1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package secretsmanager 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opCancelRotateSecret = "CancelRotateSecret" 17 18// CancelRotateSecretRequest generates a "aws/request.Request" representing the 19// client's request for the CancelRotateSecret operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See CancelRotateSecret for more information on using the CancelRotateSecret 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the CancelRotateSecretRequest method. 34// req, resp := client.CancelRotateSecretRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret 42func (c *SecretsManager) CancelRotateSecretRequest(input *CancelRotateSecretInput) (req *request.Request, output *CancelRotateSecretOutput) { 43 op := &request.Operation{ 44 Name: opCancelRotateSecret, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &CancelRotateSecretInput{} 51 } 52 53 output = &CancelRotateSecretOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// CancelRotateSecret API operation for AWS Secrets Manager. 59// 60// Disables automatic scheduled rotation and cancels the rotation of a secret 61// if currently in progress. 62// 63// To re-enable scheduled rotation, call RotateSecret with AutomaticallyRotateAfterDays 64// set to a value greater than 0. This immediately rotates your secret and then 65// enables the automatic schedule. 66// 67// If you cancel a rotation while in progress, it can leave the VersionStage 68// labels in an unexpected state. Depending on the step of the rotation in progress, 69// you might need to remove the staging label AWSPENDING from the partially 70// created version, specified by the VersionId response value. You should also 71// evaluate the partially rotated new version to see if it should be deleted, 72// which you can do by removing all staging labels from the new version VersionStage 73// field. 74// 75// To successfully start a rotation, the staging label AWSPENDING must be in 76// one of the following states: 77// 78// * Not attached to any version at all 79// 80// * Attached to the same version as the staging label AWSCURRENT 81// 82// If the staging label AWSPENDING attached to a different version than the 83// version with AWSCURRENT then the attempt to rotate fails. 84// 85// Minimum permissions 86// 87// To run this command, you must have the following permissions: 88// 89// * secretsmanager:CancelRotateSecret 90// 91// Related operations 92// 93// * To configure rotation for a secret or to manually trigger a rotation, 94// use RotateSecret. 95// 96// * To get the rotation configuration details for a secret, use DescribeSecret. 97// 98// * To list all of the currently available secrets, use ListSecrets. 99// 100// * To list all of the versions currently associated with a secret, use 101// ListSecretVersionIds. 102// 103// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 104// with awserr.Error's Code and Message methods to get detailed information about 105// the error. 106// 107// See the AWS API reference guide for AWS Secrets Manager's 108// API operation CancelRotateSecret for usage and error information. 109// 110// Returned Error Types: 111// * ResourceNotFoundException 112// We can't find the resource that you asked for. 113// 114// * InvalidParameterException 115// You provided an invalid value for a parameter. 116// 117// * InternalServiceError 118// An error occurred on the server side. 119// 120// * InvalidRequestException 121// You provided a parameter value that is not valid for the current state of 122// the resource. 123// 124// Possible causes: 125// 126// * You tried to perform the operation on a secret that's currently marked 127// deleted. 128// 129// * You tried to enable rotation on a secret that doesn't already have a 130// Lambda function ARN configured and you didn't include such an ARN as a 131// parameter in this call. 132// 133// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret 134func (c *SecretsManager) CancelRotateSecret(input *CancelRotateSecretInput) (*CancelRotateSecretOutput, error) { 135 req, out := c.CancelRotateSecretRequest(input) 136 return out, req.Send() 137} 138 139// CancelRotateSecretWithContext is the same as CancelRotateSecret with the addition of 140// the ability to pass a context and additional request options. 141// 142// See CancelRotateSecret for details on how to use this API operation. 143// 144// The context must be non-nil and will be used for request cancellation. If 145// the context is nil a panic will occur. In the future the SDK may create 146// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 147// for more information on using Contexts. 148func (c *SecretsManager) CancelRotateSecretWithContext(ctx aws.Context, input *CancelRotateSecretInput, opts ...request.Option) (*CancelRotateSecretOutput, error) { 149 req, out := c.CancelRotateSecretRequest(input) 150 req.SetContext(ctx) 151 req.ApplyOptions(opts...) 152 return out, req.Send() 153} 154 155const opCreateSecret = "CreateSecret" 156 157// CreateSecretRequest generates a "aws/request.Request" representing the 158// client's request for the CreateSecret operation. The "output" return 159// value will be populated with the request's response once the request completes 160// successfully. 161// 162// Use "Send" method on the returned Request to send the API call to the service. 163// the "output" return value is not valid until after Send returns without error. 164// 165// See CreateSecret for more information on using the CreateSecret 166// API call, and error handling. 167// 168// This method is useful when you want to inject custom logic or configuration 169// into the SDK's request lifecycle. Such as custom headers, or retry logic. 170// 171// 172// // Example sending a request using the CreateSecretRequest method. 173// req, resp := client.CreateSecretRequest(params) 174// 175// err := req.Send() 176// if err == nil { // resp is now filled 177// fmt.Println(resp) 178// } 179// 180// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret 181func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *request.Request, output *CreateSecretOutput) { 182 op := &request.Operation{ 183 Name: opCreateSecret, 184 HTTPMethod: "POST", 185 HTTPPath: "/", 186 } 187 188 if input == nil { 189 input = &CreateSecretInput{} 190 } 191 192 output = &CreateSecretOutput{} 193 req = c.newRequest(op, input, output) 194 return 195} 196 197// CreateSecret API operation for AWS Secrets Manager. 198// 199// Creates a new secret. A secret in Secrets Manager consists of both the protected 200// secret data and the important information needed to manage the secret. 201// 202// Secrets Manager stores the encrypted secret data in one of a collection of 203// "versions" associated with the secret. Each version contains a copy of the 204// encrypted secret data. Each version is associated with one or more "staging 205// labels" that identify where the version is in the rotation cycle. The SecretVersionsToStages 206// field of the secret contains the mapping of staging labels to the active 207// versions of the secret. Versions without a staging label are considered deprecated 208// and not included in the list. 209// 210// You provide the secret data to be encrypted by putting text in either the 211// SecretString parameter or binary data in the SecretBinary parameter, but 212// not both. If you include SecretString or SecretBinary then Secrets Manager 213// also creates an initial secret version and automatically attaches the staging 214// label AWSCURRENT to the new version. 215// 216// * If you call an operation to encrypt or decrypt the SecretString or SecretBinary 217// for a secret in the same account as the calling user and that secret doesn't 218// specify a Amazon Web Services KMS encryption key, Secrets Manager uses 219// the account's default Amazon Web Services managed customer master key 220// (CMK) with the alias aws/secretsmanager. If this key doesn't already exist 221// in your account then Secrets Manager creates it for you automatically. 222// All users and roles in the same Amazon Web Services account automatically 223// have access to use the default CMK. Note that if an Secrets Manager API 224// call results in Amazon Web Services creating the account's Amazon Web 225// Services-managed CMK, it can result in a one-time significant delay in 226// returning the result. 227// 228// * If the secret resides in a different Amazon Web Services account from 229// the credentials calling an API that requires encryption or decryption 230// of the secret value then you must create and use a custom Amazon Web Services 231// KMS CMK because you can't access the default CMK for the account using 232// credentials from a different Amazon Web Services account. Store the ARN 233// of the CMK in the secret when you create the secret or when you update 234// it by including it in the KMSKeyId. If you call an API that must encrypt 235// or decrypt SecretString or SecretBinary using credentials from a different 236// account then the Amazon Web Services KMS key policy must grant cross-account 237// access to that other account's user or role for both the kms:GenerateDataKey 238// and kms:Decrypt operations. 239// 240// Minimum permissions 241// 242// To run this command, you must have the following permissions: 243// 244// * secretsmanager:CreateSecret 245// 246// * kms:GenerateDataKey - needed only if you use a customer-managed Amazon 247// Web Services KMS key to encrypt the secret. You do not need this permission 248// to use the account default Amazon Web Services managed CMK for Secrets 249// Manager. 250// 251// * kms:Decrypt - needed only if you use a customer-managed Amazon Web Services 252// KMS key to encrypt the secret. You do not need this permission to use 253// the account default Amazon Web Services managed CMK for Secrets Manager. 254// 255// * secretsmanager:TagResource - needed only if you include the Tags parameter. 256// 257// Related operations 258// 259// * To delete a secret, use DeleteSecret. 260// 261// * To modify an existing secret, use UpdateSecret. 262// 263// * To create a new version of a secret, use PutSecretValue. 264// 265// * To retrieve the encrypted secure string and secure binary values, use 266// GetSecretValue. 267// 268// * To retrieve all other details for a secret, use DescribeSecret. This 269// does not include the encrypted secure string and secure binary values. 270// 271// * To retrieve the list of secret versions associated with the current 272// secret, use DescribeSecret and examine the SecretVersionsToStages response 273// value. 274// 275// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 276// with awserr.Error's Code and Message methods to get detailed information about 277// the error. 278// 279// See the AWS API reference guide for AWS Secrets Manager's 280// API operation CreateSecret for usage and error information. 281// 282// Returned Error Types: 283// * InvalidParameterException 284// You provided an invalid value for a parameter. 285// 286// * InvalidRequestException 287// You provided a parameter value that is not valid for the current state of 288// the resource. 289// 290// Possible causes: 291// 292// * You tried to perform the operation on a secret that's currently marked 293// deleted. 294// 295// * You tried to enable rotation on a secret that doesn't already have a 296// Lambda function ARN configured and you didn't include such an ARN as a 297// parameter in this call. 298// 299// * LimitExceededException 300// The request failed because it would exceed one of the Secrets Manager internal 301// limits. 302// 303// * EncryptionFailure 304// Secrets Manager can't encrypt the protected secret text using the provided 305// KMS key. Check that the customer master key (CMK) is available, enabled, 306// and not in an invalid state. For more information, see How Key State Affects 307// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 308// 309// * ResourceExistsException 310// A resource with the ID you requested already exists. 311// 312// * ResourceNotFoundException 313// We can't find the resource that you asked for. 314// 315// * MalformedPolicyDocumentException 316// You provided a resource-based policy with syntax errors. 317// 318// * InternalServiceError 319// An error occurred on the server side. 320// 321// * PreconditionNotMetException 322// The request failed because you did not complete all the prerequisite steps. 323// 324// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret 325func (c *SecretsManager) CreateSecret(input *CreateSecretInput) (*CreateSecretOutput, error) { 326 req, out := c.CreateSecretRequest(input) 327 return out, req.Send() 328} 329 330// CreateSecretWithContext is the same as CreateSecret with the addition of 331// the ability to pass a context and additional request options. 332// 333// See CreateSecret for details on how to use this API operation. 334// 335// The context must be non-nil and will be used for request cancellation. If 336// the context is nil a panic will occur. In the future the SDK may create 337// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 338// for more information on using Contexts. 339func (c *SecretsManager) CreateSecretWithContext(ctx aws.Context, input *CreateSecretInput, opts ...request.Option) (*CreateSecretOutput, error) { 340 req, out := c.CreateSecretRequest(input) 341 req.SetContext(ctx) 342 req.ApplyOptions(opts...) 343 return out, req.Send() 344} 345 346const opDeleteResourcePolicy = "DeleteResourcePolicy" 347 348// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the 349// client's request for the DeleteResourcePolicy operation. The "output" return 350// value will be populated with the request's response once the request completes 351// successfully. 352// 353// Use "Send" method on the returned Request to send the API call to the service. 354// the "output" return value is not valid until after Send returns without error. 355// 356// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy 357// API call, and error handling. 358// 359// This method is useful when you want to inject custom logic or configuration 360// into the SDK's request lifecycle. Such as custom headers, or retry logic. 361// 362// 363// // Example sending a request using the DeleteResourcePolicyRequest method. 364// req, resp := client.DeleteResourcePolicyRequest(params) 365// 366// err := req.Send() 367// if err == nil { // resp is now filled 368// fmt.Println(resp) 369// } 370// 371// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy 372func (c *SecretsManager) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) { 373 op := &request.Operation{ 374 Name: opDeleteResourcePolicy, 375 HTTPMethod: "POST", 376 HTTPPath: "/", 377 } 378 379 if input == nil { 380 input = &DeleteResourcePolicyInput{} 381 } 382 383 output = &DeleteResourcePolicyOutput{} 384 req = c.newRequest(op, input, output) 385 return 386} 387 388// DeleteResourcePolicy API operation for AWS Secrets Manager. 389// 390// Deletes the resource-based permission policy attached to the secret. 391// 392// Minimum permissions 393// 394// To run this command, you must have the following permissions: 395// 396// * secretsmanager:DeleteResourcePolicy 397// 398// Related operations 399// 400// * To attach a resource policy to a secret, use PutResourcePolicy. 401// 402// * To retrieve the current resource-based policy attached to a secret, 403// use GetResourcePolicy. 404// 405// * To list all of the currently available secrets, use ListSecrets. 406// 407// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 408// with awserr.Error's Code and Message methods to get detailed information about 409// the error. 410// 411// See the AWS API reference guide for AWS Secrets Manager's 412// API operation DeleteResourcePolicy for usage and error information. 413// 414// Returned Error Types: 415// * ResourceNotFoundException 416// We can't find the resource that you asked for. 417// 418// * InternalServiceError 419// An error occurred on the server side. 420// 421// * InvalidRequestException 422// You provided a parameter value that is not valid for the current state of 423// the resource. 424// 425// Possible causes: 426// 427// * You tried to perform the operation on a secret that's currently marked 428// deleted. 429// 430// * You tried to enable rotation on a secret that doesn't already have a 431// Lambda function ARN configured and you didn't include such an ARN as a 432// parameter in this call. 433// 434// * InvalidParameterException 435// You provided an invalid value for a parameter. 436// 437// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy 438func (c *SecretsManager) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) { 439 req, out := c.DeleteResourcePolicyRequest(input) 440 return out, req.Send() 441} 442 443// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of 444// the ability to pass a context and additional request options. 445// 446// See DeleteResourcePolicy for details on how to use this API operation. 447// 448// The context must be non-nil and will be used for request cancellation. If 449// the context is nil a panic will occur. In the future the SDK may create 450// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 451// for more information on using Contexts. 452func (c *SecretsManager) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) { 453 req, out := c.DeleteResourcePolicyRequest(input) 454 req.SetContext(ctx) 455 req.ApplyOptions(opts...) 456 return out, req.Send() 457} 458 459const opDeleteSecret = "DeleteSecret" 460 461// DeleteSecretRequest generates a "aws/request.Request" representing the 462// client's request for the DeleteSecret operation. The "output" return 463// value will be populated with the request's response once the request completes 464// successfully. 465// 466// Use "Send" method on the returned Request to send the API call to the service. 467// the "output" return value is not valid until after Send returns without error. 468// 469// See DeleteSecret for more information on using the DeleteSecret 470// API call, and error handling. 471// 472// This method is useful when you want to inject custom logic or configuration 473// into the SDK's request lifecycle. Such as custom headers, or retry logic. 474// 475// 476// // Example sending a request using the DeleteSecretRequest method. 477// req, resp := client.DeleteSecretRequest(params) 478// 479// err := req.Send() 480// if err == nil { // resp is now filled 481// fmt.Println(resp) 482// } 483// 484// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret 485func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *request.Request, output *DeleteSecretOutput) { 486 op := &request.Operation{ 487 Name: opDeleteSecret, 488 HTTPMethod: "POST", 489 HTTPPath: "/", 490 } 491 492 if input == nil { 493 input = &DeleteSecretInput{} 494 } 495 496 output = &DeleteSecretOutput{} 497 req = c.newRequest(op, input, output) 498 return 499} 500 501// DeleteSecret API operation for AWS Secrets Manager. 502// 503// Deletes an entire secret and all of the versions. You can optionally include 504// a recovery window during which you can restore the secret. If you don't specify 505// a recovery window value, the operation defaults to 30 days. Secrets Manager 506// attaches a DeletionDate stamp to the secret that specifies the end of the 507// recovery window. At the end of the recovery window, Secrets Manager deletes 508// the secret permanently. 509// 510// At any time before recovery window ends, you can use RestoreSecret to remove 511// the DeletionDate and cancel the deletion of the secret. 512// 513// You cannot access the encrypted secret information in any secret scheduled 514// for deletion. If you need to access that information, you must cancel the 515// deletion with RestoreSecret and then retrieve the information. 516// 517// * There is no explicit operation to delete a version of a secret. Instead, 518// remove all staging labels from the VersionStage field of a version. That 519// marks the version as deprecated and allows Secrets Manager to delete it 520// as needed. Versions without any staging labels do not show up in ListSecretVersionIds 521// unless you specify IncludeDeprecated. 522// 523// * The permanent secret deletion at the end of the waiting period is performed 524// as a background task with low priority. There is no guarantee of a specific 525// time after the recovery window for the actual delete operation to occur. 526// 527// Minimum permissions 528// 529// To run this command, you must have the following permissions: 530// 531// * secretsmanager:DeleteSecret 532// 533// Related operations 534// 535// * To create a secret, use CreateSecret. 536// 537// * To cancel deletion of a version of a secret before the recovery window 538// has expired, use RestoreSecret. 539// 540// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 541// with awserr.Error's Code and Message methods to get detailed information about 542// the error. 543// 544// See the AWS API reference guide for AWS Secrets Manager's 545// API operation DeleteSecret for usage and error information. 546// 547// Returned Error Types: 548// * ResourceNotFoundException 549// We can't find the resource that you asked for. 550// 551// * InvalidParameterException 552// You provided an invalid value for a parameter. 553// 554// * InvalidRequestException 555// You provided a parameter value that is not valid for the current state of 556// the resource. 557// 558// Possible causes: 559// 560// * You tried to perform the operation on a secret that's currently marked 561// deleted. 562// 563// * You tried to enable rotation on a secret that doesn't already have a 564// Lambda function ARN configured and you didn't include such an ARN as a 565// parameter in this call. 566// 567// * InternalServiceError 568// An error occurred on the server side. 569// 570// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret 571func (c *SecretsManager) DeleteSecret(input *DeleteSecretInput) (*DeleteSecretOutput, error) { 572 req, out := c.DeleteSecretRequest(input) 573 return out, req.Send() 574} 575 576// DeleteSecretWithContext is the same as DeleteSecret with the addition of 577// the ability to pass a context and additional request options. 578// 579// See DeleteSecret for details on how to use this API operation. 