1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package secretsmanager 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/smithy-go/middleware" 10 smithyhttp "github.com/aws/smithy-go/transport/http" 11 "time" 12) 13 14// Retrieves the contents of the encrypted fields SecretString or SecretBinary from 15// the specified version of a secret, whichever contains content. Minimum 16// permissions To run this command, you must have the following permissions: 17// 18// * 19// secretsmanager:GetSecretValue 20// 21// * kms:Decrypt - required only if you use a 22// customer-managed Amazon Web Services KMS key to encrypt the secret. You do not 23// need this permission to use the account's default Amazon Web Services managed 24// CMK for Secrets Manager. 25// 26// Related operations 27// 28// * To create a new version of the 29// secret with different encrypted information, use PutSecretValue. 30// 31// * To retrieve 32// the non-encrypted details for the secret, use DescribeSecret. 33func (c *Client) GetSecretValue(ctx context.Context, params *GetSecretValueInput, optFns ...func(*Options)) (*GetSecretValueOutput, error) { 34 if params == nil { 35 params = &GetSecretValueInput{} 36 } 37 38 result, metadata, err := c.invokeOperation(ctx, "GetSecretValue", params, optFns, c.addOperationGetSecretValueMiddlewares) 39 if err != nil { 40 return nil, err 41 } 42 43 out := result.(*GetSecretValueOutput) 44 out.ResultMetadata = metadata 45 return out, nil 46} 47 48type GetSecretValueInput struct { 49 50 // Specifies the secret containing the version that you want to retrieve. You can 51 // specify either the Amazon Resource Name (ARN) or the friendly name of the 52 // secret. If you specify an ARN, we generally recommend that you specify a 53 // complete ARN. You can specify a partial ARN too—for example, if you don’t 54 // include the final hyphen and six random characters that Secrets Manager adds at 55 // the end of the ARN when you created the secret. A partial ARN match can work as 56 // long as it uniquely matches only one secret. However, if your secret has a name 57 // that ends in a hyphen followed by six characters (before Secrets Manager adds 58 // the hyphen and six characters to the ARN) and you try to use that as a partial 59 // ARN, then those characters cause Secrets Manager to assume that you’re 60 // specifying a complete ARN. This confusion can cause unexpected results. To avoid 61 // this situation, we recommend that you don’t create secret names ending with a 62 // hyphen followed by six characters. If you specify an incomplete ARN without the 63 // random suffix, and instead provide the 'friendly name', you must not include the 64 // random suffix. If you do include the random suffix added by Secrets Manager, you 65 // receive either a ResourceNotFoundException or an AccessDeniedException error, 66 // depending on your permissions. 67 // 68 // This member is required. 69 SecretId *string 70 71 // Specifies the unique identifier of the version of the secret that you want to 72 // retrieve. If you specify both this parameter and VersionStage, the two 73 // parameters must refer to the same secret version. If you don't specify either a 74 // VersionStage or VersionId then the default is to perform the operation on the 75 // version with the VersionStage value of AWSCURRENT. This value is typically a 76 // UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value with 77 // 32 hexadecimal digits. 78 VersionId *string 79 80 // Specifies the secret version that you want to retrieve by the staging label 81 // attached to the version. Staging labels are used to keep track of different 82 // versions during the rotation process. If you specify both this parameter and 83 // VersionId, the two parameters must refer to the same secret version . If you 84 // don't specify either a VersionStage or VersionId, then the default is to perform 85 // the operation on the version with the VersionStage value of AWSCURRENT. 86 VersionStage *string 87 88 noSmithyDocumentSerde 89} 90 91type GetSecretValueOutput struct { 92 93 // The ARN of the secret. 94 ARN *string 95 96 // The date and time that this version of the secret was created. 97 CreatedDate *time.Time 98 99 // The friendly name of the secret. 100 Name *string 101 102 // The decrypted part of the protected secret information that was originally 103 // provided as binary data in the form of a byte array. The response parameter 104 // represents the binary data as a base64-encoded 105 // (https://tools.ietf.org/html/rfc4648#section-4) string. This parameter is not 106 // used if the secret is created by the Secrets Manager console. If you store 107 // custom information in this field of the secret, then you must code your Lambda 108 // rotation function to parse and interpret whatever you store in the SecretString 109 // or SecretBinary fields. 110 SecretBinary []byte 111 112 // The decrypted part of the protected secret information that was originally 113 // provided as a string. If you create this secret by using the Secrets Manager 114 // console then only the SecretString parameter contains data. Secrets Manager 115 // stores the information as a JSON structure of key/value pairs that the Lambda 116 // rotation function knows how to parse. If you store custom information in the 117 // secret by using the CreateSecret, UpdateSecret, or PutSecretValue API operations 118 // instead of the Secrets Manager console, or by using the Other secret type in the 119 // console, then you must code your Lambda rotation function to parse and interpret 120 // those values. 121 SecretString *string 122 123 // The unique identifier of this version of the secret. 124 VersionId *string 125 126 // A list of all of the staging labels currently attached to this version of the 127 // secret. 128 VersionStages []string 129 130 // Metadata pertaining to the operation's result. 131 ResultMetadata middleware.Metadata 132 133 noSmithyDocumentSerde 134} 135 136func (c *Client) addOperationGetSecretValueMiddlewares(stack *middleware.Stack, options Options) (err error) { 137 err = stack.Serialize.Add(&awsAwsjson11_serializeOpGetSecretValue{}, middleware.After) 138 if err != nil { 139 return err 140 } 141 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpGetSecretValue{}, middleware.After) 142 if err != nil { 143 return err 144 } 145 if err = addSetLoggerMiddleware(stack, options); err != nil { 146 return err 147 } 148 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 149 return err 150 } 151 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 152 return err 153 } 154 if err = addResolveEndpointMiddleware(stack, options); err != nil { 155 return err 156 } 157 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 158 return err 159 } 160 if err = addRetryMiddlewares(stack, options); err != nil { 161 return err 162 } 163 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 164 return err 165 } 166 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 167 return err 168 } 169 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 170 return err 171 } 172 if err = addClientUserAgent(stack); err != nil { 173 return err 174 } 175 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 176 return err 177 } 178 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 179 return err 180 } 181 if err = addOpGetSecretValueValidationMiddleware(stack); err != nil { 182 return err 183 } 184 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSecretValue(options.Region), middleware.Before); err != nil { 185 return err 186 } 187 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 188 return err 189 } 190 if err = addResponseErrorMiddleware(stack); err != nil { 191 return err 192 } 193 if err = addRequestResponseLogging(stack, options); err != nil { 194 return err 195 } 196 return nil 197} 198 199func newServiceMetadataMiddleware_opGetSecretValue(region string) *awsmiddleware.RegisterServiceMetadata { 200 return &awsmiddleware.RegisterServiceMetadata{ 201 Region: region, 202 ServiceID: ServiceID, 203 SigningName: "secretsmanager", 204 OperationName: "GetSecretValue", 205 } 206} 207