1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package secretsmanager 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opCancelRotateSecret = "CancelRotateSecret" 17 18// CancelRotateSecretRequest generates a "aws/request.Request" representing the 19// client's request for the CancelRotateSecret operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See CancelRotateSecret for more information on using the CancelRotateSecret 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the CancelRotateSecretRequest method. 34// req, resp := client.CancelRotateSecretRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret 42func (c *SecretsManager) CancelRotateSecretRequest(input *CancelRotateSecretInput) (req *request.Request, output *CancelRotateSecretOutput) { 43 op := &request.Operation{ 44 Name: opCancelRotateSecret, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &CancelRotateSecretInput{} 51 } 52 53 output = &CancelRotateSecretOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// CancelRotateSecret API operation for AWS Secrets Manager. 59// 60// Disables automatic scheduled rotation and cancels the rotation of a secret 61// if one is currently in progress. 62// 63// To re-enable scheduled rotation, call RotateSecret with AutomaticallyRotateAfterDays 64// set to a value greater than 0. This will immediately rotate your secret and 65// then enable the automatic schedule. 66// 67// If you cancel a rotation that is in progress, it can leave the VersionStage 68// labels in an unexpected state. Depending on what step of the rotation was 69// in progress, you might need to remove the staging label AWSPENDING from the 70// partially created version, specified by the VersionId response value. You 71// should also evaluate the partially rotated new version to see if it should 72// be deleted, which you can do by removing all staging labels from the new 73// version's VersionStage field. 74// 75// To successfully start a rotation, the staging label AWSPENDING must be in 76// one of the following states: 77// 78// * Not be attached to any version at all 79// 80// * Attached to the same version as the staging label AWSCURRENT 81// 82// If the staging label AWSPENDING is attached to a different version than the 83// version with AWSCURRENT then the attempt to rotate fails. 84// 85// Minimum permissions 86// 87// To run this command, you must have the following permissions: 88// 89// * secretsmanager:CancelRotateSecret 90// 91// Related operations 92// 93// * To configure rotation for a secret or to manually trigger a rotation, 94// use RotateSecret. 95// 96// * To get the rotation configuration details for a secret, use DescribeSecret. 97// 98// * To list all of the currently available secrets, use ListSecrets. 99// 100// * To list all of the versions currently associated with a secret, use 101// ListSecretVersionIds. 102// 103// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 104// with awserr.Error's Code and Message methods to get detailed information about 105// the error. 106// 107// See the AWS API reference guide for AWS Secrets Manager's 108// API operation CancelRotateSecret for usage and error information. 109// 110// Returned Error Codes: 111// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 112// We can't find the resource that you asked for. 113// 114// * ErrCodeInvalidParameterException "InvalidParameterException" 115// You provided an invalid value for a parameter. 116// 117// * ErrCodeInternalServiceError "InternalServiceError" 118// An error occurred on the server side. 119// 120// * ErrCodeInvalidRequestException "InvalidRequestException" 121// You provided a parameter value that is not valid for the current state of 122// the resource. 123// 124// Possible causes: 125// 126// * You tried to perform the operation on a secret that's currently marked 127// deleted. 128// 129// * You tried to enable rotation on a secret that doesn't already have a 130// Lambda function ARN configured and you didn't include such an ARN as a 131// parameter in this call. 132// 133// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret 134func (c *SecretsManager) CancelRotateSecret(input *CancelRotateSecretInput) (*CancelRotateSecretOutput, error) { 135 req, out := c.CancelRotateSecretRequest(input) 136 return out, req.Send() 137} 138 139// CancelRotateSecretWithContext is the same as CancelRotateSecret with the addition of 140// the ability to pass a context and additional request options. 141// 142// See CancelRotateSecret for details on how to use this API operation. 143// 144// The context must be non-nil and will be used for request cancellation. If 145// the context is nil a panic will occur. In the future the SDK may create 146// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 147// for more information on using Contexts. 148func (c *SecretsManager) CancelRotateSecretWithContext(ctx aws.Context, input *CancelRotateSecretInput, opts ...request.Option) (*CancelRotateSecretOutput, error) { 149 req, out := c.CancelRotateSecretRequest(input) 150 req.SetContext(ctx) 151 req.ApplyOptions(opts...) 152 return out, req.Send() 153} 154 155const opCreateSecret = "CreateSecret" 156 157// CreateSecretRequest generates a "aws/request.Request" representing the 158// client's request for the CreateSecret operation. The "output" return 159// value will be populated with the request's response once the request completes 160// successfully. 161// 162// Use "Send" method on the returned Request to send the API call to the service. 163// the "output" return value is not valid until after Send returns without error. 164// 165// See CreateSecret for more information on using the CreateSecret 166// API call, and error handling. 167// 168// This method is useful when you want to inject custom logic or configuration 169// into the SDK's request lifecycle. Such as custom headers, or retry logic. 170// 171// 172// // Example sending a request using the CreateSecretRequest method. 173// req, resp := client.CreateSecretRequest(params) 174// 175// err := req.Send() 176// if err == nil { // resp is now filled 177// fmt.Println(resp) 178// } 179// 180// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret 181func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *request.Request, output *CreateSecretOutput) { 182 op := &request.Operation{ 183 Name: opCreateSecret, 184 HTTPMethod: "POST", 185 HTTPPath: "/", 186 } 187 188 if input == nil { 189 input = &CreateSecretInput{} 190 } 191 192 output = &CreateSecretOutput{} 193 req = c.newRequest(op, input, output) 194 return 195} 196 197// CreateSecret API operation for AWS Secrets Manager. 198// 199// Creates a new secret. A secret in Secrets Manager consists of both the protected 200// secret data and the important information needed to manage the secret. 201// 202// Secrets Manager stores the encrypted secret data in one of a collection of 203// "versions" associated with the secret. Each version contains a copy of the 204// encrypted secret data. Each version is associated with one or more "staging 205// labels" that identify where the version is in the rotation cycle. The SecretVersionsToStages 206// field of the secret contains the mapping of staging labels to the active 207// versions of the secret. Versions without a staging label are considered deprecated 208// and are not included in the list. 209// 210// You provide the secret data to be encrypted by putting text in either the 211// SecretString parameter or binary data in the SecretBinary parameter, but 212// not both. If you include SecretString or SecretBinary then Secrets Manager 213// also creates an initial secret version and automatically attaches the staging 214// label AWSCURRENT to the new version. 215// 216// * If you call an operation that needs to encrypt or decrypt the SecretString 217// or SecretBinary for a secret in the same account as the calling user and 218// that secret doesn't specify a AWS KMS encryption key, Secrets Manager 219// uses the account's default AWS managed customer master key (CMK) with 220// the alias aws/secretsmanager. If this key doesn't already exist in your 221// account then Secrets Manager creates it for you automatically. All users 222// and roles in the same AWS account automatically have access to use the 223// default CMK. Note that if an Secrets Manager API call results in AWS having 224// to create the account's AWS-managed CMK, it can result in a one-time significant 225// delay in returning the result. 226// 227// * If the secret is in a different AWS account from the credentials calling 228// an API that requires encryption or decryption of the secret value then 229// you must create and use a custom AWS KMS CMK because you can't access 230// the default CMK for the account using credentials from a different AWS 231// account. Store the ARN of the CMK in the secret when you create the secret 232// or when you update it by including it in the KMSKeyId. If you call an 233// API that must encrypt or decrypt SecretString or SecretBinary using credentials 234// from a different account then the AWS KMS key policy must grant cross-account 235// access to that other account's user or role for both the kms:GenerateDataKey 236// and kms:Decrypt operations. 237// 238// Minimum permissions 239// 240// To run this command, you must have the following permissions: 241// 242// * secretsmanager:CreateSecret 243// 244// * kms:GenerateDataKey - needed only if you use a customer-managed AWS 245// KMS key to encrypt the secret. You do not need this permission to use 246// the account's default AWS managed CMK for Secrets Manager. 247// 248// * kms:Decrypt - needed only if you use a customer-managed AWS KMS key 249// to encrypt the secret. You do not need this permission to use the account's 250// default AWS managed CMK for Secrets Manager. 251// 252// * secretsmanager:TagResource - needed only if you include the Tags parameter. 253// 254// Related operations 255// 256// * To delete a secret, use DeleteSecret. 257// 258// * To modify an existing secret, use UpdateSecret. 259// 260// * To create a new version of a secret, use PutSecretValue. 261// 262// * To retrieve the encrypted secure string and secure binary values, use 263// GetSecretValue. 264// 265// * To retrieve all other details for a secret, use DescribeSecret. This 266// does not include the encrypted secure string and secure binary values. 267// 268// * To retrieve the list of secret versions associated with the current 269// secret, use DescribeSecret and examine the SecretVersionsToStages response 270// value. 271// 272// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 273// with awserr.Error's Code and Message methods to get detailed information about 274// the error. 275// 276// See the AWS API reference guide for AWS Secrets Manager's 277// API operation CreateSecret for usage and error information. 278// 279// Returned Error Codes: 280// * ErrCodeInvalidParameterException "InvalidParameterException" 281// You provided an invalid value for a parameter. 282// 283// * ErrCodeInvalidRequestException "InvalidRequestException" 284// You provided a parameter value that is not valid for the current state of 285// the resource. 286// 287// Possible causes: 288// 289// * You tried to perform the operation on a secret that's currently marked 290// deleted. 291// 292// * You tried to enable rotation on a secret that doesn't already have a 293// Lambda function ARN configured and you didn't include such an ARN as a 294// parameter in this call. 295// 296// * ErrCodeLimitExceededException "LimitExceededException" 297// The request failed because it would exceed one of the Secrets Manager internal 298// limits. 299// 300// * ErrCodeEncryptionFailure "EncryptionFailure" 301// Secrets Manager can't encrypt the protected secret text using the provided 302// KMS key. Check that the customer master key (CMK) is available, enabled, 303// and not in an invalid state. For more information, see How Key State Affects 304// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 305// 306// * ErrCodeResourceExistsException "ResourceExistsException" 307// A resource with the ID you requested already exists. 308// 309// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 310// We can't find the resource that you asked for. 311// 312// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 313// The policy document that you provided isn't valid. 314// 315// * ErrCodeInternalServiceError "InternalServiceError" 316// An error occurred on the server side. 317// 318// * ErrCodePreconditionNotMetException "PreconditionNotMetException" 319// The request failed because you did not complete all the prerequisite steps. 320// 321// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret 322func (c *SecretsManager) CreateSecret(input *CreateSecretInput) (*CreateSecretOutput, error) { 323 req, out := c.CreateSecretRequest(input) 324 return out, req.Send() 325} 326 327// CreateSecretWithContext is the same as CreateSecret with the addition of 328// the ability to pass a context and additional request options. 329// 330// See CreateSecret for details on how to use this API operation. 331// 332// The context must be non-nil and will be used for request cancellation. If 333// the context is nil a panic will occur. In the future the SDK may create 334// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 335// for more information on using Contexts. 336func (c *SecretsManager) CreateSecretWithContext(ctx aws.Context, input *CreateSecretInput, opts ...request.Option) (*CreateSecretOutput, error) { 337 req, out := c.CreateSecretRequest(input) 338 req.SetContext(ctx) 339 req.ApplyOptions(opts...) 340 return out, req.Send() 341} 342 343const opDeleteResourcePolicy = "DeleteResourcePolicy" 344 345// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the 346// client's request for the DeleteResourcePolicy operation. The "output" return 347// value will be populated with the request's response once the request completes 348// successfully. 349// 350// Use "Send" method on the returned Request to send the API call to the service. 351// the "output" return value is not valid until after Send returns without error. 352// 353// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy 354// API call, and error handling. 355// 356// This method is useful when you want to inject custom logic or configuration 357// into the SDK's request lifecycle. Such as custom headers, or retry logic. 358// 359// 360// // Example sending a request using the DeleteResourcePolicyRequest method. 361// req, resp := client.DeleteResourcePolicyRequest(params) 362// 363// err := req.Send() 364// if err == nil { // resp is now filled 365// fmt.Println(resp) 366// } 367// 368// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy 369func (c *SecretsManager) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) { 370 op := &request.Operation{ 371 Name: opDeleteResourcePolicy, 372 HTTPMethod: "POST", 373 HTTPPath: "/", 374 } 375 376 if input == nil { 377 input = &DeleteResourcePolicyInput{} 378 } 379 380 output = &DeleteResourcePolicyOutput{} 381 req = c.newRequest(op, input, output) 382 return 383} 384 385// DeleteResourcePolicy API operation for AWS Secrets Manager. 386// 387// Deletes the resource-based permission policy that's attached to the secret. 388// 389// Minimum permissions 390// 391// To run this command, you must have the following permissions: 392// 393// * secretsmanager:DeleteResourcePolicy 394// 395// Related operations 396// 397// * To attach a resource policy to a secret, use PutResourcePolicy. 398// 399// * To retrieve the current resource-based policy that's attached to a secret, 400// use GetResourcePolicy. 401// 402// * To list all of the currently available secrets, use ListSecrets. 403// 404// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 405// with awserr.Error's Code and Message methods to get detailed information about 406// the error. 407// 408// See the AWS API reference guide for AWS Secrets Manager's 409// API operation DeleteResourcePolicy for usage and error information. 410// 411// Returned Error Codes: 412// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 413// We can't find the resource that you asked for. 414// 415// * ErrCodeInternalServiceError "InternalServiceError" 416// An error occurred on the server side. 417// 418// * ErrCodeInvalidRequestException "InvalidRequestException" 419// You provided a parameter value that is not valid for the current state of 420// the resource. 421// 422// Possible causes: 423// 424// * You tried to perform the operation on a secret that's currently marked 425// deleted. 426// 427// * You tried to enable rotation on a secret that doesn't already have a 428// Lambda function ARN configured and you didn't include such an ARN as a 429// parameter in this call. 430// 431// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy 432func (c *SecretsManager) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) { 433 req, out := c.DeleteResourcePolicyRequest(input) 434 return out, req.Send() 435} 436 437// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of 438// the ability to pass a context and additional request options. 439// 440// See DeleteResourcePolicy for details on how to use this API operation. 441// 442// The context must be non-nil and will be used for request cancellation. If 443// the context is nil a panic will occur. In the future the SDK may create 444// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 445// for more information on using Contexts. 446func (c *SecretsManager) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) { 447 req, out := c.DeleteResourcePolicyRequest(input) 448 req.SetContext(ctx) 449 req.ApplyOptions(opts...) 450 return out, req.Send() 451} 452 453const opDeleteSecret = "DeleteSecret" 454 455// DeleteSecretRequest generates a "aws/request.Request" representing the 456// client's request for the DeleteSecret operation. The "output" return 457// value will be populated with the request's response once the request completes 458// successfully. 459// 460// Use "Send" method on the returned Request to send the API call to the service. 461// the "output" return value is not valid until after Send returns without error. 462// 463// See DeleteSecret for more information on using the DeleteSecret 464// API call, and error handling. 465// 466// This method is useful when you want to inject custom logic or configuration 467// into the SDK's request lifecycle. Such as custom headers, or retry logic. 468// 469// 470// // Example sending a request using the DeleteSecretRequest method. 471// req, resp := client.DeleteSecretRequest(params) 472// 473// err := req.Send() 474// if err == nil { // resp is now filled 475// fmt.Println(resp) 476// } 477// 478// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret 479func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *request.Request, output *DeleteSecretOutput) { 480 op := &request.Operation{ 481 Name: opDeleteSecret, 482 HTTPMethod: "POST", 483 HTTPPath: "/", 484 } 485 486 if input == nil { 487 input = &DeleteSecretInput{} 488 } 489 490 output = &DeleteSecretOutput{} 491 req = c.newRequest(op, input, output) 492 return 493} 494 495// DeleteSecret API operation for AWS Secrets Manager. 496// 497// Deletes an entire secret and all of its versions. You can optionally include 498// a recovery window during which you can restore the secret. If you don't specify 499// a recovery window value, the operation defaults to 30 days. Secrets Manager 500// attaches a DeletionDate stamp to the secret that specifies the end of the 501// recovery window. At the end of the recovery window, Secrets Manager deletes 502// the secret permanently. 503// 504// At any time before recovery window ends, you can use RestoreSecret to remove 505// the DeletionDate and cancel the deletion of the secret. 506// 507// You cannot access the encrypted secret information in any secret that is 508// scheduled for deletion. If you need to access that information, you must 509// cancel the deletion with RestoreSecret and then retrieve the information. 510// 511// * There is no explicit operation to delete a version of a secret. Instead, 512// remove all staging labels from the VersionStage field of a version. That 513// marks the version as deprecated and allows Secrets Manager to delete it 514// as needed. Versions that do not have any staging labels do not show up 515// in ListSecretVersionIds unless you specify IncludeDeprecated. 516// 517// * The permanent secret deletion at the end of the waiting period is performed 518// as a background task with low priority. There is no guarantee of a specific 519// time after the recovery window for the actual delete operation to occur. 520// 521// Minimum permissions 522// 523// To run this command, you must have the following permissions: 524// 525// * secretsmanager:DeleteSecret 526// 527// Related operations 528// 529// * To create a secret, use CreateSecret. 530// 531// * To cancel deletion of a version of a secret before the recovery window 532// has expired, use RestoreSecret. 533// 534// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 535// with awserr.Error's Code and Message methods to get detailed information about 536// the error. 537// 538// See the AWS API reference guide for AWS Secrets Manager's 539// API operation DeleteSecret for usage and error information. 540// 541// Returned Error Codes: 542// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 543// We can't find the resource that you asked for. 544// 545// * ErrCodeInvalidParameterException "InvalidParameterException" 546// You provided an invalid value for a parameter. 547// 548// * ErrCodeInvalidRequestException "InvalidRequestException" 549// You provided a parameter value that is not valid for the current state of 550// the resource. 551// 552// Possible causes: 553// 554// * You tried to perform the operation on a secret that's currently marked 555// deleted. 556// 557// * You tried to enable rotation on a secret that doesn't already have a 558// Lambda function ARN configured and you didn't include such an ARN as a 559// parameter in this call. 560// 561// * ErrCodeInternalServiceError "InternalServiceError" 562// An error occurred on the server side. 563// 564// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret 565func (c *SecretsManager) DeleteSecret(input *DeleteSecretInput) (*DeleteSecretOutput, error) { 566 req, out := c.DeleteSecretRequest(input) 567 return out, req.Send() 568} 569 570// DeleteSecretWithContext is the same as DeleteSecret with the addition of 571// the ability to pass a context and additional request options. 572// 573// See DeleteSecret for details on how to use this API operation. 574// 575// The context must be non-nil and will be used for request cancellation. If 576// the context is nil a panic will occur. In the future the SDK may create 577// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 578// for more information on using Contexts. 579func (c *SecretsManager) DeleteSecretWithContext(ctx aws.Context, input *DeleteSecretInput, opts ...request.Option) (*DeleteSecretOutput, error) { 580 req, out := c.DeleteSecretRequest(input) 581 req.SetContext(ctx) 582 req.ApplyOptions(opts...) 583 return out, req.Send() 584} 585 586const opDescribeSecret = "DescribeSecret" 587 588// DescribeSecretRequest generates a "aws/request.Request" representing the 589// client's request for the DescribeSecret operation. The "output" return 590// value will be populated with the request's response once the request completes 591// successfully. 592// 593// Use "Send" method on the returned Request to send the API call to the service. 594// the "output" return value is not valid until after Send returns without error. 595// 596// See DescribeSecret for more information on using the DescribeSecret 597// API call, and error handling. 598// 599// This method is useful when you want to inject custom logic or configuration 600// into the SDK's request lifecycle. Such as custom headers, or retry logic. 601// 602// 603// // Example sending a request using the DescribeSecretRequest method. 604// req, resp := client.DescribeSecretRequest(params) 605// 606// err := req.Send() 607// if err == nil { // resp is now filled 608// fmt.Println(resp) 609// } 610// 611// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret 612func (c *SecretsManager) DescribeSecretRequest(input *DescribeSecretInput) (req *request.Request, output *DescribeSecretOutput) { 613 op := &request.Operation{ 614 Name: opDescribeSecret, 615 HTTPMethod: "POST", 616 HTTPPath: "/", 617 } 618 619 if input == nil { 620 input = &DescribeSecretInput{} 621 } 622 623 output = &DescribeSecretOutput{} 624 req = c.newRequest(op, input, output) 625 return 626} 627 628// DescribeSecret API operation for AWS Secrets Manager. 629// 630// Retrieves the details of a secret. It does not include the encrypted fields. 631// Only those fields that are populated with a value are returned in the response. 632// 633// Minimum permissions 634// 635// To run this command, you must have the following permissions: 636// 637// * secretsmanager:DescribeSecret 638// 639// Related operations 640// 641// * To create a secret, use CreateSecret. 642// 643// * To modify a secret, use UpdateSecret. 644// 645// * To retrieve the encrypted secret information in a version of the secret, 646// use GetSecretValue. 647// 648// * To list all of the secrets in the AWS account, use ListSecrets. 649// 650// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 651// with awserr.Error's Code and Message methods to get detailed information about 652// the error. 653// 654// See the AWS API reference guide for AWS Secrets Manager's 655// API operation DescribeSecret for usage and error information. 656// 657// Returned Error Codes: 658// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 659// We can't find the resource that you asked for. 660// 661// * ErrCodeInternalServiceError "InternalServiceError" 662// An error occurred on the server side. 663// 664// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret 665func (c *SecretsManager) DescribeSecret(input *DescribeSecretInput) (*DescribeSecretOutput, error) { 666 req, out := c.DescribeSecretRequest(input) 667 return out, req.Send() 668} 669 670// DescribeSecretWithContext is the same as DescribeSecret with the addition of 671// the ability to pass a context and additional request options. 672// 673// See DescribeSecret for details on how to use this API operation. 674// 675// The context must be non-nil and will be used for request cancellation. If 676// the context is nil a panic will occur. In the future the SDK may create 677// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 678// for more information on using Contexts. 679func (c *SecretsManager) DescribeSecretWithContext(ctx aws.Context, input *DescribeSecretInput, opts ...request.Option) (*DescribeSecretOutput, error) { 680 req, out := c.DescribeSecretRequest(input) 681 req.SetContext(ctx) 682 req.ApplyOptions(opts...) 683 return out, req.Send() 684} 685 686const opGetRandomPassword = "GetRandomPassword" 687 688// GetRandomPasswordRequest generates a "aws/request.Request" representing the 689// client's request for the GetRandomPassword operation. The "output" return 690// value will be populated with the request's response once the request completes 691// successfully. 