580// 581// The context must be non-nil and will be used for request cancellation. If 582// the context is nil a panic will occur. In the future the SDK may create 583// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 584// for more information on using Contexts. 585func (c *SecretsManager) DeleteSecretWithContext(ctx aws.Context, input *DeleteSecretInput, opts ...request.Option) (*DeleteSecretOutput, error) { 586 req, out := c.DeleteSecretRequest(input) 587 req.SetContext(ctx) 588 req.ApplyOptions(opts...) 589 return out, req.Send() 590} 591 592const opDescribeSecret = "DescribeSecret" 593 594// DescribeSecretRequest generates a "aws/request.Request" representing the 595// client's request for the DescribeSecret operation. The "output" return 596// value will be populated with the request's response once the request completes 597// successfully. 598// 599// Use "Send" method on the returned Request to send the API call to the service. 600// the "output" return value is not valid until after Send returns without error. 601// 602// See DescribeSecret for more information on using the DescribeSecret 603// API call, and error handling. 604// 605// This method is useful when you want to inject custom logic or configuration 606// into the SDK's request lifecycle. Such as custom headers, or retry logic. 607// 608// 609// // Example sending a request using the DescribeSecretRequest method. 610// req, resp := client.DescribeSecretRequest(params) 611// 612// err := req.Send() 613// if err == nil { // resp is now filled 614// fmt.Println(resp) 615// } 616// 617// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret 618func (c *SecretsManager) DescribeSecretRequest(input *DescribeSecretInput) (req *request.Request, output *DescribeSecretOutput) { 619 op := &request.Operation{ 620 Name: opDescribeSecret, 621 HTTPMethod: "POST", 622 HTTPPath: "/", 623 } 624 625 if input == nil { 626 input = &DescribeSecretInput{} 627 } 628 629 output = &DescribeSecretOutput{} 630 req = c.newRequest(op, input, output) 631 return 632} 633 634// DescribeSecret API operation for AWS Secrets Manager. 635// 636// Retrieves the details of a secret. It does not include the encrypted fields. 637// Secrets Manager only returns fields populated with a value in the response. 638// 639// Minimum permissions 640// 641// To run this command, you must have the following permissions: 642// 643// * secretsmanager:DescribeSecret 644// 645// Related operations 646// 647// * To create a secret, use CreateSecret. 648// 649// * To modify a secret, use UpdateSecret. 650// 651// * To retrieve the encrypted secret information in a version of the secret, 652// use GetSecretValue. 653// 654// * To list all of the secrets in the Amazon Web Services account, use ListSecrets. 655// 656// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 657// with awserr.Error's Code and Message methods to get detailed information about 658// the error. 659// 660// See the AWS API reference guide for AWS Secrets Manager's 661// API operation DescribeSecret for usage and error information. 662// 663// Returned Error Types: 664// * ResourceNotFoundException 665// We can't find the resource that you asked for. 666// 667// * InternalServiceError 668// An error occurred on the server side. 669// 670// * InvalidParameterException 671// You provided an invalid value for a parameter. 672// 673// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret 674func (c *SecretsManager) DescribeSecret(input *DescribeSecretInput) (*DescribeSecretOutput, error) { 675 req, out := c.DescribeSecretRequest(input) 676 return out, req.Send() 677} 678 679// DescribeSecretWithContext is the same as DescribeSecret with the addition of 680// the ability to pass a context and additional request options. 681// 682// See DescribeSecret for details on how to use this API operation. 683// 684// The context must be non-nil and will be used for request cancellation. If 685// the context is nil a panic will occur. In the future the SDK may create 686// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 687// for more information on using Contexts. 688func (c *SecretsManager) DescribeSecretWithContext(ctx aws.Context, input *DescribeSecretInput, opts ...request.Option) (*DescribeSecretOutput, error) { 689 req, out := c.DescribeSecretRequest(input) 690 req.SetContext(ctx) 691 req.ApplyOptions(opts...) 692 return out, req.Send() 693} 694 695const opGetRandomPassword = "GetRandomPassword" 696 697// GetRandomPasswordRequest generates a "aws/request.Request" representing the 698// client's request for the GetRandomPassword operation. The "output" return 699// value will be populated with the request's response once the request completes 700// successfully. 701// 702// Use "Send" method on the returned Request to send the API call to the service. 703// the "output" return value is not valid until after Send returns without error. 704// 705// See GetRandomPassword for more information on using the GetRandomPassword 706// API call, and error handling. 707// 708// This method is useful when you want to inject custom logic or configuration 709// into the SDK's request lifecycle. Such as custom headers, or retry logic. 710// 711// 712// // Example sending a request using the GetRandomPasswordRequest method. 713// req, resp := client.GetRandomPasswordRequest(params) 714// 715// err := req.Send() 716// if err == nil { // resp is now filled 717// fmt.Println(resp) 718// } 719// 720// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword 721func (c *SecretsManager) GetRandomPasswordRequest(input *GetRandomPasswordInput) (req *request.Request, output *GetRandomPasswordOutput) { 722 op := &request.Operation{ 723 Name: opGetRandomPassword, 724 HTTPMethod: "POST", 725 HTTPPath: "/", 726 } 727 728 if input == nil { 729 input = &GetRandomPasswordInput{} 730 } 731 732 output = &GetRandomPasswordOutput{} 733 req = c.newRequest(op, input, output) 734 return 735} 736 737// GetRandomPassword API operation for AWS Secrets Manager. 738// 739// Generates a random password of the specified complexity. This operation is 740// intended for use in the Lambda rotation function. Per best practice, we recommend 741// that you specify the maximum length and include every character type that 742// the system you are generating a password for can support. 743// 744// Minimum permissions 745// 746// To run this command, you must have the following permissions: 747// 748// * secretsmanager:GetRandomPassword 749// 750// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 751// with awserr.Error's Code and Message methods to get detailed information about 752// the error. 753// 754// See the AWS API reference guide for AWS Secrets Manager's 755// API operation GetRandomPassword for usage and error information. 756// 757// Returned Error Types: 758// * InvalidParameterException 759// You provided an invalid value for a parameter. 760// 761// * InvalidRequestException 762// You provided a parameter value that is not valid for the current state of 763// the resource. 764// 765// Possible causes: 766// 767// * You tried to perform the operation on a secret that's currently marked 768// deleted. 769// 770// * You tried to enable rotation on a secret that doesn't already have a 771// Lambda function ARN configured and you didn't include such an ARN as a 772// parameter in this call. 773// 774// * InternalServiceError 775// An error occurred on the server side. 776// 777// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword 778func (c *SecretsManager) GetRandomPassword(input *GetRandomPasswordInput) (*GetRandomPasswordOutput, error) { 779 req, out := c.GetRandomPasswordRequest(input) 780 return out, req.Send() 781} 782 783// GetRandomPasswordWithContext is the same as GetRandomPassword with the addition of 784// the ability to pass a context and additional request options. 785// 786// See GetRandomPassword for details on how to use this API operation. 787// 788// The context must be non-nil and will be used for request cancellation. If 789// the context is nil a panic will occur. In the future the SDK may create 790// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 791// for more information on using Contexts. 792func (c *SecretsManager) GetRandomPasswordWithContext(ctx aws.Context, input *GetRandomPasswordInput, opts ...request.Option) (*GetRandomPasswordOutput, error) { 793 req, out := c.GetRandomPasswordRequest(input) 794 req.SetContext(ctx) 795 req.ApplyOptions(opts...) 796 return out, req.Send() 797} 798 799const opGetResourcePolicy = "GetResourcePolicy" 800 801// GetResourcePolicyRequest generates a "aws/request.Request" representing the 802// client's request for the GetResourcePolicy operation. The "output" return 803// value will be populated with the request's response once the request completes 804// successfully. 805// 806// Use "Send" method on the returned Request to send the API call to the service. 807// the "output" return value is not valid until after Send returns without error. 808// 809// See GetResourcePolicy for more information on using the GetResourcePolicy 810// API call, and error handling. 811// 812// This method is useful when you want to inject custom logic or configuration 813// into the SDK's request lifecycle. Such as custom headers, or retry logic. 814// 815// 816// // Example sending a request using the GetResourcePolicyRequest method. 817// req, resp := client.GetResourcePolicyRequest(params) 818// 819// err := req.Send() 820// if err == nil { // resp is now filled 821// fmt.Println(resp) 822// } 823// 824// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy 825func (c *SecretsManager) GetResourcePolicyRequest(input *GetResourcePolicyInput) (req *request.Request, output *GetResourcePolicyOutput) { 826 op := &request.Operation{ 827 Name: opGetResourcePolicy, 828 HTTPMethod: "POST", 829 HTTPPath: "/", 830 } 831 832 if input == nil { 833 input = &GetResourcePolicyInput{} 834 } 835 836 output = &GetResourcePolicyOutput{} 837 req = c.newRequest(op, input, output) 838 return 839} 840 841// GetResourcePolicy API operation for AWS Secrets Manager. 842// 843// Retrieves the JSON text of the resource-based policy document attached to 844// the specified secret. The JSON request string input and response output displays 845// formatted code with white space and line breaks for better readability. Submit 846// your input as a single line JSON string. 847// 848// Minimum permissions 849// 850// To run this command, you must have the following permissions: 851// 852// * secretsmanager:GetResourcePolicy 853// 854// Related operations 855// 856// * To attach a resource policy to a secret, use PutResourcePolicy. 857// 858// * To delete the resource-based policy attached to a secret, use DeleteResourcePolicy. 859// 860// * To list all of the currently available secrets, use ListSecrets. 861// 862// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 863// with awserr.Error's Code and Message methods to get detailed information about 864// the error. 865// 866// See the AWS API reference guide for AWS Secrets Manager's 867// API operation GetResourcePolicy for usage and error information. 868// 869// Returned Error Types: 870// * ResourceNotFoundException 871// We can't find the resource that you asked for. 872// 873// * InternalServiceError 874// An error occurred on the server side. 875// 876// * InvalidRequestException 877// You provided a parameter value that is not valid for the current state of 878// the resource. 879// 880// Possible causes: 881// 882// * You tried to perform the operation on a secret that's currently marked 883// deleted. 884// 885// * You tried to enable rotation on a secret that doesn't already have a 886// Lambda function ARN configured and you didn't include such an ARN as a 887// parameter in this call. 888// 889// * InvalidParameterException 890// You provided an invalid value for a parameter. 891// 892// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy 893func (c *SecretsManager) GetResourcePolicy(input *GetResourcePolicyInput) (*GetResourcePolicyOutput, error) { 894 req, out := c.GetResourcePolicyRequest(input) 895 return out, req.Send() 896} 897 898// GetResourcePolicyWithContext is the same as GetResourcePolicy with the addition of 899// the ability to pass a context and additional request options. 900// 901// See GetResourcePolicy for details on how to use this API operation. 902// 903// The context must be non-nil and will be used for request cancellation. If 904// the context is nil a panic will occur. In the future the SDK may create 905// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 906// for more information on using Contexts. 907func (c *SecretsManager) GetResourcePolicyWithContext(ctx aws.Context, input *GetResourcePolicyInput, opts ...request.Option) (*GetResourcePolicyOutput, error) { 908 req, out := c.GetResourcePolicyRequest(input) 909 req.SetContext(ctx) 910 req.ApplyOptions(opts...) 911 return out, req.Send() 912} 913 914const opGetSecretValue = "GetSecretValue" 915 916// GetSecretValueRequest generates a "aws/request.Request" representing the 917// client's request for the GetSecretValue operation. The "output" return 918// value will be populated with the request's response once the request completes 919// successfully. 920// 921// Use "Send" method on the returned Request to send the API call to the service. 922// the "output" return value is not valid until after Send returns without error. 923// 924// See GetSecretValue for more information on using the GetSecretValue 925// API call, and error handling. 926// 927// This method is useful when you want to inject custom logic or configuration 928// into the SDK's request lifecycle. Such as custom headers, or retry logic. 929// 930// 931// // Example sending a request using the GetSecretValueRequest method. 932// req, resp := client.GetSecretValueRequest(params) 933// 934// err := req.Send() 935// if err == nil { // resp is now filled 936// fmt.Println(resp) 937// } 938// 939// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue 940func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req *request.Request, output *GetSecretValueOutput) { 941 op := &request.Operation{ 942 Name: opGetSecretValue, 943 HTTPMethod: "POST", 944 HTTPPath: "/", 945 } 946 947 if input == nil { 948 input = &GetSecretValueInput{} 949 } 950 951 output = &GetSecretValueOutput{} 952 req = c.newRequest(op, input, output) 953 return 954} 955 956// GetSecretValue API operation for AWS Secrets Manager. 957// 958// Retrieves the contents of the encrypted fields SecretString or SecretBinary 959// from the specified version of a secret, whichever contains content. 960// 961// Minimum permissions 962// 963// To run this command, you must have the following permissions: 964// 965// * secretsmanager:GetSecretValue 966// 967// * kms:Decrypt - required only if you use a customer-managed Amazon Web 968// Services KMS key to encrypt the secret. You do not need this permission 969// to use the account's default Amazon Web Services managed CMK for Secrets 970// Manager. 971// 972// Related operations 973// 974// * To create a new version of the secret with different encrypted information, 975// use PutSecretValue. 976// 977// * To retrieve the non-encrypted details for the secret, use DescribeSecret. 978// 979// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 980// with awserr.Error's Code and Message methods to get detailed information about 981// the error. 982// 983// See the AWS API reference guide for AWS Secrets Manager's 984// API operation GetSecretValue for usage and error information. 985// 986// Returned Error Types: 987// * ResourceNotFoundException 988// We can't find the resource that you asked for. 989// 990// * InvalidParameterException 991// You provided an invalid value for a parameter. 992// 993// * InvalidRequestException 994// You provided a parameter value that is not valid for the current state of 995// the resource. 996// 997// Possible causes: 998// 999// * You tried to perform the operation on a secret that's currently marked 1000// deleted. 1001// 1002// * You tried to enable rotation on a secret that doesn't already have a 1003// Lambda function ARN configured and you didn't include such an ARN as a 1004// parameter in this call. 1005// 1006// * DecryptionFailure 1007// Secrets Manager can't decrypt the protected secret text using the provided 1008// KMS key. 1009// 1010// * InternalServiceError 1011// An error occurred on the server side. 1012// 1013// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue 1014func (c *SecretsManager) GetSecretValue(input *GetSecretValueInput) (*GetSecretValueOutput, error) { 1015 req, out := c.GetSecretValueRequest(input) 1016 return out, req.Send() 1017} 1018 1019// GetSecretValueWithContext is the same as GetSecretValue with the addition of 1020// the ability to pass a context and additional request options. 1021// 1022// See GetSecretValue for details on how to use this API operation. 1023// 1024// The context must be non-nil and will be used for request cancellation. If 1025// the context is nil a panic will occur. In the future the SDK may create 1026// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1027// for more information on using Contexts. 1028func (c *SecretsManager) GetSecretValueWithContext(ctx aws.Context, input *GetSecretValueInput, opts ...request.Option) (*GetSecretValueOutput, error) { 1029 req, out := c.GetSecretValueRequest(input) 1030 req.SetContext(ctx) 1031 req.ApplyOptions(opts...) 1032 return out, req.Send() 1033} 1034 1035const opListSecretVersionIds = "ListSecretVersionIds" 1036 1037// ListSecretVersionIdsRequest generates a "aws/request.Request" representing the 1038// client's request for the ListSecretVersionIds operation. The "output" return 1039// value will be populated with the request's response once the request completes 1040// successfully. 1041// 1042// Use "Send" method on the returned Request to send the API call to the service. 1043// the "output" return value is not valid until after Send returns without error. 1044// 1045// See ListSecretVersionIds for more information on using the ListSecretVersionIds 1046// API call, and error handling. 1047// 1048// This method is useful when you want to inject custom logic or configuration 1049// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1050// 1051// 1052// // Example sending a request using the ListSecretVersionIdsRequest method. 1053// req, resp := client.ListSecretVersionIdsRequest(params) 1054// 1055// err := req.Send() 1056// if err == nil { // resp is now filled 1057// fmt.Println(resp) 1058// } 1059// 1060// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds 1061func (c *SecretsManager) ListSecretVersionIdsRequest(input *ListSecretVersionIdsInput) (req *request.Request, output *ListSecretVersionIdsOutput) { 1062 op := &request.Operation{ 1063 Name: opListSecretVersionIds, 1064 HTTPMethod: "POST", 1065 HTTPPath: "/", 1066 Paginator: &request.Paginator{ 1067 InputTokens: []string{"NextToken"}, 1068 OutputTokens: []string{"NextToken"}, 1069 LimitToken: "MaxResults", 1070 TruncationToken: "", 1071 }, 1072 } 1073 1074 if input == nil { 1075 input = &ListSecretVersionIdsInput{} 1076 } 1077 1078 output = &ListSecretVersionIdsOutput{} 1079 req = c.newRequest(op, input, output) 1080 return 1081} 1082 1083// ListSecretVersionIds API operation for AWS Secrets Manager. 1084// 1085// Lists all of the versions attached to the specified secret. The output does 1086// not include the SecretString or SecretBinary fields. By default, the list 1087// includes only versions that have at least one staging label in VersionStage 1088// attached. 1089// 1090// Always check the NextToken response parameter when calling any of the List* 1091// operations. These operations can occasionally return an empty or shorter 1092// than expected list of results even when there more results become available. 1093// When this happens, the NextToken response parameter contains a value to pass 1094// to the next call to the same API to request the next part of the list. 1095// 1096// Minimum permissions 1097// 1098// To run this command, you must have the following permissions: 1099// 1100// * secretsmanager:ListSecretVersionIds 1101// 1102// Related operations 1103// 1104// * To list the secrets in an account, use ListSecrets. 1105// 1106// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1107// with awserr.Error's Code and Message methods to get detailed information about 1108// the error. 1109// 1110// See the AWS API reference guide for AWS Secrets Manager's 1111// API operation ListSecretVersionIds for usage and error information. 1112// 1113// Returned Error Types: 1114// * InvalidNextTokenException 1115// You provided an invalid NextToken value. 1116// 1117// * ResourceNotFoundException 1118// We can't find the resource that you asked for. 1119// 1120// * InternalServiceError 1121// An error occurred on the server side. 1122// 1123// * InvalidParameterException 1124// You provided an invalid value for a parameter. 1125// 1126// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds 1127func (c *SecretsManager) ListSecretVersionIds(input *ListSecretVersionIdsInput) (*ListSecretVersionIdsOutput, error) { 1128 req, out := c.ListSecretVersionIdsRequest(input) 1129 return out, req.Send() 1130} 1131 1132// ListSecretVersionIdsWithContext is the same as ListSecretVersionIds with the addition of 1133// the ability to pass a context and additional request options. 1134// 1135// See ListSecretVersionIds for details on how to use this API operation. 1136// 1137// The context must be non-nil and will be used for request cancellation. If 1138// the context is nil a panic will occur. In the future the SDK may create 1139// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1140// for more information on using Contexts. 1141func (c *SecretsManager) ListSecretVersionIdsWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, opts ...request.Option) (*ListSecretVersionIdsOutput, error) { 1142 req, out := c.ListSecretVersionIdsRequest(input) 1143 req.SetContext(ctx) 1144 req.ApplyOptions(opts...) 1145 return out, req.Send() 1146} 1147 1148// ListSecretVersionIdsPages iterates over the pages of a ListSecretVersionIds operation, 1149// calling the "fn" function with the response data for each page. To stop 1150// iterating, return false from the fn function. 