSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2094 void DeleteResourcePolicyAsyncHelper(const Model::DeleteResourcePolicyRequest& request, const DeleteResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2095 void DeleteSecretAsyncHelper(const Model::DeleteSecretRequest& request, const DeleteSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2096 void DescribeSecretAsyncHelper(const Model::DescribeSecretRequest& request, const DescribeSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2097 void GetRandomPasswordAsyncHelper(const Model::GetRandomPasswordRequest& request, const GetRandomPasswordResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2098 void GetResourcePolicyAsyncHelper(const Model::GetResourcePolicyRequest& request, const GetResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2099 void GetSecretValueAsyncHelper(const Model::GetSecretValueRequest& request, const GetSecretValueResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2100 void ListSecretVersionIdsAsyncHelper(const Model::ListSecretVersionIdsRequest& request, const ListSecretVersionIdsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2101 void ListSecretsAsyncHelper(const Model::ListSecretsRequest& request, const ListSecretsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2102 void PutResourcePolicyAsyncHelper(const Model::PutResourcePolicyRequest& request, const PutResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2103 void PutSecretValueAsyncHelper(const Model::PutSecretValueRequest& request, const PutSecretValueResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2104 void RemoveRegionsFromReplicationAsyncHelper(const Model::RemoveRegionsFromReplicationRequest& request, const RemoveRegionsFromReplicationResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2105 void ReplicateSecretToRegionsAsyncHelper(const Model::ReplicateSecretToRegionsRequest& request, const ReplicateSecretToRegionsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2106 void RestoreSecretAsyncHelper(const Model::RestoreSecretRequest& request, const RestoreSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2107 void RotateSecretAsyncHelper(const Model::RotateSecretRequest& request, const RotateSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2108 void StopReplicationToReplicaAsyncHelper(const Model::StopReplicationToReplicaRequest& request, const StopReplicationToReplicaResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2109 void TagResourceAsyncHelper(const Model::TagResourceRequest& request, const TagResourceResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2110 void UntagResourceAsyncHelper(const Model::UntagResourceRequest& request, const UntagResourceResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2111 void UpdateSecretAsyncHelper(const Model::UpdateSecretRequest& request, const UpdateSecretResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2112 void UpdateSecretVersionStageAsyncHelper(const Model::UpdateSecretVersionStageRequest& request, const UpdateSecretVersionStageResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2113 void ValidateResourcePolicyAsyncHelper(const Model::ValidateResourcePolicyRequest& request, const ValidateResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 2114 2115 Aws::String m_uri; 2116 Aws::String m_configScheme; 2117 std::shared_ptr<Aws::Utils::Threading::Executor> m_executor; 2118 }; 2119 2120 } // namespace SecretsManager 2121 } // namespace Aws 2122