692// 693// Use "Send" method on the returned Request to send the API call to the service. 694// the "output" return value is not valid until after Send returns without error. 695// 696// See GetRandomPassword for more information on using the GetRandomPassword 697// API call, and error handling. 698// 699// This method is useful when you want to inject custom logic or configuration 700// into the SDK's request lifecycle. Such as custom headers, or retry logic. 701// 702// 703// // Example sending a request using the GetRandomPasswordRequest method. 704// req, resp := client.GetRandomPasswordRequest(params) 705// 706// err := req.Send() 707// if err == nil { // resp is now filled 708// fmt.Println(resp) 709// } 710// 711// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword 712func (c *SecretsManager) GetRandomPasswordRequest(input *GetRandomPasswordInput) (req *request.Request, output *GetRandomPasswordOutput) { 713 op := &request.Operation{ 714 Name: opGetRandomPassword, 715 HTTPMethod: "POST", 716 HTTPPath: "/", 717 } 718 719 if input == nil { 720 input = &GetRandomPasswordInput{} 721 } 722 723 output = &GetRandomPasswordOutput{} 724 req = c.newRequest(op, input, output) 725 return 726} 727 728// GetRandomPassword API operation for AWS Secrets Manager. 729// 730// Generates a random password of the specified complexity. This operation is 731// intended for use in the Lambda rotation function. Per best practice, we recommend 732// that you specify the maximum length and include every character type that 733// the system you are generating a password for can support. 734// 735// Minimum permissions 736// 737// To run this command, you must have the following permissions: 738// 739// * secretsmanager:GetRandomPassword 740// 741// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 742// with awserr.Error's Code and Message methods to get detailed information about 743// the error. 744// 745// See the AWS API reference guide for AWS Secrets Manager's 746// API operation GetRandomPassword for usage and error information. 747// 748// Returned Error Codes: 749// * ErrCodeInvalidParameterException "InvalidParameterException" 750// You provided an invalid value for a parameter. 751// 752// * ErrCodeInvalidRequestException "InvalidRequestException" 753// You provided a parameter value that is not valid for the current state of 754// the resource. 755// 756// Possible causes: 757// 758// * You tried to perform the operation on a secret that's currently marked 759// deleted. 760// 761// * You tried to enable rotation on a secret that doesn't already have a 762// Lambda function ARN configured and you didn't include such an ARN as a 763// parameter in this call. 764// 765// * ErrCodeInternalServiceError "InternalServiceError" 766// An error occurred on the server side. 767// 768// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword 769func (c *SecretsManager) GetRandomPassword(input *GetRandomPasswordInput) (*GetRandomPasswordOutput, error) { 770 req, out := c.GetRandomPasswordRequest(input) 771 return out, req.Send() 772} 773 774// GetRandomPasswordWithContext is the same as GetRandomPassword with the addition of 775// the ability to pass a context and additional request options. 776// 777// See GetRandomPassword for details on how to use this API operation. 778// 779// The context must be non-nil and will be used for request cancellation. If 780// the context is nil a panic will occur. In the future the SDK may create 781// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 782// for more information on using Contexts. 783func (c *SecretsManager) GetRandomPasswordWithContext(ctx aws.Context, input *GetRandomPasswordInput, opts ...request.Option) (*GetRandomPasswordOutput, error) { 784 req, out := c.GetRandomPasswordRequest(input) 785 req.SetContext(ctx) 786 req.ApplyOptions(opts...) 787 return out, req.Send() 788} 789 790const opGetResourcePolicy = "GetResourcePolicy" 791 792// GetResourcePolicyRequest generates a "aws/request.Request" representing the 793// client's request for the GetResourcePolicy operation. The "output" return 794// value will be populated with the request's response once the request completes 795// successfully. 796// 797// Use "Send" method on the returned Request to send the API call to the service. 798// the "output" return value is not valid until after Send returns without error. 799// 800// See GetResourcePolicy for more information on using the GetResourcePolicy 801// API call, and error handling. 802// 803// This method is useful when you want to inject custom logic or configuration 804// into the SDK's request lifecycle. Such as custom headers, or retry logic. 805// 806// 807// // Example sending a request using the GetResourcePolicyRequest method. 808// req, resp := client.GetResourcePolicyRequest(params) 809// 810// err := req.Send() 811// if err == nil { // resp is now filled 812// fmt.Println(resp) 813// } 814// 815// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy 816func (c *SecretsManager) GetResourcePolicyRequest(input *GetResourcePolicyInput) (req *request.Request, output *GetResourcePolicyOutput) { 817 op := &request.Operation{ 818 Name: opGetResourcePolicy, 819 HTTPMethod: "POST", 820 HTTPPath: "/", 821 } 822 823 if input == nil { 824 input = &GetResourcePolicyInput{} 825 } 826 827 output = &GetResourcePolicyOutput{} 828 req = c.newRequest(op, input, output) 829 return 830} 831 832// GetResourcePolicy API operation for AWS Secrets Manager. 833// 834// Retrieves the JSON text of the resource-based policy document that's attached 835// to the specified secret. The JSON request string input and response output 836// are shown formatted with white space and line breaks for better readability. 837// Submit your input as a single line JSON string. 838// 839// Minimum permissions 840// 841// To run this command, you must have the following permissions: 842// 843// * secretsmanager:GetResourcePolicy 844// 845// Related operations 846// 847// * To attach a resource policy to a secret, use PutResourcePolicy. 848// 849// * To delete the resource-based policy that's attached to a secret, use 850// DeleteResourcePolicy. 851// 852// * To list all of the currently available secrets, use ListSecrets. 853// 854// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 855// with awserr.Error's Code and Message methods to get detailed information about 856// the error. 857// 858// See the AWS API reference guide for AWS Secrets Manager's 859// API operation GetResourcePolicy for usage and error information. 860// 861// Returned Error Codes: 862// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 863// We can't find the resource that you asked for. 864// 865// * ErrCodeInternalServiceError "InternalServiceError" 866// An error occurred on the server side. 867// 868// * ErrCodeInvalidRequestException "InvalidRequestException" 869// You provided a parameter value that is not valid for the current state of 870// the resource. 871// 872// Possible causes: 873// 874// * You tried to perform the operation on a secret that's currently marked 875// deleted. 876// 877// * You tried to enable rotation on a secret that doesn't already have a 878// Lambda function ARN configured and you didn't include such an ARN as a 879// parameter in this call. 880// 881// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy 882func (c *SecretsManager) GetResourcePolicy(input *GetResourcePolicyInput) (*GetResourcePolicyOutput, error) { 883 req, out := c.GetResourcePolicyRequest(input) 884 return out, req.Send() 885} 886 887// GetResourcePolicyWithContext is the same as GetResourcePolicy with the addition of 888// the ability to pass a context and additional request options. 889// 890// See GetResourcePolicy for details on how to use this API operation. 891// 892// The context must be non-nil and will be used for request cancellation. If 893// the context is nil a panic will occur. In the future the SDK may create 894// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 895// for more information on using Contexts. 896func (c *SecretsManager) GetResourcePolicyWithContext(ctx aws.Context, input *GetResourcePolicyInput, opts ...request.Option) (*GetResourcePolicyOutput, error) { 897 req, out := c.GetResourcePolicyRequest(input) 898 req.SetContext(ctx) 899 req.ApplyOptions(opts...) 900 return out, req.Send() 901} 902 903const opGetSecretValue = "GetSecretValue" 904 905// GetSecretValueRequest generates a "aws/request.Request" representing the 906// client's request for the GetSecretValue operation. The "output" return 907// value will be populated with the request's response once the request completes 908// successfully. 909// 910// Use "Send" method on the returned Request to send the API call to the service. 911// the "output" return value is not valid until after Send returns without error. 912// 913// See GetSecretValue for more information on using the GetSecretValue 914// API call, and error handling. 915// 916// This method is useful when you want to inject custom logic or configuration 917// into the SDK's request lifecycle. Such as custom headers, or retry logic. 918// 919// 920// // Example sending a request using the GetSecretValueRequest method. 921// req, resp := client.GetSecretValueRequest(params) 922// 923// err := req.Send() 924// if err == nil { // resp is now filled 925// fmt.Println(resp) 926// } 927// 928// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue 929func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req *request.Request, output *GetSecretValueOutput) { 930 op := &request.Operation{ 931 Name: opGetSecretValue, 932 HTTPMethod: "POST", 933 HTTPPath: "/", 934 } 935 936 if input == nil { 937 input = &GetSecretValueInput{} 938 } 939 940 output = &GetSecretValueOutput{} 941 req = c.newRequest(op, input, output) 942 return 943} 944 945// GetSecretValue API operation for AWS Secrets Manager. 946// 947// Retrieves the contents of the encrypted fields SecretString or SecretBinary 948// from the specified version of a secret, whichever contains content. 949// 950// Minimum permissions 951// 952// To run this command, you must have the following permissions: 953// 954// * secretsmanager:GetSecretValue 955// 956// * kms:Decrypt - required only if you use a customer-managed AWS KMS key 957// to encrypt the secret. You do not need this permission to use the account's 958// default AWS managed CMK for Secrets Manager. 959// 960// Related operations 961// 962// * To create a new version of the secret with different encrypted information, 963// use PutSecretValue. 964// 965// * To retrieve the non-encrypted details for the secret, use DescribeSecret. 966// 967// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 968// with awserr.Error's Code and Message methods to get detailed information about 969// the error. 970// 971// See the AWS API reference guide for AWS Secrets Manager's 972// API operation GetSecretValue for usage and error information. 973// 974// Returned Error Codes: 975// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 976// We can't find the resource that you asked for. 977// 978// * ErrCodeInvalidParameterException "InvalidParameterException" 979// You provided an invalid value for a parameter. 980// 981// * ErrCodeInvalidRequestException "InvalidRequestException" 982// You provided a parameter value that is not valid for the current state of 983// the resource. 984// 985// Possible causes: 986// 987// * You tried to perform the operation on a secret that's currently marked 988// deleted. 989// 990// * You tried to enable rotation on a secret that doesn't already have a 991// Lambda function ARN configured and you didn't include such an ARN as a 992// parameter in this call. 993// 994// * ErrCodeDecryptionFailure "DecryptionFailure" 995// Secrets Manager can't decrypt the protected secret text using the provided 996// KMS key. 997// 998// * ErrCodeInternalServiceError "InternalServiceError" 999// An error occurred on the server side. 1000// 1001// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue 1002func (c *SecretsManager) GetSecretValue(input *GetSecretValueInput) (*GetSecretValueOutput, error) { 1003 req, out := c.GetSecretValueRequest(input) 1004 return out, req.Send() 1005} 1006 1007// GetSecretValueWithContext is the same as GetSecretValue with the addition of 1008// the ability to pass a context and additional request options. 1009// 1010// See GetSecretValue for details on how to use this API operation. 1011// 1012// The context must be non-nil and will be used for request cancellation. If 1013// the context is nil a panic will occur. In the future the SDK may create 1014// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1015// for more information on using Contexts. 1016func (c *SecretsManager) GetSecretValueWithContext(ctx aws.Context, input *GetSecretValueInput, opts ...request.Option) (*GetSecretValueOutput, error) { 1017 req, out := c.GetSecretValueRequest(input) 1018 req.SetContext(ctx) 1019 req.ApplyOptions(opts...) 1020 return out, req.Send() 1021} 1022 1023const opListSecretVersionIds = "ListSecretVersionIds" 1024 1025// ListSecretVersionIdsRequest generates a "aws/request.Request" representing the 1026// client's request for the ListSecretVersionIds operation. The "output" return 1027// value will be populated with the request's response once the request completes 1028// successfully. 1029// 1030// Use "Send" method on the returned Request to send the API call to the service. 1031// the "output" return value is not valid until after Send returns without error. 1032// 1033// See ListSecretVersionIds for more information on using the ListSecretVersionIds 1034// API call, and error handling. 1035// 1036// This method is useful when you want to inject custom logic or configuration 1037// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1038// 1039// 1040// // Example sending a request using the ListSecretVersionIdsRequest method. 1041// req, resp := client.ListSecretVersionIdsRequest(params) 1042// 1043// err := req.Send() 1044// if err == nil { // resp is now filled 1045// fmt.Println(resp) 1046// } 1047// 1048// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds 1049func (c *SecretsManager) ListSecretVersionIdsRequest(input *ListSecretVersionIdsInput) (req *request.Request, output *ListSecretVersionIdsOutput) { 1050 op := &request.Operation{ 1051 Name: opListSecretVersionIds, 1052 HTTPMethod: "POST", 1053 HTTPPath: "/", 1054 Paginator: &request.Paginator{ 1055 InputTokens: []string{"NextToken"}, 1056 OutputTokens: []string{"NextToken"}, 1057 LimitToken: "MaxResults", 1058 TruncationToken: "", 1059 }, 1060 } 1061 1062 if input == nil { 1063 input = &ListSecretVersionIdsInput{} 1064 } 1065 1066 output = &ListSecretVersionIdsOutput{} 1067 req = c.newRequest(op, input, output) 1068 return 1069} 1070 1071// ListSecretVersionIds API operation for AWS Secrets Manager. 1072// 1073// Lists all of the versions attached to the specified secret. The output does 1074// not include the SecretString or SecretBinary fields. By default, the list 1075// includes only versions that have at least one staging label in VersionStage 1076// attached. 1077// 1078// Always check the NextToken response parameter when calling any of the List* 1079// operations. These operations can occasionally return an empty or shorter 1080// than expected list of results even when there are more results available. 1081// When this happens, the NextToken response parameter contains a value to pass 1082// to the next call to the same API to request the next part of the list. 1083// 1084// Minimum permissions 1085// 1086// To run this command, you must have the following permissions: 1087// 1088// * secretsmanager:ListSecretVersionIds 1089// 1090// Related operations 1091// 1092// * To list the secrets in an account, use ListSecrets. 1093// 1094// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1095// with awserr.Error's Code and Message methods to get detailed information about 1096// the error. 1097// 1098// See the AWS API reference guide for AWS Secrets Manager's 1099// API operation ListSecretVersionIds for usage and error information. 1100// 1101// Returned Error Codes: 1102// * ErrCodeInvalidNextTokenException "InvalidNextTokenException" 1103// You provided an invalid NextToken value. 1104// 1105// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1106// We can't find the resource that you asked for. 1107// 1108// * ErrCodeInternalServiceError "InternalServiceError" 1109// An error occurred on the server side. 1110// 1111// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds 1112func (c *SecretsManager) ListSecretVersionIds(input *ListSecretVersionIdsInput) (*ListSecretVersionIdsOutput, error) { 1113 req, out := c.ListSecretVersionIdsRequest(input) 1114 return out, req.Send() 1115} 1116 1117// ListSecretVersionIdsWithContext is the same as ListSecretVersionIds with the addition of 1118// the ability to pass a context and additional request options. 1119// 1120// See ListSecretVersionIds for details on how to use this API operation. 1121// 1122// The context must be non-nil and will be used for request cancellation. If 1123// the context is nil a panic will occur. In the future the SDK may create 1124// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1125// for more information on using Contexts. 1126func (c *SecretsManager) ListSecretVersionIdsWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, opts ...request.Option) (*ListSecretVersionIdsOutput, error) { 1127 req, out := c.ListSecretVersionIdsRequest(input) 1128 req.SetContext(ctx) 1129 req.ApplyOptions(opts...) 1130 return out, req.Send() 1131} 1132 1133// ListSecretVersionIdsPages iterates over the pages of a ListSecretVersionIds operation, 1134// calling the "fn" function with the response data for each page. To stop 1135// iterating, return false from the fn function. 1136// 1137// See ListSecretVersionIds method for more information on how to use this operation. 1138// 1139// Note: This operation can generate multiple requests to a service. 1140// 1141// // Example iterating over at most 3 pages of a ListSecretVersionIds operation. 1142// pageNum := 0 1143// err := client.ListSecretVersionIdsPages(params, 1144// func(page *secretsmanager.ListSecretVersionIdsOutput, lastPage bool) bool { 1145// pageNum++ 1146// fmt.Println(page) 1147// return pageNum <= 3 1148// }) 1149// 1150func (c *SecretsManager) ListSecretVersionIdsPages(input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool) error { 1151 return c.ListSecretVersionIdsPagesWithContext(aws.BackgroundContext(), input, fn) 1152} 1153 1154// ListSecretVersionIdsPagesWithContext same as ListSecretVersionIdsPages except 1155// it takes a Context and allows setting request options on the pages. 1156// 1157// The context must be non-nil and will be used for request cancellation. If 1158// the context is nil a panic will occur. In the future the SDK may create 1159// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1160// for more information on using Contexts. 1161func (c *SecretsManager) ListSecretVersionIdsPagesWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool, opts ...request.Option) error { 1162 p := request.Pagination{ 1163 NewRequest: func() (*request.Request, error) { 1164 var inCpy *ListSecretVersionIdsInput 1165 if input != nil { 1166 tmp := *input 1167 inCpy = &tmp 1168 } 1169 req, _ := c.ListSecretVersionIdsRequest(inCpy) 1170 req.SetContext(ctx) 1171 req.ApplyOptions(opts...) 1172 return req, nil 1173 }, 1174 } 1175 1176 for p.Next() { 1177 if !fn(p.Page().(*ListSecretVersionIdsOutput), !p.HasNextPage()) { 1178 break 1179 } 1180 } 1181 1182 return p.Err() 1183} 1184 1185const opListSecrets = "ListSecrets" 1186 1187// ListSecretsRequest generates a "aws/request.Request" representing the 1188// client's request for the ListSecrets operation. The "output" return 1189// value will be populated with the request's response once the request completes 1190// successfully. 1191// 1192// Use "Send" method on the returned Request to send the API call to the service. 1193// the "output" return value is not valid until after Send returns without error. 1194// 1195// See ListSecrets for more information on using the ListSecrets 1196// API call, and error handling. 1197// 1198// This method is useful when you want to inject custom logic or configuration 1199// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1200// 1201// 1202// // Example sending a request using the ListSecretsRequest method. 1203// req, resp := client.ListSecretsRequest(params) 1204// 1205// err := req.Send() 1206// if err == nil { // resp is now filled 1207// fmt.Println(resp) 1208// } 1209// 1210// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets 1211func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) (req *request.Request, output *ListSecretsOutput) { 1212 op := &request.Operation{ 1213 Name: opListSecrets, 1214 HTTPMethod: "POST", 1215 HTTPPath: "/", 1216 Paginator: &request.Paginator{ 1217 InputTokens: []string{"NextToken"}, 1218 OutputTokens: []string{"NextToken"}, 1219 LimitToken: "MaxResults", 1220 TruncationToken: "", 1221 }, 1222 } 1223 1224 if input == nil { 1225 input = &ListSecretsInput{} 1226 } 1227 1228 output = &ListSecretsOutput{} 1229 req = c.newRequest(op, input, output) 1230 return 1231} 1232 1233// ListSecrets API operation for AWS Secrets Manager. 1234// 1235// Lists all of the secrets that are stored by Secrets Manager in the AWS account. 1236// To list the versions currently stored for a specific secret, use ListSecretVersionIds. 1237// The encrypted fields SecretString and SecretBinary are not included in the 1238// output. To get that information, call the GetSecretValue operation. 1239// 1240// Always check the NextToken response parameter when calling any of the List* 1241// operations. These operations can occasionally return an empty or shorter 1242// than expected list of results even when there are more results available. 1243// When this happens, the NextToken response parameter contains a value to pass 1244// to the next call to the same API to request the next part of the list. 1245// 1246// Minimum permissions 1247// 1248// To run this command, you must have the following permissions: 1249// 1250// * secretsmanager:ListSecrets 1251// 1252// Related operations 1253// 1254// * To list the versions attached to a secret, use ListSecretVersionIds. 1255// 1256// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1257// with awserr.Error's Code and Message methods to get detailed information about 1258// the error. 1259// 1260// See the AWS API reference guide for AWS Secrets Manager's 1261// API operation ListSecrets for usage and error information. 1262// 1263// Returned Error Codes: 1264// * ErrCodeInvalidParameterException "InvalidParameterException" 1265// You provided an invalid value for a parameter. 1266// 1267// * ErrCodeInvalidNextTokenException "InvalidNextTokenException" 1268// You provided an invalid NextToken value. 1269// 1270// * ErrCodeInternalServiceError "InternalServiceError" 1271// An error occurred on the server side. 1272// 1273// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets 1274func (c *SecretsManager) ListSecrets(input *ListSecretsInput) (*ListSecretsOutput, error) { 1275 req, out := c.ListSecretsRequest(input) 1276 return out, req.Send() 1277} 1278 1279// ListSecretsWithContext is the same as ListSecrets with the addition of 1280// the ability to pass a context and additional request options. 1281// 1282// See ListSecrets for details on how to use this API operation. 1283// 1284// The context must be non-nil and will be used for request cancellation. If 1285// the context is nil a panic will occur. In the future the SDK may create 1286// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1287// for more information on using Contexts. 1288func (c *SecretsManager) ListSecretsWithContext(ctx aws.Context, input *ListSecretsInput, opts ...request.Option) (*ListSecretsOutput, error) { 1289 req, out := c.ListSecretsRequest(input) 1290 req.SetContext(ctx) 1291 req.ApplyOptions(opts...) 1292 return out, req.Send() 1293} 1294 1295// ListSecretsPages iterates over the pages of a ListSecrets operation, 1296// calling the "fn" function with the response data for each page. To stop 1297// iterating, return false from the fn function. 1298// 1299// See ListSecrets method for more information on how to use this operation. 1300// 1301// Note: This operation can generate multiple requests to a service. 1302// 1303// // Example iterating over at most 3 pages of a ListSecrets operation. 1304// pageNum := 0 1305// err := client.ListSecretsPages(params, 1306// func(page *secretsmanager.ListSecretsOutput, lastPage bool) bool { 1307// pageNum++ 1308// fmt.Println(page) 1309// return pageNum <= 3 1310// }) 1311// 1312func (c *SecretsManager) ListSecretsPages(input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool) error { 1313 return c.ListSecretsPagesWithContext(aws.BackgroundContext(), input, fn) 1314} 1315 1316// ListSecretsPagesWithContext same as ListSecretsPages except 1317// it takes a Context and allows setting request options on the pages. 1318// 1319// The context must be non-nil and will be used for request cancellation. If 1320// the context is nil a panic will occur. In the future the SDK may create 1321// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1322// for more information on using Contexts. 1323func (c *SecretsManager) ListSecretsPagesWithContext(ctx aws.Context, input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool, opts ...request.Option) error { 1324 p := request.Pagination{ 1325 NewRequest: func() (*request.Request, error) { 1326 var inCpy *ListSecretsInput 1327 if input != nil { 1328 tmp := *input 1329 inCpy = &tmp 1330 } 1331 req, _ := c.ListSecretsRequest(inCpy) 1332 req.SetContext(ctx) 1333 req.ApplyOptions(opts...) 1334 return req, nil 1335 }, 1336 } 1337 1338 for p.Next() { 1339 if !fn(p.Page().(*ListSecretsOutput), !p.HasNextPage()) { 1340 break 1341 } 1342 } 1343 1344 return p.Err() 1345} 1346 1347const opPutResourcePolicy = "PutResourcePolicy" 1348 1349// PutResourcePolicyRequest generates a "aws/request.Request" representing the 1350// client's request for the PutResourcePolicy operation. The "output" return 1351// value will be populated with the request's response once the request completes 1352// successfully. 1353// 1354// Use "Send" method on the returned Request to send the API call to the service. 1355// the "output" return value is not valid until after Send returns without error. 1356// 1357// See PutResourcePolicy for more information on using the PutResourcePolicy 1358// API call, and error handling. 1359// 1360// This method is useful when you want to inject custom logic or configuration 1361// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1362// 1363// 1364// // Example sending a request using the PutResourcePolicyRequest method. 1365// req, resp := client.PutResourcePolicyRequest(params) 1366// 1367// err := req.Send() 1368// if err == nil { // resp is now filled 1369// fmt.Println(resp) 1370// } 1371// 1372// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy 1373func (c *SecretsManager) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) { 1374 op := &request.Operation{ 1375 Name: opPutResourcePolicy, 1376 HTTPMethod: "POST", 1377 HTTPPath: "/", 1378 } 1379 1380 if input == nil { 1381 input = &PutResourcePolicyInput{} 1382 } 1383 1384 output = &PutResourcePolicyOutput{} 1385 req = c.newRequest(op, input, output) 1386 return 1387} 1388 1389// PutResourcePolicy API operation for AWS Secrets Manager. 