1151// 1152// See ListSecretVersionIds method for more information on how to use this operation. 1153// 1154// Note: This operation can generate multiple requests to a service. 1155// 1156// // Example iterating over at most 3 pages of a ListSecretVersionIds operation. 1157// pageNum := 0 1158// err := client.ListSecretVersionIdsPages(params, 1159// func(page *secretsmanager.ListSecretVersionIdsOutput, lastPage bool) bool { 1160// pageNum++ 1161// fmt.Println(page) 1162// return pageNum <= 3 1163// }) 1164// 1165func (c *SecretsManager) ListSecretVersionIdsPages(input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool) error { 1166 return c.ListSecretVersionIdsPagesWithContext(aws.BackgroundContext(), input, fn) 1167} 1168 1169// ListSecretVersionIdsPagesWithContext same as ListSecretVersionIdsPages except 1170// it takes a Context and allows setting request options on the pages. 1171// 1172// The context must be non-nil and will be used for request cancellation. If 1173// the context is nil a panic will occur. In the future the SDK may create 1174// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1175// for more information on using Contexts. 1176func (c *SecretsManager) ListSecretVersionIdsPagesWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool, opts ...request.Option) error { 1177 p := request.Pagination{ 1178 NewRequest: func() (*request.Request, error) { 1179 var inCpy *ListSecretVersionIdsInput 1180 if input != nil { 1181 tmp := *input 1182 inCpy = &tmp 1183 } 1184 req, _ := c.ListSecretVersionIdsRequest(inCpy) 1185 req.SetContext(ctx) 1186 req.ApplyOptions(opts...) 1187 return req, nil 1188 }, 1189 } 1190 1191 for p.Next() { 1192 if !fn(p.Page().(*ListSecretVersionIdsOutput), !p.HasNextPage()) { 1193 break 1194 } 1195 } 1196 1197 return p.Err() 1198} 1199 1200const opListSecrets = "ListSecrets" 1201 1202// ListSecretsRequest generates a "aws/request.Request" representing the 1203// client's request for the ListSecrets operation. The "output" return 1204// value will be populated with the request's response once the request completes 1205// successfully. 1206// 1207// Use "Send" method on the returned Request to send the API call to the service. 1208// the "output" return value is not valid until after Send returns without error. 1209// 1210// See ListSecrets for more information on using the ListSecrets 1211// API call, and error handling. 1212// 1213// This method is useful when you want to inject custom logic or configuration 1214// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1215// 1216// 1217// // Example sending a request using the ListSecretsRequest method. 1218// req, resp := client.ListSecretsRequest(params) 1219// 1220// err := req.Send() 1221// if err == nil { // resp is now filled 1222// fmt.Println(resp) 1223// } 1224// 1225// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets 1226func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) (req *request.Request, output *ListSecretsOutput) { 1227 op := &request.Operation{ 1228 Name: opListSecrets, 1229 HTTPMethod: "POST", 1230 HTTPPath: "/", 1231 Paginator: &request.Paginator{ 1232 InputTokens: []string{"NextToken"}, 1233 OutputTokens: []string{"NextToken"}, 1234 LimitToken: "MaxResults", 1235 TruncationToken: "", 1236 }, 1237 } 1238 1239 if input == nil { 1240 input = &ListSecretsInput{} 1241 } 1242 1243 output = &ListSecretsOutput{} 1244 req = c.newRequest(op, input, output) 1245 return 1246} 1247 1248// ListSecrets API operation for AWS Secrets Manager. 1249// 1250// Lists all of the secrets that are stored by Secrets Manager in the Amazon 1251// Web Services account. To list the versions currently stored for a specific 1252// secret, use ListSecretVersionIds. The encrypted fields SecretString and SecretBinary 1253// are not included in the output. To get that information, call the GetSecretValue 1254// operation. 1255// 1256// Always check the NextToken response parameter when calling any of the List* 1257// operations. These operations can occasionally return an empty or shorter 1258// than expected list of results even when there more results become available. 1259// When this happens, the NextToken response parameter contains a value to pass 1260// to the next call to the same API to request the next part of the list. 1261// 1262// Minimum permissions 1263// 1264// To run this command, you must have the following permissions: 1265// 1266// * secretsmanager:ListSecrets 1267// 1268// Related operations 1269// 1270// * To list the versions attached to a secret, use ListSecretVersionIds. 1271// 1272// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1273// with awserr.Error's Code and Message methods to get detailed information about 1274// the error. 1275// 1276// See the AWS API reference guide for AWS Secrets Manager's 1277// API operation ListSecrets for usage and error information. 1278// 1279// Returned Error Types: 1280// * InvalidParameterException 1281// You provided an invalid value for a parameter. 1282// 1283// * InvalidNextTokenException 1284// You provided an invalid NextToken value. 1285// 1286// * InternalServiceError 1287// An error occurred on the server side. 1288// 1289// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets 1290func (c *SecretsManager) ListSecrets(input *ListSecretsInput) (*ListSecretsOutput, error) { 1291 req, out := c.ListSecretsRequest(input) 1292 return out, req.Send() 1293} 1294 1295// ListSecretsWithContext is the same as ListSecrets with the addition of 1296// the ability to pass a context and additional request options. 1297// 1298// See ListSecrets for details on how to use this API operation. 1299// 1300// The context must be non-nil and will be used for request cancellation. If 1301// the context is nil a panic will occur. In the future the SDK may create 1302// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1303// for more information on using Contexts. 1304func (c *SecretsManager) ListSecretsWithContext(ctx aws.Context, input *ListSecretsInput, opts ...request.Option) (*ListSecretsOutput, error) { 1305 req, out := c.ListSecretsRequest(input) 1306 req.SetContext(ctx) 1307 req.ApplyOptions(opts...) 1308 return out, req.Send() 1309} 1310 1311// ListSecretsPages iterates over the pages of a ListSecrets operation, 1312// calling the "fn" function with the response data for each page. To stop 1313// iterating, return false from the fn function. 1314// 1315// See ListSecrets method for more information on how to use this operation. 1316// 1317// Note: This operation can generate multiple requests to a service. 1318// 1319// // Example iterating over at most 3 pages of a ListSecrets operation. 1320// pageNum := 0 1321// err := client.ListSecretsPages(params, 1322// func(page *secretsmanager.ListSecretsOutput, lastPage bool) bool { 1323// pageNum++ 1324// fmt.Println(page) 1325// return pageNum <= 3 1326// }) 1327// 1328func (c *SecretsManager) ListSecretsPages(input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool) error { 1329 return c.ListSecretsPagesWithContext(aws.BackgroundContext(), input, fn) 1330} 1331 1332// ListSecretsPagesWithContext same as ListSecretsPages except 1333// it takes a Context and allows setting request options on the pages. 1334// 1335// The context must be non-nil and will be used for request cancellation. If 1336// the context is nil a panic will occur. In the future the SDK may create 1337// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1338// for more information on using Contexts. 1339func (c *SecretsManager) ListSecretsPagesWithContext(ctx aws.Context, input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool, opts ...request.Option) error { 1340 p := request.Pagination{ 1341 NewRequest: func() (*request.Request, error) { 1342 var inCpy *ListSecretsInput 1343 if input != nil { 1344 tmp := *input 1345 inCpy = &tmp 1346 } 1347 req, _ := c.ListSecretsRequest(inCpy) 1348 req.SetContext(ctx) 1349 req.ApplyOptions(opts...) 1350 return req, nil 1351 }, 1352 } 1353 1354 for p.Next() { 1355 if !fn(p.Page().(*ListSecretsOutput), !p.HasNextPage()) { 1356 break 1357 } 1358 } 1359 1360 return p.Err() 1361} 1362 1363const opPutResourcePolicy = "PutResourcePolicy" 1364 1365// PutResourcePolicyRequest generates a "aws/request.Request" representing the 1366// client's request for the PutResourcePolicy operation. The "output" return 1367// value will be populated with the request's response once the request completes 1368// successfully. 1369// 1370// Use "Send" method on the returned Request to send the API call to the service. 1371// the "output" return value is not valid until after Send returns without error. 1372// 1373// See PutResourcePolicy for more information on using the PutResourcePolicy 1374// API call, and error handling. 1375// 1376// This method is useful when you want to inject custom logic or configuration 1377// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1378// 1379// 1380// // Example sending a request using the PutResourcePolicyRequest method. 1381// req, resp := client.PutResourcePolicyRequest(params) 1382// 1383// err := req.Send() 1384// if err == nil { // resp is now filled 1385// fmt.Println(resp) 1386// } 1387// 1388// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy 1389func (c *SecretsManager) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) { 1390 op := &request.Operation{ 1391 Name: opPutResourcePolicy, 1392 HTTPMethod: "POST", 1393 HTTPPath: "/", 1394 } 1395 1396 if input == nil { 1397 input = &PutResourcePolicyInput{} 1398 } 1399 1400 output = &PutResourcePolicyOutput{} 1401 req = c.newRequest(op, input, output) 1402 return 1403} 1404 1405// PutResourcePolicy API operation for AWS Secrets Manager. 1406// 1407// Attaches the contents of the specified resource-based permission policy to 1408// a secret. A resource-based policy is optional. Alternatively, you can use 1409// IAM identity-based policies that specify the secret's Amazon Resource Name 1410// (ARN) in the policy statement's Resources element. You can also use a combination 1411// of both identity-based and resource-based policies. The affected users and 1412// roles receive the permissions that are permitted by all of the relevant policies. 1413// For more information, see Using Resource-Based Policies for Amazon Web Services 1414// Secrets Manager (http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). 1415// For the complete description of the Amazon Web Services policy syntax and 1416// grammar, see IAM JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) 1417// in the IAM User Guide. 1418// 1419// Minimum permissions 1420// 1421// To run this command, you must have the following permissions: 1422// 1423// * secretsmanager:PutResourcePolicy 1424// 1425// Related operations 1426// 1427// * To retrieve the resource policy attached to a secret, use GetResourcePolicy. 1428// 1429// * To delete the resource-based policy attached to a secret, use DeleteResourcePolicy. 1430// 1431// * To list all of the currently available secrets, use ListSecrets. 1432// 1433// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1434// with awserr.Error's Code and Message methods to get detailed information about 1435// the error. 1436// 1437// See the AWS API reference guide for AWS Secrets Manager's 1438// API operation PutResourcePolicy for usage and error information. 1439// 1440// Returned Error Types: 1441// * MalformedPolicyDocumentException 1442// You provided a resource-based policy with syntax errors. 1443// 1444// * ResourceNotFoundException 1445// We can't find the resource that you asked for. 1446// 1447// * InvalidParameterException 1448// You provided an invalid value for a parameter. 1449// 1450// * InternalServiceError 1451// An error occurred on the server side. 1452// 1453// * InvalidRequestException 1454// You provided a parameter value that is not valid for the current state of 1455// the resource. 1456// 1457// Possible causes: 1458// 1459// * You tried to perform the operation on a secret that's currently marked 1460// deleted. 1461// 1462// * You tried to enable rotation on a secret that doesn't already have a 1463// Lambda function ARN configured and you didn't include such an ARN as a 1464// parameter in this call. 1465// 1466// * PublicPolicyException 1467// The BlockPublicPolicy parameter is set to true and the resource policy did 1468// not prevent broad access to the secret. 1469// 1470// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy 1471func (c *SecretsManager) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) { 1472 req, out := c.PutResourcePolicyRequest(input) 1473 return out, req.Send() 1474} 1475 1476// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of 1477// the ability to pass a context and additional request options. 1478// 1479// See PutResourcePolicy for details on how to use this API operation. 1480// 1481// The context must be non-nil and will be used for request cancellation. If 1482// the context is nil a panic will occur. In the future the SDK may create 1483// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1484// for more information on using Contexts. 1485func (c *SecretsManager) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) { 1486 req, out := c.PutResourcePolicyRequest(input) 1487 req.SetContext(ctx) 1488 req.ApplyOptions(opts...) 1489 return out, req.Send() 1490} 1491 1492const opPutSecretValue = "PutSecretValue" 1493 1494// PutSecretValueRequest generates a "aws/request.Request" representing the 1495// client's request for the PutSecretValue operation. The "output" return 1496// value will be populated with the request's response once the request completes 1497// successfully. 1498// 1499// Use "Send" method on the returned Request to send the API call to the service. 1500// the "output" return value is not valid until after Send returns without error. 1501// 1502// See PutSecretValue for more information on using the PutSecretValue 1503// API call, and error handling. 1504// 1505// This method is useful when you want to inject custom logic or configuration 1506// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1507// 1508// 1509// // Example sending a request using the PutSecretValueRequest method. 1510// req, resp := client.PutSecretValueRequest(params) 1511// 1512// err := req.Send() 1513// if err == nil { // resp is now filled 1514// fmt.Println(resp) 1515// } 1516// 1517// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue 1518func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req *request.Request, output *PutSecretValueOutput) { 1519 op := &request.Operation{ 1520 Name: opPutSecretValue, 1521 HTTPMethod: "POST", 1522 HTTPPath: "/", 1523 } 1524 1525 if input == nil { 1526 input = &PutSecretValueInput{} 1527 } 1528 1529 output = &PutSecretValueOutput{} 1530 req = c.newRequest(op, input, output) 1531 return 1532} 1533 1534// PutSecretValue API operation for AWS Secrets Manager. 1535// 1536// Stores a new encrypted secret value in the specified secret. To do this, 1537// the operation creates a new version and attaches it to the secret. The version 1538// can contain a new SecretString value or a new SecretBinary value. You can 1539// also specify the staging labels that are initially attached to the new version. 1540// 1541// The Secrets Manager console uses only the SecretString field. To add binary 1542// data to a secret with the SecretBinary field you must use the Amazon Web 1543// Services CLI or one of the Amazon Web Services SDKs. 1544// 1545// * If this operation creates the first version for the secret then Secrets 1546// Manager automatically attaches the staging label AWSCURRENT to the new 1547// version. 1548// 1549// * If you do not specify a value for VersionStages then Secrets Manager 1550// automatically moves the staging label AWSCURRENT to this new version. 1551// 1552// * If this operation moves the staging label AWSCURRENT from another version 1553// to this version, then Secrets Manager also automatically moves the staging 1554// label AWSPREVIOUS to the version that AWSCURRENT was removed from. 1555// 1556// * This operation is idempotent. If a version with a VersionId with the 1557// same value as the ClientRequestToken parameter already exists and you 1558// specify the same secret data, the operation succeeds but does nothing. 1559// However, if the secret data is different, then the operation fails because 1560// you cannot modify an existing version; you can only create new ones. 1561// 1562// * If you call an operation to encrypt or decrypt the SecretString or SecretBinary 1563// for a secret in the same account as the calling user and that secret doesn't 1564// specify a Amazon Web Services KMS encryption key, Secrets Manager uses 1565// the account's default Amazon Web Services managed customer master key 1566// (CMK) with the alias aws/secretsmanager. If this key doesn't already exist 1567// in your account then Secrets Manager creates it for you automatically. 1568// All users and roles in the same Amazon Web Services account automatically 1569// have access to use the default CMK. Note that if an Secrets Manager API 1570// call results in Amazon Web Services creating the account's Amazon Web 1571// Services-managed CMK, it can result in a one-time significant delay in 1572// returning the result. 1573// 1574// * If the secret resides in a different Amazon Web Services account from 1575// the credentials calling an API that requires encryption or decryption 1576// of the secret value then you must create and use a custom Amazon Web Services 1577// KMS CMK because you can't access the default CMK for the account using 1578// credentials from a different Amazon Web Services account. Store the ARN 1579// of the CMK in the secret when you create the secret or when you update 1580// it by including it in the KMSKeyId. If you call an API that must encrypt 1581// or decrypt SecretString or SecretBinary using credentials from a different 1582// account then the Amazon Web Services KMS key policy must grant cross-account 1583// access to that other account's user or role for both the kms:GenerateDataKey 1584// and kms:Decrypt operations. 1585// 1586// Minimum permissions 1587// 1588// To run this command, you must have the following permissions: 1589// 1590// * secretsmanager:PutSecretValue 1591// 1592// * kms:GenerateDataKey - needed only if you use a customer-managed Amazon 1593// Web Services KMS key to encrypt the secret. You do not need this permission 1594// to use the account's default Amazon Web Services managed CMK for Secrets 1595// Manager. 1596// 1597// Related operations 1598// 1599// * To retrieve the encrypted value you store in the version of a secret, 1600// use GetSecretValue. 1601// 1602// * To create a secret, use CreateSecret. 1603// 1604// * To get the details for a secret, use DescribeSecret. 1605// 1606// * To list the versions attached to a secret, use ListSecretVersionIds. 1607// 1608// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1609// with awserr.Error's Code and Message methods to get detailed information about 1610// the error. 1611// 1612// See the AWS API reference guide for AWS Secrets Manager's 1613// API operation PutSecretValue for usage and error information. 1614// 1615// Returned Error Types: 1616// * InvalidParameterException 1617// You provided an invalid value for a parameter. 1618// 1619// * InvalidRequestException 1620// You provided a parameter value that is not valid for the current state of 1621// the resource. 1622// 1623// Possible causes: 1624// 1625// * You tried to perform the operation on a secret that's currently marked 1626// deleted. 1627// 1628// * You tried to enable rotation on a secret that doesn't already have a 1629// Lambda function ARN configured and you didn't include such an ARN as a 1630// parameter in this call. 1631// 1632// * LimitExceededException 1633// The request failed because it would exceed one of the Secrets Manager internal 1634// limits. 1635// 1636// * EncryptionFailure 1637// Secrets Manager can't encrypt the protected secret text using the provided 1638// KMS key. Check that the customer master key (CMK) is available, enabled, 1639// and not in an invalid state. For more information, see How Key State Affects 1640// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 1641// 1642// * ResourceExistsException 1643// A resource with the ID you requested already exists. 1644// 1645// * ResourceNotFoundException 1646// We can't find the resource that you asked for. 1647// 1648// * InternalServiceError 1649// An error occurred on the server side. 1650// 1651// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue 1652func (c *SecretsManager) PutSecretValue(input *PutSecretValueInput) (*PutSecretValueOutput, error) { 1653 req, out := c.PutSecretValueRequest(input) 1654 return out, req.Send() 1655} 1656 1657// PutSecretValueWithContext is the same as PutSecretValue with the addition of 1658// the ability to pass a context and additional request options. 1659// 1660// See PutSecretValue for details on how to use this API operation. 1661// 1662// The context must be non-nil and will be used for request cancellation. If 1663// the context is nil a panic will occur. In the future the SDK may create 1664// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1665// for more information on using Contexts. 1666func (c *SecretsManager) PutSecretValueWithContext(ctx aws.Context, input *PutSecretValueInput, opts ...request.Option) (*PutSecretValueOutput, error) { 1667 req, out := c.PutSecretValueRequest(input) 1668 req.SetContext(ctx) 1669 req.ApplyOptions(opts...) 1670 return out, req.Send() 1671} 1672 1673const opRemoveRegionsFromReplication = "RemoveRegionsFromReplication" 1674 1675// RemoveRegionsFromReplicationRequest generates a "aws/request.Request" representing the 1676// client's request for the RemoveRegionsFromReplication operation. The "output" return 1677// value will be populated with the request's response once the request completes 1678// successfully. 1679// 1680// Use "Send" method on the returned Request to send the API call to the service. 1681// the "output" return value is not valid until after Send returns without error. 1682// 1683// See RemoveRegionsFromReplication for more information on using the RemoveRegionsFromReplication 1684// API call, and error handling. 1685// 1686// This method is useful when you want to inject custom logic or configuration 1687// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1688// 1689// 1690// // Example sending a request using the RemoveRegionsFromReplicationRequest method. 1691// req, resp := client.RemoveRegionsFromReplicationRequest(params) 1692// 1693// err := req.Send() 1694// if err == nil { // resp is now filled 1695// fmt.Println(resp) 1696// } 1697// 1698// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication 1699func (c *SecretsManager) RemoveRegionsFromReplicationRequest(input *RemoveRegionsFromReplicationInput) (req *request.Request, output *RemoveRegionsFromReplicationOutput) { 1700 op := &request.Operation{ 1701 Name: opRemoveRegionsFromReplication, 1702 HTTPMethod: "POST", 1703 HTTPPath: "/", 1704 } 1705 1706 if input == nil { 1707 input = &RemoveRegionsFromReplicationInput{} 1708 } 1709 1710 output = &RemoveRegionsFromReplicationOutput{} 1711 req = c.newRequest(op, input, output) 1712 return 1713} 1714 1715// RemoveRegionsFromReplication API operation for AWS Secrets Manager. 1716// 1717// Remove regions from replication. 1718// 1719// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1720// with awserr.Error's Code and Message methods to get detailed information about 1721// the error. 1722// 1723// See the AWS API reference guide for AWS Secrets Manager's 1724// API operation RemoveRegionsFromReplication for usage and error information. 1725// 1726// Returned Error Types: 1727// * ResourceNotFoundException 1728// We can't find the resource that you asked for. 1729// 1730// * InvalidRequestException 1731// You provided a parameter value that is not valid for the current state of 1732// the resource. 1733// 1734// Possible causes: 1735// 1736// * You tried to perform the operation on a secret that's currently marked 1737// deleted. 1738// 1739// * You tried to enable rotation on a secret that doesn't already have a 1740// Lambda function ARN configured and you didn't include such an ARN as a 1741// parameter in this call. 1742// 1743// * InvalidParameterException 1744// You provided an invalid value for a parameter. 1745// 1746// * InternalServiceError 1747// An error occurred on the server side. 1748// 1749// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication 1750func (c *SecretsManager) RemoveRegionsFromReplication(input *RemoveRegionsFromReplicationInput) (*RemoveRegionsFromReplicationOutput, error) { 1751 req, out := c.RemoveRegionsFromReplicationRequest(input) 1752 return out, req.Send() 1753} 1754 1755// RemoveRegionsFromReplicationWithContext is the same as RemoveRegionsFromReplication with the addition of 1756// the ability to pass a context and additional request options. 1757// 1758// See RemoveRegionsFromReplication for details on how to use this API operation. 1759// 1760// The context must be non-nil and will be used for request cancellation. If 1761// the context is nil a panic will occur. In the future the SDK may create 1762// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1763// for more information on using Contexts. 1764func (c *SecretsManager) RemoveRegionsFromReplicationWithContext(ctx aws.Context, input *RemoveRegionsFromReplicationInput, opts ...request.Option) (*RemoveRegionsFromReplicationOutput, error) { 1765 req, out := c.RemoveRegionsFromReplicationRequest(input) 1766 req.SetContext(ctx) 1767 req.ApplyOptions(opts...) 1768 return out, req.Send() 1769} 1770 1771const opReplicateSecretToRegions = "ReplicateSecretToRegions" 1772 1773// ReplicateSecretToRegionsRequest generates a "aws/request.Request" representing the 1774// client's request for the ReplicateSecretToRegions operation. The "output" return 1775// value will be populated with the request's response once the request completes 1776// successfully. 1777// 1778// Use "Send" method on the returned Request to send the API call to the service. 1779// the "output" return value is not valid until after Send returns without error. 1780// 1781// See ReplicateSecretToRegions for more information on using the ReplicateSecretToRegions 1782// API call, and error handling. 1783// 1784// This method is useful when you want to inject custom logic or configuration 1785// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1786// 1787// 1788// // Example sending a request using the ReplicateSecretToRegionsRequest method. 1789// req, resp := client.ReplicateSecretToRegionsRequest(params) 1790// 1791// err := req.Send() 1792// if err == nil { // resp is now filled 1793// fmt.Println(resp) 1794// } 1795// 1796// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions 1797func (c *SecretsManager) ReplicateSecretToRegionsRequest(input *ReplicateSecretToRegionsInput) (req *request.Request, output *ReplicateSecretToRegionsOutput) { 1798 op := &request.Operation{ 1799 Name: opReplicateSecretToRegions, 1800 HTTPMethod: "POST", 1801 HTTPPath: "/", 1802 } 1803 1804 if input == nil { 1805 input = &ReplicateSecretToRegionsInput{} 1806 } 1807 1808 output = &ReplicateSecretToRegionsOutput{} 1809 req = c.newRequest(op, input, output) 1810 return 1811} 1812 1813// ReplicateSecretToRegions API operation for AWS Secrets Manager. 1814// 1815// Converts an existing secret to a multi-Region secret and begins replication 1816// the secret to a list of new regions. 1817// 1818// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1819// with awserr.Error's Code and Message methods to get detailed information about 1820// the error. 1821// 1822// See the AWS API reference guide for AWS Secrets Manager's 1823// API operation ReplicateSecretToRegions for usage and error information. 1824// 1825// Returned Error Types: 1826// * ResourceNotFoundException 1827// We can't find the resource that you asked for. 1828// 1829// * InvalidRequestException 1830// You provided a parameter value that is not valid for the current state of 1831// the resource. 1832// 1833// Possible causes: 1834// 1835// * You tried to perform the operation on a secret that's currently marked 1836// deleted. 1837// 1838// * You tried to enable rotation on a secret that doesn't already have a 1839// Lambda function ARN configured and you didn't include such an ARN as a 1840// parameter in this call. 1841// 1842// * InvalidParameterException 1843// You provided an invalid value for a parameter. 1844// 1845// * InternalServiceError 1846// An error occurred on the server side. 1847// 1848// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions 1849func (c *SecretsManager) ReplicateSecretToRegions(input *ReplicateSecretToRegionsInput) (*ReplicateSecretToRegionsOutput, error) { 1850 req, out := c.ReplicateSecretToRegionsRequest(input) 1851 return out, req.Send() 1852} 1853 1854// ReplicateSecretToRegionsWithContext is the same as ReplicateSecretToRegions with the addition of 1855// the ability to pass a context and additional request options. 1856// 1857// See ReplicateSecretToRegions for details on how to use this API operation. 1858// 1859// The context must be non-nil and will be used for request cancellation. If 1860// the context is nil a panic will occur. In the future the SDK may create 1861// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1862// for more information on using Contexts. 1863func (c *SecretsManager) ReplicateSecretToRegionsWithContext(ctx aws.Context, input *ReplicateSecretToRegionsInput, opts ...request.Option) (*ReplicateSecretToRegionsOutput, error) { 1864 req, out := c.ReplicateSecretToRegionsRequest(input) 1865 req.SetContext(ctx) 1866 req.ApplyOptions(opts...) 1867 return out, req.Send() 1868} 1869 1870const opRestoreSecret = "RestoreSecret" 1871 1872// RestoreSecretRequest generates a "aws/request.Request" representing the 1873// client's request for the RestoreSecret operation. The "output" return 1874// value will be populated with the request's response once the request completes 1875// successfully. 1876// 1877// Use "Send" method on the returned Request to send the API call to the service. 1878// the "output" return value is not valid until after Send returns without error. 1879// 1880// See RestoreSecret for more information on using the RestoreSecret 1881// API call, and error handling. 1882// 1883// This method is useful when you want to inject custom logic or configuration 1884// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1885// 1886// 1887// // Example sending a request using the RestoreSecretRequest method. 1888// req, resp := client.RestoreSecretRequest(params) 1889// 1890// err := req.Send() 1891// if err == nil { // resp is now filled 1892// fmt.Println(resp) 1893// } 1894// 1895// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret 1896func (c *SecretsManager) RestoreSecretRequest(input *RestoreSecretInput) (req *request.Request, output *RestoreSecretOutput) { 1897 op := &request.Operation{ 1898 Name: opRestoreSecret, 1899 HTTPMethod: "POST", 1900 HTTPPath: "/", 1901 } 1902 1903 if input == nil { 1904 input = &RestoreSecretInput{} 1905 } 1906 1907 output = &RestoreSecretOutput{} 1908 req = c.newRequest(op, input, output) 1909 return 1910} 1911 1912// RestoreSecret API operation for AWS Secrets Manager. 1913// 1914// Cancels the scheduled deletion of a secret by removing the DeletedDate time 1915// stamp. This makes the secret accessible to query once again. 1916// 1917// Minimum permissions 1918// 1919// To run this command, you must have the following permissions: 1920// 1921// * secretsmanager:RestoreSecret 1922// 1923// Related operations 1924// 1925// * To delete a secret, use DeleteSecret. 1926// 1927// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1928// with awserr.Error's Code and Message methods to get detailed information about 1929// the error. 1930// 1931// See the AWS API reference guide for AWS Secrets Manager's 1932// API operation RestoreSecret for usage and error information. 1933// 1934// Returned Error Types: 1935// * ResourceNotFoundException 1936// We can't find the resource that you asked for. 1937// 1938// * InvalidParameterException 1939// You provided an invalid value for a parameter. 1940// 1941// * InvalidRequestException 1942// You provided a parameter value that is not valid for the current state of 1943// the resource. 1944// 1945// Possible causes: 1946// 1947// * You tried to perform the operation on a secret that's currently marked 1948// deleted. 1949// 1950// * You tried to enable rotation on a secret that doesn't already have a 1951// Lambda function ARN configured and you didn't include such an ARN as a 1952// parameter in this call. 1953// 1954// * InternalServiceError 1955// An error occurred on the server side. 1956// 1957// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret 1958func (c *SecretsManager) RestoreSecret(input *RestoreSecretInput) (*RestoreSecretOutput, error) { 1959 req, out := c.RestoreSecretRequest(input) 1960 return out, req.Send() 1961} 1962 1963// RestoreSecretWithContext is the same as RestoreSecret with the addition of 1964// the ability to pass a context and additional request options. 1965// 1966// See RestoreSecret for details on how to use this API operation. 1967// 1968// The context must be non-nil and will be used for request cancellation. If 1969// the context is nil a panic will occur. In the future the SDK may create 1970// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1971// for more information on using Contexts. 1972func (c *SecretsManager) RestoreSecretWithContext(ctx aws.Context, input *RestoreSecretInput, opts ...request.Option) (*RestoreSecretOutput, error) { 1973 req, out := c.RestoreSecretRequest(input) 1974 req.SetContext(ctx) 1975 req.ApplyOptions(opts...) 1976 return out, req.Send() 1977} 1978 1979const opRotateSecret = "RotateSecret" 1980 1981// RotateSecretRequest generates a "aws/request.Request" representing the 1982// client's request for the RotateSecret operation. The "output" return 1983// value will be populated with the request's response once the request completes 1984// successfully. 1985// 1986// Use "Send" method on the returned Request to send the API call to the service. 1987// the "output" return value is not valid until after Send returns without error. 1988// 1989// See RotateSecret for more information on using the RotateSecret 1990// API call, and error handling. 1991// 1992// This method is useful when you want to inject custom logic or configuration 1993// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1994// 1995// 1996// // Example sending a request using the RotateSecretRequest method. 1997// req, resp := client.RotateSecretRequest(params) 1998// 1999// err := req.Send() 2000// if err == nil { // resp is now filled 2001// fmt.Println(resp) 2002// } 2003// 2004// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret 2005func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) (req *request.Request, output *RotateSecretOutput) { 2006 op := &request.Operation{ 2007 Name: opRotateSecret, 2008 HTTPMethod: "POST", 2009 HTTPPath: "/", 2010 } 2011 2012 if input == nil { 2013 input = &RotateSecretInput{} 2014 } 2015 2016 output = &RotateSecretOutput{} 2017 req = c.newRequest(op, input, output) 2018 return 2019} 2020 2021// RotateSecret API operation for AWS Secrets Manager. 2022// 2023// Configures and starts the asynchronous process of rotating this secret. If 2024// you include the configuration parameters, the operation sets those values 2025// for the secret and then immediately starts a rotation. If you do not include 2026// the configuration parameters, the operation starts a rotation with the values 2027// already stored in the secret. After the rotation completes, the protected 2028// service and its clients all use the new version of the secret. 2029// 2030// This required configuration information includes the ARN of an Amazon Web 2031// Services Lambda function and optionally, the time between scheduled rotations. 2032// The Lambda rotation function creates a new version of the secret and creates 2033// or updates the credentials on the protected service to match. After testing 2034// the new credentials, the function marks the new secret with the staging label 2035// AWSCURRENT so that your clients all immediately begin to use the new version. 2036// For more information about rotating secrets and how to configure a Lambda 2037// function to rotate the secrets for your protected service, see Rotating Secrets 2038// in Amazon Web Services Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) 2039// in the Amazon Web Services Secrets Manager User Guide. 2040// 2041// Secrets Manager schedules the next rotation when the previous one completes. 2042// Secrets Manager schedules the date by adding the rotation interval (number 2043// of days) to the actual date of the last rotation. The service chooses the 2044// hour within that 24-hour date window randomly. The minute is also chosen 2045// somewhat randomly, but weighted towards the top of the hour and influenced 2046// by a variety of factors that help distribute load. 2047// 2048// The rotation function must end with the versions of the secret in one of 2049// two states: 2050// 2051// * The AWSPENDING and AWSCURRENT staging labels are attached to the same 2052// version of the secret, or 2053// 2054// * The AWSPENDING staging label is not attached to any version of the secret. 2055// 2056// If the AWSPENDING staging label is present but not attached to the same version 2057// as AWSCURRENT then any later invocation of RotateSecret assumes that a previous 2058// rotation request is still in progress and returns an error. 2059// 2060// Minimum permissions 2061// 2062// To run this command, you must have the following permissions: 2063// 2064// * secretsmanager:RotateSecret 2065// 2066// * lambda:InvokeFunction (on the function specified in the secret's metadata) 2067// 2068// Related operations 2069// 2070// * To list the secrets in your account, use ListSecrets. 2071// 2072// * To get the details for a version of a secret, use DescribeSecret. 2073// 2074// * To create a new version of a secret, use CreateSecret. 2075// 2076// * To attach staging labels to or remove staging labels from a version 2077// of a secret, use UpdateSecretVersionStage. 2078// 2079// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2080// with awserr.Error's Code and Message methods to get detailed information about 2081// the error. 2082// 2083// See the AWS API reference guide for AWS Secrets Manager's 2084// API operation RotateSecret for usage and error information. 2085// 2086// Returned Error Types: 2087// * ResourceNotFoundException 2088// We can't find the resource that you asked for. 2089// 2090// * InvalidParameterException 2091// You provided an invalid value for a parameter. 2092// 2093// * InternalServiceError 2094// An error occurred on the server side. 2095// 2096// * InvalidRequestException 2097// You provided a parameter value that is not valid for the current state of 2098// the resource. 2099// 2100// Possible causes: 2101// 2102// * You tried to perform the operation on a secret that's currently marked 2103// deleted. 2104// 2105// * You tried to enable rotation on a secret that doesn't already have a 2106// Lambda function ARN configured and you didn't include such an ARN as a 2107// parameter in this call. 2108// 2109// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret 2110func (c *SecretsManager) RotateSecret(input *RotateSecretInput) (*RotateSecretOutput, error) { 2111 req, out := c.RotateSecretRequest(input) 2112 return out, req.Send() 2113} 2114 2115// RotateSecretWithContext is the same as RotateSecret with the addition of 2116// the ability to pass a context and additional request options. 2117// 2118// See RotateSecret for details on how to use this API operation. 2119// 2120// The context must be non-nil and will be used for request cancellation. If 2121// the context is nil a panic will occur. In the future the SDK may create 2122// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2123// for more information on using Contexts. 2124func (c *SecretsManager) RotateSecretWithContext(ctx aws.Context, input *RotateSecretInput, opts ...request.Option) (*RotateSecretOutput, error) { 2125 req, out := c.RotateSecretRequest(input) 2126 req.SetContext(ctx) 2127 req.ApplyOptions(opts...) 2128 return out, req.Send() 2129} 2130 2131const opStopReplicationToReplica = "StopReplicationToReplica" 2132 2133// StopReplicationToReplicaRequest generates a "aws/request.Request" representing the 2134// client's request for the StopReplicationToReplica operation. The "output" return 2135// value will be populated with the request's response once the request completes 2136// successfully. 2137// 2138// Use "Send" method on the returned Request to send the API call to the service. 2139// the "output" return value is not valid until after Send returns without error. 2140// 2141// See StopReplicationToReplica for more information on using the StopReplicationToReplica 2142// API call, and error handling. 2143// 2144// This method is useful when you want to inject custom logic or configuration 2145// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2146// 2147// 2148// // Example sending a request using the StopReplicationToReplicaRequest method. 2149// req, resp := client.StopReplicationToReplicaRequest(params) 2150// 2151// err := req.Send() 2152// if err == nil { // resp is now filled 2153// fmt.Println(resp) 2154// } 2155// 2156// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica 2157func (c *SecretsManager) StopReplicationToReplicaRequest(input *StopReplicationToReplicaInput) (req *request.Request, output *StopReplicationToReplicaOutput) { 2158 op := &request.Operation{ 2159 Name: opStopReplicationToReplica, 2160 HTTPMethod: "POST", 2161 HTTPPath: "/", 2162 } 2163 2164 if input == nil { 2165 input = &StopReplicationToReplicaInput{} 2166 } 2167 2168 output = &StopReplicationToReplicaOutput{} 2169 req = c.newRequest(op, input, output) 2170 return 2171} 2172 2173// StopReplicationToReplica API operation for AWS Secrets Manager. 2174// 2175// Removes the secret from replication and promotes the secret to a regional 2176// secret in the replica Region. 2177// 2178// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2179// with awserr.Error's Code and Message methods to get detailed information about 2180// the error. 2181// 2182// See the AWS API reference guide for AWS Secrets Manager's 2183// API operation StopReplicationToReplica for usage and error information. 2184// 2185// Returned Error Types: 2186// * ResourceNotFoundException 2187// We can't find the resource that you asked for. 2188// 2189// * InvalidRequestException 2190// You provided a parameter value that is not valid for the current state of 2191// the resource. 2192// 2193// Possible causes: 2194// 2195// * You tried to perform the operation on a secret that's currently marked 2196// deleted. 2197// 2198// * You tried to enable rotation on a secret that doesn't already have a 2199// Lambda function ARN configured and you didn't include such an ARN as a 2200// parameter in this call. 2201// 2202// * InvalidParameterException 2203// You provided an invalid value for a parameter. 2204// 2205// * InternalServiceError 2206// An error occurred on the server side. 2207// 2208// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica 2209func (c *SecretsManager) StopReplicationToReplica(input *StopReplicationToReplicaInput) (*StopReplicationToReplicaOutput, error) { 2210 req, out := c.StopReplicationToReplicaRequest(input) 2211 return out, req.Send() 2212} 2213 2214// StopReplicationToReplicaWithContext is the same as StopReplicationToReplica with the addition of 2215// the ability to pass a context and additional request options. 2216// 2217// See StopReplicationToReplica for details on how to use this API operation. 2218// 2219// The context must be non-nil and will be used for request cancellation. If 2220// the context is nil a panic will occur. In the future the SDK may create 2221// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2222// for more information on using Contexts. 2223func (c *SecretsManager) StopReplicationToReplicaWithContext(ctx aws.Context, input *StopReplicationToReplicaInput, opts ...request.Option) (*StopReplicationToReplicaOutput, error) { 2224 req, out := c.StopReplicationToReplicaRequest(input) 2225 req.SetContext(ctx) 2226 req.ApplyOptions(opts...) 2227 return out, req.Send() 2228} 2229 2230const opTagResource = "TagResource" 2231 2232// TagResourceRequest generates a "aws/request.Request" representing the 2233// client's request for the TagResource operation. The "output" return 2234// value will be populated with the request's response once the request completes 2235// successfully. 