1390// 1391// Attaches the contents of the specified resource-based permission policy to 1392// a secret. A resource-based policy is optional. Alternatively, you can use 1393// IAM identity-based policies that specify the secret's Amazon Resource Name 1394// (ARN) in the policy statement's Resources element. You can also use a combination 1395// of both identity-based and resource-based policies. The affected users and 1396// roles receive the permissions that are permitted by all of the relevant policies. 1397// For more information, see Using Resource-Based Policies for AWS Secrets Manager 1398// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). 1399// For the complete description of the AWS policy syntax and grammar, see IAM 1400// JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) 1401// in the IAM User Guide. 1402// 1403// Minimum permissions 1404// 1405// To run this command, you must have the following permissions: 1406// 1407// * secretsmanager:PutResourcePolicy 1408// 1409// Related operations 1410// 1411// * To retrieve the resource policy that's attached to a secret, use GetResourcePolicy. 1412// 1413// * To delete the resource-based policy that's attached to a secret, use 1414// DeleteResourcePolicy. 1415// 1416// * To list all of the currently available secrets, use ListSecrets. 1417// 1418// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1419// with awserr.Error's Code and Message methods to get detailed information about 1420// the error. 1421// 1422// See the AWS API reference guide for AWS Secrets Manager's 1423// API operation PutResourcePolicy for usage and error information. 1424// 1425// Returned Error Codes: 1426// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 1427// The policy document that you provided isn't valid. 1428// 1429// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1430// We can't find the resource that you asked for. 1431// 1432// * ErrCodeInvalidParameterException "InvalidParameterException" 1433// You provided an invalid value for a parameter. 1434// 1435// * ErrCodeInternalServiceError "InternalServiceError" 1436// An error occurred on the server side. 1437// 1438// * ErrCodeInvalidRequestException "InvalidRequestException" 1439// You provided a parameter value that is not valid for the current state of 1440// the resource. 1441// 1442// Possible causes: 1443// 1444// * You tried to perform the operation on a secret that's currently marked 1445// deleted. 1446// 1447// * You tried to enable rotation on a secret that doesn't already have a 1448// Lambda function ARN configured and you didn't include such an ARN as a 1449// parameter in this call. 1450// 1451// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy 1452func (c *SecretsManager) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) { 1453 req, out := c.PutResourcePolicyRequest(input) 1454 return out, req.Send() 1455} 1456 1457// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of 1458// the ability to pass a context and additional request options. 1459// 1460// See PutResourcePolicy for details on how to use this API operation. 1461// 1462// The context must be non-nil and will be used for request cancellation. If 1463// the context is nil a panic will occur. In the future the SDK may create 1464// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1465// for more information on using Contexts. 1466func (c *SecretsManager) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) { 1467 req, out := c.PutResourcePolicyRequest(input) 1468 req.SetContext(ctx) 1469 req.ApplyOptions(opts...) 1470 return out, req.Send() 1471} 1472 1473const opPutSecretValue = "PutSecretValue" 1474 1475// PutSecretValueRequest generates a "aws/request.Request" representing the 1476// client's request for the PutSecretValue operation. The "output" return 1477// value will be populated with the request's response once the request completes 1478// successfully. 1479// 1480// Use "Send" method on the returned Request to send the API call to the service. 1481// the "output" return value is not valid until after Send returns without error. 1482// 1483// See PutSecretValue for more information on using the PutSecretValue 1484// API call, and error handling. 1485// 1486// This method is useful when you want to inject custom logic or configuration 1487// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1488// 1489// 1490// // Example sending a request using the PutSecretValueRequest method. 1491// req, resp := client.PutSecretValueRequest(params) 1492// 1493// err := req.Send() 1494// if err == nil { // resp is now filled 1495// fmt.Println(resp) 1496// } 1497// 1498// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue 1499func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req *request.Request, output *PutSecretValueOutput) { 1500 op := &request.Operation{ 1501 Name: opPutSecretValue, 1502 HTTPMethod: "POST", 1503 HTTPPath: "/", 1504 } 1505 1506 if input == nil { 1507 input = &PutSecretValueInput{} 1508 } 1509 1510 output = &PutSecretValueOutput{} 1511 req = c.newRequest(op, input, output) 1512 return 1513} 1514 1515// PutSecretValue API operation for AWS Secrets Manager. 1516// 1517// Stores a new encrypted secret value in the specified secret. To do this, 1518// the operation creates a new version and attaches it to the secret. The version 1519// can contain a new SecretString value or a new SecretBinary value. You can 1520// also specify the staging labels that are initially attached to the new version. 1521// 1522// The Secrets Manager console uses only the SecretString field. To add binary 1523// data to a secret with the SecretBinary field you must use the AWS CLI or 1524// one of the AWS SDKs. 1525// 1526// * If this operation creates the first version for the secret then Secrets 1527// Manager automatically attaches the staging label AWSCURRENT to the new 1528// version. 1529// 1530// * If another version of this secret already exists, then this operation 1531// does not automatically move any staging labels other than those that you 1532// explicitly specify in the VersionStages parameter. 1533// 1534// * If this operation moves the staging label AWSCURRENT from another version 1535// to this version (because you included it in the StagingLabels parameter) 1536// then Secrets Manager also automatically moves the staging label AWSPREVIOUS 1537// to the version that AWSCURRENT was removed from. 1538// 1539// * This operation is idempotent. If a version with a VersionId with the 1540// same value as the ClientRequestToken parameter already exists and you 1541// specify the same secret data, the operation succeeds but does nothing. 1542// However, if the secret data is different, then the operation fails because 1543// you cannot modify an existing version; you can only create new ones. 1544// 1545// * If you call an operation that needs to encrypt or decrypt the SecretString 1546// or SecretBinary for a secret in the same account as the calling user and 1547// that secret doesn't specify a AWS KMS encryption key, Secrets Manager 1548// uses the account's default AWS managed customer master key (CMK) with 1549// the alias aws/secretsmanager. If this key doesn't already exist in your 1550// account then Secrets Manager creates it for you automatically. All users 1551// and roles in the same AWS account automatically have access to use the 1552// default CMK. Note that if an Secrets Manager API call results in AWS having 1553// to create the account's AWS-managed CMK, it can result in a one-time significant 1554// delay in returning the result. 1555// 1556// * If the secret is in a different AWS account from the credentials calling 1557// an API that requires encryption or decryption of the secret value then 1558// you must create and use a custom AWS KMS CMK because you can't access 1559// the default CMK for the account using credentials from a different AWS 1560// account. Store the ARN of the CMK in the secret when you create the secret 1561// or when you update it by including it in the KMSKeyId. If you call an 1562// API that must encrypt or decrypt SecretString or SecretBinary using credentials 1563// from a different account then the AWS KMS key policy must grant cross-account 1564// access to that other account's user or role for both the kms:GenerateDataKey 1565// and kms:Decrypt operations. 1566// 1567// Minimum permissions 1568// 1569// To run this command, you must have the following permissions: 1570// 1571// * secretsmanager:PutSecretValue 1572// 1573// * kms:GenerateDataKey - needed only if you use a customer-managed AWS 1574// KMS key to encrypt the secret. You do not need this permission to use 1575// the account's default AWS managed CMK for Secrets Manager. 1576// 1577// Related operations 1578// 1579// * To retrieve the encrypted value you store in the version of a secret, 1580// use GetSecretValue. 1581// 1582// * To create a secret, use CreateSecret. 1583// 1584// * To get the details for a secret, use DescribeSecret. 1585// 1586// * To list the versions attached to a secret, use ListSecretVersionIds. 1587// 1588// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1589// with awserr.Error's Code and Message methods to get detailed information about 1590// the error. 1591// 1592// See the AWS API reference guide for AWS Secrets Manager's 1593// API operation PutSecretValue for usage and error information. 1594// 1595// Returned Error Codes: 1596// * ErrCodeInvalidParameterException "InvalidParameterException" 1597// You provided an invalid value for a parameter. 1598// 1599// * ErrCodeInvalidRequestException "InvalidRequestException" 1600// You provided a parameter value that is not valid for the current state of 1601// the resource. 1602// 1603// Possible causes: 1604// 1605// * You tried to perform the operation on a secret that's currently marked 1606// deleted. 1607// 1608// * You tried to enable rotation on a secret that doesn't already have a 1609// Lambda function ARN configured and you didn't include such an ARN as a 1610// parameter in this call. 1611// 1612// * ErrCodeLimitExceededException "LimitExceededException" 1613// The request failed because it would exceed one of the Secrets Manager internal 1614// limits. 1615// 1616// * ErrCodeEncryptionFailure "EncryptionFailure" 1617// Secrets Manager can't encrypt the protected secret text using the provided 1618// KMS key. Check that the customer master key (CMK) is available, enabled, 1619// and not in an invalid state. For more information, see How Key State Affects 1620// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 1621// 1622// * ErrCodeResourceExistsException "ResourceExistsException" 1623// A resource with the ID you requested already exists. 1624// 1625// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1626// We can't find the resource that you asked for. 1627// 1628// * ErrCodeInternalServiceError "InternalServiceError" 1629// An error occurred on the server side. 1630// 1631// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue 1632func (c *SecretsManager) PutSecretValue(input *PutSecretValueInput) (*PutSecretValueOutput, error) { 1633 req, out := c.PutSecretValueRequest(input) 1634 return out, req.Send() 1635} 1636 1637// PutSecretValueWithContext is the same as PutSecretValue with the addition of 1638// the ability to pass a context and additional request options. 1639// 1640// See PutSecretValue for details on how to use this API operation. 1641// 1642// The context must be non-nil and will be used for request cancellation. If 1643// the context is nil a panic will occur. In the future the SDK may create 1644// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1645// for more information on using Contexts. 1646func (c *SecretsManager) PutSecretValueWithContext(ctx aws.Context, input *PutSecretValueInput, opts ...request.Option) (*PutSecretValueOutput, error) { 1647 req, out := c.PutSecretValueRequest(input) 1648 req.SetContext(ctx) 1649 req.ApplyOptions(opts...) 1650 return out, req.Send() 1651} 1652 1653const opRestoreSecret = "RestoreSecret" 1654 1655// RestoreSecretRequest generates a "aws/request.Request" representing the 1656// client's request for the RestoreSecret operation. The "output" return 1657// value will be populated with the request's response once the request completes 1658// successfully. 1659// 1660// Use "Send" method on the returned Request to send the API call to the service. 1661// the "output" return value is not valid until after Send returns without error. 1662// 1663// See RestoreSecret for more information on using the RestoreSecret 1664// API call, and error handling. 1665// 1666// This method is useful when you want to inject custom logic or configuration 1667// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1668// 1669// 1670// // Example sending a request using the RestoreSecretRequest method. 1671// req, resp := client.RestoreSecretRequest(params) 1672// 1673// err := req.Send() 1674// if err == nil { // resp is now filled 1675// fmt.Println(resp) 1676// } 1677// 1678// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret 1679func (c *SecretsManager) RestoreSecretRequest(input *RestoreSecretInput) (req *request.Request, output *RestoreSecretOutput) { 1680 op := &request.Operation{ 1681 Name: opRestoreSecret, 1682 HTTPMethod: "POST", 1683 HTTPPath: "/", 1684 } 1685 1686 if input == nil { 1687 input = &RestoreSecretInput{} 1688 } 1689 1690 output = &RestoreSecretOutput{} 1691 req = c.newRequest(op, input, output) 1692 return 1693} 1694 1695// RestoreSecret API operation for AWS Secrets Manager. 1696// 1697// Cancels the scheduled deletion of a secret by removing the DeletedDate time 1698// stamp. This makes the secret accessible to query once again. 1699// 1700// Minimum permissions 1701// 1702// To run this command, you must have the following permissions: 1703// 1704// * secretsmanager:RestoreSecret 1705// 1706// Related operations 1707// 1708// * To delete a secret, use DeleteSecret. 1709// 1710// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1711// with awserr.Error's Code and Message methods to get detailed information about 1712// the error. 1713// 1714// See the AWS API reference guide for AWS Secrets Manager's 1715// API operation RestoreSecret for usage and error information. 1716// 1717// Returned Error Codes: 1718// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1719// We can't find the resource that you asked for. 1720// 1721// * ErrCodeInvalidParameterException "InvalidParameterException" 1722// You provided an invalid value for a parameter. 1723// 1724// * ErrCodeInvalidRequestException "InvalidRequestException" 1725// You provided a parameter value that is not valid for the current state of 1726// the resource. 1727// 1728// Possible causes: 1729// 1730// * You tried to perform the operation on a secret that's currently marked 1731// deleted. 1732// 1733// * You tried to enable rotation on a secret that doesn't already have a 1734// Lambda function ARN configured and you didn't include such an ARN as a 1735// parameter in this call. 1736// 1737// * ErrCodeInternalServiceError "InternalServiceError" 1738// An error occurred on the server side. 1739// 1740// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret 1741func (c *SecretsManager) RestoreSecret(input *RestoreSecretInput) (*RestoreSecretOutput, error) { 1742 req, out := c.RestoreSecretRequest(input) 1743 return out, req.Send() 1744} 1745 1746// RestoreSecretWithContext is the same as RestoreSecret with the addition of 1747// the ability to pass a context and additional request options. 1748// 1749// See RestoreSecret for details on how to use this API operation. 1750// 1751// The context must be non-nil and will be used for request cancellation. If 1752// the context is nil a panic will occur. In the future the SDK may create 1753// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1754// for more information on using Contexts. 1755func (c *SecretsManager) RestoreSecretWithContext(ctx aws.Context, input *RestoreSecretInput, opts ...request.Option) (*RestoreSecretOutput, error) { 1756 req, out := c.RestoreSecretRequest(input) 1757 req.SetContext(ctx) 1758 req.ApplyOptions(opts...) 1759 return out, req.Send() 1760} 1761 1762const opRotateSecret = "RotateSecret" 1763 1764// RotateSecretRequest generates a "aws/request.Request" representing the 1765// client's request for the RotateSecret operation. The "output" return 1766// value will be populated with the request's response once the request completes 1767// successfully. 1768// 1769// Use "Send" method on the returned Request to send the API call to the service. 1770// the "output" return value is not valid until after Send returns without error. 1771// 1772// See RotateSecret for more information on using the RotateSecret 1773// API call, and error handling. 1774// 1775// This method is useful when you want to inject custom logic or configuration 1776// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1777// 1778// 1779// // Example sending a request using the RotateSecretRequest method. 1780// req, resp := client.RotateSecretRequest(params) 1781// 1782// err := req.Send() 1783// if err == nil { // resp is now filled 1784// fmt.Println(resp) 1785// } 1786// 1787// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret 1788func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) (req *request.Request, output *RotateSecretOutput) { 1789 op := &request.Operation{ 1790 Name: opRotateSecret, 1791 HTTPMethod: "POST", 1792 HTTPPath: "/", 1793 } 1794 1795 if input == nil { 1796 input = &RotateSecretInput{} 1797 } 1798 1799 output = &RotateSecretOutput{} 1800 req = c.newRequest(op, input, output) 1801 return 1802} 1803 1804// RotateSecret API operation for AWS Secrets Manager. 1805// 1806// Configures and starts the asynchronous process of rotating this secret. If 1807// you include the configuration parameters, the operation sets those values 1808// for the secret and then immediately starts a rotation. If you do not include 1809// the configuration parameters, the operation starts a rotation with the values 1810// already stored in the secret. After the rotation completes, the protected 1811// service and its clients all use the new version of the secret. 1812// 1813// This required configuration information includes the ARN of an AWS Lambda 1814// function and the time between scheduled rotations. The Lambda rotation function 1815// creates a new version of the secret and creates or updates the credentials 1816// on the protected service to match. After testing the new credentials, the 1817// function marks the new secret with the staging label AWSCURRENT so that your 1818// clients all immediately begin to use the new version. For more information 1819// about rotating secrets and how to configure a Lambda function to rotate the 1820// secrets for your protected service, see Rotating Secrets in AWS Secrets Manager 1821// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) 1822// in the AWS Secrets Manager User Guide. 1823// 1824// Secrets Manager schedules the next rotation when the previous one is complete. 1825// Secrets Manager schedules the date by adding the rotation interval (number 1826// of days) to the actual date of the last rotation. The service chooses the 1827// hour within that 24-hour date window randomly. The minute is also chosen 1828// somewhat randomly, but weighted towards the top of the hour and influenced 1829// by a variety of factors that help distribute load. 1830// 1831// The rotation function must end with the versions of the secret in one of 1832// two states: 1833// 1834// * The AWSPENDING and AWSCURRENT staging labels are attached to the same 1835// version of the secret, or 1836// 1837// * The AWSPENDING staging label is not attached to any version of the secret. 1838// 1839// If instead the AWSPENDING staging label is present but is not attached to 1840// the same version as AWSCURRENT then any later invocation of RotateSecret 1841// assumes that a previous rotation request is still in progress and returns 1842// an error. 1843// 1844// Minimum permissions 1845// 1846// To run this command, you must have the following permissions: 1847// 1848// * secretsmanager:RotateSecret 1849// 1850// * lambda:InvokeFunction (on the function specified in the secret's metadata) 1851// 1852// Related operations 1853// 1854// * To list the secrets in your account, use ListSecrets. 1855// 1856// * To get the details for a version of a secret, use DescribeSecret. 1857// 1858// * To create a new version of a secret, use CreateSecret. 1859// 1860// * To attach staging labels to or remove staging labels from a version 1861// of a secret, use UpdateSecretVersionStage. 1862// 1863// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1864// with awserr.Error's Code and Message methods to get detailed information about 1865// the error. 1866// 1867// See the AWS API reference guide for AWS Secrets Manager's 1868// API operation RotateSecret for usage and error information. 1869// 1870// Returned Error Codes: 1871// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1872// We can't find the resource that you asked for. 1873// 1874// * ErrCodeInvalidParameterException "InvalidParameterException" 1875// You provided an invalid value for a parameter. 1876// 1877// * ErrCodeInternalServiceError "InternalServiceError" 1878// An error occurred on the server side. 1879// 1880// * ErrCodeInvalidRequestException "InvalidRequestException" 1881// You provided a parameter value that is not valid for the current state of 1882// the resource. 1883// 1884// Possible causes: 1885// 1886// * You tried to perform the operation on a secret that's currently marked 1887// deleted. 1888// 1889// * You tried to enable rotation on a secret that doesn't already have a 1890// Lambda function ARN configured and you didn't include such an ARN as a 1891// parameter in this call. 1892// 1893// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret 1894func (c *SecretsManager) RotateSecret(input *RotateSecretInput) (*RotateSecretOutput, error) { 1895 req, out := c.RotateSecretRequest(input) 1896 return out, req.Send() 1897} 1898 1899// RotateSecretWithContext is the same as RotateSecret with the addition of 1900// the ability to pass a context and additional request options. 1901// 1902// See RotateSecret for details on how to use this API operation. 1903// 1904// The context must be non-nil and will be used for request cancellation. If 1905// the context is nil a panic will occur. In the future the SDK may create 1906// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1907// for more information on using Contexts. 1908func (c *SecretsManager) RotateSecretWithContext(ctx aws.Context, input *RotateSecretInput, opts ...request.Option) (*RotateSecretOutput, error) { 1909 req, out := c.RotateSecretRequest(input) 1910 req.SetContext(ctx) 1911 req.ApplyOptions(opts...) 1912 return out, req.Send() 1913} 1914 1915const opTagResource = "TagResource" 1916 1917// TagResourceRequest generates a "aws/request.Request" representing the 1918// client's request for the TagResource operation. The "output" return 1919// value will be populated with the request's response once the request completes 1920// successfully. 1921// 1922// Use "Send" method on the returned Request to send the API call to the service. 1923// the "output" return value is not valid until after Send returns without error. 1924// 1925// See TagResource for more information on using the TagResource 1926// API call, and error handling. 1927// 1928// This method is useful when you want to inject custom logic or configuration 1929// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1930// 1931// 1932// // Example sending a request using the TagResourceRequest method. 1933// req, resp := client.TagResourceRequest(params) 1934// 1935// err := req.Send() 1936// if err == nil { // resp is now filled 1937// fmt.Println(resp) 1938// } 1939// 1940// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource 1941func (c *SecretsManager) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { 1942 op := &request.Operation{ 1943 Name: opTagResource, 1944 HTTPMethod: "POST", 1945 HTTPPath: "/", 1946 } 1947 1948 if input == nil { 1949 input = &TagResourceInput{} 1950 } 1951 1952 output = &TagResourceOutput{} 1953 req = c.newRequest(op, input, output) 1954 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1955 return 1956} 1957 1958// TagResource API operation for AWS Secrets Manager. 1959// 1960// Attaches one or more tags, each consisting of a key name and a value, to 1961// the specified secret. Tags are part of the secret's overall metadata, and 1962// are not associated with any specific version of the secret. This operation 1963// only appends tags to the existing list of tags. To remove tags, you must 1964// use UntagResource. 1965// 1966// The following basic restrictions apply to tags: 1967// 1968// * Maximum number of tags per secret—50 1969// 1970// * Maximum key length—127 Unicode characters in UTF-8 1971// 1972// * Maximum value length—255 Unicode characters in UTF-8 1973// 1974// * Tag keys and values are case sensitive. 1975// 1976// * Do not use the aws: prefix in your tag names or values because it is 1977// reserved for AWS use. You can't edit or delete tag names or values with 1978// this prefix. Tags with this prefix do not count against your tags per 1979// secret limit. 1980// 1981// * If your tagging schema will be used across multiple services and resources, 1982// remember that other services might have restrictions on allowed characters. 1983// Generally allowed characters are: letters, spaces, and numbers representable 1984// in UTF-8, plus the following special characters: + - = . _ : / @. 1985// 1986// If you use tags as part of your security strategy, then adding or removing 1987// a tag can change permissions. If successfully completing this operation would 1988// result in you losing your permissions for this secret, then the operation 1989// is blocked and returns an Access Denied error. 1990// 1991// Minimum permissions 1992// 1993// To run this command, you must have the following permissions: 1994// 1995// * secretsmanager:TagResource 1996// 1997// Related operations 1998// 1999// * To remove one or more tags from the collection attached to a secret, 2000// use UntagResource. 2001// 2002// * To view the list of tags attached to a secret, use DescribeSecret. 2003// 2004// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2005// with awserr.Error's Code and Message methods to get detailed information about 2006// the error. 2007// 2008// See the AWS API reference guide for AWS Secrets Manager's 2009// API operation TagResource for usage and error information. 2010// 2011// Returned Error Codes: 2012// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 2013// We can't find the resource that you asked for. 2014// 2015// * ErrCodeInvalidRequestException "InvalidRequestException" 2016// You provided a parameter value that is not valid for the current state of 2017// the resource. 2018// 2019// Possible causes: 2020// 2021// * You tried to perform the operation on a secret that's currently marked 2022// deleted. 