2236// 2237// Use "Send" method on the returned Request to send the API call to the service. 2238// the "output" return value is not valid until after Send returns without error. 2239// 2240// See TagResource for more information on using the TagResource 2241// API call, and error handling. 2242// 2243// This method is useful when you want to inject custom logic or configuration 2244// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2245// 2246// 2247// // Example sending a request using the TagResourceRequest method. 2248// req, resp := client.TagResourceRequest(params) 2249// 2250// err := req.Send() 2251// if err == nil { // resp is now filled 2252// fmt.Println(resp) 2253// } 2254// 2255// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource 2256func (c *SecretsManager) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { 2257 op := &request.Operation{ 2258 Name: opTagResource, 2259 HTTPMethod: "POST", 2260 HTTPPath: "/", 2261 } 2262 2263 if input == nil { 2264 input = &TagResourceInput{} 2265 } 2266 2267 output = &TagResourceOutput{} 2268 req = c.newRequest(op, input, output) 2269 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2270 return 2271} 2272 2273// TagResource API operation for AWS Secrets Manager. 2274// 2275// Attaches one or more tags, each consisting of a key name and a value, to 2276// the specified secret. Tags are part of the secret's overall metadata, and 2277// are not associated with any specific version of the secret. This operation 2278// only appends tags to the existing list of tags. To remove tags, you must 2279// use UntagResource. 2280// 2281// The following basic restrictions apply to tags: 2282// 2283// * Maximum number of tags per secret—50 2284// 2285// * Maximum key length—127 Unicode characters in UTF-8 2286// 2287// * Maximum value length—255 Unicode characters in UTF-8 2288// 2289// * Tag keys and values are case sensitive. 2290// 2291// * Do not use the aws: prefix in your tag names or values because Amazon 2292// Web Services reserves it for Amazon Web Services use. You can't edit or 2293// delete tag names or values with this prefix. Tags with this prefix do 2294// not count against your tags per secret limit. 2295// 2296// * If you use your tagging schema across multiple services and resources, 2297// remember other services might have restrictions on allowed characters. 2298// Generally allowed characters: letters, spaces, and numbers representable 2299// in UTF-8, plus the following special characters: + - = . _ : / @. 2300// 2301// If you use tags as part of your security strategy, then adding or removing 2302// a tag can change permissions. If successfully completing this operation would 2303// result in you losing your permissions for this secret, then the operation 2304// is blocked and returns an Access Denied error. 2305// 2306// Minimum permissions 2307// 2308// To run this command, you must have the following permissions: 2309// 2310// * secretsmanager:TagResource 2311// 2312// Related operations 2313// 2314// * To remove one or more tags from the collection attached to a secret, 2315// use UntagResource. 2316// 2317// * To view the list of tags attached to a secret, use DescribeSecret. 2318// 2319// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2320// with awserr.Error's Code and Message methods to get detailed information about 2321// the error. 2322// 2323// See the AWS API reference guide for AWS Secrets Manager's 2324// API operation TagResource for usage and error information. 2325// 2326// Returned Error Types: 2327// * ResourceNotFoundException 2328// We can't find the resource that you asked for. 2329// 2330// * InvalidRequestException 2331// You provided a parameter value that is not valid for the current state of 2332// the resource. 2333// 2334// Possible causes: 2335// 2336// * You tried to perform the operation on a secret that's currently marked 2337// deleted. 2338// 2339// * You tried to enable rotation on a secret that doesn't already have a 2340// Lambda function ARN configured and you didn't include such an ARN as a 2341// parameter in this call. 2342// 2343// * InvalidParameterException 2344// You provided an invalid value for a parameter. 2345// 2346// * InternalServiceError 2347// An error occurred on the server side. 2348// 2349// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource 2350func (c *SecretsManager) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { 2351 req, out := c.TagResourceRequest(input) 2352 return out, req.Send() 2353} 2354 2355// TagResourceWithContext is the same as TagResource with the addition of 2356// the ability to pass a context and additional request options. 2357// 2358// See TagResource for details on how to use this API operation. 2359// 2360// The context must be non-nil and will be used for request cancellation. If 2361// the context is nil a panic will occur. In the future the SDK may create 2362// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2363// for more information on using Contexts. 2364func (c *SecretsManager) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { 2365 req, out := c.TagResourceRequest(input) 2366 req.SetContext(ctx) 2367 req.ApplyOptions(opts...) 2368 return out, req.Send() 2369} 2370 2371const opUntagResource = "UntagResource" 2372 2373// UntagResourceRequest generates a "aws/request.Request" representing the 2374// client's request for the UntagResource operation. The "output" return 2375// value will be populated with the request's response once the request completes 2376// successfully. 2377// 2378// Use "Send" method on the returned Request to send the API call to the service. 2379// the "output" return value is not valid until after Send returns without error. 2380// 2381// See UntagResource for more information on using the UntagResource 2382// API call, and error handling. 2383// 2384// This method is useful when you want to inject custom logic or configuration 2385// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2386// 2387// 2388// // Example sending a request using the UntagResourceRequest method. 2389// req, resp := client.UntagResourceRequest(params) 2390// 2391// err := req.Send() 2392// if err == nil { // resp is now filled 2393// fmt.Println(resp) 2394// } 2395// 2396// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource 2397func (c *SecretsManager) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { 2398 op := &request.Operation{ 2399 Name: opUntagResource, 2400 HTTPMethod: "POST", 2401 HTTPPath: "/", 2402 } 2403 2404 if input == nil { 2405 input = &UntagResourceInput{} 2406 } 2407 2408 output = &UntagResourceOutput{} 2409 req = c.newRequest(op, input, output) 2410 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2411 return 2412} 2413 2414// UntagResource API operation for AWS Secrets Manager. 2415// 2416// Removes one or more tags from the specified secret. 2417// 2418// This operation is idempotent. If a requested tag is not attached to the secret, 2419// no error is returned and the secret metadata is unchanged. 2420// 2421// If you use tags as part of your security strategy, then removing a tag can 2422// change permissions. If successfully completing this operation would result 2423// in you losing your permissions for this secret, then the operation is blocked 2424// and returns an Access Denied error. 2425// 2426// Minimum permissions 2427// 2428// To run this command, you must have the following permissions: 2429// 2430// * secretsmanager:UntagResource 2431// 2432// Related operations 2433// 2434// * To add one or more tags to the collection attached to a secret, use 2435// TagResource. 2436// 2437// * To view the list of tags attached to a secret, use DescribeSecret. 2438// 2439// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2440// with awserr.Error's Code and Message methods to get detailed information about 2441// the error. 2442// 2443// See the AWS API reference guide for AWS Secrets Manager's 2444// API operation UntagResource for usage and error information. 2445// 2446// Returned Error Types: 2447// * ResourceNotFoundException 2448// We can't find the resource that you asked for. 2449// 2450// * InvalidRequestException 2451// You provided a parameter value that is not valid for the current state of 2452// the resource. 2453// 2454// Possible causes: 2455// 2456// * You tried to perform the operation on a secret that's currently marked 2457// deleted. 2458// 2459// * You tried to enable rotation on a secret that doesn't already have a 2460// Lambda function ARN configured and you didn't include such an ARN as a 2461// parameter in this call. 2462// 2463// * InvalidParameterException 2464// You provided an invalid value for a parameter. 2465// 2466// * InternalServiceError 2467// An error occurred on the server side. 2468// 2469// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource 2470func (c *SecretsManager) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { 2471 req, out := c.UntagResourceRequest(input) 2472 return out, req.Send() 2473} 2474 2475// UntagResourceWithContext is the same as UntagResource with the addition of 2476// the ability to pass a context and additional request options. 2477// 2478// See UntagResource for details on how to use this API operation. 2479// 2480// The context must be non-nil and will be used for request cancellation. If 2481// the context is nil a panic will occur. In the future the SDK may create 2482// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2483// for more information on using Contexts. 2484func (c *SecretsManager) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { 2485 req, out := c.UntagResourceRequest(input) 2486 req.SetContext(ctx) 2487 req.ApplyOptions(opts...) 2488 return out, req.Send() 2489} 2490 2491const opUpdateSecret = "UpdateSecret" 2492 2493// UpdateSecretRequest generates a "aws/request.Request" representing the 2494// client's request for the UpdateSecret operation. The "output" return 2495// value will be populated with the request's response once the request completes 2496// successfully. 2497// 2498// Use "Send" method on the returned Request to send the API call to the service. 2499// the "output" return value is not valid until after Send returns without error. 2500// 2501// See UpdateSecret for more information on using the UpdateSecret 2502// API call, and error handling. 2503// 2504// This method is useful when you want to inject custom logic or configuration 2505// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2506// 2507// 2508// // Example sending a request using the UpdateSecretRequest method. 2509// req, resp := client.UpdateSecretRequest(params) 2510// 2511// err := req.Send() 2512// if err == nil { // resp is now filled 2513// fmt.Println(resp) 2514// } 2515// 2516// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret 2517func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *request.Request, output *UpdateSecretOutput) { 2518 op := &request.Operation{ 2519 Name: opUpdateSecret, 2520 HTTPMethod: "POST", 2521 HTTPPath: "/", 2522 } 2523 2524 if input == nil { 2525 input = &UpdateSecretInput{} 2526 } 2527 2528 output = &UpdateSecretOutput{} 2529 req = c.newRequest(op, input, output) 2530 return 2531} 2532 2533// UpdateSecret API operation for AWS Secrets Manager. 2534// 2535// Modifies many of the details of the specified secret. If you include a ClientRequestToken 2536// and either SecretString or SecretBinary then it also creates a new version 2537// attached to the secret. 2538// 2539// To modify the rotation configuration of a secret, use RotateSecret instead. 2540// 2541// The Secrets Manager console uses only the SecretString parameter and therefore 2542// limits you to encrypting and storing only a text string. To encrypt and store 2543// binary data as part of the version of a secret, you must use either the Amazon 2544// Web Services CLI or one of the Amazon Web Services SDKs. 2545// 2546// * If a version with a VersionId with the same value as the ClientRequestToken 2547// parameter already exists, the operation results in an error. You cannot 2548// modify an existing version, you can only create a new version. 2549// 2550// * If you include SecretString or SecretBinary to create a new secret version, 2551// Secrets Manager automatically attaches the staging label AWSCURRENT to 2552// the new version. 2553// 2554// * If you call an operation to encrypt or decrypt the SecretString or SecretBinary 2555// for a secret in the same account as the calling user and that secret doesn't 2556// specify a Amazon Web Services KMS encryption key, Secrets Manager uses 2557// the account's default Amazon Web Services managed customer master key 2558// (CMK) with the alias aws/secretsmanager. If this key doesn't already exist 2559// in your account then Secrets Manager creates it for you automatically. 2560// All users and roles in the same Amazon Web Services account automatically 2561// have access to use the default CMK. Note that if an Secrets Manager API 2562// call results in Amazon Web Services creating the account's Amazon Web 2563// Services-managed CMK, it can result in a one-time significant delay in 2564// returning the result. 2565// 2566// * If the secret resides in a different Amazon Web Services account from 2567// the credentials calling an API that requires encryption or decryption 2568// of the secret value then you must create and use a custom Amazon Web Services 2569// KMS CMK because you can't access the default CMK for the account using 2570// credentials from a different Amazon Web Services account. Store the ARN 2571// of the CMK in the secret when you create the secret or when you update 2572// it by including it in the KMSKeyId. If you call an API that must encrypt 2573// or decrypt SecretString or SecretBinary using credentials from a different 2574// account then the Amazon Web Services KMS key policy must grant cross-account 2575// access to that other account's user or role for both the kms:GenerateDataKey 2576// and kms:Decrypt operations. 2577// 2578// Minimum permissions 2579// 2580// To run this command, you must have the following permissions: 2581// 2582// * secretsmanager:UpdateSecret 2583// 2584// * kms:GenerateDataKey - needed only if you use a custom Amazon Web Services 2585// KMS key to encrypt the secret. You do not need this permission to use 2586// the account's Amazon Web Services managed CMK for Secrets Manager. 2587// 2588// * kms:Decrypt - needed only if you use a custom Amazon Web Services KMS 2589// key to encrypt the secret. You do not need this permission to use the 2590// account's Amazon Web Services managed CMK for Secrets Manager. 2591// 2592// Related operations 2593// 2594// * To create a new secret, use CreateSecret. 2595// 2596// * To add only a new version to an existing secret, use PutSecretValue. 2597// 2598// * To get the details for a secret, use DescribeSecret. 2599// 2600// * To list the versions contained in a secret, use ListSecretVersionIds. 2601// 2602// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2603// with awserr.Error's Code and Message methods to get detailed information about 2604// the error. 2605// 2606// See the AWS API reference guide for AWS Secrets Manager's 2607// API operation UpdateSecret for usage and error information. 2608// 2609// Returned Error Types: 2610// * InvalidParameterException 2611// You provided an invalid value for a parameter. 2612// 2613// * InvalidRequestException 2614// You provided a parameter value that is not valid for the current state of 2615// the resource. 2616// 2617// Possible causes: 2618// 2619// * You tried to perform the operation on a secret that's currently marked 2620// deleted. 2621// 2622// * You tried to enable rotation on a secret that doesn't already have a 2623// Lambda function ARN configured and you didn't include such an ARN as a 2624// parameter in this call. 2625// 2626// * LimitExceededException 2627// The request failed because it would exceed one of the Secrets Manager internal 2628// limits. 2629// 2630// * EncryptionFailure 2631// Secrets Manager can't encrypt the protected secret text using the provided 2632// KMS key. Check that the customer master key (CMK) is available, enabled, 2633// and not in an invalid state. For more information, see How Key State Affects 2634// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 2635// 2636// * ResourceExistsException 2637// A resource with the ID you requested already exists. 2638// 2639// * ResourceNotFoundException 2640// We can't find the resource that you asked for. 2641// 2642// * MalformedPolicyDocumentException 2643// You provided a resource-based policy with syntax errors. 2644// 2645// * InternalServiceError 2646// An error occurred on the server side. 2647// 2648// * PreconditionNotMetException 2649// The request failed because you did not complete all the prerequisite steps. 2650// 2651// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret 2652func (c *SecretsManager) UpdateSecret(input *UpdateSecretInput) (*UpdateSecretOutput, error) { 2653 req, out := c.UpdateSecretRequest(input) 2654 return out, req.Send() 2655} 2656 2657// UpdateSecretWithContext is the same as UpdateSecret with the addition of 2658// the ability to pass a context and additional request options. 2659// 2660// See UpdateSecret for details on how to use this API operation. 2661// 2662// The context must be non-nil and will be used for request cancellation. If 2663// the context is nil a panic will occur. In the future the SDK may create 2664// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2665// for more information on using Contexts. 2666func (c *SecretsManager) UpdateSecretWithContext(ctx aws.Context, input *UpdateSecretInput, opts ...request.Option) (*UpdateSecretOutput, error) { 2667 req, out := c.UpdateSecretRequest(input) 2668 req.SetContext(ctx) 2669 req.ApplyOptions(opts...) 2670 return out, req.Send() 2671} 2672 2673const opUpdateSecretVersionStage = "UpdateSecretVersionStage" 2674 2675// UpdateSecretVersionStageRequest generates a "aws/request.Request" representing the 2676// client's request for the UpdateSecretVersionStage operation. The "output" return 2677// value will be populated with the request's response once the request completes 2678// successfully. 2679// 2680// Use "Send" method on the returned Request to send the API call to the service. 2681// the "output" return value is not valid until after Send returns without error. 2682// 2683// See UpdateSecretVersionStage for more information on using the UpdateSecretVersionStage 2684// API call, and error handling. 2685// 2686// This method is useful when you want to inject custom logic or configuration 2687// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2688// 2689// 2690// // Example sending a request using the UpdateSecretVersionStageRequest method. 2691// req, resp := client.UpdateSecretVersionStageRequest(params) 2692// 2693// err := req.Send() 2694// if err == nil { // resp is now filled 2695// fmt.Println(resp) 2696// } 2697// 2698// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage 2699func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVersionStageInput) (req *request.Request, output *UpdateSecretVersionStageOutput) { 2700 op := &request.Operation{ 2701 Name: opUpdateSecretVersionStage, 2702 HTTPMethod: "POST", 2703 HTTPPath: "/", 2704 } 2705 2706 if input == nil { 2707 input = &UpdateSecretVersionStageInput{} 2708 } 2709 2710 output = &UpdateSecretVersionStageOutput{} 2711 req = c.newRequest(op, input, output) 2712 return 2713} 2714 2715// UpdateSecretVersionStage API operation for AWS Secrets Manager. 2716// 2717// Modifies the staging labels attached to a version of a secret. Staging labels 2718// are used to track a version as it progresses through the secret rotation 2719// process. You can attach a staging label to only one version of a secret at 2720// a time. If a staging label to be added is already attached to another version, 2721// then it is moved--removed from the other version first and then attached 2722// to this one. For more information about staging labels, see Staging Labels 2723// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label) 2724// in the Amazon Web Services Secrets Manager User Guide. 2725// 2726// The staging labels that you specify in the VersionStage parameter are added 2727// to the existing list of staging labels--they don't replace it. 2728// 2729// You can move the AWSCURRENT staging label to this version by including it 2730// in this call. 2731// 2732// Whenever you move AWSCURRENT, Secrets Manager automatically moves the label 2733// AWSPREVIOUS to the version that AWSCURRENT was removed from. 2734// 2735// If this action results in the last label being removed from a version, then 2736// the version is considered to be 'deprecated' and can be deleted by Secrets 2737// Manager. 2738// 2739// Minimum permissions 2740// 2741// To run this command, you must have the following permissions: 2742// 2743// * secretsmanager:UpdateSecretVersionStage 2744// 2745// Related operations 2746// 2747// * To get the list of staging labels that are currently associated with 2748// a version of a secret, use DescribeSecret and examine the SecretVersionsToStages 2749// response value. 2750// 2751// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2752// with awserr.Error's Code and Message methods to get detailed information about 2753// the error. 2754// 2755// See the AWS API reference guide for AWS Secrets Manager's 2756// API operation UpdateSecretVersionStage for usage and error information. 2757// 2758// Returned Error Types: 2759// * ResourceNotFoundException 2760// We can't find the resource that you asked for. 2761// 2762// * InvalidParameterException 2763// You provided an invalid value for a parameter. 2764// 2765// * InvalidRequestException 2766// You provided a parameter value that is not valid for the current state of 2767// the resource. 2768// 2769// Possible causes: 2770// 2771// * You tried to perform the operation on a secret that's currently marked 2772// deleted. 2773// 2774// * You tried to enable rotation on a secret that doesn't already have a 2775// Lambda function ARN configured and you didn't include such an ARN as a 2776// parameter in this call. 2777// 2778// * LimitExceededException 2779// The request failed because it would exceed one of the Secrets Manager internal 2780// limits. 