2023// 2024// * You tried to enable rotation on a secret that doesn't already have a 2025// Lambda function ARN configured and you didn't include such an ARN as a 2026// parameter in this call. 2027// 2028// * ErrCodeInvalidParameterException "InvalidParameterException" 2029// You provided an invalid value for a parameter. 2030// 2031// * ErrCodeInternalServiceError "InternalServiceError" 2032// An error occurred on the server side. 2033// 2034// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource 2035func (c *SecretsManager) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { 2036 req, out := c.TagResourceRequest(input) 2037 return out, req.Send() 2038} 2039 2040// TagResourceWithContext is the same as TagResource with the addition of 2041// the ability to pass a context and additional request options. 2042// 2043// See TagResource for details on how to use this API operation. 2044// 2045// The context must be non-nil and will be used for request cancellation. If 2046// the context is nil a panic will occur. In the future the SDK may create 2047// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2048// for more information on using Contexts. 2049func (c *SecretsManager) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { 2050 req, out := c.TagResourceRequest(input) 2051 req.SetContext(ctx) 2052 req.ApplyOptions(opts...) 2053 return out, req.Send() 2054} 2055 2056const opUntagResource = "UntagResource" 2057 2058// UntagResourceRequest generates a "aws/request.Request" representing the 2059// client's request for the UntagResource operation. The "output" return 2060// value will be populated with the request's response once the request completes 2061// successfully. 2062// 2063// Use "Send" method on the returned Request to send the API call to the service. 2064// the "output" return value is not valid until after Send returns without error. 2065// 2066// See UntagResource for more information on using the UntagResource 2067// API call, and error handling. 2068// 2069// This method is useful when you want to inject custom logic or configuration 2070// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2071// 2072// 2073// // Example sending a request using the UntagResourceRequest method. 2074// req, resp := client.UntagResourceRequest(params) 2075// 2076// err := req.Send() 2077// if err == nil { // resp is now filled 2078// fmt.Println(resp) 2079// } 2080// 2081// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource 2082func (c *SecretsManager) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { 2083 op := &request.Operation{ 2084 Name: opUntagResource, 2085 HTTPMethod: "POST", 2086 HTTPPath: "/", 2087 } 2088 2089 if input == nil { 2090 input = &UntagResourceInput{} 2091 } 2092 2093 output = &UntagResourceOutput{} 2094 req = c.newRequest(op, input, output) 2095 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2096 return 2097} 2098 2099// UntagResource API operation for AWS Secrets Manager. 2100// 2101// Removes one or more tags from the specified secret. 2102// 2103// This operation is idempotent. If a requested tag is not attached to the secret, 2104// no error is returned and the secret metadata is unchanged. 2105// 2106// If you use tags as part of your security strategy, then removing a tag can 2107// change permissions. If successfully completing this operation would result 2108// in you losing your permissions for this secret, then the operation is blocked 2109// and returns an Access Denied error. 2110// 2111// Minimum permissions 2112// 2113// To run this command, you must have the following permissions: 2114// 2115// * secretsmanager:UntagResource 2116// 2117// Related operations 2118// 2119// * To add one or more tags to the collection attached to a secret, use 2120// TagResource. 2121// 2122// * To view the list of tags attached to a secret, use DescribeSecret. 2123// 2124// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2125// with awserr.Error's Code and Message methods to get detailed information about 2126// the error. 2127// 2128// See the AWS API reference guide for AWS Secrets Manager's 2129// API operation UntagResource for usage and error information. 2130// 2131// Returned Error Codes: 2132// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 2133// We can't find the resource that you asked for. 2134// 2135// * ErrCodeInvalidRequestException "InvalidRequestException" 2136// You provided a parameter value that is not valid for the current state of 2137// the resource. 2138// 2139// Possible causes: 2140// 2141// * You tried to perform the operation on a secret that's currently marked 2142// deleted. 2143// 2144// * You tried to enable rotation on a secret that doesn't already have a 2145// Lambda function ARN configured and you didn't include such an ARN as a 2146// parameter in this call. 2147// 2148// * ErrCodeInvalidParameterException "InvalidParameterException" 2149// You provided an invalid value for a parameter. 2150// 2151// * ErrCodeInternalServiceError "InternalServiceError" 2152// An error occurred on the server side. 2153// 2154// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource 2155func (c *SecretsManager) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { 2156 req, out := c.UntagResourceRequest(input) 2157 return out, req.Send() 2158} 2159 2160// UntagResourceWithContext is the same as UntagResource with the addition of 2161// the ability to pass a context and additional request options. 2162// 2163// See UntagResource for details on how to use this API operation. 2164// 2165// The context must be non-nil and will be used for request cancellation. If 2166// the context is nil a panic will occur. In the future the SDK may create 2167// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2168// for more information on using Contexts. 2169func (c *SecretsManager) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { 2170 req, out := c.UntagResourceRequest(input) 2171 req.SetContext(ctx) 2172 req.ApplyOptions(opts...) 2173 return out, req.Send() 2174} 2175 2176const opUpdateSecret = "UpdateSecret" 2177 2178// UpdateSecretRequest generates a "aws/request.Request" representing the 2179// client's request for the UpdateSecret operation. The "output" return 2180// value will be populated with the request's response once the request completes 2181// successfully. 2182// 2183// Use "Send" method on the returned Request to send the API call to the service. 2184// the "output" return value is not valid until after Send returns without error. 2185// 2186// See UpdateSecret for more information on using the UpdateSecret 2187// API call, and error handling. 2188// 2189// This method is useful when you want to inject custom logic or configuration 2190// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2191// 2192// 2193// // Example sending a request using the UpdateSecretRequest method. 2194// req, resp := client.UpdateSecretRequest(params) 2195// 2196// err := req.Send() 2197// if err == nil { // resp is now filled 2198// fmt.Println(resp) 2199// } 2200// 2201// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret 2202func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *request.Request, output *UpdateSecretOutput) { 2203 op := &request.Operation{ 2204 Name: opUpdateSecret, 2205 HTTPMethod: "POST", 2206 HTTPPath: "/", 2207 } 2208 2209 if input == nil { 2210 input = &UpdateSecretInput{} 2211 } 2212 2213 output = &UpdateSecretOutput{} 2214 req = c.newRequest(op, input, output) 2215 return 2216} 2217 2218// UpdateSecret API operation for AWS Secrets Manager. 2219// 2220// Modifies many of the details of the specified secret. If you include a ClientRequestToken 2221// and either SecretString or SecretBinary then it also creates a new version 2222// attached to the secret. 2223// 2224// To modify the rotation configuration of a secret, use RotateSecret instead. 2225// 2226// The Secrets Manager console uses only the SecretString parameter and therefore 2227// limits you to encrypting and storing only a text string. To encrypt and store 2228// binary data as part of the version of a secret, you must use either the AWS 2229// CLI or one of the AWS SDKs. 2230// 2231// * If a version with a VersionId with the same value as the ClientRequestToken 2232// parameter already exists, the operation results in an error. You cannot 2233// modify an existing version, you can only create a new version. 2234// 2235// * If you include SecretString or SecretBinary to create a new secret version, 2236// Secrets Manager automatically attaches the staging label AWSCURRENT to 2237// the new version. 2238// 2239// * If you call an operation that needs to encrypt or decrypt the SecretString 2240// or SecretBinary for a secret in the same account as the calling user and 2241// that secret doesn't specify a AWS KMS encryption key, Secrets Manager 2242// uses the account's default AWS managed customer master key (CMK) with 2243// the alias aws/secretsmanager. If this key doesn't already exist in your 2244// account then Secrets Manager creates it for you automatically. All users 2245// and roles in the same AWS account automatically have access to use the 2246// default CMK. Note that if an Secrets Manager API call results in AWS having 2247// to create the account's AWS-managed CMK, it can result in a one-time significant 2248// delay in returning the result. 2249// 2250// * If the secret is in a different AWS account from the credentials calling 2251// an API that requires encryption or decryption of the secret value then 2252// you must create and use a custom AWS KMS CMK because you can't access 2253// the default CMK for the account using credentials from a different AWS 2254// account. Store the ARN of the CMK in the secret when you create the secret 2255// or when you update it by including it in the KMSKeyId. If you call an 2256// API that must encrypt or decrypt SecretString or SecretBinary using credentials 2257// from a different account then the AWS KMS key policy must grant cross-account 2258// access to that other account's user or role for both the kms:GenerateDataKey 2259// and kms:Decrypt operations. 2260// 2261// Minimum permissions 2262// 2263// To run this command, you must have the following permissions: 2264// 2265// * secretsmanager:UpdateSecret 2266// 2267// * kms:GenerateDataKey - needed only if you use a custom AWS KMS key to 2268// encrypt the secret. You do not need this permission to use the account's 2269// AWS managed CMK for Secrets Manager. 2270// 2271// * kms:Decrypt - needed only if you use a custom AWS KMS key to encrypt 2272// the secret. You do not need this permission to use the account's AWS managed 2273// CMK for Secrets Manager. 2274// 2275// Related operations 2276// 2277// * To create a new secret, use CreateSecret. 2278// 2279// * To add only a new version to an existing secret, use PutSecretValue. 2280// 2281// * To get the details for a secret, use DescribeSecret. 2282// 2283// * To list the versions contained in a secret, use ListSecretVersionIds. 2284// 2285// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2286// with awserr.Error's Code and Message methods to get detailed information about 2287// the error. 2288// 2289// See the AWS API reference guide for AWS Secrets Manager's 2290// API operation UpdateSecret for usage and error information. 2291// 2292// Returned Error Codes: 2293// * ErrCodeInvalidParameterException "InvalidParameterException" 2294// You provided an invalid value for a parameter. 2295// 2296// * ErrCodeInvalidRequestException "InvalidRequestException" 2297// You provided a parameter value that is not valid for the current state of 2298// the resource. 2299// 2300// Possible causes: 2301// 2302// * You tried to perform the operation on a secret that's currently marked 2303// deleted. 2304// 2305// * You tried to enable rotation on a secret that doesn't already have a 2306// Lambda function ARN configured and you didn't include such an ARN as a 2307// parameter in this call. 2308// 2309// * ErrCodeLimitExceededException "LimitExceededException" 2310// The request failed because it would exceed one of the Secrets Manager internal 2311// limits. 2312// 2313// * ErrCodeEncryptionFailure "EncryptionFailure" 2314// Secrets Manager can't encrypt the protected secret text using the provided 2315// KMS key. Check that the customer master key (CMK) is available, enabled, 2316// and not in an invalid state. For more information, see How Key State Affects 2317// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 2318// 2319// * ErrCodeResourceExistsException "ResourceExistsException" 2320// A resource with the ID you requested already exists. 2321// 2322// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 2323// We can't find the resource that you asked for. 2324// 2325// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 2326// The policy document that you provided isn't valid. 2327// 2328// * ErrCodeInternalServiceError "InternalServiceError" 2329// An error occurred on the server side. 2330// 2331// * ErrCodePreconditionNotMetException "PreconditionNotMetException" 2332// The request failed because you did not complete all the prerequisite steps. 2333// 2334// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret 2335func (c *SecretsManager) UpdateSecret(input *UpdateSecretInput) (*UpdateSecretOutput, error) { 2336 req, out := c.UpdateSecretRequest(input) 2337 return out, req.Send() 2338} 2339 2340// UpdateSecretWithContext is the same as UpdateSecret with the addition of 2341// the ability to pass a context and additional request options. 2342// 2343// See UpdateSecret for details on how to use this API operation. 2344// 2345// The context must be non-nil and will be used for request cancellation. If 2346// the context is nil a panic will occur. In the future the SDK may create 2347// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2348// for more information on using Contexts. 2349func (c *SecretsManager) UpdateSecretWithContext(ctx aws.Context, input *UpdateSecretInput, opts ...request.Option) (*UpdateSecretOutput, error) { 2350 req, out := c.UpdateSecretRequest(input) 2351 req.SetContext(ctx) 2352 req.ApplyOptions(opts...) 2353 return out, req.Send() 2354} 2355 2356const opUpdateSecretVersionStage = "UpdateSecretVersionStage" 2357 2358// UpdateSecretVersionStageRequest generates a "aws/request.Request" representing the 2359// client's request for the UpdateSecretVersionStage operation. The "output" return 2360// value will be populated with the request's response once the request completes 2361// successfully. 2362// 2363// Use "Send" method on the returned Request to send the API call to the service. 2364// the "output" return value is not valid until after Send returns without error. 2365// 2366// See UpdateSecretVersionStage for more information on using the UpdateSecretVersionStage 2367// API call, and error handling. 2368// 2369// This method is useful when you want to inject custom logic or configuration 2370// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2371// 2372// 2373// // Example sending a request using the UpdateSecretVersionStageRequest method. 2374// req, resp := client.UpdateSecretVersionStageRequest(params) 2375// 2376// err := req.Send() 2377// if err == nil { // resp is now filled 2378// fmt.Println(resp) 2379// } 2380// 2381// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage 2382func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVersionStageInput) (req *request.Request, output *UpdateSecretVersionStageOutput) { 2383 op := &request.Operation{ 2384 Name: opUpdateSecretVersionStage, 2385 HTTPMethod: "POST", 2386 HTTPPath: "/", 2387 } 2388 2389 if input == nil { 2390 input = &UpdateSecretVersionStageInput{} 2391 } 2392 2393 output = &UpdateSecretVersionStageOutput{} 2394 req = c.newRequest(op, input, output) 2395 return 2396} 2397 2398// UpdateSecretVersionStage API operation for AWS Secrets Manager. 2399// 2400// Modifies the staging labels attached to a version of a secret. Staging labels 2401// are used to track a version as it progresses through the secret rotation 2402// process. You can attach a staging label to only one version of a secret at 2403// a time. If a staging label to be added is already attached to another version, 2404// then it is moved--removed from the other version first and then attached 2405// to this one. For more information about staging labels, see Staging Labels 2406// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label) 2407// in the AWS Secrets Manager User Guide. 2408// 2409// The staging labels that you specify in the VersionStage parameter are added 2410// to the existing list of staging labels--they don't replace it. 2411// 2412// You can move the AWSCURRENT staging label to this version by including it 2413// in this call. 2414// 2415// Whenever you move AWSCURRENT, Secrets Manager automatically moves the label 2416// AWSPREVIOUS to the version that AWSCURRENT was removed from. 2417// 2418// If this action results in the last label being removed from a version, then 2419// the version is considered to be 'deprecated' and can be deleted by Secrets 2420// Manager. 2421// 2422// Minimum permissions 2423// 2424// To run this command, you must have the following permissions: 2425// 2426// * secretsmanager:UpdateSecretVersionStage 2427// 2428// Related operations 2429// 2430// * To get the list of staging labels that are currently associated with 2431// a version of a secret, use DescribeSecret and examine the SecretVersionsToStages 2432// response value. 2433// 2434// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2435// with awserr.Error's Code and Message methods to get detailed information about 2436// the error. 2437// 2438// See the AWS API reference guide for AWS Secrets Manager's 2439// API operation UpdateSecretVersionStage for usage and error information. 2440// 2441// Returned Error Codes: 2442// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 2443// We can't find the resource that you asked for. 2444// 2445// * ErrCodeInvalidParameterException "InvalidParameterException" 2446// You provided an invalid value for a parameter. 2447// 2448// * ErrCodeInvalidRequestException "InvalidRequestException" 2449// You provided a parameter value that is not valid for the current state of 2450// the resource. 2451// 2452// Possible causes: 2453// 2454// * You tried to perform the operation on a secret that's currently marked 2455// deleted. 2456// 2457// * You tried to enable rotation on a secret that doesn't already have a 2458// Lambda function ARN configured and you didn't include such an ARN as a 2459// parameter in this call. 2460// 2461// * ErrCodeLimitExceededException "LimitExceededException" 2462// The request failed because it would exceed one of the Secrets Manager internal 2463// limits. 2464// 2465// * ErrCodeInternalServiceError "InternalServiceError" 2466// An error occurred on the server side. 2467// 2468// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage 2469func (c *SecretsManager) UpdateSecretVersionStage(input *UpdateSecretVersionStageInput) (*UpdateSecretVersionStageOutput, error) { 2470 req, out := c.UpdateSecretVersionStageRequest(input) 2471 return out, req.Send() 2472} 2473 2474// UpdateSecretVersionStageWithContext is the same as UpdateSecretVersionStage with the addition of 2475// the ability to pass a context and additional request options. 2476// 2477// See UpdateSecretVersionStage for details on how to use this API operation. 2478// 2479// The context must be non-nil and will be used for request cancellation. If 2480// the context is nil a panic will occur. In the future the SDK may create 2481// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2482// for more information on using Contexts. 2483func (c *SecretsManager) UpdateSecretVersionStageWithContext(ctx aws.Context, input *UpdateSecretVersionStageInput, opts ...request.Option) (*UpdateSecretVersionStageOutput, error) { 2484 req, out := c.UpdateSecretVersionStageRequest(input) 2485 req.SetContext(ctx) 2486 req.ApplyOptions(opts...) 2487 return out, req.Send() 2488} 2489 2490type CancelRotateSecretInput struct { 2491 _ struct{} `type:"structure"` 2492 2493 // Specifies the secret for which you want to cancel a rotation request. You 2494 // can specify either the Amazon Resource Name (ARN) or the friendly name of 2495 // the secret. 2496 // 2497 // If you specify an ARN, we generally recommend that you specify a complete 2498 // ARN. You can specify a partial ARN too—for example, if you don’t include 2499 // the final hyphen and six random characters that Secrets Manager adds at the 2500 // end of the ARN when you created the secret. A partial ARN match can work 2501 // as long as it uniquely matches only one secret. However, if your secret has 2502 // a name that ends in a hyphen followed by six characters (before Secrets Manager 2503 // adds the hyphen and six characters to the ARN) and you try to use that as 2504 // a partial ARN, then those characters cause Secrets Manager to assume that 2505 // you’re specifying a complete ARN. This confusion can cause unexpected results. 2506 // To avoid this situation, we recommend that you don’t create secret names 2507 // that end with a hyphen followed by six characters. 2508 // 2509 // SecretId is a required field 2510 SecretId *string `min:"1" type:"string" required:"true"` 2511} 2512 2513// String returns the string representation 2514func (s CancelRotateSecretInput) String() string { 2515 return awsutil.Prettify(s) 2516} 2517 2518// GoString returns the string representation 2519func (s CancelRotateSecretInput) GoString() string { 2520 return s.String() 2521} 2522 2523// Validate inspects the fields of the type to determine if they are valid. 2524func (s *CancelRotateSecretInput) Validate() error { 2525 invalidParams := request.ErrInvalidParams{Context: "CancelRotateSecretInput"} 2526 if s.SecretId == nil { 2527 invalidParams.Add(request.NewErrParamRequired("SecretId")) 2528 } 2529 if s.SecretId != nil && len(*s.SecretId) < 1 { 2530 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 2531 } 2532 2533 if invalidParams.Len() > 0 { 2534 return invalidParams 2535 } 2536 return nil 2537} 2538 2539// SetSecretId sets the SecretId field's value. 2540func (s *CancelRotateSecretInput) SetSecretId(v string) *CancelRotateSecretInput { 2541 s.SecretId = &v 2542 return s 2543} 2544 2545type CancelRotateSecretOutput struct { 2546 _ struct{} `type:"structure"` 2547 2548 // The ARN of the secret for which rotation was canceled. 2549 ARN *string `min:"20" type:"string"` 2550 2551 // The friendly name of the secret for which rotation was canceled. 2552 Name *string `min:"1" type:"string"` 2553 2554 // The unique identifier of the version of the secret that was created during 2555 // the rotation. This version might not be complete, and should be evaluated 2556 // for possible deletion. At the very least, you should remove the VersionStage 2557 // value AWSPENDING to enable this version to be deleted. Failing to clean up 2558 // a cancelled rotation can block you from successfully starting future rotations. 2559 VersionId *string `min:"32" type:"string"` 2560} 2561 2562// String returns the string representation 2563func (s CancelRotateSecretOutput) String() string { 2564 return awsutil.Prettify(s) 2565} 2566 2567// GoString returns the string representation 2568func (s CancelRotateSecretOutput) GoString() string { 2569 return s.String() 2570} 2571 2572// SetARN sets the ARN field's value. 2573func (s *CancelRotateSecretOutput) SetARN(v string) *CancelRotateSecretOutput { 2574 s.ARN = &v 2575 return s 2576} 2577 2578// SetName sets the Name field's value. 2579func (s *CancelRotateSecretOutput) SetName(v string) *CancelRotateSecretOutput { 2580 s.Name = &v 2581 return s 2582} 2583 2584// SetVersionId sets the VersionId field's value. 2585func (s *CancelRotateSecretOutput) SetVersionId(v string) *CancelRotateSecretOutput { 2586 s.VersionId = &v 2587 return s 2588} 2589 2590type CreateSecretInput struct { 2591 _ struct{} `type:"structure"` 2592 2593 // (Optional) If you include SecretString or SecretBinary, then an initial version 2594 // is created as part of the secret, and this parameter specifies a unique identifier 2595 // for the new version. 2596 // 2597 // If you use the AWS CLI or one of the AWS SDK to call this operation, then 2598 // you can leave this parameter empty. The CLI or SDK generates a random UUID 2599 // for you and includes it as the value for this parameter in the request. If 2600 // you don't use the SDK and instead generate a raw HTTP request to the Secrets 2601 // Manager service endpoint, then you must generate a ClientRequestToken yourself 2602 // for the new version and include that value in the request. 2603 // 2604 // This value helps ensure idempotency. Secrets Manager uses this value to prevent 2605 // the accidental creation of duplicate versions if there are failures and retries 2606 // during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 2607 // value to ensure uniqueness of your versions within the specified secret. 2608 // 2609 // * If the ClientRequestToken value isn't already associated with a version 2610 // of the secret then a new version of the secret is created. 2611 // 2612 // * If a version with this value already exists and that version's SecretString 2613 // and SecretBinary values are the same as those in the request, then the 2614 // request is ignored (the operation is idempotent). 2615 // 2616 // * If a version with this value already exists and that version's SecretString 2617 // and SecretBinary values are different from those in the request then the 2618 // request fails because you cannot modify an existing version. Instead, 2619 // use PutSecretValue to create a new version. 2620 // 2621 // This value becomes the VersionId of the new version. 2622 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 2623 2624 // (Optional) Specifies a user-provided description of the secret. 2625 Description *string `type:"string"` 2626 2627 // (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master 2628 // key (CMK) to be used to encrypt the SecretString or SecretBinary values in 2629 // the versions stored in this secret. 2630 // 2631 // You can specify any of the supported ways to identify a AWS KMS key ID. If 2632 // you need to reference a CMK in a different account, you can use only the 2633 // key ARN or the alias ARN. 2634 // 2635 // If you don't specify this value, then Secrets Manager defaults to using the 2636 // AWS account's default CMK (the one named aws/secretsmanager). If a AWS KMS 2637 // CMK with that name doesn't yet exist, then Secrets Manager creates it for 2638 // you automatically the first time it needs to encrypt a version's SecretString 2639 // or SecretBinary fields. 2640 // 2641 // You can use the account's default CMK to encrypt and decrypt only if you 2642 // call this operation using credentials from the same account that owns the 2643 // secret. If the secret is in a different account, then you must create a custom 2644 // CMK and specify the ARN in this field. 2645 KmsKeyId *string `type:"string"` 2646 2647 // Specifies the friendly name of the new secret. 2648 // 2649 // The secret name must be ASCII letters, digits, or the following characters 2650 // : /_+=.