2781// 2782// * InternalServiceError 2783// An error occurred on the server side. 2784// 2785// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage 2786func (c *SecretsManager) UpdateSecretVersionStage(input *UpdateSecretVersionStageInput) (*UpdateSecretVersionStageOutput, error) { 2787 req, out := c.UpdateSecretVersionStageRequest(input) 2788 return out, req.Send() 2789} 2790 2791// UpdateSecretVersionStageWithContext is the same as UpdateSecretVersionStage with the addition of 2792// the ability to pass a context and additional request options. 2793// 2794// See UpdateSecretVersionStage for details on how to use this API operation. 2795// 2796// The context must be non-nil and will be used for request cancellation. If 2797// the context is nil a panic will occur. In the future the SDK may create 2798// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2799// for more information on using Contexts. 2800func (c *SecretsManager) UpdateSecretVersionStageWithContext(ctx aws.Context, input *UpdateSecretVersionStageInput, opts ...request.Option) (*UpdateSecretVersionStageOutput, error) { 2801 req, out := c.UpdateSecretVersionStageRequest(input) 2802 req.SetContext(ctx) 2803 req.ApplyOptions(opts...) 2804 return out, req.Send() 2805} 2806 2807const opValidateResourcePolicy = "ValidateResourcePolicy" 2808 2809// ValidateResourcePolicyRequest generates a "aws/request.Request" representing the 2810// client's request for the ValidateResourcePolicy operation. The "output" return 2811// value will be populated with the request's response once the request completes 2812// successfully. 2813// 2814// Use "Send" method on the returned Request to send the API call to the service. 2815// the "output" return value is not valid until after Send returns without error. 2816// 2817// See ValidateResourcePolicy for more information on using the ValidateResourcePolicy 2818// API call, and error handling. 2819// 2820// This method is useful when you want to inject custom logic or configuration 2821// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2822// 2823// 2824// // Example sending a request using the ValidateResourcePolicyRequest method. 2825// req, resp := client.ValidateResourcePolicyRequest(params) 2826// 2827// err := req.Send() 2828// if err == nil { // resp is now filled 2829// fmt.Println(resp) 2830// } 2831// 2832// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy 2833func (c *SecretsManager) ValidateResourcePolicyRequest(input *ValidateResourcePolicyInput) (req *request.Request, output *ValidateResourcePolicyOutput) { 2834 op := &request.Operation{ 2835 Name: opValidateResourcePolicy, 2836 HTTPMethod: "POST", 2837 HTTPPath: "/", 2838 } 2839 2840 if input == nil { 2841 input = &ValidateResourcePolicyInput{} 2842 } 2843 2844 output = &ValidateResourcePolicyOutput{} 2845 req = c.newRequest(op, input, output) 2846 return 2847} 2848 2849// ValidateResourcePolicy API operation for AWS Secrets Manager. 2850// 2851// Validates that the resource policy does not grant a wide range of IAM principals 2852// access to your secret. The JSON request string input and response output 2853// displays formatted code with white space and line breaks for better readability. 2854// Submit your input as a single line JSON string. A resource-based policy is 2855// optional for secrets. 2856// 2857// The API performs three checks when validating the secret: 2858// 2859// * Sends a call to Zelkova (https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/), 2860// an automated reasoning engine, to ensure your Resource Policy does not 2861// allow broad access to your secret. 2862// 2863// * Checks for correct syntax in a policy. 2864// 2865// * Verifies the policy does not lock out a caller. 2866// 2867// Minimum Permissions 2868// 2869// You must have the permissions required to access the following APIs: 2870// 2871// * secretsmanager:PutResourcePolicy 2872// 2873// * secretsmanager:ValidateResourcePolicy 2874// 2875// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2876// with awserr.Error's Code and Message methods to get detailed information about 2877// the error. 2878// 2879// See the AWS API reference guide for AWS Secrets Manager's 2880// API operation ValidateResourcePolicy for usage and error information. 2881// 2882// Returned Error Types: 2883// * MalformedPolicyDocumentException 2884// You provided a resource-based policy with syntax errors. 2885// 2886// * ResourceNotFoundException 2887// We can't find the resource that you asked for. 2888// 2889// * InvalidParameterException 2890// You provided an invalid value for a parameter. 2891// 2892// * InternalServiceError 2893// An error occurred on the server side. 2894// 2895// * InvalidRequestException 2896// You provided a parameter value that is not valid for the current state of 2897// the resource. 2898// 2899// Possible causes: 2900// 2901// * You tried to perform the operation on a secret that's currently marked 2902// deleted. 2903// 2904// * You tried to enable rotation on a secret that doesn't already have a 2905// Lambda function ARN configured and you didn't include such an ARN as a 2906// parameter in this call. 2907// 2908// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy 2909func (c *SecretsManager) ValidateResourcePolicy(input *ValidateResourcePolicyInput) (*ValidateResourcePolicyOutput, error) { 2910 req, out := c.ValidateResourcePolicyRequest(input) 2911 return out, req.Send() 2912} 2913 2914// ValidateResourcePolicyWithContext is the same as ValidateResourcePolicy with the addition of 2915// the ability to pass a context and additional request options. 2916// 2917// See ValidateResourcePolicy for details on how to use this API operation. 2918// 2919// The context must be non-nil and will be used for request cancellation. If 2920// the context is nil a panic will occur. In the future the SDK may create 2921// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2922// for more information on using Contexts. 2923func (c *SecretsManager) ValidateResourcePolicyWithContext(ctx aws.Context, input *ValidateResourcePolicyInput, opts ...request.Option) (*ValidateResourcePolicyOutput, error) { 2924 req, out := c.ValidateResourcePolicyRequest(input) 2925 req.SetContext(ctx) 2926 req.ApplyOptions(opts...) 2927 return out, req.Send() 2928} 2929 2930type CancelRotateSecretInput struct { 2931 _ struct{} `type:"structure"` 2932 2933 // Specifies the secret to cancel a rotation request. You can specify either 2934 // the Amazon Resource Name (ARN) or the friendly name of the secret. 2935 // 2936 // If you specify an ARN, we generally recommend that you specify a complete 2937 // ARN. You can specify a partial ARN too—for example, if you don’t include 2938 // the final hyphen and six random characters that Secrets Manager adds at the 2939 // end of the ARN when you created the secret. A partial ARN match can work 2940 // as long as it uniquely matches only one secret. However, if your secret has 2941 // a name that ends in a hyphen followed by six characters (before Secrets Manager 2942 // adds the hyphen and six characters to the ARN) and you try to use that as 2943 // a partial ARN, then those characters cause Secrets Manager to assume that 2944 // you’re specifying a complete ARN. This confusion can cause unexpected results. 2945 // To avoid this situation, we recommend that you don’t create secret names 2946 // ending with a hyphen followed by six characters. 2947 // 2948 // If you specify an incomplete ARN without the random suffix, and instead provide 2949 // the 'friendly name', you must not include the random suffix. If you do include 2950 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 2951 // or an AccessDeniedException error, depending on your permissions. 2952 // 2953 // SecretId is a required field 2954 SecretId *string `min:"1" type:"string" required:"true"` 2955} 2956 2957// String returns the string representation 2958func (s CancelRotateSecretInput) String() string { 2959 return awsutil.Prettify(s) 2960} 2961 2962// GoString returns the string representation 2963func (s CancelRotateSecretInput) GoString() string { 2964 return s.String() 2965} 2966 2967// Validate inspects the fields of the type to determine if they are valid. 2968func (s *CancelRotateSecretInput) Validate() error { 2969 invalidParams := request.ErrInvalidParams{Context: "CancelRotateSecretInput"} 2970 if s.SecretId == nil { 2971 invalidParams.Add(request.NewErrParamRequired("SecretId")) 2972 } 2973 if s.SecretId != nil && len(*s.SecretId) < 1 { 2974 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 2975 } 2976 2977 if invalidParams.Len() > 0 { 2978 return invalidParams 2979 } 2980 return nil 2981} 2982 2983// SetSecretId sets the SecretId field's value. 2984func (s *CancelRotateSecretInput) SetSecretId(v string) *CancelRotateSecretInput { 2985 s.SecretId = &v 2986 return s 2987} 2988 2989type CancelRotateSecretOutput struct { 2990 _ struct{} `type:"structure"` 2991 2992 // The ARN of the secret for which rotation was canceled. 2993 ARN *string `min:"20" type:"string"` 2994 2995 // The friendly name of the secret for which rotation was canceled. 2996 Name *string `min:"1" type:"string"` 2997 2998 // The unique identifier of the version of the secret created during the rotation. 2999 // This version might not be complete, and should be evaluated for possible 3000 // deletion. At the very least, you should remove the VersionStage value AWSPENDING 3001 // to enable this version to be deleted. Failing to clean up a cancelled rotation 3002 // can block you from successfully starting future rotations. 3003 VersionId *string `min:"32" type:"string"` 3004} 3005 3006// String returns the string representation 3007func (s CancelRotateSecretOutput) String() string { 3008 return awsutil.Prettify(s) 3009} 3010 3011// GoString returns the string representation 3012func (s CancelRotateSecretOutput) GoString() string { 3013 return s.String() 3014} 3015 3016// SetARN sets the ARN field's value. 3017func (s *CancelRotateSecretOutput) SetARN(v string) *CancelRotateSecretOutput { 3018 s.ARN = &v 3019 return s 3020} 3021 3022// SetName sets the Name field's value. 3023func (s *CancelRotateSecretOutput) SetName(v string) *CancelRotateSecretOutput { 3024 s.Name = &v 3025 return s 3026} 3027 3028// SetVersionId sets the VersionId field's value. 3029func (s *CancelRotateSecretOutput) SetVersionId(v string) *CancelRotateSecretOutput { 3030 s.VersionId = &v 3031 return s 3032} 3033 3034type CreateSecretInput struct { 3035 _ struct{} `type:"structure"` 3036 3037 // (Optional) Add a list of regions to replicate secrets. Secrets Manager replicates 3038 // the KMSKeyID objects to the list of regions specified in the parameter. 3039 AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list"` 3040 3041 // (Optional) If you include SecretString or SecretBinary, then an initial version 3042 // is created as part of the secret, and this parameter specifies a unique identifier 3043 // for the new version. 3044 // 3045 // If you use the Amazon Web Services CLI or one of the Amazon Web Services 3046 // SDK to call this operation, then you can leave this parameter empty. The 3047 // CLI or SDK generates a random UUID for you and includes it as the value for 3048 // this parameter in the request. If you don't use the SDK and instead generate 3049 // a raw HTTP request to the Secrets Manager service endpoint, then you must 3050 // generate a ClientRequestToken yourself for the new version and include the 3051 // value in the request. 3052 // 3053 // This value helps ensure idempotency. Secrets Manager uses this value to prevent 3054 // the accidental creation of duplicate versions if there are failures and retries 3055 // during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 3056 // value to ensure uniqueness of your versions within the specified secret. 3057 // 3058 // * If the ClientRequestToken value isn't already associated with a version 3059 // of the secret then a new version of the secret is created. 3060 // 3061 // * If a version with this value already exists and the version SecretString 3062 // and SecretBinary values are the same as those in the request, then the 3063 // request is ignored. 3064 // 3065 // * If a version with this value already exists and that version's SecretString 3066 // and SecretBinary values are different from those in the request, then 3067 // the request fails because you cannot modify an existing version. Instead, 3068 // use PutSecretValue to create a new version. 3069 // 3070 // This value becomes the VersionId of the new version. 3071 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 3072 3073 // (Optional) Specifies a user-provided description of the secret. 3074 Description *string `type:"string"` 3075 3076 // (Optional) If set, the replication overwrites a secret with the same name 3077 // in the destination region. 3078 ForceOverwriteReplicaSecret *bool `type:"boolean"` 3079 3080 // (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web Services 3081 // KMS customer master key (CMK) to be used to encrypt the SecretString or SecretBinary 3082 // values in the versions stored in this secret. 3083 // 3084 // You can specify any of the supported ways to identify a Amazon Web Services 3085 // KMS key ID. If you need to reference a CMK in a different account, you can 3086 // use only the key ARN or the alias ARN. 3087 // 3088 // If you don't specify this value, then Secrets Manager defaults to using the 3089 // Amazon Web Services account's default CMK (the one named aws/secretsmanager). 3090 // If a Amazon Web Services KMS CMK with that name doesn't yet exist, then Secrets 3091 // Manager creates it for you automatically the first time it needs to encrypt 3092 // a version's SecretString or SecretBinary fields. 3093 // 3094 // You can use the account default CMK to encrypt and decrypt only if you call 3095 // this operation using credentials from the same account that owns the secret. 3096 // If the secret resides in a different account, then you must create a custom 3097 // CMK and specify the ARN in this field. 3098 KmsKeyId *string `type:"string"` 3099 3100 // Specifies the friendly name of the new secret. 3101 // 3102 // The secret name must be ASCII letters, digits, or the following characters 3103 // : /_+=.@- 3104 // 3105 // Do not end your secret name with a hyphen followed by six characters. If 3106 // you do so, you risk confusion and unexpected results when searching for a 3107 // secret by partial ARN. Secrets Manager automatically adds a hyphen and six 3108 // random characters at the end of the ARN. 3109 // 3110 // Name is a required field 3111 Name *string `min:"1" type:"string" required:"true"` 3112 3113 // (Optional) Specifies binary data that you want to encrypt and store in the 3114 // new version of the secret. To use this parameter in the command-line tools, 3115 // we recommend that you store your binary data in a file and then use the appropriate 3116 // technique for your tool to pass the contents of the file as a parameter. 3117 // 3118 // Either SecretString or SecretBinary must have a value, but not both. They 3119 // cannot both be empty. 3120 // 3121 // This parameter is not available using the Secrets Manager console. It can 3122 // be accessed only by using the Amazon Web Services CLI or one of the Amazon 3123 // Web Services SDKs. 3124 // 3125 // SecretBinary is automatically base64 encoded/decoded by the SDK. 3126 SecretBinary []byte `type:"blob" sensitive:"true"` 3127 3128 // (Optional) Specifies text data that you want to encrypt and store in this 3129 // new version of the secret. 3130 // 3131 // Either SecretString or SecretBinary must have a value, but not both. They 3132 // cannot both be empty. 3133 // 3134 // If you create a secret by using the Secrets Manager console then Secrets 3135 // Manager puts the protected secret text in only the SecretString parameter. 3136 // The Secrets Manager console stores the information as a JSON structure of 3137 // key/value pairs that the Lambda rotation function knows how to parse. 3138 // 3139 // For storing multiple values, we recommend that you use a JSON text string 3140 // argument and specify key/value pairs. For information on how to format a 3141 // JSON parameter for the various command line tool environments, see Using 3142 // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 3143 // in the CLI User Guide. For example: 3144 // 3145 // {"username":"bob","password":"abc123xyz456"} 3146 // 3147 // If your command-line tool or SDK requires quotation marks around the parameter, 3148 // you should use single quotes to avoid confusion with the double quotes required 3149 // in the JSON text. 3150 SecretString *string `type:"string" sensitive:"true"` 3151 3152 // (Optional) Specifies a list of user-defined tags that are attached to the 3153 // secret. Each tag is a "Key" and "Value" pair of strings. This operation only 3154 // appends tags to the existing list of tags. To remove tags, you must use UntagResource. 3155 // 3156 // * Secrets Manager tag key names are case sensitive. A tag with the key 3157 // "ABC" is a different tag from one with key "abc". 3158 // 3159 // * If you check tags in IAM policy Condition elements as part of your security 3160 // strategy, then adding or removing a tag can change permissions. If the 3161 // successful completion of this operation would result in you losing your 3162 // permissions for this secret, then this operation is blocked and returns 3163 // an Access Denied error. 3164 // 3165 // This parameter requires a JSON text string argument. For information on how 3166 // to format a JSON parameter for the various command line tool environments, 3167 // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 3168 // in the CLI User Guide. For example: 3169 // 3170 // [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}] 3171 // 3172 // If your command-line tool or SDK requires quotation marks around the parameter, 3173 // you should use single quotes to avoid confusion with the double quotes required 3174 // in the JSON text. 3175 // 3176 // The following basic restrictions apply to tags: 3177 // 3178 // * Maximum number of tags per secret—50 3179 // 3180 // * Maximum key length—127 Unicode characters in UTF-8 3181 // 3182 // * Maximum value length—255 Unicode characters in UTF-8 3183 // 3184 // * Tag keys and values are case sensitive. 3185 // 3186 // * Do not use the aws: prefix in your tag names or values because Amazon 3187 // Web Services reserves it for Amazon Web Services use. You can't edit or 3188 // delete tag names or values with this prefix. Tags with this prefix do 3189 // not count against your tags per secret limit. 3190 // 3191 // * If you use your tagging schema across multiple services and resources, 3192 // remember other services might have restrictions on allowed characters. 3193 // Generally allowed characters: letters, spaces, and numbers representable 3194 // in UTF-8, plus the following special characters: + - = . _ : / @. 3195 Tags []*Tag `type:"list"` 3196} 3197 3198// String returns the string representation 3199func (s CreateSecretInput) String() string { 3200 return awsutil.Prettify(s) 3201} 3202 3203// GoString returns the string representation 3204func (s CreateSecretInput) GoString() string { 3205 return s.String() 3206} 3207 3208// Validate inspects the fields of the type to determine if they are valid. 3209func (s *CreateSecretInput) Validate() error { 3210 invalidParams := request.ErrInvalidParams{Context: "CreateSecretInput"} 3211 if s.AddReplicaRegions != nil && len(s.AddReplicaRegions) < 1 { 3212 invalidParams.Add(request.NewErrParamMinLen("AddReplicaRegions", 1)) 3213 } 3214 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 3215 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 3216 } 3217 if s.Name == nil { 3218 invalidParams.Add(request.NewErrParamRequired("Name")) 3219 } 3220 if s.Name != nil && len(*s.Name) < 1 { 3221 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 3222 } 3223 if s.AddReplicaRegions != nil { 3224 for i, v := range s.AddReplicaRegions { 3225 if v == nil { 3226 continue 3227 } 3228 if err := v.Validate(); err != nil { 3229 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AddReplicaRegions", i), err.(request.ErrInvalidParams)) 3230 } 3231 } 3232 } 3233 if s.Tags != nil { 3234 for i, v := range s.Tags { 3235 if v == nil { 3236 continue 3237 } 3238 if err := v.Validate(); err != nil { 3239 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 3240 } 3241 } 3242 } 3243 3244 if invalidParams.Len() > 0 { 3245 return invalidParams 3246 } 3247 return nil 3248} 3249 3250// SetAddReplicaRegions sets the AddReplicaRegions field's value. 3251func (s *CreateSecretInput) SetAddReplicaRegions(v []*ReplicaRegionType) *CreateSecretInput { 3252 s.AddReplicaRegions = v 3253 return s 3254} 3255 3256// SetClientRequestToken sets the ClientRequestToken field's value. 3257func (s *CreateSecretInput) SetClientRequestToken(v string) *CreateSecretInput { 3258 s.ClientRequestToken = &v 3259 return s 3260} 3261 3262// SetDescription sets the Description field's value. 3263func (s *CreateSecretInput) SetDescription(v string) *CreateSecretInput { 3264 s.Description = &v 3265 return s 3266} 3267 3268// SetForceOverwriteReplicaSecret sets the ForceOverwriteReplicaSecret field's value. 3269func (s *CreateSecretInput) SetForceOverwriteReplicaSecret(v bool) *CreateSecretInput { 3270 s.ForceOverwriteReplicaSecret = &v 3271 return s 3272} 3273 3274// SetKmsKeyId sets the KmsKeyId field's value. 3275func (s *CreateSecretInput) SetKmsKeyId(v string) *CreateSecretInput { 3276 s.KmsKeyId = &v 3277 return s 3278} 3279 3280// SetName sets the Name field's value. 3281func (s *CreateSecretInput) SetName(v string) *CreateSecretInput { 3282 s.Name = &v 3283 return s 3284} 3285 3286// SetSecretBinary sets the SecretBinary field's value. 3287func (s *CreateSecretInput) SetSecretBinary(v []byte) *CreateSecretInput { 3288 s.SecretBinary = v 3289 return s 3290} 3291 3292// SetSecretString sets the SecretString field's value. 3293func (s *CreateSecretInput) SetSecretString(v string) *CreateSecretInput { 3294 s.SecretString = &v 3295 return s 3296} 3297 3298// SetTags sets the Tags field's value. 