@- 2651 // 2652 // Don't end your secret name with a hyphen followed by six characters. If you 2653 // do so, you risk confusion and unexpected results when searching for a secret 2654 // by partial ARN. This is because Secrets Manager automatically adds a hyphen 2655 // and six random characters at the end of the ARN. 2656 // 2657 // Name is a required field 2658 Name *string `min:"1" type:"string" required:"true"` 2659 2660 // (Optional) Specifies binary data that you want to encrypt and store in the 2661 // new version of the secret. To use this parameter in the command-line tools, 2662 // we recommend that you store your binary data in a file and then use the appropriate 2663 // technique for your tool to pass the contents of the file as a parameter. 2664 // 2665 // Either SecretString or SecretBinary must have a value, but not both. They 2666 // cannot both be empty. 2667 // 2668 // This parameter is not available using the Secrets Manager console. It can 2669 // be accessed only by using the AWS CLI or one of the AWS SDKs. 2670 // 2671 // SecretBinary is automatically base64 encoded/decoded by the SDK. 2672 SecretBinary []byte `type:"blob" sensitive:"true"` 2673 2674 // (Optional) Specifies text data that you want to encrypt and store in this 2675 // new version of the secret. 2676 // 2677 // Either SecretString or SecretBinary must have a value, but not both. They 2678 // cannot both be empty. 2679 // 2680 // If you create a secret by using the Secrets Manager console then Secrets 2681 // Manager puts the protected secret text in only the SecretString parameter. 2682 // The Secrets Manager console stores the information as a JSON structure of 2683 // key/value pairs that the Lambda rotation function knows how to parse. 2684 // 2685 // For storing multiple values, we recommend that you use a JSON text string 2686 // argument and specify key/value pairs. For information on how to format a 2687 // JSON parameter for the various command line tool environments, see Using 2688 // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 2689 // in the AWS CLI User Guide. For example: 2690 // 2691 // [{"username":"bob"},{"password":"abc123xyz456"}] 2692 // 2693 // If your command-line tool or SDK requires quotation marks around the parameter, 2694 // you should use single quotes to avoid confusion with the double quotes required 2695 // in the JSON text. 2696 SecretString *string `type:"string" sensitive:"true"` 2697 2698 // (Optional) Specifies a list of user-defined tags that are attached to the 2699 // secret. Each tag is a "Key" and "Value" pair of strings. This operation only 2700 // appends tags to the existing list of tags. To remove tags, you must use UntagResource. 2701 // 2702 // * Secrets Manager tag key names are case sensitive. A tag with the key 2703 // "ABC" is a different tag from one with key "abc". 2704 // 2705 // * If you check tags in IAM policy Condition elements as part of your security 2706 // strategy, then adding or removing a tag can change permissions. If the 2707 // successful completion of this operation would result in you losing your 2708 // permissions for this secret, then this operation is blocked and returns 2709 // an Access Denied error. 2710 // 2711 // This parameter requires a JSON text string argument. For information on how 2712 // to format a JSON parameter for the various command line tool environments, 2713 // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 2714 // in the AWS CLI User Guide. For example: 2715 // 2716 // [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}] 2717 // 2718 // If your command-line tool or SDK requires quotation marks around the parameter, 2719 // you should use single quotes to avoid confusion with the double quotes required 2720 // in the JSON text. 2721 // 2722 // The following basic restrictions apply to tags: 2723 // 2724 // * Maximum number of tags per secret—50 2725 // 2726 // * Maximum key length—127 Unicode characters in UTF-8 2727 // 2728 // * Maximum value length—255 Unicode characters in UTF-8 2729 // 2730 // * Tag keys and values are case sensitive. 2731 // 2732 // * Do not use the aws: prefix in your tag names or values because it is 2733 // reserved for AWS use. You can't edit or delete tag names or values with 2734 // this prefix. Tags with this prefix do not count against your tags per 2735 // secret limit. 2736 // 2737 // * If your tagging schema will be used across multiple services and resources, 2738 // remember that other services might have restrictions on allowed characters. 2739 // Generally allowed characters are: letters, spaces, and numbers representable 2740 // in UTF-8, plus the following special characters: + - = . _ : / @. 2741 Tags []*Tag `type:"list"` 2742} 2743 2744// String returns the string representation 2745func (s CreateSecretInput) String() string { 2746 return awsutil.Prettify(s) 2747} 2748 2749// GoString returns the string representation 2750func (s CreateSecretInput) GoString() string { 2751 return s.String() 2752} 2753 2754// Validate inspects the fields of the type to determine if they are valid. 2755func (s *CreateSecretInput) Validate() error { 2756 invalidParams := request.ErrInvalidParams{Context: "CreateSecretInput"} 2757 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 2758 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 2759 } 2760 if s.Name == nil { 2761 invalidParams.Add(request.NewErrParamRequired("Name")) 2762 } 2763 if s.Name != nil && len(*s.Name) < 1 { 2764 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 2765 } 2766 if s.Tags != nil { 2767 for i, v := range s.Tags { 2768 if v == nil { 2769 continue 2770 } 2771 if err := v.Validate(); err != nil { 2772 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 2773 } 2774 } 2775 } 2776 2777 if invalidParams.Len() > 0 { 2778 return invalidParams 2779 } 2780 return nil 2781} 2782 2783// SetClientRequestToken sets the ClientRequestToken field's value. 2784func (s *CreateSecretInput) SetClientRequestToken(v string) *CreateSecretInput { 2785 s.ClientRequestToken = &v 2786 return s 2787} 2788 2789// SetDescription sets the Description field's value. 2790func (s *CreateSecretInput) SetDescription(v string) *CreateSecretInput { 2791 s.Description = &v 2792 return s 2793} 2794 2795// SetKmsKeyId sets the KmsKeyId field's value. 2796func (s *CreateSecretInput) SetKmsKeyId(v string) *CreateSecretInput { 2797 s.KmsKeyId = &v 2798 return s 2799} 2800 2801// SetName sets the Name field's value. 2802func (s *CreateSecretInput) SetName(v string) *CreateSecretInput { 2803 s.Name = &v 2804 return s 2805} 2806 2807// SetSecretBinary sets the SecretBinary field's value. 2808func (s *CreateSecretInput) SetSecretBinary(v []byte) *CreateSecretInput { 2809 s.SecretBinary = v 2810 return s 2811} 2812 2813// SetSecretString sets the SecretString field's value. 2814func (s *CreateSecretInput) SetSecretString(v string) *CreateSecretInput { 2815 s.SecretString = &v 2816 return s 2817} 2818 2819// SetTags sets the Tags field's value. 2820func (s *CreateSecretInput) SetTags(v []*Tag) *CreateSecretInput { 2821 s.Tags = v 2822 return s 2823} 2824 2825type CreateSecretOutput struct { 2826 _ struct{} `type:"structure"` 2827 2828 // The Amazon Resource Name (ARN) of the secret that you just created. 2829 // 2830 // Secrets Manager automatically adds several random characters to the name 2831 // at the end of the ARN when you initially create a secret. This affects only 2832 // the ARN and not the actual friendly name. This ensures that if you create 2833 // a new secret with the same name as an old secret that you previously deleted, 2834 // then users with access to the old secret don't automatically get access to 2835 // the new secret because the ARNs are different. 2836 ARN *string `min:"20" type:"string"` 2837 2838 // The friendly name of the secret that you just created. 2839 Name *string `min:"1" type:"string"` 2840 2841 // The unique identifier that's associated with the version of the secret you 2842 // just created. 2843 VersionId *string `min:"32" type:"string"` 2844} 2845 2846// String returns the string representation 2847func (s CreateSecretOutput) String() string { 2848 return awsutil.Prettify(s) 2849} 2850 2851// GoString returns the string representation 2852func (s CreateSecretOutput) GoString() string { 2853 return s.String() 2854} 2855 2856// SetARN sets the ARN field's value. 2857func (s *CreateSecretOutput) SetARN(v string) *CreateSecretOutput { 2858 s.ARN = &v 2859 return s 2860} 2861 2862// SetName sets the Name field's value. 2863func (s *CreateSecretOutput) SetName(v string) *CreateSecretOutput { 2864 s.Name = &v 2865 return s 2866} 2867 2868// SetVersionId sets the VersionId field's value. 2869func (s *CreateSecretOutput) SetVersionId(v string) *CreateSecretOutput { 2870 s.VersionId = &v 2871 return s 2872} 2873 2874type DeleteResourcePolicyInput struct { 2875 _ struct{} `type:"structure"` 2876 2877 // Specifies the secret that you want to delete the attached resource-based 2878 // policy for. You can specify either the Amazon Resource Name (ARN) or the 2879 // friendly name of the secret. 2880 // 2881 // If you specify an ARN, we generally recommend that you specify a complete 2882 // ARN. You can specify a partial ARN too—for example, if you don’t include 2883 // the final hyphen and six random characters that Secrets Manager adds at the 2884 // end of the ARN when you created the secret. A partial ARN match can work 2885 // as long as it uniquely matches only one secret. However, if your secret has 2886 // a name that ends in a hyphen followed by six characters (before Secrets Manager 2887 // adds the hyphen and six characters to the ARN) and you try to use that as 2888 // a partial ARN, then those characters cause Secrets Manager to assume that 2889 // you’re specifying a complete ARN. This confusion can cause unexpected results. 2890 // To avoid this situation, we recommend that you don’t create secret names 2891 // that end with a hyphen followed by six characters. 2892 // 2893 // SecretId is a required field 2894 SecretId *string `min:"1" type:"string" required:"true"` 2895} 2896 2897// String returns the string representation 2898func (s DeleteResourcePolicyInput) String() string { 2899 return awsutil.Prettify(s) 2900} 2901 2902// GoString returns the string representation 2903func (s DeleteResourcePolicyInput) GoString() string { 2904 return s.String() 2905} 2906 2907// Validate inspects the fields of the type to determine if they are valid. 2908func (s *DeleteResourcePolicyInput) Validate() error { 2909 invalidParams := request.ErrInvalidParams{Context: "DeleteResourcePolicyInput"} 2910 if s.SecretId == nil { 2911 invalidParams.Add(request.NewErrParamRequired("SecretId")) 2912 } 2913 if s.SecretId != nil && len(*s.SecretId) < 1 { 2914 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 2915 } 2916 2917 if invalidParams.Len() > 0 { 2918 return invalidParams 2919 } 2920 return nil 2921} 2922 2923// SetSecretId sets the SecretId field's value. 2924func (s *DeleteResourcePolicyInput) SetSecretId(v string) *DeleteResourcePolicyInput { 2925 s.SecretId = &v 2926 return s 2927} 2928 2929type DeleteResourcePolicyOutput struct { 2930 _ struct{} `type:"structure"` 2931 2932 // The ARN of the secret that the resource-based policy was deleted for. 2933 ARN *string `min:"20" type:"string"` 2934 2935 // The friendly name of the secret that the resource-based policy was deleted 2936 // for. 2937 Name *string `min:"1" type:"string"` 2938} 2939 2940// String returns the string representation 2941func (s DeleteResourcePolicyOutput) String() string { 2942 return awsutil.Prettify(s) 2943} 2944 2945// GoString returns the string representation 2946func (s DeleteResourcePolicyOutput) GoString() string { 2947 return s.String() 2948} 2949 2950// SetARN sets the ARN field's value. 2951func (s *DeleteResourcePolicyOutput) SetARN(v string) *DeleteResourcePolicyOutput { 2952 s.ARN = &v 2953 return s 2954} 2955 2956// SetName sets the Name field's value. 2957func (s *DeleteResourcePolicyOutput) SetName(v string) *DeleteResourcePolicyOutput { 2958 s.Name = &v 2959 return s 2960} 2961 2962type DeleteSecretInput struct { 2963 _ struct{} `type:"structure"` 2964 2965 // (Optional) Specifies that the secret is to be deleted without any recovery 2966 // window. You can't use both this parameter and the RecoveryWindowInDays parameter 2967 // in the same API call. 2968 // 2969 // An asynchronous background process performs the actual deletion, so there 2970 // can be a short delay before the operation completes. If you write code to 2971 // delete and then immediately recreate a secret with the same name, ensure 2972 // that your code includes appropriate back off and retry logic. 2973 // 2974 // Use this parameter with caution. This parameter causes the operation to skip 2975 // the normal waiting period before the permanent deletion that AWS would normally 2976 // impose with the RecoveryWindowInDays parameter. If you delete a secret with 2977 // the ForceDeleteWithouRecovery parameter, then you have no opportunity to 2978 // recover the secret. It is permanently lost. 2979 ForceDeleteWithoutRecovery *bool `type:"boolean"` 2980 2981 // (Optional) Specifies the number of days that Secrets Manager waits before 2982 // it can delete the secret. You can't use both this parameter and the ForceDeleteWithoutRecovery 2983 // parameter in the same API call. 2984 // 2985 // This value can range from 7 to 30 days. The default value is 30. 2986 RecoveryWindowInDays *int64 `type:"long"` 2987 2988 // Specifies the secret that you want to delete. You can specify either the 2989 // Amazon Resource Name (ARN) or the friendly name of the secret. 2990 // 2991 // If you specify an ARN, we generally recommend that you specify a complete 2992 // ARN. You can specify a partial ARN too—for example, if you don’t include 2993 // the final hyphen and six random characters that Secrets Manager adds at the 2994 // end of the ARN when you created the secret. A partial ARN match can work 2995 // as long as it uniquely matches only one secret. However, if your secret has 2996 // a name that ends in a hyphen followed by six characters (before Secrets Manager 2997 // adds the hyphen and six characters to the ARN) and you try to use that as 2998 // a partial ARN, then those characters cause Secrets Manager to assume that 2999 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3000 // To avoid this situation, we recommend that you don’t create secret names 3001 // that end with a hyphen followed by six characters. 3002 // 3003 // SecretId is a required field 3004 SecretId *string `min:"1" type:"string" required:"true"` 3005} 3006 3007// String returns the string representation 3008func (s DeleteSecretInput) String() string { 3009 return awsutil.Prettify(s) 3010} 3011 3012// GoString returns the string representation 3013func (s DeleteSecretInput) GoString() string { 3014 return s.String() 3015} 3016 3017// Validate inspects the fields of the type to determine if they are valid. 3018func (s *DeleteSecretInput) Validate() error { 3019 invalidParams := request.ErrInvalidParams{Context: "DeleteSecretInput"} 3020 if s.SecretId == nil { 3021 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3022 } 3023 if s.SecretId != nil && len(*s.SecretId) < 1 { 3024 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3025 } 3026 3027 if invalidParams.Len() > 0 { 3028 return invalidParams 3029 } 3030 return nil 3031} 3032 3033// SetForceDeleteWithoutRecovery sets the ForceDeleteWithoutRecovery field's value. 3034func (s *DeleteSecretInput) SetForceDeleteWithoutRecovery(v bool) *DeleteSecretInput { 3035 s.ForceDeleteWithoutRecovery = &v 3036 return s 3037} 3038 3039// SetRecoveryWindowInDays sets the RecoveryWindowInDays field's value. 3040func (s *DeleteSecretInput) SetRecoveryWindowInDays(v int64) *DeleteSecretInput { 3041 s.RecoveryWindowInDays = &v 3042 return s 3043} 3044 3045// SetSecretId sets the SecretId field's value. 3046func (s *DeleteSecretInput) SetSecretId(v string) *DeleteSecretInput { 3047 s.SecretId = &v 3048 return s 3049} 3050 3051type DeleteSecretOutput struct { 3052 _ struct{} `type:"structure"` 3053 3054 // The ARN of the secret that is now scheduled for deletion. 3055 ARN *string `min:"20" type:"string"` 3056 3057 // The date and time after which this secret can be deleted by Secrets Manager 3058 // and can no longer be restored. This value is the date and time of the delete 3059 // request plus the number of days specified in RecoveryWindowInDays. 3060 DeletionDate *time.Time `type:"timestamp"` 3061 3062 // The friendly name of the secret that is now scheduled for deletion. 3063 Name *string `min:"1" type:"string"` 3064} 3065 3066// String returns the string representation 3067func (s DeleteSecretOutput) String() string { 3068 return awsutil.Prettify(s) 3069} 3070 3071// GoString returns the string representation 3072func (s DeleteSecretOutput) GoString() string { 3073 return s.String() 3074} 3075 3076// SetARN sets the ARN field's value. 3077func (s *DeleteSecretOutput) SetARN(v string) *DeleteSecretOutput { 3078 s.ARN = &v 3079 return s 3080} 3081 3082// SetDeletionDate sets the DeletionDate field's value. 3083func (s *DeleteSecretOutput) SetDeletionDate(v time.Time) *DeleteSecretOutput { 3084 s.DeletionDate = &v 3085 return s 3086} 3087 3088// SetName sets the Name field's value. 3089func (s *DeleteSecretOutput) SetName(v string) *DeleteSecretOutput { 3090 s.Name = &v 3091 return s 3092} 3093 3094type DescribeSecretInput struct { 3095 _ struct{} `type:"structure"` 3096 3097 // The identifier of the secret whose details you want to retrieve. You can 3098 // specify either the Amazon Resource Name (ARN) or the friendly name of the 3099 // secret. 3100 // 3101 // If you specify an ARN, we generally recommend that you specify a complete 3102 // ARN. You can specify a partial ARN too—for example, if you don’t include 3103 // the final hyphen and six random characters that Secrets Manager adds at the 3104 // end of the ARN when you created the secret. A partial ARN match can work 3105 // as long as it uniquely matches only one secret. However, if your secret has 3106 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3107 // adds the hyphen and six characters to the ARN) and you try to use that as 3108 // a partial ARN, then those characters cause Secrets Manager to assume that 3109 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3110 // To avoid this situation, we recommend that you don’t create secret names 3111 // that end with a hyphen followed by six characters. 3112 // 3113 // SecretId is a required field 3114 SecretId *string `min:"1" type:"string" required:"true"` 3115} 3116 3117// String returns the string representation 3118func (s DescribeSecretInput) String() string { 3119 return awsutil.Prettify(s) 3120} 3121 3122// GoString returns the string representation 3123func (s DescribeSecretInput) GoString() string { 3124 return s.String() 3125} 3126 3127// Validate inspects the fields of the type to determine if they are valid. 3128func (s *DescribeSecretInput) Validate() error { 3129 invalidParams := request.ErrInvalidParams{Context: "DescribeSecretInput"} 3130 if s.SecretId == nil { 3131 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3132 } 3133 if s.SecretId != nil && len(*s.SecretId) < 1 { 3134 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3135 } 3136 3137 if invalidParams.Len() > 0 { 3138 return invalidParams 3139 } 3140 return nil 3141} 3142 3143// SetSecretId sets the SecretId field's value. 3144func (s *DescribeSecretInput) SetSecretId(v string) *DescribeSecretInput { 3145 s.SecretId = &v 3146 return s 3147} 3148 3149type DescribeSecretOutput struct { 3150 _ struct{} `type:"structure"` 3151 3152 // The ARN of the secret. 3153 ARN *string `min:"20" type:"string"` 3154 3155 // This value exists if the secret is scheduled for deletion. Some time after 3156 // the specified date and time, Secrets Manager deletes the secret and all of 3157 // its versions. 3158 // 3159 // If a secret is scheduled for deletion, then its details, including the encrypted 3160 // secret information, is not accessible. To cancel a scheduled deletion and 3161 // restore access, use RestoreSecret. 3162 DeletedDate *time.Time `type:"timestamp"` 3163 3164 // The user-provided description of the secret. 3165 Description *string `type:"string"` 3166 3167 // The ARN or alias of the AWS KMS customer master key (CMK) that's used to 3168 // encrypt the SecretString or SecretBinary fields in each version of the secret. 3169 // If you don't provide a key, then Secrets Manager defaults to encrypting the 3170 // secret fields with the default AWS KMS CMK (the one named awssecretsmanager) 3171 // for this account. 3172 KmsKeyId *string `type:"string"` 3173 3174 // The last date that this secret was accessed. This value is truncated to midnight 3175 // of the date and therefore shows only the date, not the time. 3176 LastAccessedDate *time.Time `type:"timestamp"` 3177 3178 // The last date and time that this secret was modified in any way. 3179 LastChangedDate *time.Time `type:"timestamp"` 3180 3181 // The most recent date and time that the Secrets Manager rotation process was 3182 // successfully completed. This value is null if the secret has never rotated. 3183 LastRotatedDate *time.Time `type:"timestamp"` 3184 3185 // The user-provided friendly name of the secret. 3186 Name *string `min:"1" type:"string"` 3187 3188 OwningService *string `min:"1" type:"string"` 3189 3190 // Specifies whether automatic rotation is enabled for this secret. 3191 // 3192 // To enable rotation, use RotateSecret with AutomaticallyRotateAfterDays set 3193 // to a value greater than 0. To disable rotation, use CancelRotateSecret. 3194 RotationEnabled *bool `type:"boolean"` 3195 3196 // The ARN of a Lambda function that's invoked by Secrets Manager to rotate 3197 // the secret either automatically per the schedule or manually by a call to 3198 // RotateSecret. 3199 RotationLambdaARN *string `type:"string"` 3200 3201 // A structure that contains the rotation configuration for this secret. 3202 RotationRules *RotationRulesType `type:"structure"` 3203 3204 // The list of user-defined tags that are associated with the secret. To add 3205 // tags to a secret, use TagResource. To remove tags, use UntagResource. 3206 Tags []*Tag `type:"list"` 3207 3208 // A list of all of the currently assigned VersionStage staging labels and the 3209 // VersionId that each is attached to. Staging labels are used to keep track 3210 // of the different versions during the rotation process. 3211 // 3212 // A version that does not have any staging labels attached is considered deprecated 3213 // and subject to deletion. Such versions are not included in this list. 3214 VersionIdsToStages map[string][]*string `type:"map"` 3215} 3216 3217// String returns the string representation 3218func (s DescribeSecretOutput) String() string { 3219 return awsutil.Prettify(s) 3220} 3221 3222// GoString returns the string representation 3223func (s DescribeSecretOutput) GoString() string { 3224 return s.String() 3225} 3226 3227// SetARN sets the ARN field's value. 3228func (s *DescribeSecretOutput) SetARN(v string) *DescribeSecretOutput { 3229 s.ARN = &v 3230 return s 3231} 3232 3233// SetDeletedDate sets the DeletedDate field's value. 3234func (s *DescribeSecretOutput) SetDeletedDate(v time.Time) *DescribeSecretOutput { 3235 s.DeletedDate = &v 3236 return s 3237} 3238 3239// SetDescription sets the Description field's value. 3240func (s *DescribeSecretOutput) SetDescription(v string) *DescribeSecretOutput { 3241 s.Description = &v 3242 return s 3243} 3244 3245// SetKmsKeyId sets the KmsKeyId field's value. 3246func (s *DescribeSecretOutput) SetKmsKeyId(v string) *DescribeSecretOutput { 3247 s.KmsKeyId = &v 3248 return s 3249} 3250 3251// SetLastAccessedDate sets the LastAccessedDate field's value. 3252func (s *DescribeSecretOutput) SetLastAccessedDate(v time.Time) *DescribeSecretOutput { 3253 s.LastAccessedDate = &v 3254 return s 3255} 3256 3257// SetLastChangedDate sets the LastChangedDate field's value. 3258func (s *DescribeSecretOutput) SetLastChangedDate(v time.Time) *DescribeSecretOutput { 3259 s.LastChangedDate = &v 3260 return s 3261} 3262 3263// SetLastRotatedDate sets the LastRotatedDate field's value. 3264func (s *DescribeSecretOutput) SetLastRotatedDate(v time.Time) *DescribeSecretOutput { 3265 s.LastRotatedDate = &v 3266 return s 3267} 3268 3269// SetName sets the Name field's value. 3270func (s *DescribeSecretOutput) SetName(v string) *DescribeSecretOutput { 3271 s.Name = &v 3272 return s 3273} 3274 3275// SetOwningService sets the OwningService field's value. 3276func (s *DescribeSecretOutput) SetOwningService(v string) *DescribeSecretOutput { 3277 s.OwningService = &v 3278 return s 3279} 3280 3281// SetRotationEnabled sets the RotationEnabled field's value. 3282func (s *DescribeSecretOutput) SetRotationEnabled(v bool) *DescribeSecretOutput { 3283 s.RotationEnabled = &v 3284 return s 3285} 3286 3287// SetRotationLambdaARN sets the RotationLambdaARN field's value. 3288func (s *DescribeSecretOutput) SetRotationLambdaARN(v string) *DescribeSecretOutput { 3289 s.RotationLambdaARN = &v 3290 return s 3291} 3292 3293// SetRotationRules sets the RotationRules field's value. 3294func (s *DescribeSecretOutput) SetRotationRules(v *RotationRulesType) *DescribeSecretOutput { 3295 s.RotationRules = v 3296 return s 3297} 3298 3299// SetTags sets the Tags field's value. 3300func (s *DescribeSecretOutput) SetTags(v []*Tag) *DescribeSecretOutput { 3301 s.Tags = v 3302 return s 3303} 3304 3305// SetVersionIdsToStages sets the VersionIdsToStages field's value. 3306func (s *DescribeSecretOutput) SetVersionIdsToStages(v map[string][]*string) *DescribeSecretOutput { 3307 s.VersionIdsToStages = v 3308 return s 3309} 3310 3311type GetRandomPasswordInput struct { 3312 _ struct{} `type:"structure"` 3313 3314 // A string that includes characters that should not be included in the generated 3315 // password. The default is that all characters from the included sets can be 3316 // used. 3317 ExcludeCharacters *string `type:"string"` 3318 3319 // Specifies that the generated password should not include lowercase letters. 3320 // The default if you do not include this switch parameter is that lowercase 3321 // letters can be included. 3322 ExcludeLowercase *bool `type:"boolean"` 3323 3324 // Specifies that the generated password should not include digits. The default 3325 // if you do not include this switch parameter is that digits can be included. 3326 ExcludeNumbers *bool `type:"boolean"` 3327 3328 // Specifies that the generated password should not include punctuation characters. 3329 // The default if you do not include this switch parameter is that punctuation 3330 // characters can be included. 3331 // 3332 // The following are the punctuation characters that can be included in the 3333 // generated password if you don't explicitly exclude them with ExcludeCharacters 3334 // or ExcludePunctuation: 3335 // 3336 // ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ 3337 ExcludePunctuation *bool `type:"boolean"` 3338 3339 // Specifies that the generated password should not include uppercase letters. 3340 // The default if you do not include this switch parameter is that uppercase 3341 // letters can be included. 3342 ExcludeUppercase *bool `type:"boolean"` 3343 3344 // Specifies that the generated password can include the space character. The 3345 // default if you do not include this switch parameter is that the space character 3346 // is not included. 3347 IncludeSpace *bool `type:"boolean"` 3348 3349 // The desired length of the generated password. The default value if you do 3350 // not include this parameter is 32 characters. 3351 PasswordLength *int64 `min:"1" type:"long"` 3352 3353 // A boolean value that specifies whether the generated password must include 3354 // at least one of every allowed character type. The default value is True and 3355 // the operation requires at least one of every character type. 3356 RequireEachIncludedType *bool `type:"boolean"` 3357} 3358 3359// String returns the string representation 3360func (s GetRandomPasswordInput) String() string { 3361 return awsutil.Prettify(s) 3362} 3363 3364// GoString returns the string representation 3365func (s GetRandomPasswordInput) GoString() string { 3366 return s.String() 3367} 3368 3369// Validate inspects the fields of the type to determine if they are valid. 3370func (s *GetRandomPasswordInput) Validate() error { 3371 invalidParams := request.ErrInvalidParams{Context: "GetRandomPasswordInput"} 3372 if s.PasswordLength != nil && *s.PasswordLength < 1 { 3373 invalidParams.Add(request.NewErrParamMinValue("PasswordLength", 1)) 3374 } 3375 3376 if invalidParams.Len() > 0 { 3377 return invalidParams 3378 } 3379 return nil 3380} 3381 3382// SetExcludeCharacters sets the ExcludeCharacters field's value. 3383func (s *GetRandomPasswordInput) SetExcludeCharacters(v string) *GetRandomPasswordInput { 3384 s.ExcludeCharacters = &v 3385 return s 3386} 3387 3388// SetExcludeLowercase sets the ExcludeLowercase field's value. 3389func (s *GetRandomPasswordInput) SetExcludeLowercase(v bool) *GetRandomPasswordInput { 3390 s.ExcludeLowercase = &v 3391 return s 3392} 3393 3394// SetExcludeNumbers sets the ExcludeNumbers field's value. 3395func (s *GetRandomPasswordInput) SetExcludeNumbers(v bool) *GetRandomPasswordInput { 3396 s.ExcludeNumbers = &v 3397 return s 3398} 3399 3400// SetExcludePunctuation sets the ExcludePunctuation field's value. 3401func (s *GetRandomPasswordInput) SetExcludePunctuation(v bool) *GetRandomPasswordInput { 3402 s.ExcludePunctuation = &v 3403 return s 3404} 3405 3406// SetExcludeUppercase sets the ExcludeUppercase field's value. 3407func (s *GetRandomPasswordInput) SetExcludeUppercase(v bool) *GetRandomPasswordInput { 3408 s.ExcludeUppercase = &v 3409 return s 3410} 3411 3412// SetIncludeSpace sets the IncludeSpace field's value. 3413func (s *GetRandomPasswordInput) SetIncludeSpace(v bool) *GetRandomPasswordInput { 3414 s.IncludeSpace = &v 3415 return s 3416} 3417 3418// SetPasswordLength sets the PasswordLength field's value. 3419func (s *GetRandomPasswordInput) SetPasswordLength(v int64) *GetRandomPasswordInput { 3420 s.PasswordLength = &v 3421 return s 3422} 3423 3424// SetRequireEachIncludedType sets the RequireEachIncludedType field's value. 3425func (s *GetRandomPasswordInput) SetRequireEachIncludedType(v bool) *GetRandomPasswordInput { 3426 s.RequireEachIncludedType = &v 3427 return s 3428} 3429 3430type GetRandomPasswordOutput struct { 3431 _ struct{} `type:"structure"` 3432 3433 // A string with the generated password. 3434 RandomPassword *string `type:"string" sensitive:"true"` 3435} 3436 3437// String returns the string representation 3438func (s GetRandomPasswordOutput) String() string { 3439 return awsutil.Prettify(s) 3440} 3441 3442// GoString returns the string representation 3443func (s GetRandomPasswordOutput) GoString() string { 3444 return s.String() 3445} 3446 3447// SetRandomPassword sets the RandomPassword field's value. 3448func (s *GetRandomPasswordOutput) SetRandomPassword(v string) *GetRandomPasswordOutput { 3449 s.RandomPassword = &v 3450 return s 3451} 3452 3453type GetResourcePolicyInput struct { 3454 _ struct{} `type:"structure"` 3455 3456 // Specifies the secret that you want to retrieve the attached resource-based 3457 // policy for. You can specify either the Amazon Resource Name (ARN) or the 3458 // friendly name of the secret. 3459 // 3460 // If you specify an ARN, we generally recommend that you specify a complete 3461 // ARN. You can specify a partial ARN too—for example, if you don’t include 3462 // the final hyphen and six random characters that Secrets Manager adds at the 3463 // end of the ARN when you created the secret. A partial ARN match can work 3464 // as long as it uniquely matches only one secret. However, if your secret has 3465 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3466 // adds the hyphen and six characters to the ARN) and you try to use that as 3467 // a partial ARN, then those characters cause Secrets Manager to assume that 3468 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3469 // To avoid this situation, we recommend that you don’t create secret names 3470 // that end with a hyphen followed by six characters. 3471 // 3472 // SecretId is a required field 3473 SecretId *string `min:"1" type:"string" required:"true"` 3474} 3475 3476// String returns the string representation 3477func (s GetResourcePolicyInput) String() string { 3478 return awsutil.Prettify(s) 3479} 3480 3481// GoString returns the string representation 3482func (s GetResourcePolicyInput) GoString() string { 3483 return s.String() 3484} 3485 3486// Validate inspects the fields of the type to determine if they are valid. 3487func (s *GetResourcePolicyInput) Validate() error { 3488 invalidParams := request.ErrInvalidParams{Context: "GetResourcePolicyInput"} 3489 if s.SecretId == nil { 3490 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3491 } 3492 if s.SecretId != nil && len(*s.SecretId) < 1 { 3493 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3494 } 3495 3496 if invalidParams.Len() > 0 { 3497 return invalidParams 3498 } 3499 return nil 3500} 3501 3502// SetSecretId sets the SecretId field's value. 3503func (s *GetResourcePolicyInput) SetSecretId(v string) *GetResourcePolicyInput { 3504 s.SecretId = &v 3505 return s 3506} 3507 3508type GetResourcePolicyOutput struct { 3509 _ struct{} `type:"structure"` 3510 3511 // The ARN of the secret that the resource-based policy was retrieved for. 3512 ARN *string `min:"20" type:"string"` 3513 3514 // The friendly name of the secret that the resource-based policy was retrieved 3515 // for. 3516 Name *string `min:"1" type:"string"` 3517 3518 // A JSON-formatted string that describes the permissions that are associated 3519 // with the attached secret. These permissions are combined with any permissions 3520 // that are associated with the user or role that attempts to access this secret. 3521 // The combined permissions specify who can access the secret and what actions 3522 // they can perform. For more information, see Authentication and Access Control 3523 // for AWS Secrets Manager (http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html) 3524 // in the AWS Secrets Manager User Guide. 3525 ResourcePolicy *string `min:"1" type:"string"` 3526} 3527 3528// String returns the string representation 3529func (s GetResourcePolicyOutput) String() string { 3530 return awsutil.Prettify(s) 3531} 3532 3533// GoString returns the string representation 3534func (s GetResourcePolicyOutput) GoString() string { 3535 return s.String() 3536} 3537 3538// SetARN sets the ARN field's value. 3539func (s *GetResourcePolicyOutput) SetARN(v string) *GetResourcePolicyOutput { 3540 s.ARN = &v 3541 return s 3542} 3543 3544// SetName sets the Name field's value. 3545func (s *GetResourcePolicyOutput) SetName(v string) *GetResourcePolicyOutput { 3546 s.Name = &v 3547 return s 3548} 3549 3550// SetResourcePolicy sets the ResourcePolicy field's value. 3551func (s *GetResourcePolicyOutput) SetResourcePolicy(v string) *GetResourcePolicyOutput { 3552 s.ResourcePolicy = &v 3553 return s 3554} 3555 3556type GetSecretValueInput struct { 3557 _ struct{} `type:"structure"` 3558 3559 // Specifies the secret containing the version that you want to retrieve. You 3560 // can specify either the Amazon Resource Name (ARN) or the friendly name of 3561 // the secret. 3562 // 3563 // If you specify an ARN, we generally recommend that you specify a complete 3564 // ARN. You can specify a partial ARN too—for example, if you don’t include 3565 // the final hyphen and six random characters that Secrets Manager adds at the 3566 // end of the ARN when you created the secret. A partial ARN match can work 3567 // as long as it uniquely matches only one secret. However, if your secret has 3568 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3569 // adds the hyphen and six characters to the ARN) and you try to use that as 3570 // a partial ARN, then those characters cause Secrets Manager to assume that 3571 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3572 // To avoid this situation, we recommend that you don’t create secret names 3573 // that end with a hyphen followed by six characters. 3574 // 3575 // SecretId is a required field 3576 SecretId *string `min:"1" type:"string" required:"true"` 3577 3578 // Specifies the unique identifier of the version of the secret that you want 3579 // to retrieve. If you specify this parameter then don't specify VersionStage. 3580 // If you don't specify either a VersionStage or VersionId then the default 3581 // is to perform the operation on the version with the VersionStage value of 3582 // AWSCURRENT. 3583 // 3584 // This value is typically a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 3585 // value with 32 hexadecimal digits. 3586 VersionId *string `min:"32" type:"string"` 3587 3588 // Specifies the secret version that you want to retrieve by the staging label 3589 // attached to the version. 3590 // 3591 // Staging labels are used to keep track of different versions during the rotation 3592 // process. If you use this parameter then don't specify VersionId. If you don't 3593 // specify either a VersionStage or VersionId, then the default is to perform 3594 // the operation on the version with the VersionStage value of AWSCURRENT. 3595 VersionStage *string `min:"1" type:"string"` 3596} 3597 3598// String returns the string representation 3599func (s GetSecretValueInput) String() string { 3600 return awsutil.Prettify(s) 3601} 3602 3603// GoString returns the string representation 3604func (s GetSecretValueInput) GoString() string { 3605 return s.String() 3606} 3607 3608// Validate inspects the fields of the type to determine if they are valid. 3609func (s *GetSecretValueInput) Validate() error { 3610 invalidParams := request.ErrInvalidParams{Context: "GetSecretValueInput"} 3611 if s.SecretId == nil { 3612 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3613 } 3614 if s.SecretId != nil && len(*s.SecretId) < 1 { 3615 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3616 } 3617 if s.VersionId != nil && len(*s.VersionId) < 32 { 3618 invalidParams.Add(request.NewErrParamMinLen("VersionId", 32)) 3619 } 3620 if s.VersionStage != nil && len(*s.VersionStage) < 1 { 3621 invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) 3622 } 3623 3624 if invalidParams.Len() > 0 { 3625 return invalidParams 3626 } 3627 return nil 3628} 3629 3630// SetSecretId sets the SecretId field's value. 3631func (s *GetSecretValueInput) SetSecretId(v string) *GetSecretValueInput { 3632 s.SecretId = &v 3633 return s 3634} 3635 3636// SetVersionId sets the VersionId field's value. 3637func (s *GetSecretValueInput) SetVersionId(v string) *GetSecretValueInput { 3638 s.VersionId = &v 3639 return s 3640} 3641 3642// SetVersionStage sets the VersionStage field's value. 3643func (s *GetSecretValueInput) SetVersionStage(v string) *GetSecretValueInput { 3644 s.VersionStage = &v 3645 return s 3646} 3647 3648type GetSecretValueOutput struct { 3649 _ struct{} `type:"structure"` 3650 3651 // The ARN of the secret. 3652 ARN *string `min:"20" type:"string"` 3653 3654 // The date and time that this version of the secret was created. 3655 CreatedDate *time.Time `type:"timestamp"` 3656 3657 // The friendly name of the secret. 3658 Name *string `min:"1" type:"string"` 3659 3660 // The decrypted part of the protected secret information that was originally 3661 // provided as binary data in the form of a byte array. The response parameter 3662 // represents the binary data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4) 3663 // string. 3664 // 3665 // This parameter is not used if the secret is created by the Secrets Manager 3666 // console. 3667 // 3668 // If you store custom information in this field of the secret, then you must 3669 // code your Lambda rotation function to parse and interpret whatever you store 3670 // in the SecretString or SecretBinary fields. 3671 // 3672 // SecretBinary is automatically base64 encoded/decoded by the SDK. 3673 SecretBinary []byte `type:"blob" sensitive:"true"` 3674 3675 // The decrypted part of the protected secret information that was originally 3676 // provided as a string. 3677 // 3678 // If you create this secret by using the Secrets Manager console then only 3679 // the SecretString parameter contains data. Secrets Manager stores the information 3680 // as a JSON structure of key/value pairs that the Lambda rotation function 3681 // knows how to parse. 3682 // 3683 // If you store custom information in the secret by using the CreateSecret, 3684 // UpdateSecret, or PutSecretValue API operations instead of the Secrets Manager 3685 // console, or by using the Other secret type in the console, then you must 3686 // code your Lambda rotation function to parse and interpret those values. 3687 SecretString *string `type:"string" sensitive:"true"` 3688 3689 // The unique identifier of this version of the secret. 3690 VersionId *string `min:"32" type:"string"` 3691 3692 // A list of all of the staging labels currently attached to this version of 3693 // the secret. 3694 VersionStages []*string `min:"1" type:"list"` 3695} 3696 3697// String returns the string representation 3698func (s GetSecretValueOutput) String() string { 3699 return awsutil.Prettify(s) 3700} 3701 3702// GoString returns the string representation 3703func (s GetSecretValueOutput) GoString() string { 3704 return s.String() 3705} 3706 3707// SetARN sets the ARN field's value. 3708func (s *GetSecretValueOutput) SetARN(v string) *GetSecretValueOutput { 3709 s.ARN = &v 3710 return s 3711} 3712 3713// SetCreatedDate sets the CreatedDate field's value. 3714func (s *GetSecretValueOutput) SetCreatedDate(v time.Time) *GetSecretValueOutput { 3715 s.CreatedDate = &v 3716 return s 3717} 3718 3719// SetName sets the Name field's value. 3720func (s *GetSecretValueOutput) SetName(v string) *GetSecretValueOutput { 3721 s.Name = &v 3722 return s 3723} 3724 3725// SetSecretBinary sets the SecretBinary field's value. 3726func (s *GetSecretValueOutput) SetSecretBinary(v []byte) *GetSecretValueOutput { 3727 s.SecretBinary = v 3728 return s 3729} 3730 3731// SetSecretString sets the SecretString field's value. 3732func (s *GetSecretValueOutput) SetSecretString(v string) *GetSecretValueOutput { 3733 s.SecretString = &v 3734 return s 3735} 3736 3737// SetVersionId sets the VersionId field's value. 3738func (s *GetSecretValueOutput) SetVersionId(v string) *GetSecretValueOutput { 3739 s.VersionId = &v 3740 return s 3741} 3742 3743// SetVersionStages sets the VersionStages field's value. 3744func (s *GetSecretValueOutput) SetVersionStages(v []*string) *GetSecretValueOutput { 3745 s.VersionStages = v 3746 return s 3747} 3748 3749type ListSecretVersionIdsInput struct { 3750 _ struct{} `type:"structure"` 3751 3752 // (Optional) Specifies that you want the results to include versions that do 3753 // not have any staging labels attached to them. Such versions are considered 3754 // deprecated and are subject to deletion by Secrets Manager as needed. 3755 IncludeDeprecated *bool `type:"boolean"` 3756 3757 // (Optional) Limits the number of results that you want to include in the response. 3758 // If you don't include this parameter, it defaults to a value that's specific 3759 // to the operation. If additional items exist beyond the maximum you specify, 3760 // the NextToken response element is present and has a value (isn't null). Include 3761 // that value as the NextToken request parameter in the next call to the operation 3762 // to get the next part of the results. Note that Secrets Manager might return 3763 // fewer results than the maximum even when there are more results available. 3764 // You should check NextToken after every operation to ensure that you receive 3765 // all of the results. 3766 MaxResults *int64 `min:"1" type:"integer"` 3767 3768 // (Optional) Use this parameter in a request if you receive a NextToken response 3769 // in a previous request that indicates that there's more output available. 3770 // In a subsequent call, set it to the value of the previous call's NextToken 3771 // response to indicate where the output should continue from. 3772 NextToken *string `min:"1" type:"string"` 3773 3774 // The identifier for the secret containing the versions you want to list. You 3775 // can specify either the Amazon Resource Name (ARN) or the friendly name of 3776 // the secret. 3777 // 3778 // If you specify an ARN, we generally recommend that you specify a complete 3779 // ARN. You can specify a partial ARN too—for example, if you don’t include 3780 // the final hyphen and six random characters that Secrets Manager adds at the 3781 // end of the ARN when you created the secret. A partial ARN match can work 3782 // as long as it uniquely matches only one secret. However, if your secret has 3783 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3784 // adds the hyphen and six characters to the ARN) and you try to use that as 3785 // a partial ARN, then those characters cause Secrets Manager to assume that 3786 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3787 // To avoid this situation, we recommend that you don’t create secret names 3788 // that end with a hyphen followed by six characters. 3789 // 3790 // SecretId is a required field 3791 SecretId *string `min:"1" type:"string" required:"true"` 3792} 3793 3794// String returns the string representation 3795func (s ListSecretVersionIdsInput) String() string { 3796 return awsutil.Prettify(s) 3797} 3798 3799// GoString returns the string representation 3800func (s ListSecretVersionIdsInput) GoString() string { 3801 return s.String() 3802} 3803 3804// Validate inspects the fields of the type to determine if they are valid. 3805func (s *ListSecretVersionIdsInput) Validate() error { 3806 invalidParams := request.ErrInvalidParams{Context: "ListSecretVersionIdsInput"} 3807 if s.MaxResults != nil && *s.MaxResults < 1 { 3808 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 3809 } 3810 if s.NextToken != nil && len(*s.NextToken) < 1 { 3811 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 3812 } 3813 if s.SecretId == nil { 3814 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3815 } 3816 if s.SecretId != nil && len(*s.SecretId) < 1 { 3817 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3818 } 3819 3820 if invalidParams.Len() > 0 { 3821 return invalidParams 3822 } 3823 return nil 3824} 3825 3826// SetIncludeDeprecated sets the IncludeDeprecated field's value. 3827func (s *ListSecretVersionIdsInput) SetIncludeDeprecated(v bool) *ListSecretVersionIdsInput { 3828 s.IncludeDeprecated = &v 3829 return s 3830} 3831 3832// SetMaxResults sets the MaxResults field's value. 3833func (s *ListSecretVersionIdsInput) SetMaxResults(v int64) *ListSecretVersionIdsInput { 3834 s.MaxResults = &v 3835 return s 3836} 3837 3838// SetNextToken sets the NextToken field's value. 3839func (s *ListSecretVersionIdsInput) SetNextToken(v string) *ListSecretVersionIdsInput { 3840 s.NextToken = &v 3841 return s 3842} 3843 3844// SetSecretId sets the SecretId field's value. 3845func (s *ListSecretVersionIdsInput) SetSecretId(v string) *ListSecretVersionIdsInput { 3846 s.SecretId = &v 3847 return s 3848} 3849 3850type ListSecretVersionIdsOutput struct { 3851 _ struct{} `type:"structure"` 3852 3853 // The Amazon Resource Name (ARN) for the secret. 3854 // 3855 // Secrets Manager automatically adds several random characters to the name 3856 // at the end of the ARN when you initially create a secret. This affects only 3857 // the ARN and not the actual friendly name. This ensures that if you create 3858 // a new secret with the same name as an old secret that you previously deleted, 3859 // then users with access to the old secret don't automatically get access to 3860 // the new secret because the ARNs are different. 3861 ARN *string `min:"20" type:"string"` 3862 3863 // The friendly name of the secret. 3864 Name *string `min:"1" type:"string"` 3865 3866 // If present in the response, this value indicates that there's more output 3867 // available than what's included in the current response. This can occur even 3868 // when the response includes no values at all, such as when you ask for a filtered 3869 // view of a very long list. Use this value in the NextToken request parameter 3870 // in a subsequent call to the operation to continue processing and get the 3871 // next part of the output. You should repeat this until the NextToken response 3872 // element comes back empty (as null). 3873 NextToken *string `min:"1" type:"string"` 3874 3875 // The list of the currently available versions of the specified secret. 3876 Versions []*SecretVersionsListEntry `type:"list"` 3877} 3878 3879// String returns the string representation 3880func (s ListSecretVersionIdsOutput) String() string { 3881 return awsutil.Prettify(s) 3882} 3883 3884// GoString returns the string representation 3885func (s ListSecretVersionIdsOutput) GoString() string { 3886 return s.String() 3887} 3888 3889// SetARN sets the ARN field's value. 3890func (s *ListSecretVersionIdsOutput) SetARN(v string) *ListSecretVersionIdsOutput { 3891 s.ARN = &v 3892 return s 3893} 3894 3895// SetName sets the Name field's value. 3896func (s *ListSecretVersionIdsOutput) SetName(v string) *ListSecretVersionIdsOutput { 3897 s.Name = &v 3898 return s 3899} 3900 3901// SetNextToken sets the NextToken field's value. 3902func (s *ListSecretVersionIdsOutput) SetNextToken(v string) *ListSecretVersionIdsOutput { 3903 s.NextToken = &v 3904 return s 3905} 3906 3907// SetVersions sets the Versions field's value. 3908func (s *ListSecretVersionIdsOutput) SetVersions(v []*SecretVersionsListEntry) *ListSecretVersionIdsOutput { 3909 s.Versions = v 3910 return s 3911} 3912 3913type ListSecretsInput struct { 3914 _ struct{} `type:"structure"` 3915 3916 // (Optional) Limits the number of results that you want to include in the response. 3917 // If you don't include this parameter, it defaults to a value that's specific 3918 // to the operation. If additional items exist beyond the maximum you specify, 3919 // the NextToken response element is present and has a value (isn't null). Include 3920 // that value as the NextToken request parameter in the next call to the operation 3921 // to get the next part of the results. Note that Secrets Manager might return 3922 // fewer results than the maximum even when there are more results available. 3923 // You should check NextToken after every operation to ensure that you receive 3924 // all of the results. 3925 MaxResults *int64 `min:"1" type:"integer"` 3926 3927 // (Optional) Use this parameter in a request if you receive a NextToken response 3928 // in a previous request that indicates that there's more output available. 3929 // In a subsequent call, set it to the value of the previous call's NextToken 3930 // response to indicate where the output should continue from. 3931 NextToken *string `min:"1" type:"string"` 3932} 3933 3934// String returns the string representation 3935func (s ListSecretsInput) String() string { 3936 return awsutil.Prettify(s) 3937} 3938 3939// GoString returns the string representation 3940func (s ListSecretsInput) GoString() string { 3941 return s.String() 3942} 3943 3944// Validate inspects the fields of the type to determine if they are valid. 3945func (s *ListSecretsInput) Validate() error { 3946 invalidParams := request.ErrInvalidParams{Context: "ListSecretsInput"} 3947 if s.MaxResults != nil && *s.MaxResults < 1 { 3948 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 3949 } 3950 if s.NextToken != nil && len(*s.NextToken) < 1 { 3951 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 3952 } 3953 3954 if invalidParams.Len() > 0 { 3955 return invalidParams 3956 } 3957 return nil 3958} 3959 3960// SetMaxResults sets the MaxResults field's value. 3961func (s *ListSecretsInput) SetMaxResults(v int64) *ListSecretsInput { 3962 s.MaxResults = &v 3963 return s 3964} 3965 3966// SetNextToken sets the NextToken field's value. 3967func (s *ListSecretsInput) SetNextToken(v string) *ListSecretsInput { 3968 s.NextToken = &v 3969 return s 3970} 3971 3972type ListSecretsOutput struct { 3973 _ struct{} `type:"structure"` 3974 3975 // If present in the response, this value indicates that there's more output 3976 // available than what's included in the current response. This can occur even 3977 // when the response includes no values at all, such as when you ask for a filtered 3978 // view of a very long list. Use this value in the NextToken request parameter 3979 // in a subsequent call to the operation to continue processing and get the 3980 // next part of the output. You should repeat this until the NextToken response 3981 // element comes back empty (as null). 3982 NextToken *string `min:"1" type:"string"` 3983 3984 // A list of the secrets in the account. 3985 SecretList []*SecretListEntry `type:"list"` 3986} 3987 3988// String returns the string representation 3989func (s ListSecretsOutput) String() string { 3990 return awsutil.Prettify(s) 3991} 3992 3993// GoString returns the string representation 3994func (s ListSecretsOutput) GoString() string { 3995 return s.String() 3996} 3997 3998// SetNextToken sets the NextToken field's value. 3999func (s *ListSecretsOutput) SetNextToken(v string) *ListSecretsOutput { 4000 s.NextToken = &v 4001 return s 4002} 4003 4004// SetSecretList sets the SecretList field's value. 4005func (s *ListSecretsOutput) SetSecretList(v []*SecretListEntry) *ListSecretsOutput { 4006 s.SecretList = v 4007 return s 4008} 4009 4010type PutResourcePolicyInput struct { 4011 _ struct{} `type:"structure"` 4012 4013 // A JSON-formatted string that's constructed according to the grammar and syntax 4014 // for an AWS resource-based policy. The policy in the string identifies who 4015 // can access or manage this secret and its versions. For information on how 4016 // to format a JSON parameter for the various command line tool environments, 4017 // see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 4018 // in the AWS CLI User Guide. 4019 // 4020 // ResourcePolicy is a required field 4021 ResourcePolicy *string `min:"1" type:"string" required:"true"` 4022 4023 // Specifies the secret that you want to attach the resource-based policy to. 4024 // You can specify either the ARN or the friendly name of the secret. 4025 // 4026 // If you specify an ARN, we generally recommend that you specify a complete 4027 // ARN. You can specify a partial ARN too—for example, if you don’t include 4028 // the final hyphen and six random characters that Secrets Manager adds at the 4029 // end of the ARN when you created the secret. A partial ARN match can work 4030 // as long as it uniquely matches only one secret. However, if your secret has 4031 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4032 // adds the hyphen and six characters to the ARN) and you try to use that as 4033 // a partial ARN, then those characters cause Secrets Manager to assume that 4034 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4035 // To avoid this situation, we recommend that you don’t create secret names 4036 // that end with a hyphen followed by six characters. 