3299func (s *CreateSecretInput) SetTags(v []*Tag) *CreateSecretInput { 3300 s.Tags = v 3301 return s 3302} 3303 3304type CreateSecretOutput struct { 3305 _ struct{} `type:"structure"` 3306 3307 // The Amazon Resource Name (ARN) of the secret that you just created. 3308 // 3309 // Secrets Manager automatically adds several random characters to the name 3310 // at the end of the ARN when you initially create a secret. This affects only 3311 // the ARN and not the actual friendly name. This ensures that if you create 3312 // a new secret with the same name as an old secret that you previously deleted, 3313 // then users with access to the old secret don't automatically get access to 3314 // the new secret because the ARNs are different. 3315 ARN *string `min:"20" type:"string"` 3316 3317 // The friendly name of the secret that you just created. 3318 Name *string `min:"1" type:"string"` 3319 3320 // Describes a list of replication status objects as InProgress, Failed or InSync. 3321 ReplicationStatus []*ReplicationStatusType `type:"list"` 3322 3323 // The unique identifier associated with the version of the secret you just 3324 // created. 3325 VersionId *string `min:"32" type:"string"` 3326} 3327 3328// String returns the string representation 3329func (s CreateSecretOutput) String() string { 3330 return awsutil.Prettify(s) 3331} 3332 3333// GoString returns the string representation 3334func (s CreateSecretOutput) GoString() string { 3335 return s.String() 3336} 3337 3338// SetARN sets the ARN field's value. 3339func (s *CreateSecretOutput) SetARN(v string) *CreateSecretOutput { 3340 s.ARN = &v 3341 return s 3342} 3343 3344// SetName sets the Name field's value. 3345func (s *CreateSecretOutput) SetName(v string) *CreateSecretOutput { 3346 s.Name = &v 3347 return s 3348} 3349 3350// SetReplicationStatus sets the ReplicationStatus field's value. 3351func (s *CreateSecretOutput) SetReplicationStatus(v []*ReplicationStatusType) *CreateSecretOutput { 3352 s.ReplicationStatus = v 3353 return s 3354} 3355 3356// SetVersionId sets the VersionId field's value. 3357func (s *CreateSecretOutput) SetVersionId(v string) *CreateSecretOutput { 3358 s.VersionId = &v 3359 return s 3360} 3361 3362// Secrets Manager can't decrypt the protected secret text using the provided 3363// KMS key. 3364type DecryptionFailure struct { 3365 _ struct{} `type:"structure"` 3366 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3367 3368 Message_ *string `locationName:"Message" type:"string"` 3369} 3370 3371// String returns the string representation 3372func (s DecryptionFailure) String() string { 3373 return awsutil.Prettify(s) 3374} 3375 3376// GoString returns the string representation 3377func (s DecryptionFailure) GoString() string { 3378 return s.String() 3379} 3380 3381func newErrorDecryptionFailure(v protocol.ResponseMetadata) error { 3382 return &DecryptionFailure{ 3383 RespMetadata: v, 3384 } 3385} 3386 3387// Code returns the exception type name. 3388func (s *DecryptionFailure) Code() string { 3389 return "DecryptionFailure" 3390} 3391 3392// Message returns the exception's message. 3393func (s *DecryptionFailure) Message() string { 3394 if s.Message_ != nil { 3395 return *s.Message_ 3396 } 3397 return "" 3398} 3399 3400// OrigErr always returns nil, satisfies awserr.Error interface. 3401func (s *DecryptionFailure) OrigErr() error { 3402 return nil 3403} 3404 3405func (s *DecryptionFailure) Error() string { 3406 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3407} 3408 3409// Status code returns the HTTP status code for the request's response error. 3410func (s *DecryptionFailure) StatusCode() int { 3411 return s.RespMetadata.StatusCode 3412} 3413 3414// RequestID returns the service's response RequestID for request. 3415func (s *DecryptionFailure) RequestID() string { 3416 return s.RespMetadata.RequestID 3417} 3418 3419type DeleteResourcePolicyInput struct { 3420 _ struct{} `type:"structure"` 3421 3422 // Specifies the secret that you want to delete the attached resource-based 3423 // policy for. You can specify either the Amazon Resource Name (ARN) or the 3424 // friendly name of the secret. 3425 // 3426 // If you specify an ARN, we generally recommend that you specify a complete 3427 // ARN. You can specify a partial ARN too—for example, if you don’t include 3428 // the final hyphen and six random characters that Secrets Manager adds at the 3429 // end of the ARN when you created the secret. A partial ARN match can work 3430 // as long as it uniquely matches only one secret. However, if your secret has 3431 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3432 // adds the hyphen and six characters to the ARN) and you try to use that as 3433 // a partial ARN, then those characters cause Secrets Manager to assume that 3434 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3435 // To avoid this situation, we recommend that you don’t create secret names 3436 // ending with a hyphen followed by six characters. 3437 // 3438 // If you specify an incomplete ARN without the random suffix, and instead provide 3439 // the 'friendly name', you must not include the random suffix. If you do include 3440 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 3441 // or an AccessDeniedException error, depending on your permissions. 3442 // 3443 // SecretId is a required field 3444 SecretId *string `min:"1" type:"string" required:"true"` 3445} 3446 3447// String returns the string representation 3448func (s DeleteResourcePolicyInput) String() string { 3449 return awsutil.Prettify(s) 3450} 3451 3452// GoString returns the string representation 3453func (s DeleteResourcePolicyInput) GoString() string { 3454 return s.String() 3455} 3456 3457// Validate inspects the fields of the type to determine if they are valid. 3458func (s *DeleteResourcePolicyInput) Validate() error { 3459 invalidParams := request.ErrInvalidParams{Context: "DeleteResourcePolicyInput"} 3460 if s.SecretId == nil { 3461 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3462 } 3463 if s.SecretId != nil && len(*s.SecretId) < 1 { 3464 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3465 } 3466 3467 if invalidParams.Len() > 0 { 3468 return invalidParams 3469 } 3470 return nil 3471} 3472 3473// SetSecretId sets the SecretId field's value. 3474func (s *DeleteResourcePolicyInput) SetSecretId(v string) *DeleteResourcePolicyInput { 3475 s.SecretId = &v 3476 return s 3477} 3478 3479type DeleteResourcePolicyOutput struct { 3480 _ struct{} `type:"structure"` 3481 3482 // The ARN of the secret that the resource-based policy was deleted for. 3483 ARN *string `min:"20" type:"string"` 3484 3485 // The friendly name of the secret that the resource-based policy was deleted 3486 // for. 3487 Name *string `min:"1" type:"string"` 3488} 3489 3490// String returns the string representation 3491func (s DeleteResourcePolicyOutput) String() string { 3492 return awsutil.Prettify(s) 3493} 3494 3495// GoString returns the string representation 3496func (s DeleteResourcePolicyOutput) GoString() string { 3497 return s.String() 3498} 3499 3500// SetARN sets the ARN field's value. 3501func (s *DeleteResourcePolicyOutput) SetARN(v string) *DeleteResourcePolicyOutput { 3502 s.ARN = &v 3503 return s 3504} 3505 3506// SetName sets the Name field's value. 3507func (s *DeleteResourcePolicyOutput) SetName(v string) *DeleteResourcePolicyOutput { 3508 s.Name = &v 3509 return s 3510} 3511 3512type DeleteSecretInput struct { 3513 _ struct{} `type:"structure"` 3514 3515 // (Optional) Specifies that the secret is to be deleted without any recovery 3516 // window. You can't use both this parameter and the RecoveryWindowInDays parameter 3517 // in the same API call. 3518 // 3519 // An asynchronous background process performs the actual deletion, so there 3520 // can be a short delay before the operation completes. If you write code to 3521 // delete and then immediately recreate a secret with the same name, ensure 3522 // that your code includes appropriate back off and retry logic. 3523 // 3524 // Use this parameter with caution. This parameter causes the operation to skip 3525 // the normal waiting period before the permanent deletion that Amazon Web Services 3526 // would normally impose with the RecoveryWindowInDays parameter. If you delete 3527 // a secret with the ForceDeleteWithouRecovery parameter, then you have no opportunity 3528 // to recover the secret. You lose the secret permanently. 3529 // 3530 // If you use this parameter and include a previously deleted or nonexistent 3531 // secret, the operation does not return the error ResourceNotFoundException 3532 // in order to correctly handle retries. 3533 ForceDeleteWithoutRecovery *bool `type:"boolean"` 3534 3535 // (Optional) Specifies the number of days that Secrets Manager waits before 3536 // Secrets Manager can delete the secret. You can't use both this parameter 3537 // and the ForceDeleteWithoutRecovery parameter in the same API call. 3538 // 3539 // This value can range from 7 to 30 days with a default value of 30. 3540 RecoveryWindowInDays *int64 `type:"long"` 3541 3542 // Specifies the secret to delete. You can specify either the Amazon Resource 3543 // Name (ARN) or the friendly name of the secret. 3544 // 3545 // If you specify an ARN, we generally recommend that you specify a complete 3546 // ARN. You can specify a partial ARN too—for example, if you don’t include 3547 // the final hyphen and six random characters that Secrets Manager adds at the 3548 // end of the ARN when you created the secret. A partial ARN match can work 3549 // as long as it uniquely matches only one secret. However, if your secret has 3550 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3551 // adds the hyphen and six characters to the ARN) and you try to use that as 3552 // a partial ARN, then those characters cause Secrets Manager to assume that 3553 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3554 // To avoid this situation, we recommend that you don’t create secret names 3555 // ending with a hyphen followed by six characters. 3556 // 3557 // If you specify an incomplete ARN without the random suffix, and instead provide 3558 // the 'friendly name', you must not include the random suffix. If you do include 3559 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 3560 // or an AccessDeniedException error, depending on your permissions. 3561 // 3562 // SecretId is a required field 3563 SecretId *string `min:"1" type:"string" required:"true"` 3564} 3565 3566// String returns the string representation 3567func (s DeleteSecretInput) String() string { 3568 return awsutil.Prettify(s) 3569} 3570 3571// GoString returns the string representation 3572func (s DeleteSecretInput) GoString() string { 3573 return s.String() 3574} 3575 3576// Validate inspects the fields of the type to determine if they are valid. 3577func (s *DeleteSecretInput) Validate() error { 3578 invalidParams := request.ErrInvalidParams{Context: "DeleteSecretInput"} 3579 if s.SecretId == nil { 3580 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3581 } 3582 if s.SecretId != nil && len(*s.SecretId) < 1 { 3583 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3584 } 3585 3586 if invalidParams.Len() > 0 { 3587 return invalidParams 3588 } 3589 return nil 3590} 3591 3592// SetForceDeleteWithoutRecovery sets the ForceDeleteWithoutRecovery field's value. 3593func (s *DeleteSecretInput) SetForceDeleteWithoutRecovery(v bool) *DeleteSecretInput { 3594 s.ForceDeleteWithoutRecovery = &v 3595 return s 3596} 3597 3598// SetRecoveryWindowInDays sets the RecoveryWindowInDays field's value. 3599func (s *DeleteSecretInput) SetRecoveryWindowInDays(v int64) *DeleteSecretInput { 3600 s.RecoveryWindowInDays = &v 3601 return s 3602} 3603 3604// SetSecretId sets the SecretId field's value. 3605func (s *DeleteSecretInput) SetSecretId(v string) *DeleteSecretInput { 3606 s.SecretId = &v 3607 return s 3608} 3609 3610type DeleteSecretOutput struct { 3611 _ struct{} `type:"structure"` 3612 3613 // The ARN of the secret that is now scheduled for deletion. 3614 ARN *string `min:"20" type:"string"` 3615 3616 // The date and time after which this secret can be deleted by Secrets Manager 3617 // and can no longer be restored. This value is the date and time of the delete 3618 // request plus the number of days specified in RecoveryWindowInDays. 3619 DeletionDate *time.Time `type:"timestamp"` 3620 3621 // The friendly name of the secret currently scheduled for deletion. 3622 Name *string `min:"1" type:"string"` 3623} 3624 3625// String returns the string representation 3626func (s DeleteSecretOutput) String() string { 3627 return awsutil.Prettify(s) 3628} 3629 3630// GoString returns the string representation 3631func (s DeleteSecretOutput) GoString() string { 3632 return s.String() 3633} 3634 3635// SetARN sets the ARN field's value. 3636func (s *DeleteSecretOutput) SetARN(v string) *DeleteSecretOutput { 3637 s.ARN = &v 3638 return s 3639} 3640 3641// SetDeletionDate sets the DeletionDate field's value. 3642func (s *DeleteSecretOutput) SetDeletionDate(v time.Time) *DeleteSecretOutput { 3643 s.DeletionDate = &v 3644 return s 3645} 3646 3647// SetName sets the Name field's value. 3648func (s *DeleteSecretOutput) SetName(v string) *DeleteSecretOutput { 3649 s.Name = &v 3650 return s 3651} 3652 3653type DescribeSecretInput struct { 3654 _ struct{} `type:"structure"` 3655 3656 // The identifier of the secret whose details you want to retrieve. You can 3657 // specify either the Amazon Resource Name (ARN) or the friendly name of the 3658 // secret. 3659 // 3660 // If you specify an ARN, we generally recommend that you specify a complete 3661 // ARN. You can specify a partial ARN too—for example, if you don’t include 3662 // the final hyphen and six random characters that Secrets Manager adds at the 3663 // end of the ARN when you created the secret. A partial ARN match can work 3664 // as long as it uniquely matches only one secret. However, if your secret has 3665 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3666 // adds the hyphen and six characters to the ARN) and you try to use that as 3667 // a partial ARN, then those characters cause Secrets Manager to assume that 3668 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3669 // To avoid this situation, we recommend that you don’t create secret names 3670 // ending with a hyphen followed by six characters. 3671 // 3672 // If you specify an incomplete ARN without the random suffix, and instead provide 3673 // the 'friendly name', you must not include the random suffix. If you do include 3674 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 3675 // or an AccessDeniedException error, depending on your permissions. 3676 // 3677 // SecretId is a required field 3678 SecretId *string `min:"1" type:"string" required:"true"` 3679} 3680 3681// String returns the string representation 3682func (s DescribeSecretInput) String() string { 3683 return awsutil.Prettify(s) 3684} 3685 3686// GoString returns the string representation 3687func (s DescribeSecretInput) GoString() string { 3688 return s.String() 3689} 3690 3691// Validate inspects the fields of the type to determine if they are valid. 3692func (s *DescribeSecretInput) Validate() error { 3693 invalidParams := request.ErrInvalidParams{Context: "DescribeSecretInput"} 3694 if s.SecretId == nil { 3695 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3696 } 3697 if s.SecretId != nil && len(*s.SecretId) < 1 { 3698 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3699 } 3700 3701 if invalidParams.Len() > 0 { 3702 return invalidParams 3703 } 3704 return nil 3705} 3706 3707// SetSecretId sets the SecretId field's value. 3708func (s *DescribeSecretInput) SetSecretId(v string) *DescribeSecretInput { 3709 s.SecretId = &v 3710 return s 3711} 3712 3713type DescribeSecretOutput struct { 3714 _ struct{} `type:"structure"` 3715 3716 // The ARN of the secret. 3717 ARN *string `min:"20" type:"string"` 3718 3719 // The date you created the secret. 3720 CreatedDate *time.Time `type:"timestamp"` 3721 3722 // This value exists if the secret is scheduled for deletion. Some time after 3723 // the specified date and time, Secrets Manager deletes the secret and all of 3724 // its versions. 3725 // 3726 // If a secret is scheduled for deletion, then its details, including the encrypted 3727 // secret information, is not accessible. To cancel a scheduled deletion and 3728 // restore access, use RestoreSecret. 3729 DeletedDate *time.Time `type:"timestamp"` 3730 3731 // The user-provided description of the secret. 3732 Description *string `type:"string"` 3733 3734 // The ARN or alias of the Amazon Web Services KMS customer master key (CMK) 3735 // that's used to encrypt the SecretString or SecretBinary fields in each version 3736 // of the secret. If you don't provide a key, then Secrets Manager defaults 3737 // to encrypting the secret fields with the default Amazon Web Services KMS 3738 // CMK (the one named awssecretsmanager) for this account. 3739 KmsKeyId *string `type:"string"` 3740 3741 // The last date that this secret was accessed. This value is truncated to midnight 3742 // of the date and therefore shows only the date, not the time. 3743 LastAccessedDate *time.Time `type:"timestamp"` 3744 3745 // The last date and time that this secret was modified in any way. 3746 LastChangedDate *time.Time `type:"timestamp"` 3747 3748 // The last date and time that the rotation process for this secret was invoked. 3749 // 3750 // The most recent date and time that the Secrets Manager rotation process successfully 3751 // completed. If the secret doesn't rotate, Secrets Manager returns a null value. 3752 LastRotatedDate *time.Time `type:"timestamp"` 3753 3754 // The user-provided friendly name of the secret. 3755 Name *string `min:"1" type:"string"` 3756 3757 // Returns the name of the service that created this secret. 3758 OwningService *string `min:"1" type:"string"` 3759 3760 // Specifies the primary region for secret replication. 3761 PrimaryRegion *string `min:"1" type:"string"` 3762 3763 // Describes a list of replication status objects as InProgress, Failed or InSync.P 3764 ReplicationStatus []*ReplicationStatusType `type:"list"` 3765 3766 // Specifies whether automatic rotation is enabled for this secret. 3767 // 3768 // To enable rotation, use RotateSecret with AutomaticallyRotateAfterDays set 3769 // to a value greater than 0. To disable rotation, use CancelRotateSecret. 3770 RotationEnabled *bool `type:"boolean"` 3771 3772 // The ARN of a Lambda function that's invoked by Secrets Manager to rotate 3773 // the secret either automatically per the schedule or manually by a call to 3774 // RotateSecret. 3775 RotationLambdaARN *string `type:"string"` 3776 3777 // A structure with the rotation configuration for this secret. 3778 RotationRules *RotationRulesType `type:"structure"` 3779 3780 // The list of user-defined tags that are associated with the secret. To add 3781 // tags to a secret, use TagResource. To remove tags, use UntagResource. 3782 Tags []*Tag `type:"list"` 3783 3784 // A list of all of the currently assigned VersionStage staging labels and the 3785 // VersionId that each is attached to. Staging labels are used to keep track 3786 // of the different versions during the rotation process. 3787 // 3788 // A version that does not have any staging labels attached is considered deprecated 3789 // and subject to deletion. Such versions are not included in this list. 3790 VersionIdsToStages map[string][]*string `type:"map"` 3791} 3792 3793// String returns the string representation 3794func (s DescribeSecretOutput) String() string { 3795 return awsutil.Prettify(s) 3796} 3797 3798// GoString returns the string representation 3799func (s DescribeSecretOutput) GoString() string { 3800 return s.String() 3801} 3802 3803// SetARN sets the ARN field's value. 3804func (s *DescribeSecretOutput) SetARN(v string) *DescribeSecretOutput { 3805 s.ARN = &v 3806 return s 3807} 3808 3809// SetCreatedDate sets the CreatedDate field's value. 3810func (s *DescribeSecretOutput) SetCreatedDate(v time.Time) *DescribeSecretOutput { 3811 s.CreatedDate = &v 3812 return s 3813} 3814 3815// SetDeletedDate sets the DeletedDate field's value. 3816func (s *DescribeSecretOutput) SetDeletedDate(v time.Time) *DescribeSecretOutput { 3817 s.DeletedDate = &v 3818 return s 3819} 3820 3821// SetDescription sets the Description field's value. 3822func (s *DescribeSecretOutput) SetDescription(v string) *DescribeSecretOutput { 3823 s.Description = &v 3824 return s 3825} 3826 3827// SetKmsKeyId sets the KmsKeyId field's value. 3828func (s *DescribeSecretOutput) SetKmsKeyId(v string) *DescribeSecretOutput { 3829 s.KmsKeyId = &v 3830 return s 3831} 3832 3833// SetLastAccessedDate sets the LastAccessedDate field's value. 3834func (s *DescribeSecretOutput) SetLastAccessedDate(v time.Time) *DescribeSecretOutput { 3835 s.LastAccessedDate = &v 3836 return s 3837} 3838 3839// SetLastChangedDate sets the LastChangedDate field's value. 3840func (s *DescribeSecretOutput) SetLastChangedDate(v time.Time) *DescribeSecretOutput { 3841 s.LastChangedDate = &v 3842 return s 3843} 3844 3845// SetLastRotatedDate sets the LastRotatedDate field's value. 3846func (s *DescribeSecretOutput) SetLastRotatedDate(v time.Time) *DescribeSecretOutput { 3847 s.LastRotatedDate = &v 3848 return s 3849} 3850 3851// SetName sets the Name field's value. 3852func (s *DescribeSecretOutput) SetName(v string) *DescribeSecretOutput { 3853 s.Name = &v 3854 return s 3855} 3856 3857// SetOwningService sets the OwningService field's value. 3858func (s *DescribeSecretOutput) SetOwningService(v string) *DescribeSecretOutput { 3859 s.OwningService = &v 3860 return s 3861} 3862 3863// SetPrimaryRegion sets the PrimaryRegion field's value. 3864func (s *DescribeSecretOutput) SetPrimaryRegion(v string) *DescribeSecretOutput { 3865 s.PrimaryRegion = &v 3866 return s 3867} 3868 3869// SetReplicationStatus sets the ReplicationStatus field's value. 3870func (s *DescribeSecretOutput) SetReplicationStatus(v []*ReplicationStatusType) *DescribeSecretOutput { 3871 s.ReplicationStatus = v 3872 return s 3873} 3874 3875// SetRotationEnabled sets the RotationEnabled field's value. 3876func (s *DescribeSecretOutput) SetRotationEnabled(v bool) *DescribeSecretOutput { 3877 s.RotationEnabled = &v 3878 return s 3879} 3880 3881// SetRotationLambdaARN sets the RotationLambdaARN field's value. 