4037 // 4038 // SecretId is a required field 4039 SecretId *string `min:"1" type:"string" required:"true"` 4040} 4041 4042// String returns the string representation 4043func (s PutResourcePolicyInput) String() string { 4044 return awsutil.Prettify(s) 4045} 4046 4047// GoString returns the string representation 4048func (s PutResourcePolicyInput) GoString() string { 4049 return s.String() 4050} 4051 4052// Validate inspects the fields of the type to determine if they are valid. 4053func (s *PutResourcePolicyInput) Validate() error { 4054 invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"} 4055 if s.ResourcePolicy == nil { 4056 invalidParams.Add(request.NewErrParamRequired("ResourcePolicy")) 4057 } 4058 if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 { 4059 invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1)) 4060 } 4061 if s.SecretId == nil { 4062 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4063 } 4064 if s.SecretId != nil && len(*s.SecretId) < 1 { 4065 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4066 } 4067 4068 if invalidParams.Len() > 0 { 4069 return invalidParams 4070 } 4071 return nil 4072} 4073 4074// SetResourcePolicy sets the ResourcePolicy field's value. 4075func (s *PutResourcePolicyInput) SetResourcePolicy(v string) *PutResourcePolicyInput { 4076 s.ResourcePolicy = &v 4077 return s 4078} 4079 4080// SetSecretId sets the SecretId field's value. 4081func (s *PutResourcePolicyInput) SetSecretId(v string) *PutResourcePolicyInput { 4082 s.SecretId = &v 4083 return s 4084} 4085 4086type PutResourcePolicyOutput struct { 4087 _ struct{} `type:"structure"` 4088 4089 // The ARN of the secret that the resource-based policy was retrieved for. 4090 ARN *string `min:"20" type:"string"` 4091 4092 // The friendly name of the secret that the resource-based policy was retrieved 4093 // for. 4094 Name *string `min:"1" type:"string"` 4095} 4096 4097// String returns the string representation 4098func (s PutResourcePolicyOutput) String() string { 4099 return awsutil.Prettify(s) 4100} 4101 4102// GoString returns the string representation 4103func (s PutResourcePolicyOutput) GoString() string { 4104 return s.String() 4105} 4106 4107// SetARN sets the ARN field's value. 4108func (s *PutResourcePolicyOutput) SetARN(v string) *PutResourcePolicyOutput { 4109 s.ARN = &v 4110 return s 4111} 4112 4113// SetName sets the Name field's value. 4114func (s *PutResourcePolicyOutput) SetName(v string) *PutResourcePolicyOutput { 4115 s.Name = &v 4116 return s 4117} 4118 4119type PutSecretValueInput struct { 4120 _ struct{} `type:"structure"` 4121 4122 // (Optional) Specifies a unique identifier for the new version of the secret. 4123 // 4124 // If you use the AWS CLI or one of the AWS SDK to call this operation, then 4125 // you can leave this parameter empty. The CLI or SDK generates a random UUID 4126 // for you and includes that in the request. If you don't use the SDK and instead 4127 // generate a raw HTTP request to the Secrets Manager service endpoint, then 4128 // you must generate a ClientRequestToken yourself for new versions and include 4129 // that value in the request. 4130 // 4131 // This value helps ensure idempotency. Secrets Manager uses this value to prevent 4132 // the accidental creation of duplicate versions if there are failures and retries 4133 // during the Lambda rotation function's processing. We recommend that you generate 4134 // a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value 4135 // to ensure uniqueness within the specified secret. 4136 // 4137 // * If the ClientRequestToken value isn't already associated with a version 4138 // of the secret then a new version of the secret is created. 4139 // 4140 // * If a version with this value already exists and that version's SecretString 4141 // or SecretBinary values are the same as those in the request then the request 4142 // is ignored (the operation is idempotent). 4143 // 4144 // * If a version with this value already exists and that version's SecretString 4145 // and SecretBinary values are different from those in the request then the 4146 // request fails because you cannot modify an existing secret version. You 4147 // can only create new versions to store new secret values. 4148 // 4149 // This value becomes the VersionId of the new version. 4150 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 4151 4152 // (Optional) Specifies binary data that you want to encrypt and store in the 4153 // new version of the secret. To use this parameter in the command-line tools, 4154 // we recommend that you store your binary data in a file and then use the appropriate 4155 // technique for your tool to pass the contents of the file as a parameter. 4156 // Either SecretBinary or SecretString must have a value, but not both. They 4157 // cannot both be empty. 4158 // 4159 // This parameter is not accessible if the secret using the Secrets Manager 4160 // console. 4161 // 4162 // SecretBinary is automatically base64 encoded/decoded by the SDK. 4163 SecretBinary []byte `type:"blob" sensitive:"true"` 4164 4165 // Specifies the secret to which you want to add a new version. You can specify 4166 // either the Amazon Resource Name (ARN) or the friendly name of the secret. 4167 // The secret must already exist. 4168 // 4169 // If you specify an ARN, we generally recommend that you specify a complete 4170 // ARN. You can specify a partial ARN too—for example, if you don’t include 4171 // the final hyphen and six random characters that Secrets Manager adds at the 4172 // end of the ARN when you created the secret. A partial ARN match can work 4173 // as long as it uniquely matches only one secret. However, if your secret has 4174 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4175 // adds the hyphen and six characters to the ARN) and you try to use that as 4176 // a partial ARN, then those characters cause Secrets Manager to assume that 4177 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4178 // To avoid this situation, we recommend that you don’t create secret names 4179 // that end with a hyphen followed by six characters. 4180 // 4181 // SecretId is a required field 4182 SecretId *string `min:"1" type:"string" required:"true"` 4183 4184 // (Optional) Specifies text data that you want to encrypt and store in this 4185 // new version of the secret. Either SecretString or SecretBinary must have 4186 // a value, but not both. They cannot both be empty. 4187 // 4188 // If you create this secret by using the Secrets Manager console then Secrets 4189 // Manager puts the protected secret text in only the SecretString parameter. 4190 // The Secrets Manager console stores the information as a JSON structure of 4191 // key/value pairs that the default Lambda rotation function knows how to parse. 4192 // 4193 // For storing multiple values, we recommend that you use a JSON text string 4194 // argument and specify key/value pairs. For information on how to format a 4195 // JSON parameter for the various command line tool environments, see Using 4196 // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 4197 // in the AWS CLI User Guide. 4198 // 4199 // For example: 4200 // 4201 // [{"username":"bob"},{"password":"abc123xyz456"}] 4202 // 4203 // If your command-line tool or SDK requires quotation marks around the parameter, 4204 // you should use single quotes to avoid confusion with the double quotes required 4205 // in the JSON text. 4206 SecretString *string `type:"string" sensitive:"true"` 4207 4208 // (Optional) Specifies a list of staging labels that are attached to this version 4209 // of the secret. These staging labels are used to track the versions through 4210 // the rotation process by the Lambda rotation function. 4211 // 4212 // A staging label must be unique to a single version of the secret. If you 4213 // specify a staging label that's already associated with a different version 4214 // of the same secret then that staging label is automatically removed from 4215 // the other version and attached to this version. 4216 // 4217 // If you do not specify a value for VersionStages then Secrets Manager automatically 4218 // moves the staging label AWSCURRENT to this new version. 4219 VersionStages []*string `min:"1" type:"list"` 4220} 4221 4222// String returns the string representation 4223func (s PutSecretValueInput) String() string { 4224 return awsutil.Prettify(s) 4225} 4226 4227// GoString returns the string representation 4228func (s PutSecretValueInput) GoString() string { 4229 return s.String() 4230} 4231 4232// Validate inspects the fields of the type to determine if they are valid. 4233func (s *PutSecretValueInput) Validate() error { 4234 invalidParams := request.ErrInvalidParams{Context: "PutSecretValueInput"} 4235 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 4236 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 4237 } 4238 if s.SecretId == nil { 4239 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4240 } 4241 if s.SecretId != nil && len(*s.SecretId) < 1 { 4242 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4243 } 4244 if s.VersionStages != nil && len(s.VersionStages) < 1 { 4245 invalidParams.Add(request.NewErrParamMinLen("VersionStages", 1)) 4246 } 4247 4248 if invalidParams.Len() > 0 { 4249 return invalidParams 4250 } 4251 return nil 4252} 4253 4254// SetClientRequestToken sets the ClientRequestToken field's value. 4255func (s *PutSecretValueInput) SetClientRequestToken(v string) *PutSecretValueInput { 4256 s.ClientRequestToken = &v 4257 return s 4258} 4259 4260// SetSecretBinary sets the SecretBinary field's value. 4261func (s *PutSecretValueInput) SetSecretBinary(v []byte) *PutSecretValueInput { 4262 s.SecretBinary = v 4263 return s 4264} 4265 4266// SetSecretId sets the SecretId field's value. 4267func (s *PutSecretValueInput) SetSecretId(v string) *PutSecretValueInput { 4268 s.SecretId = &v 4269 return s 4270} 4271 4272// SetSecretString sets the SecretString field's value. 4273func (s *PutSecretValueInput) SetSecretString(v string) *PutSecretValueInput { 4274 s.SecretString = &v 4275 return s 4276} 4277 4278// SetVersionStages sets the VersionStages field's value. 4279func (s *PutSecretValueInput) SetVersionStages(v []*string) *PutSecretValueInput { 4280 s.VersionStages = v 4281 return s 4282} 4283 4284type PutSecretValueOutput struct { 4285 _ struct{} `type:"structure"` 4286 4287 // The Amazon Resource Name (ARN) for the secret for which you just created 4288 // a version. 4289 ARN *string `min:"20" type:"string"` 4290 4291 // The friendly name of the secret for which you just created or updated a version. 4292 Name *string `min:"1" type:"string"` 4293 4294 // The unique identifier of the version of the secret you just created or updated. 4295 VersionId *string `min:"32" type:"string"` 4296 4297 // The list of staging labels that are currently attached to this version of 4298 // the secret. Staging labels are used to track a version as it progresses through 4299 // the secret rotation process. 4300 VersionStages []*string `min:"1" type:"list"` 4301} 4302 4303// String returns the string representation 4304func (s PutSecretValueOutput) String() string { 4305 return awsutil.Prettify(s) 4306} 4307 4308// GoString returns the string representation 4309func (s PutSecretValueOutput) GoString() string { 4310 return s.String() 4311} 4312 4313// SetARN sets the ARN field's value. 4314func (s *PutSecretValueOutput) SetARN(v string) *PutSecretValueOutput { 4315 s.ARN = &v 4316 return s 4317} 4318 4319// SetName sets the Name field's value. 4320func (s *PutSecretValueOutput) SetName(v string) *PutSecretValueOutput { 4321 s.Name = &v 4322 return s 4323} 4324 4325// SetVersionId sets the VersionId field's value. 4326func (s *PutSecretValueOutput) SetVersionId(v string) *PutSecretValueOutput { 4327 s.VersionId = &v 4328 return s 4329} 4330 4331// SetVersionStages sets the VersionStages field's value. 4332func (s *PutSecretValueOutput) SetVersionStages(v []*string) *PutSecretValueOutput { 4333 s.VersionStages = v 4334 return s 4335} 4336 4337type RestoreSecretInput struct { 4338 _ struct{} `type:"structure"` 4339 4340 // Specifies the secret that you want to restore from a previously scheduled 4341 // deletion. You can specify either the Amazon Resource Name (ARN) or the friendly 4342 // name of the secret. 4343 // 4344 // If you specify an ARN, we generally recommend that you specify a complete 4345 // ARN. You can specify a partial ARN too—for example, if you don’t include 4346 // the final hyphen and six random characters that Secrets Manager adds at the 4347 // end of the ARN when you created the secret. A partial ARN match can work 4348 // as long as it uniquely matches only one secret. However, if your secret has 4349 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4350 // adds the hyphen and six characters to the ARN) and you try to use that as 4351 // a partial ARN, then those characters cause Secrets Manager to assume that 4352 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4353 // To avoid this situation, we recommend that you don’t create secret names 4354 // that end with a hyphen followed by six characters. 4355 // 4356 // SecretId is a required field 4357 SecretId *string `min:"1" type:"string" required:"true"` 4358} 4359 4360// String returns the string representation 4361func (s RestoreSecretInput) String() string { 4362 return awsutil.Prettify(s) 4363} 4364 4365// GoString returns the string representation 4366func (s RestoreSecretInput) GoString() string { 4367 return s.String() 4368} 4369 4370// Validate inspects the fields of the type to determine if they are valid. 4371func (s *RestoreSecretInput) Validate() error { 4372 invalidParams := request.ErrInvalidParams{Context: "RestoreSecretInput"} 4373 if s.SecretId == nil { 4374 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4375 } 4376 if s.SecretId != nil && len(*s.SecretId) < 1 { 4377 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4378 } 4379 4380 if invalidParams.Len() > 0 { 4381 return invalidParams 4382 } 4383 return nil 4384} 4385 4386// SetSecretId sets the SecretId field's value. 4387func (s *RestoreSecretInput) SetSecretId(v string) *RestoreSecretInput { 4388 s.SecretId = &v 4389 return s 4390} 4391 4392type RestoreSecretOutput struct { 4393 _ struct{} `type:"structure"` 4394 4395 // The ARN of the secret that was restored. 4396 ARN *string `min:"20" type:"string"` 4397 4398 // The friendly name of the secret that was restored. 4399 Name *string `min:"1" type:"string"` 4400} 4401 4402// String returns the string representation 4403func (s RestoreSecretOutput) String() string { 4404 return awsutil.Prettify(s) 4405} 4406 4407// GoString returns the string representation 4408func (s RestoreSecretOutput) GoString() string { 4409 return s.String() 4410} 4411 4412// SetARN sets the ARN field's value. 4413func (s *RestoreSecretOutput) SetARN(v string) *RestoreSecretOutput { 4414 s.ARN = &v 4415 return s 4416} 4417 4418// SetName sets the Name field's value. 4419func (s *RestoreSecretOutput) SetName(v string) *RestoreSecretOutput { 4420 s.Name = &v 4421 return s 4422} 4423 4424type RotateSecretInput struct { 4425 _ struct{} `type:"structure"` 4426 4427 // (Optional) Specifies a unique identifier for the new version of the secret 4428 // that helps ensure idempotency. 4429 // 4430 // If you use the AWS CLI or one of the AWS SDK to call this operation, then 4431 // you can leave this parameter empty. The CLI or SDK generates a random UUID 4432 // for you and includes that in the request for this parameter. If you don't 4433 // use the SDK and instead generate a raw HTTP request to the Secrets Manager 4434 // service endpoint, then you must generate a ClientRequestToken yourself for 4435 // new versions and include that value in the request. 4436 // 4437 // You only need to specify your own value if you are implementing your own 4438 // retry logic and want to ensure that a given secret is not created twice. 4439 // We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 4440 // value to ensure uniqueness within the specified secret. 4441 // 4442 // Secrets Manager uses this value to prevent the accidental creation of duplicate 4443 // versions if there are failures and retries during the function's processing. 4444 // This value becomes the VersionId of the new version. 4445 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 4446 4447 // (Optional) Specifies the ARN of the Lambda function that can rotate the secret. 4448 RotationLambdaARN *string `type:"string"` 4449 4450 // A structure that defines the rotation configuration for this secret. 4451 RotationRules *RotationRulesType `type:"structure"` 4452 4453 // Specifies the secret that you want to rotate. You can specify either the 4454 // Amazon Resource Name (ARN) or the friendly name of the secret. 4455 // 4456 // If you specify an ARN, we generally recommend that you specify a complete 4457 // ARN. You can specify a partial ARN too—for example, if you don’t include 4458 // the final hyphen and six random characters that Secrets Manager adds at the 4459 // end of the ARN when you created the secret. A partial ARN match can work 4460 // as long as it uniquely matches only one secret. However, if your secret has 4461 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4462 // adds the hyphen and six characters to the ARN) and you try to use that as 4463 // a partial ARN, then those characters cause Secrets Manager to assume that 4464 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4465 // To avoid this situation, we recommend that you don’t create secret names 4466 // that end with a hyphen followed by six characters. 4467 // 4468 // SecretId is a required field 4469 SecretId *string `min:"1" type:"string" required:"true"` 4470} 4471 4472// String returns the string representation 4473func (s RotateSecretInput) String() string { 4474 return awsutil.Prettify(s) 4475} 4476 4477// GoString returns the string representation 4478func (s RotateSecretInput) GoString() string { 4479 return s.String() 4480} 4481 4482// Validate inspects the fields of the type to determine if they are valid. 4483func (s *RotateSecretInput) Validate() error { 4484 invalidParams := request.ErrInvalidParams{Context: "RotateSecretInput"} 4485 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 4486 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 4487 } 4488 if s.SecretId == nil { 4489 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4490 } 4491 if s.SecretId != nil && len(*s.SecretId) < 1 { 4492 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4493 } 4494 if s.RotationRules != nil { 4495 if err := s.RotationRules.Validate(); err != nil { 4496 invalidParams.AddNested("RotationRules", err.(request.ErrInvalidParams)) 4497 } 4498 } 4499 4500 if invalidParams.Len() > 0 { 4501 return invalidParams 4502 } 4503 return nil 4504} 4505 4506// SetClientRequestToken sets the ClientRequestToken field's value. 4507func (s *RotateSecretInput) SetClientRequestToken(v string) *RotateSecretInput { 4508 s.ClientRequestToken = &v 4509 return s 4510} 4511 4512// SetRotationLambdaARN sets the RotationLambdaARN field's value. 4513func (s *RotateSecretInput) SetRotationLambdaARN(v string) *RotateSecretInput { 4514 s.RotationLambdaARN = &v 4515 return s 4516} 4517 4518// SetRotationRules sets the RotationRules field's value. 4519func (s *RotateSecretInput) SetRotationRules(v *RotationRulesType) *RotateSecretInput { 4520 s.RotationRules = v 4521 return s 4522} 4523 4524// SetSecretId sets the SecretId field's value. 4525func (s *RotateSecretInput) SetSecretId(v string) *RotateSecretInput { 4526 s.SecretId = &v 4527 return s 4528} 4529 4530type RotateSecretOutput struct { 4531 _ struct{} `type:"structure"` 4532 4533 // The ARN of the secret. 4534 ARN *string `min:"20" type:"string"` 4535 4536 // The friendly name of the secret. 4537 Name *string `min:"1" type:"string"` 4538 4539 // The ID of the new version of the secret created by the rotation started by 4540 // this request. 4541 VersionId *string `min:"32" type:"string"` 4542} 4543 4544// String returns the string representation 4545func (s RotateSecretOutput) String() string { 4546 return awsutil.Prettify(s) 4547} 4548 4549// GoString returns the string representation 4550func (s RotateSecretOutput) GoString() string { 4551 return s.String() 4552} 4553 4554// SetARN sets the ARN field's value. 4555func (s *RotateSecretOutput) SetARN(v string) *RotateSecretOutput { 4556 s.ARN = &v 4557 return s 4558} 4559 4560// SetName sets the Name field's value. 4561func (s *RotateSecretOutput) SetName(v string) *RotateSecretOutput { 4562 s.Name = &v 4563 return s 4564} 4565 4566// SetVersionId sets the VersionId field's value. 4567func (s *RotateSecretOutput) SetVersionId(v string) *RotateSecretOutput { 4568 s.VersionId = &v 4569 return s 4570} 4571 4572// A structure that defines the rotation configuration for the secret. 4573type RotationRulesType struct { 4574 _ struct{} `type:"structure"` 4575 4576 // Specifies the number of days between automatic scheduled rotations of the 4577 // secret. 4578 // 4579 // Secrets Manager schedules the next rotation when the previous one is complete. 4580 // Secrets Manager schedules the date by adding the rotation interval (number 4581 // of days) to the actual date of the last rotation. The service chooses the 4582 // hour within that 24-hour date window randomly. The minute is also chosen 4583 // somewhat randomly, but weighted towards the top of the hour and influenced 4584 // by a variety of factors that help distribute load. 4585 AutomaticallyAfterDays *int64 `min:"1" type:"long"` 4586} 4587 4588// String returns the string representation 4589func (s RotationRulesType) String() string { 4590 return awsutil.Prettify(s) 4591} 4592 4593// GoString returns the string representation 4594func (s RotationRulesType) GoString() string { 4595 return s.String() 4596} 4597 4598// Validate inspects the fields of the type to determine if they are valid. 4599func (s *RotationRulesType) Validate() error { 4600 invalidParams := request.ErrInvalidParams{Context: "RotationRulesType"} 4601 if s.AutomaticallyAfterDays != nil && *s.AutomaticallyAfterDays < 1 { 4602 invalidParams.Add(request.NewErrParamMinValue("AutomaticallyAfterDays", 1)) 4603 } 4604 4605 if invalidParams.Len() > 0 { 4606 return invalidParams 4607 } 4608 return nil 4609} 4610 4611// SetAutomaticallyAfterDays sets the AutomaticallyAfterDays field's value. 4612func (s *RotationRulesType) SetAutomaticallyAfterDays(v int64) *RotationRulesType { 4613 s.AutomaticallyAfterDays = &v 4614 return s 4615} 4616 4617// A structure that contains the details about a secret. It does not include 4618// the encrypted SecretString and SecretBinary values. To get those values, 4619// use the GetSecretValue operation. 4620type SecretListEntry struct { 4621 _ struct{} `type:"structure"` 4622 4623 // The Amazon Resource Name (ARN) of the secret. 4624 // 4625 // For more information about ARNs in Secrets Manager, see Policy Resources 4626 // (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources) 4627 // in the AWS Secrets Manager User Guide. 4628 ARN *string `min:"20" type:"string"` 4629 4630 // The date and time on which this secret was deleted. Not present on active 4631 // secrets. The secret can be recovered until the number of days in the recovery 4632 // window has passed, as specified in the RecoveryWindowInDays parameter of 4633 // the DeleteSecret operation. 4634 DeletedDate *time.Time `type:"timestamp"` 4635 4636 // The user-provided description of the secret. 4637 Description *string `type:"string"` 4638 4639 // The ARN or alias of the AWS KMS customer master key (CMK) that's used to 4640 // encrypt the SecretString and SecretBinary fields in each version of the secret. 4641 // If you don't provide a key, then Secrets Manager defaults to encrypting the 4642 // secret fields with the default KMS CMK (the one named awssecretsmanager) 4643 // for this account. 4644 KmsKeyId *string `type:"string"` 4645 4646 // The last date that this secret was accessed. This value is truncated to midnight 4647 // of the date and therefore shows only the date, not the time. 4648 LastAccessedDate *time.Time `type:"timestamp"` 4649 4650 // The last date and time that this secret was modified in any way. 4651 LastChangedDate *time.Time `type:"timestamp"` 4652 4653 // The last date and time that the rotation process for this secret was invoked. 4654 LastRotatedDate *time.Time `type:"timestamp"` 4655 4656 // The friendly name of the secret. You can use forward slashes in the name 4657 // to represent a path hierarchy. For example, /prod/databases/dbserver1 could 4658 // represent the secret for a server named dbserver1 in the folder databases 4659 // in the folder prod. 4660 Name *string `min:"1" type:"string"` 4661 4662 OwningService *string `min:"1" type:"string"` 4663 4664 // Indicated whether automatic, scheduled rotation is enabled for this secret. 4665 RotationEnabled *bool `type:"boolean"` 4666 4667 // The ARN of an AWS Lambda function that's invoked by Secrets Manager to rotate 4668 // and expire the secret either automatically per the schedule or manually by 4669 // a call to RotateSecret. 4670 RotationLambdaARN *string `type:"string"` 4671 4672 // A structure that defines the rotation configuration for the secret. 4673 RotationRules *RotationRulesType `type:"structure"` 4674 4675 // A list of all of the currently assigned SecretVersionStage staging labels 4676 // and the SecretVersionId that each is attached to. Staging labels are used 4677 // to keep track of the different versions during the rotation process. 4678 // 4679 // A version that does not have any SecretVersionStage is considered deprecated 4680 // and subject to deletion. Such versions are not included in this list. 4681 SecretVersionsToStages map[string][]*string `type:"map"` 4682 4683 // The list of user-defined tags that are associated with the secret. To add 4684 // tags to a secret, use TagResource. To remove tags, use UntagResource. 4685 Tags []*Tag `type:"list"` 4686} 4687 4688// String returns the string representation 4689func (s SecretListEntry) String() string { 4690 return awsutil.Prettify(s) 4691} 4692 4693// GoString returns the string representation 4694func (s SecretListEntry) GoString() string { 4695 return s.String() 4696} 4697 4698// SetARN sets the ARN field's value. 4699func (s *SecretListEntry) SetARN(v string) *SecretListEntry { 4700 s.ARN = &v 4701 return s 4702} 4703 4704// SetDeletedDate sets the DeletedDate field's value. 4705func (s *SecretListEntry) SetDeletedDate(v time.Time) *SecretListEntry { 4706 s.DeletedDate = &v 4707 return s 4708} 4709 4710// SetDescription sets the Description field's value. 4711func (s *SecretListEntry) SetDescription(v string) *SecretListEntry { 4712 s.Description = &v 4713 return s 4714} 4715 4716// SetKmsKeyId sets the KmsKeyId field's value. 4717func (s *SecretListEntry) SetKmsKeyId(v string) *SecretListEntry { 4718 s.KmsKeyId = &v 4719 return s 4720} 4721 4722// SetLastAccessedDate sets the LastAccessedDate field's value. 4723func (s *SecretListEntry) SetLastAccessedDate(v time.Time) *SecretListEntry { 4724 s.LastAccessedDate = &v 4725 return s 4726} 4727 4728// SetLastChangedDate sets the LastChangedDate field's value. 4729func (s *SecretListEntry) SetLastChangedDate(v time.Time) *SecretListEntry { 4730 s.LastChangedDate = &v 4731 return s 4732} 4733 4734// SetLastRotatedDate sets the LastRotatedDate field's value. 4735func (s *SecretListEntry) SetLastRotatedDate(v time.Time) *SecretListEntry { 4736 s.LastRotatedDate = &v 4737 return s 4738} 4739 4740// SetName sets the Name field's value. 4741func (s *SecretListEntry) SetName(v string) *SecretListEntry { 4742 s.Name = &v 4743 return s 4744} 4745 4746// SetOwningService sets the OwningService field's value. 4747func (s *SecretListEntry) SetOwningService(v string) *SecretListEntry { 4748 s.OwningService = &v 4749 return s 4750} 4751 4752// SetRotationEnabled sets the RotationEnabled field's value. 4753func (s *SecretListEntry) SetRotationEnabled(v bool) *SecretListEntry { 4754 s.RotationEnabled = &v 4755 return s 4756} 4757 4758// SetRotationLambdaARN sets the RotationLambdaARN field's value. 4759func (s *SecretListEntry) SetRotationLambdaARN(v string) *SecretListEntry { 4760 s.RotationLambdaARN = &v 4761 return s 4762} 4763 4764// SetRotationRules sets the RotationRules field's value. 4765func (s *SecretListEntry) SetRotationRules(v *RotationRulesType) *SecretListEntry { 4766 s.RotationRules = v 4767 return s 4768} 4769 4770// SetSecretVersionsToStages sets the SecretVersionsToStages field's value. 4771func (s *SecretListEntry) SetSecretVersionsToStages(v map[string][]*string) *SecretListEntry { 4772 s.SecretVersionsToStages = v 4773 return s 4774} 4775 4776// SetTags sets the Tags field's value. 4777func (s *SecretListEntry) SetTags(v []*Tag) *SecretListEntry { 4778 s.Tags = v 4779 return s 4780} 4781 4782// A structure that contains information about one version of a secret. 4783type SecretVersionsListEntry struct { 4784 _ struct{} `type:"structure"` 4785 4786 // The date and time this version of the secret was created. 4787 CreatedDate *time.Time `type:"timestamp"` 4788 4789 // The date that this version of the secret was last accessed. Note that the 4790 // resolution of this field is at the date level and does not include the time. 4791 LastAccessedDate *time.Time `type:"timestamp"` 4792 4793 // The unique version identifier of this version of the secret. 4794 VersionId *string `min:"32" type:"string"` 4795 4796 // An array of staging labels that are currently associated with this version 4797 // of the secret. 4798 VersionStages []*string `min:"1" type:"list"` 4799} 4800 4801// String returns the string representation 4802func (s SecretVersionsListEntry) String() string { 4803 return awsutil.Prettify(s) 4804} 4805 4806// GoString returns the string representation 4807func (s SecretVersionsListEntry) GoString() string { 4808 return s.String() 4809} 4810 4811// SetCreatedDate sets the CreatedDate field's value. 4812func (s *SecretVersionsListEntry) SetCreatedDate(v time.Time) *SecretVersionsListEntry { 4813 s.CreatedDate = &v 4814 return s 4815} 4816 4817// SetLastAccessedDate sets the LastAccessedDate field's value. 4818func (s *SecretVersionsListEntry) SetLastAccessedDate(v time.Time) *SecretVersionsListEntry { 4819 s.LastAccessedDate = &v 4820 return s 4821} 4822 4823// SetVersionId sets the VersionId field's value. 4824func (s *SecretVersionsListEntry) SetVersionId(v string) *SecretVersionsListEntry { 4825 s.VersionId = &v 4826 return s 4827} 4828 4829// SetVersionStages sets the VersionStages field's value. 4830func (s *SecretVersionsListEntry) SetVersionStages(v []*string) *SecretVersionsListEntry { 4831 s.VersionStages = v 4832 return s 4833} 4834 4835// A structure that contains information about a tag. 4836type Tag struct { 4837 _ struct{} `type:"structure"` 4838 4839 // The key identifier, or name, of the tag. 4840 Key *string `min:"1" type:"string"` 4841 4842 // The string value that's associated with the key of the tag. 4843 Value *string `type:"string"` 4844} 4845 4846// String returns the string representation 4847func (s Tag) String() string { 4848 return awsutil.Prettify(s) 4849} 4850 4851// GoString returns the string representation 4852func (s Tag) GoString() string { 4853 return s.String() 4854} 4855 4856// Validate inspects the fields of the type to determine if they are valid. 4857func (s *Tag) Validate() error { 4858 invalidParams := request.ErrInvalidParams{Context: "Tag"} 4859 if s.Key != nil && len(*s.Key) < 1 { 4860 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 4861 } 4862 4863 if invalidParams.Len() > 0 { 4864 return invalidParams 4865 } 4866 return nil 4867} 4868 4869// SetKey sets the Key field's value. 4870func (s *Tag) SetKey(v string) *Tag { 4871 s.Key = &v 4872 return s 4873} 4874 4875// SetValue sets the Value field's value. 4876func (s *Tag) SetValue(v string) *Tag { 4877 s.Value = &v 4878 return s 4879} 4880 4881type TagResourceInput struct { 4882 _ struct{} `type:"structure"` 4883 4884 // The identifier for the secret that you want to attach tags to. You can specify 4885 // either the Amazon Resource Name (ARN) or the friendly name of the secret. 4886 // 4887 // If you specify an ARN, we generally recommend that you specify a complete 4888 // ARN. You can specify a partial ARN too—for example, if you don’t include 4889 // the final hyphen and six random characters that Secrets Manager adds at the 4890 // end of the ARN when you created the secret. A partial ARN match can work 4891 // as long as it uniquely matches only one secret. However, if your secret has 4892 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4893 // adds the hyphen and six characters to the ARN) and you try to use that as 4894 // a partial ARN, then those characters cause Secrets Manager to assume that 4895 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4896 // To avoid this situation, we recommend that you don’t create secret names 4897 // that end with a hyphen followed by six characters. 4898 // 4899 // SecretId is a required field 4900 SecretId *string `min:"1" type:"string" required:"true"` 4901 4902 // The tags to attach to the secret. Each element in the list consists of a 4903 // Key and a Value. 4904 // 4905 // This parameter to the API requires a JSON text string argument. For information 4906 // on how to format a JSON parameter for the various command line tool environments, 4907 // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 4908 // in the AWS CLI User Guide. For the AWS CLI, you can also use the syntax: 4909 // --Tags Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…] 4910 // 4911 // Tags is a required field 4912 Tags []*Tag `type:"list" required:"true"` 4913} 4914 4915// String returns the string representation 4916func (s TagResourceInput) String() string { 4917 return awsutil.Prettify(s) 4918} 4919 4920// GoString returns the string representation 4921func (s TagResourceInput) GoString() string { 4922 return s.String() 4923} 4924 4925// Validate inspects the fields of the type to determine if they are valid. 4926func (s *TagResourceInput) Validate() error { 4927 invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} 4928 if s.SecretId == nil { 4929 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4930 } 4931 if s.SecretId != nil && len(*s.SecretId) < 1 { 4932 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4933 } 4934 if s.Tags == nil { 4935 invalidParams.Add(request.NewErrParamRequired("Tags")) 4936 } 4937 if s.Tags != nil { 4938 for i, v := range s.Tags { 4939 if v == nil { 4940 continue 4941 } 4942 if err := v.Validate(); err != nil { 4943 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 4944 } 4945 } 4946 } 4947 4948 if invalidParams.Len() > 0 { 4949 return invalidParams 4950 } 4951 return nil 4952} 4953 4954// SetSecretId sets the SecretId field's value. 4955func (s *TagResourceInput) SetSecretId(v string) *TagResourceInput { 4956 s.SecretId = &v 4957 return s 4958} 4959 4960// SetTags sets the Tags field's value. 4961func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { 4962 s.Tags = v 4963 return s 4964} 4965 4966type TagResourceOutput struct { 4967 _ struct{} `type:"structure"` 4968} 4969 4970// String returns the string representation 4971func (s TagResourceOutput) String() string { 4972 return awsutil.Prettify(s) 4973} 4974 4975// GoString returns the string representation 4976func (s TagResourceOutput) GoString() string { 4977 return s.String() 4978} 4979 4980type UntagResourceInput struct { 4981 _ struct{} `type:"structure"` 4982 4983 // The identifier for the secret that you want to remove tags from. You can 4984 // specify either the Amazon Resource Name (ARN) or the friendly name of the 4985 // secret. 4986 // 4987 // If you specify an ARN, we generally recommend that you specify a complete 4988 // ARN. You can specify a partial ARN too—for example, if you don’t include 4989 // the final hyphen and six random characters that Secrets Manager adds at the 4990 // end of the ARN when you created the secret. A partial ARN match can work 4991 // as long as it uniquely matches only one secret. However, if your secret has 4992 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4993 // adds the hyphen and six characters to the ARN) and you try to use that as 4994 // a partial ARN, then those characters cause Secrets Manager to assume that 4995 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4996 // To avoid this situation, we recommend that you don’t create secret names 4997 // that end with a hyphen followed by six characters. 4998 // 4999 // SecretId is a required field 5000 SecretId *string `min:"1" type:"string" required:"true"` 5001 5002 // A list of tag key names to remove from the secret. You don't specify the 5003 // value. Both the key and its associated value are removed. 5004 // 5005 // This parameter to the API requires a JSON text string argument. For information 5006 // on how to format a JSON parameter for the various command line tool environments, 5007 // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 5008 // in the AWS CLI User Guide. 5009 // 5010 // TagKeys is a required field 5011 TagKeys []*string `type:"list" required:"true"` 5012} 5013 5014// String returns the string representation 5015func (s UntagResourceInput) String() string { 5016 return awsutil.Prettify(s) 5017} 5018 5019// GoString returns the string representation 5020func (s UntagResourceInput) GoString() string { 5021 return s.String() 5022} 5023 5024// Validate inspects the fields of the type to determine if they are valid. 5025func (s *UntagResourceInput) Validate() error { 5026 invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} 5027 if s.SecretId == nil { 5028 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5029 } 5030 if s.SecretId != nil && len(*s.SecretId) < 1 { 5031 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5032 } 5033 if s.TagKeys == nil { 5034 invalidParams.Add(request.NewErrParamRequired("TagKeys")) 5035 } 5036 5037 if invalidParams.Len() > 0 { 5038 return invalidParams 5039 } 5040 return nil 5041} 5042 5043// SetSecretId sets the SecretId field's value. 5044func (s *UntagResourceInput) SetSecretId(v string) *UntagResourceInput { 5045 s.SecretId = &v 5046 return s 5047} 5048 5049// SetTagKeys sets the TagKeys field's value. 5050func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { 5051 s.TagKeys = v 5052 return s 5053} 5054 5055type UntagResourceOutput struct { 5056 _ struct{} `type:"structure"` 5057} 5058 5059// String returns the string representation 5060func (s UntagResourceOutput) String() string { 5061 return awsutil.Prettify(s) 5062} 5063 5064// GoString returns the string representation 5065func (s UntagResourceOutput) GoString() string { 5066 return s.String() 5067} 5068 5069type UpdateSecretInput struct { 5070 _ struct{} `type:"structure"` 5071 5072 // (Optional) If you want to add a new version to the secret, this parameter 5073 // specifies a unique identifier for the new version that helps ensure idempotency. 5074 // 5075 // If you use the AWS CLI or one of the AWS SDK to call this operation, then 5076 // you can leave this parameter empty. The CLI or SDK generates a random UUID 5077 // for you and includes that in the request. If you don't use the SDK and instead 5078 // generate a raw HTTP request to the Secrets Manager service endpoint, then 5079 // you must generate a ClientRequestToken yourself for new versions and include 5080 // that value in the request. 5081 // 5082 // You typically only need to interact with this value if you implement your 5083 // own retry logic and want to ensure that a given secret is not created twice. 5084 // We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 5085 // value to ensure uniqueness within the specified secret. 5086 // 5087 // Secrets Manager uses this value to prevent the accidental creation of duplicate 5088 // versions if there are failures and retries during the Lambda rotation function's 5089 // processing. 5090 // 5091 // * If the ClientRequestToken value isn't already associated with a version 5092 // of the secret then a new version of the secret is created. 5093 // 5094 // * If a version with this value already exists and that version's SecretString 5095 // and SecretBinary values are the same as those in the request then the 5096 // request is ignored (the operation is idempotent). 5097 // 5098 // * If a version with this value already exists and that version's SecretString 5099 // and SecretBinary values are different from the request then an error occurs 5100 // because you cannot modify an existing secret value. 5101 // 5102 // This value becomes the VersionId of the new version. 5103 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 5104 5105 // (Optional) Specifies an updated user-provided description of the secret. 5106 Description *string `type:"string"` 5107 5108 // (Optional) Specifies an updated ARN or alias of the AWS KMS customer master 5109 // key (CMK) to be used to encrypt the protected text in new versions of this 5110 // secret. 5111 // 5112 // You can only use the account's default CMK to encrypt and decrypt if you 5113 // call this operation using credentials from the same account that owns the 5114 // secret. If the secret is in a different account, then you must create a custom 5115 // CMK and provide the ARN of that CMK in this field. The user making the call 5116 // must have permissions to both the secret and the CMK in their respective 5117 // accounts. 5118 KmsKeyId *string `type:"string"` 5119 5120 // (Optional) Specifies updated binary data that you want to encrypt and store 5121 // in the new version of the secret. To use this parameter in the command-line 5122 // tools, we recommend that you store your binary data in a file and then use 5123 // the appropriate technique for your tool to pass the contents of the file 5124 // as a parameter. Either SecretBinary or SecretString must have a value, but 5125 // not both. They cannot both be empty. 5126 // 5127 // This parameter is not accessible using the Secrets Manager console. 5128 // 5129 // SecretBinary is automatically base64 encoded/decoded by the SDK. 5130 SecretBinary []byte `type:"blob" sensitive:"true"` 5131 5132 // Specifies the secret that you want to modify or to which you want to add 5133 // a new version. You can specify either the Amazon Resource Name (ARN) or the 5134 // friendly name of the secret. 5135 // 5136 // If you specify an ARN, we generally recommend that you specify a complete 5137 // ARN. You can specify a partial ARN too—for example, if you don’t include 5138 // the final hyphen and six random characters that Secrets Manager adds at the 5139 // end of the ARN when you created the secret. A partial ARN match can work 5140 // as long as it uniquely matches only one secret. However, if your secret has 5141 // a name that ends in a hyphen followed by six characters (before Secrets Manager 5142 // adds the hyphen and six characters to the ARN) and you try to use that as 5143 // a partial ARN, then those characters cause Secrets Manager to assume that 5144 // you’re specifying a complete ARN. This confusion can cause unexpected results. 5145 // To avoid this situation, we recommend that you don’t create secret names 5146 // that end with a hyphen followed by six characters. 5147 // 5148 // SecretId is a required field 5149 SecretId *string `min:"1" type:"string" required:"true"` 5150 5151 // (Optional) Specifies updated text data that you want to encrypt and store 5152 // in this new version of the secret. Either SecretBinary or SecretString must 5153 // have a value, but not both. They cannot both be empty. 5154 // 5155 // If you create this secret by using the Secrets Manager console then Secrets 5156 // Manager puts the protected secret text in only the SecretString parameter. 5157 // The Secrets Manager console stores the information as a JSON structure of 5158 // key/value pairs that the default Lambda rotation function knows how to parse. 5159 // 5160 // For storing multiple values, we recommend that you use a JSON text string 5161 // argument and specify key/value pairs. For information on how to format a 5162 // JSON parameter for the various command line tool environments, see Using 5163 // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 5164 // in the AWS CLI User Guide. For example: 5165 // 5166 // [{"username":"bob"},{"password":"abc123xyz456"}] 5167 // 5168 // If your command-line tool or SDK requires quotation marks around the parameter, 5169 // you should use single quotes to avoid confusion with the double quotes required 5170 // in the JSON text. You can also 'escape' the double quote character in the 5171 // embedded JSON text by prefacing each with a backslash. For example, the following 5172 // string is surrounded by double-quotes. All of the embedded double quotes 5173 // are escaped: 5174 // 5175 // "[{\"username\":\"bob\"},{\"password\":\"abc123xyz456\"}]" 5176 SecretString *string `type:"string" sensitive:"true"` 5177} 5178 5179// String returns the string representation 5180func (s UpdateSecretInput) String() string { 5181 return awsutil.Prettify(s) 5182} 5183 5184// GoString returns the string representation 5185func (s UpdateSecretInput) GoString() string { 5186 return s.String() 5187} 5188 5189// Validate inspects the fields of the type to determine if they are valid. 5190func (s *UpdateSecretInput) Validate() error { 5191 invalidParams := request.ErrInvalidParams{Context: "UpdateSecretInput"} 5192 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 5193 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 5194 } 5195 if s.SecretId == nil { 5196 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5197 } 5198 if s.SecretId != nil && len(*s.SecretId) < 1 { 5199 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5200 } 5201 5202 if invalidParams.Len() > 0 { 5203 return invalidParams 5204 } 5205 return nil 5206} 5207 5208// SetClientRequestToken sets the ClientRequestToken field's value. 5209func (s *UpdateSecretInput) SetClientRequestToken(v string) *UpdateSecretInput { 5210 s.ClientRequestToken = &v 5211 return s 5212} 5213 5214// SetDescription sets the Description field's value. 5215func (s *UpdateSecretInput) SetDescription(v string) *UpdateSecretInput { 5216 s.Description = &v 5217 return s 5218} 5219 5220// SetKmsKeyId sets the KmsKeyId field's value. 5221func (s *UpdateSecretInput) SetKmsKeyId(v string) *UpdateSecretInput { 5222 s.KmsKeyId = &v 5223 return s 5224} 5225 5226// SetSecretBinary sets the SecretBinary field's value. 5227func (s *UpdateSecretInput) SetSecretBinary(v []byte) *UpdateSecretInput { 5228 s.SecretBinary = v 5229 return s 5230} 5231 5232// SetSecretId sets the SecretId field's value. 5233func (s *UpdateSecretInput) SetSecretId(v string) *UpdateSecretInput { 5234 s.SecretId = &v 5235 return s 5236} 5237 5238// SetSecretString sets the SecretString field's value. 5239func (s *UpdateSecretInput) SetSecretString(v string) *UpdateSecretInput { 5240 s.SecretString = &v 5241 return s 5242} 5243 5244type UpdateSecretOutput struct { 5245 _ struct{} `type:"structure"` 5246 5247 // The ARN of the secret that was updated. 5248 // 5249 // Secrets Manager automatically adds several random characters to the name 5250 // at the end of the ARN when you initially create a secret. This affects only 5251 // the ARN and not the actual friendly name. This ensures that if you create 5252 // a new secret with the same name as an old secret that you previously deleted, 5253 // then users with access to the old secret don't automatically get access to 5254 // the new secret because the ARNs are different. 5255 ARN *string `min:"20" type:"string"` 5256 5257 // The friendly name of the secret that was updated. 5258 Name *string `min:"1" type:"string"` 5259 5260 // If a new version of the secret was created by this operation, then VersionId 5261 // contains the unique identifier of the new version. 5262 VersionId *string `min:"32" type:"string"` 5263} 5264 5265// String returns the string representation 5266func (s UpdateSecretOutput) String() string { 5267 return awsutil.Prettify(s) 5268} 5269 5270// GoString returns the string representation 5271func (s UpdateSecretOutput) GoString() string { 5272 return s.String() 5273} 5274 5275// SetARN sets the ARN field's value. 5276func (s *UpdateSecretOutput) SetARN(v string) *UpdateSecretOutput { 5277 s.ARN = &v 5278 return s 5279} 5280 5281// SetName sets the Name field's value. 5282func (s *UpdateSecretOutput) SetName(v string) *UpdateSecretOutput { 5283 s.Name = &v 5284 return s 5285} 5286 5287// SetVersionId sets the VersionId field's value. 5288func (s *UpdateSecretOutput) SetVersionId(v string) *UpdateSecretOutput { 5289 s.VersionId = &v 5290 return s 5291} 5292 5293type UpdateSecretVersionStageInput struct { 5294 _ struct{} `type:"structure"` 5295 5296 // (Optional) The secret version ID that you want to add the staging label to. 5297 // If you want to remove a label from a version, then do not specify this parameter. 5298 // 5299 // If the staging label is already attached to a different version of the secret, 5300 // then you must also specify the RemoveFromVersionId parameter. 5301 MoveToVersionId *string `min:"32" type:"string"` 5302 5303 // Specifies the secret version ID of the version that the staging label is 5304 // to be removed from. If the staging label you are trying to attach to one 5305 // version is already attached to a different version, then you must include 5306 // this parameter and specify the version that the label is to be removed from. 5307 // If the label is attached and you either do not specify this parameter, or 5308 // the version ID does not match, then the operation fails. 5309 RemoveFromVersionId *string `min:"32" type:"string"` 5310 5311 // Specifies the secret with the version whose list of staging labels you want 5312 // to modify. You can specify either the Amazon Resource Name (ARN) or the friendly 5313 // name of the secret. 5314 // 5315 // If you specify an ARN, we generally recommend that you specify a complete 5316 // ARN. You can specify a partial ARN too—for example, if you don’t include 5317 // the final hyphen and six random characters that Secrets Manager adds at the 5318 // end of the ARN when you created the secret. A partial ARN match can work 5319 // as long as it uniquely matches only one secret. However, if your secret has 5320 // a name that ends in a hyphen followed by six characters (before Secrets Manager 5321 // adds the hyphen and six characters to the ARN) and you try to use that as 5322 // a partial ARN, then those characters cause Secrets Manager to assume that 5323 // you’re specifying a complete ARN. This confusion can cause unexpected results. 5324 // To avoid this situation, we recommend that you don’t create secret names 5325 // that end with a hyphen followed by six characters. 5326 // 5327 // SecretId is a required field 5328 SecretId *string `min:"1" type:"string" required:"true"` 5329 5330 // The staging label to add to this version. 5331 // 5332 // VersionStage is a required field 5333 VersionStage *string `min:"1" type:"string" required:"true"` 5334} 5335 5336// String returns the string representation 5337func (s UpdateSecretVersionStageInput) String() string { 5338 return awsutil.Prettify(s) 5339} 5340 5341// GoString returns the string representation 5342func (s UpdateSecretVersionStageInput) GoString() string { 5343 return s.String() 5344} 5345 5346// Validate inspects the fields of the type to determine if they are valid. 5347func (s *UpdateSecretVersionStageInput) Validate() error { 5348 invalidParams := request.ErrInvalidParams{Context: "UpdateSecretVersionStageInput"} 5349 if s.MoveToVersionId != nil && len(*s.MoveToVersionId) < 32 { 5350 invalidParams.Add(request.NewErrParamMinLen("MoveToVersionId", 32)) 5351 } 5352 if s.RemoveFromVersionId != nil && len(*s.RemoveFromVersionId) < 32 { 5353 invalidParams.Add(request.NewErrParamMinLen("RemoveFromVersionId", 32)) 5354 } 5355 if s.SecretId == nil { 5356 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5357 } 5358 if s.SecretId != nil && len(*s.SecretId) < 1 { 5359 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5360 } 5361 if s.VersionStage == nil { 5362 invalidParams.Add(request.NewErrParamRequired("VersionStage")) 5363 } 5364 if s.VersionStage != nil && len(*s.VersionStage) < 1 { 5365 invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) 5366 } 5367 5368 if invalidParams.Len() > 0 { 5369 return invalidParams 5370 } 5371 return nil 5372} 5373 5374// SetMoveToVersionId sets the MoveToVersionId field's value. 5375func (s *UpdateSecretVersionStageInput) SetMoveToVersionId(v string) *UpdateSecretVersionStageInput { 5376 s.MoveToVersionId = &v 5377 return s 5378} 5379 5380// SetRemoveFromVersionId sets the RemoveFromVersionId field's value. 5381func (s *UpdateSecretVersionStageInput) SetRemoveFromVersionId(v string) *UpdateSecretVersionStageInput { 5382 s.RemoveFromVersionId = &v 5383 return s 5384} 5385 5386// SetSecretId sets the SecretId field's value. 5387func (s *UpdateSecretVersionStageInput) SetSecretId(v string) *UpdateSecretVersionStageInput { 5388 s.SecretId = &v 5389 return s 5390} 5391 5392// SetVersionStage sets the VersionStage field's value. 5393func (s *UpdateSecretVersionStageInput) SetVersionStage(v string) *UpdateSecretVersionStageInput { 5394 s.VersionStage = &v 5395 return s 5396} 5397 5398type UpdateSecretVersionStageOutput struct { 5399 _ struct{} `type:"structure"` 5400 5401 // The ARN of the secret with the staging label that was modified. 5402 ARN *string `min:"20" type:"string"` 5403 5404 // The friendly name of the secret with the staging label that was modified. 5405 Name *string `min:"1" type:"string"` 5406} 5407 5408// String returns the string representation 5409func (s UpdateSecretVersionStageOutput) String() string { 5410 return awsutil.Prettify(s) 5411} 5412 5413// GoString returns the string representation 5414func (s UpdateSecretVersionStageOutput) GoString() string { 5415 return s.String() 5416} 5417 5418// SetARN sets the ARN field's value. 5419func (s *UpdateSecretVersionStageOutput) SetARN(v string) *UpdateSecretVersionStageOutput { 5420 s.ARN = &v 5421 return s 5422} 5423 5424// SetName sets the Name field's value. 5425func (s *UpdateSecretVersionStageOutput) SetName(v string) *UpdateSecretVersionStageOutput { 5426 s.Name = &v 5427 return s 5428} 5429