3882func (s *DescribeSecretOutput) SetRotationLambdaARN(v string) *DescribeSecretOutput { 3883 s.RotationLambdaARN = &v 3884 return s 3885} 3886 3887// SetRotationRules sets the RotationRules field's value. 3888func (s *DescribeSecretOutput) SetRotationRules(v *RotationRulesType) *DescribeSecretOutput { 3889 s.RotationRules = v 3890 return s 3891} 3892 3893// SetTags sets the Tags field's value. 3894func (s *DescribeSecretOutput) SetTags(v []*Tag) *DescribeSecretOutput { 3895 s.Tags = v 3896 return s 3897} 3898 3899// SetVersionIdsToStages sets the VersionIdsToStages field's value. 3900func (s *DescribeSecretOutput) SetVersionIdsToStages(v map[string][]*string) *DescribeSecretOutput { 3901 s.VersionIdsToStages = v 3902 return s 3903} 3904 3905// Secrets Manager can't encrypt the protected secret text using the provided 3906// KMS key. Check that the customer master key (CMK) is available, enabled, 3907// and not in an invalid state. For more information, see How Key State Affects 3908// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 3909type EncryptionFailure struct { 3910 _ struct{} `type:"structure"` 3911 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 3912 3913 Message_ *string `locationName:"Message" type:"string"` 3914} 3915 3916// String returns the string representation 3917func (s EncryptionFailure) String() string { 3918 return awsutil.Prettify(s) 3919} 3920 3921// GoString returns the string representation 3922func (s EncryptionFailure) GoString() string { 3923 return s.String() 3924} 3925 3926func newErrorEncryptionFailure(v protocol.ResponseMetadata) error { 3927 return &EncryptionFailure{ 3928 RespMetadata: v, 3929 } 3930} 3931 3932// Code returns the exception type name. 3933func (s *EncryptionFailure) Code() string { 3934 return "EncryptionFailure" 3935} 3936 3937// Message returns the exception's message. 3938func (s *EncryptionFailure) Message() string { 3939 if s.Message_ != nil { 3940 return *s.Message_ 3941 } 3942 return "" 3943} 3944 3945// OrigErr always returns nil, satisfies awserr.Error interface. 3946func (s *EncryptionFailure) OrigErr() error { 3947 return nil 3948} 3949 3950func (s *EncryptionFailure) Error() string { 3951 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 3952} 3953 3954// Status code returns the HTTP status code for the request's response error. 3955func (s *EncryptionFailure) StatusCode() int { 3956 return s.RespMetadata.StatusCode 3957} 3958 3959// RequestID returns the service's response RequestID for request. 3960func (s *EncryptionFailure) RequestID() string { 3961 return s.RespMetadata.RequestID 3962} 3963 3964// Allows you to add filters when you use the search function in Secrets Manager. 3965type Filter struct { 3966 _ struct{} `type:"structure"` 3967 3968 // Filters your list of secrets by a specific key. 3969 Key *string `type:"string" enum:"FilterNameStringType"` 3970 3971 // Filters your list of secrets by a specific value. 3972 // 3973 // You can prefix your search value with an exclamation mark (!) in order to 3974 // perform negation filters. 3975 Values []*string `min:"1" type:"list"` 3976} 3977 3978// String returns the string representation 3979func (s Filter) String() string { 3980 return awsutil.Prettify(s) 3981} 3982 3983// GoString returns the string representation 3984func (s Filter) GoString() string { 3985 return s.String() 3986} 3987 3988// Validate inspects the fields of the type to determine if they are valid. 3989func (s *Filter) Validate() error { 3990 invalidParams := request.ErrInvalidParams{Context: "Filter"} 3991 if s.Values != nil && len(s.Values) < 1 { 3992 invalidParams.Add(request.NewErrParamMinLen("Values", 1)) 3993 } 3994 3995 if invalidParams.Len() > 0 { 3996 return invalidParams 3997 } 3998 return nil 3999} 4000 4001// SetKey sets the Key field's value. 4002func (s *Filter) SetKey(v string) *Filter { 4003 s.Key = &v 4004 return s 4005} 4006 4007// SetValues sets the Values field's value. 4008func (s *Filter) SetValues(v []*string) *Filter { 4009 s.Values = v 4010 return s 4011} 4012 4013type GetRandomPasswordInput struct { 4014 _ struct{} `type:"structure"` 4015 4016 // A string that includes characters that should not be included in the generated 4017 // password. The default is that all characters from the included sets can be 4018 // used. 4019 ExcludeCharacters *string `type:"string"` 4020 4021 // Specifies that the generated password should not include lowercase letters. 4022 // The default if you do not include this switch parameter is that lowercase 4023 // letters can be included. 4024 ExcludeLowercase *bool `type:"boolean"` 4025 4026 // Specifies that the generated password should not include digits. The default 4027 // if you do not include this switch parameter is that digits can be included. 4028 ExcludeNumbers *bool `type:"boolean"` 4029 4030 // Specifies that the generated password should not include punctuation characters. 4031 // The default if you do not include this switch parameter is that punctuation 4032 // characters can be included. 4033 // 4034 // The following are the punctuation characters that can be included in the 4035 // generated password if you don't explicitly exclude them with ExcludeCharacters 4036 // or ExcludePunctuation: 4037 // 4038 // ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ 4039 ExcludePunctuation *bool `type:"boolean"` 4040 4041 // Specifies that the generated password should not include uppercase letters. 4042 // The default if you do not include this switch parameter is that uppercase 4043 // letters can be included. 4044 ExcludeUppercase *bool `type:"boolean"` 4045 4046 // Specifies that the generated password can include the space character. The 4047 // default if you do not include this switch parameter is that the space character 4048 // is not included. 4049 IncludeSpace *bool `type:"boolean"` 4050 4051 // The desired length of the generated password. The default value if you do 4052 // not include this parameter is 32 characters. 4053 PasswordLength *int64 `min:"1" type:"long"` 4054 4055 // A boolean value that specifies whether the generated password must include 4056 // at least one of every allowed character type. The default value is True and 4057 // the operation requires at least one of every character type. 4058 RequireEachIncludedType *bool `type:"boolean"` 4059} 4060 4061// String returns the string representation 4062func (s GetRandomPasswordInput) String() string { 4063 return awsutil.Prettify(s) 4064} 4065 4066// GoString returns the string representation 4067func (s GetRandomPasswordInput) GoString() string { 4068 return s.String() 4069} 4070 4071// Validate inspects the fields of the type to determine if they are valid. 4072func (s *GetRandomPasswordInput) Validate() error { 4073 invalidParams := request.ErrInvalidParams{Context: "GetRandomPasswordInput"} 4074 if s.PasswordLength != nil && *s.PasswordLength < 1 { 4075 invalidParams.Add(request.NewErrParamMinValue("PasswordLength", 1)) 4076 } 4077 4078 if invalidParams.Len() > 0 { 4079 return invalidParams 4080 } 4081 return nil 4082} 4083 4084// SetExcludeCharacters sets the ExcludeCharacters field's value. 4085func (s *GetRandomPasswordInput) SetExcludeCharacters(v string) *GetRandomPasswordInput { 4086 s.ExcludeCharacters = &v 4087 return s 4088} 4089 4090// SetExcludeLowercase sets the ExcludeLowercase field's value. 4091func (s *GetRandomPasswordInput) SetExcludeLowercase(v bool) *GetRandomPasswordInput { 4092 s.ExcludeLowercase = &v 4093 return s 4094} 4095 4096// SetExcludeNumbers sets the ExcludeNumbers field's value. 4097func (s *GetRandomPasswordInput) SetExcludeNumbers(v bool) *GetRandomPasswordInput { 4098 s.ExcludeNumbers = &v 4099 return s 4100} 4101 4102// SetExcludePunctuation sets the ExcludePunctuation field's value. 4103func (s *GetRandomPasswordInput) SetExcludePunctuation(v bool) *GetRandomPasswordInput { 4104 s.ExcludePunctuation = &v 4105 return s 4106} 4107 4108// SetExcludeUppercase sets the ExcludeUppercase field's value. 4109func (s *GetRandomPasswordInput) SetExcludeUppercase(v bool) *GetRandomPasswordInput { 4110 s.ExcludeUppercase = &v 4111 return s 4112} 4113 4114// SetIncludeSpace sets the IncludeSpace field's value. 4115func (s *GetRandomPasswordInput) SetIncludeSpace(v bool) *GetRandomPasswordInput { 4116 s.IncludeSpace = &v 4117 return s 4118} 4119 4120// SetPasswordLength sets the PasswordLength field's value. 4121func (s *GetRandomPasswordInput) SetPasswordLength(v int64) *GetRandomPasswordInput { 4122 s.PasswordLength = &v 4123 return s 4124} 4125 4126// SetRequireEachIncludedType sets the RequireEachIncludedType field's value. 4127func (s *GetRandomPasswordInput) SetRequireEachIncludedType(v bool) *GetRandomPasswordInput { 4128 s.RequireEachIncludedType = &v 4129 return s 4130} 4131 4132type GetRandomPasswordOutput struct { 4133 _ struct{} `type:"structure"` 4134 4135 // A string with the generated password. 4136 RandomPassword *string `type:"string" sensitive:"true"` 4137} 4138 4139// String returns the string representation 4140func (s GetRandomPasswordOutput) String() string { 4141 return awsutil.Prettify(s) 4142} 4143 4144// GoString returns the string representation 4145func (s GetRandomPasswordOutput) GoString() string { 4146 return s.String() 4147} 4148 4149// SetRandomPassword sets the RandomPassword field's value. 4150func (s *GetRandomPasswordOutput) SetRandomPassword(v string) *GetRandomPasswordOutput { 4151 s.RandomPassword = &v 4152 return s 4153} 4154 4155type GetResourcePolicyInput struct { 4156 _ struct{} `type:"structure"` 4157 4158 // Specifies the secret that you want to retrieve the attached resource-based 4159 // policy for. You can specify either the Amazon Resource Name (ARN) or the 4160 // friendly name of the secret. 4161 // 4162 // If you specify an ARN, we generally recommend that you specify a complete 4163 // ARN. You can specify a partial ARN too—for example, if you don’t include 4164 // the final hyphen and six random characters that Secrets Manager adds at the 4165 // end of the ARN when you created the secret. A partial ARN match can work 4166 // as long as it uniquely matches only one secret. However, if your secret has 4167 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4168 // adds the hyphen and six characters to the ARN) and you try to use that as 4169 // a partial ARN, then those characters cause Secrets Manager to assume that 4170 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4171 // To avoid this situation, we recommend that you don’t create secret names 4172 // ending with a hyphen followed by six characters. 4173 // 4174 // If you specify an incomplete ARN without the random suffix, and instead provide 4175 // the 'friendly name', you must not include the random suffix. If you do include 4176 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 4177 // or an AccessDeniedException error, depending on your permissions. 4178 // 4179 // SecretId is a required field 4180 SecretId *string `min:"1" type:"string" required:"true"` 4181} 4182 4183// String returns the string representation 4184func (s GetResourcePolicyInput) String() string { 4185 return awsutil.Prettify(s) 4186} 4187 4188// GoString returns the string representation 4189func (s GetResourcePolicyInput) GoString() string { 4190 return s.String() 4191} 4192 4193// Validate inspects the fields of the type to determine if they are valid. 4194func (s *GetResourcePolicyInput) Validate() error { 4195 invalidParams := request.ErrInvalidParams{Context: "GetResourcePolicyInput"} 4196 if s.SecretId == nil { 4197 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4198 } 4199 if s.SecretId != nil && len(*s.SecretId) < 1 { 4200 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4201 } 4202 4203 if invalidParams.Len() > 0 { 4204 return invalidParams 4205 } 4206 return nil 4207} 4208 4209// SetSecretId sets the SecretId field's value. 4210func (s *GetResourcePolicyInput) SetSecretId(v string) *GetResourcePolicyInput { 4211 s.SecretId = &v 4212 return s 4213} 4214 4215type GetResourcePolicyOutput struct { 4216 _ struct{} `type:"structure"` 4217 4218 // The ARN of the secret that the resource-based policy was retrieved for. 4219 ARN *string `min:"20" type:"string"` 4220 4221 // The friendly name of the secret that the resource-based policy was retrieved 4222 // for. 4223 Name *string `min:"1" type:"string"` 4224 4225 // A JSON-formatted string that describes the permissions that are associated 4226 // with the attached secret. These permissions are combined with any permissions 4227 // that are associated with the user or role that attempts to access this secret. 4228 // The combined permissions specify who can access the secret and what actions 4229 // they can perform. For more information, see Authentication and Access Control 4230 // for Amazon Web Services Secrets Manager (http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html) 4231 // in the Amazon Web Services Secrets Manager User Guide. 4232 ResourcePolicy *string `min:"1" type:"string"` 4233} 4234 4235// String returns the string representation 4236func (s GetResourcePolicyOutput) String() string { 4237 return awsutil.Prettify(s) 4238} 4239 4240// GoString returns the string representation 4241func (s GetResourcePolicyOutput) GoString() string { 4242 return s.String() 4243} 4244 4245// SetARN sets the ARN field's value. 4246func (s *GetResourcePolicyOutput) SetARN(v string) *GetResourcePolicyOutput { 4247 s.ARN = &v 4248 return s 4249} 4250 4251// SetName sets the Name field's value. 4252func (s *GetResourcePolicyOutput) SetName(v string) *GetResourcePolicyOutput { 4253 s.Name = &v 4254 return s 4255} 4256 4257// SetResourcePolicy sets the ResourcePolicy field's value. 4258func (s *GetResourcePolicyOutput) SetResourcePolicy(v string) *GetResourcePolicyOutput { 4259 s.ResourcePolicy = &v 4260 return s 4261} 4262 4263type GetSecretValueInput struct { 4264 _ struct{} `type:"structure"` 4265 4266 // Specifies the secret containing the version that you want to retrieve. You 4267 // can specify either the Amazon Resource Name (ARN) or the friendly name of 4268 // the secret. 4269 // 4270 // If you specify an ARN, we generally recommend that you specify a complete 4271 // ARN. You can specify a partial ARN too—for example, if you don’t include 4272 // the final hyphen and six random characters that Secrets Manager adds at the 4273 // end of the ARN when you created the secret. A partial ARN match can work 4274 // as long as it uniquely matches only one secret. However, if your secret has 4275 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4276 // adds the hyphen and six characters to the ARN) and you try to use that as 4277 // a partial ARN, then those characters cause Secrets Manager to assume that 4278 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4279 // To avoid this situation, we recommend that you don’t create secret names 4280 // ending with a hyphen followed by six characters. 4281 // 4282 // If you specify an incomplete ARN without the random suffix, and instead provide 4283 // the 'friendly name', you must not include the random suffix. If you do include 4284 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 4285 // or an AccessDeniedException error, depending on your permissions. 4286 // 4287 // SecretId is a required field 4288 SecretId *string `min:"1" type:"string" required:"true"` 4289 4290 // Specifies the unique identifier of the version of the secret that you want 4291 // to retrieve. If you specify both this parameter and VersionStage, the two 4292 // parameters must refer to the same secret version. If you don't specify either 4293 // a VersionStage or VersionId then the default is to perform the operation 4294 // on the version with the VersionStage value of AWSCURRENT. 4295 // 4296 // This value is typically a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 4297 // value with 32 hexadecimal digits. 4298 VersionId *string `min:"32" type:"string"` 4299 4300 // Specifies the secret version that you want to retrieve by the staging label 4301 // attached to the version. 4302 // 4303 // Staging labels are used to keep track of different versions during the rotation 4304 // process. If you specify both this parameter and VersionId, the two parameters 4305 // must refer to the same secret version . If you don't specify either a VersionStage 4306 // or VersionId, then the default is to perform the operation on the version 4307 // with the VersionStage value of AWSCURRENT. 4308 VersionStage *string `min:"1" type:"string"` 4309} 4310 4311// String returns the string representation 4312func (s GetSecretValueInput) String() string { 4313 return awsutil.Prettify(s) 4314} 4315 4316// GoString returns the string representation 4317func (s GetSecretValueInput) GoString() string { 4318 return s.String() 4319} 4320 4321// Validate inspects the fields of the type to determine if they are valid. 4322func (s *GetSecretValueInput) Validate() error { 4323 invalidParams := request.ErrInvalidParams{Context: "GetSecretValueInput"} 4324 if s.SecretId == nil { 4325 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4326 } 4327 if s.SecretId != nil && len(*s.SecretId) < 1 { 4328 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4329 } 4330 if s.VersionId != nil && len(*s.VersionId) < 32 { 4331 invalidParams.Add(request.NewErrParamMinLen("VersionId", 32)) 4332 } 4333 if s.VersionStage != nil && len(*s.VersionStage) < 1 { 4334 invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) 4335 } 4336 4337 if invalidParams.Len() > 0 { 4338 return invalidParams 4339 } 4340 return nil 4341} 4342 4343// SetSecretId sets the SecretId field's value. 4344func (s *GetSecretValueInput) SetSecretId(v string) *GetSecretValueInput { 4345 s.SecretId = &v 4346 return s 4347} 4348 4349// SetVersionId sets the VersionId field's value. 4350func (s *GetSecretValueInput) SetVersionId(v string) *GetSecretValueInput { 4351 s.VersionId = &v 4352 return s 4353} 4354 4355// SetVersionStage sets the VersionStage field's value. 4356func (s *GetSecretValueInput) SetVersionStage(v string) *GetSecretValueInput { 4357 s.VersionStage = &v 4358 return s 4359} 4360 4361type GetSecretValueOutput struct { 4362 _ struct{} `type:"structure"` 4363 4364 // The ARN of the secret. 4365 ARN *string `min:"20" type:"string"` 4366 4367 // The date and time that this version of the secret was created. 4368 CreatedDate *time.Time `type:"timestamp"` 4369 4370 // The friendly name of the secret. 4371 Name *string `min:"1" type:"string"` 4372 4373 // The decrypted part of the protected secret information that was originally 4374 // provided as binary data in the form of a byte array. The response parameter 4375 // represents the binary data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4) 4376 // string. 4377 // 4378 // This parameter is not used if the secret is created by the Secrets Manager 4379 // console. 4380 // 4381 // If you store custom information in this field of the secret, then you must 4382 // code your Lambda rotation function to parse and interpret whatever you store 4383 // in the SecretString or SecretBinary fields. 4384 // 4385 // SecretBinary is automatically base64 encoded/decoded by the SDK. 4386 SecretBinary []byte `type:"blob" sensitive:"true"` 4387 4388 // The decrypted part of the protected secret information that was originally 4389 // provided as a string. 4390 // 4391 // If you create this secret by using the Secrets Manager console then only 4392 // the SecretString parameter contains data. Secrets Manager stores the information 4393 // as a JSON structure of key/value pairs that the Lambda rotation function 4394 // knows how to parse. 4395 // 4396 // If you store custom information in the secret by using the CreateSecret, 4397 // UpdateSecret, or PutSecretValue API operations instead of the Secrets Manager 4398 // console, or by using the Other secret type in the console, then you must 4399 // code your Lambda rotation function to parse and interpret those values. 4400 SecretString *string `type:"string" sensitive:"true"` 4401 4402 // The unique identifier of this version of the secret. 4403 VersionId *string `min:"32" type:"string"` 4404 4405 // A list of all of the staging labels currently attached to this version of 4406 // the secret. 4407 VersionStages []*string `min:"1" type:"list"` 4408} 4409 4410// String returns the string representation 4411func (s GetSecretValueOutput) String() string { 4412 return awsutil.Prettify(s) 4413} 4414 4415// GoString returns the string representation 4416func (s GetSecretValueOutput) GoString() string { 4417 return s.String() 4418} 4419 4420// SetARN sets the ARN field's value. 4421func (s *GetSecretValueOutput) SetARN(v string) *GetSecretValueOutput { 4422 s.ARN = &v 4423 return s 4424} 4425 4426// SetCreatedDate sets the CreatedDate field's value. 4427func (s *GetSecretValueOutput) SetCreatedDate(v time.Time) *GetSecretValueOutput { 4428 s.CreatedDate = &v 4429 return s 4430} 4431 4432// SetName sets the Name field's value. 4433func (s *GetSecretValueOutput) SetName(v string) *GetSecretValueOutput { 4434 s.Name = &v 4435 return s 4436} 4437 4438// SetSecretBinary sets the SecretBinary field's value. 4439func (s *GetSecretValueOutput) SetSecretBinary(v []byte) *GetSecretValueOutput { 4440 s.SecretBinary = v 4441 return s 4442} 4443 4444// SetSecretString sets the SecretString field's value. 4445func (s *GetSecretValueOutput) SetSecretString(v string) *GetSecretValueOutput { 4446 s.SecretString = &v 4447 return s 4448} 4449 4450// SetVersionId sets the VersionId field's value. 4451func (s *GetSecretValueOutput) SetVersionId(v string) *GetSecretValueOutput { 4452 s.VersionId = &v 4453 return s 4454} 4455 4456// SetVersionStages sets the VersionStages field's value. 4457func (s *GetSecretValueOutput) SetVersionStages(v []*string) *GetSecretValueOutput { 4458 s.VersionStages = v 4459 return s 4460} 4461 4462// An error occurred on the server side. 4463type InternalServiceError struct { 4464 _ struct{} `type:"structure"` 4465 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 4466 4467 Message_ *string `locationName:"Message" type:"string"` 4468} 4469 4470// String returns the string representation 4471func (s InternalServiceError) String() string { 4472 return awsutil.Prettify(s) 4473} 4474 4475// GoString returns the string representation 4476func (s InternalServiceError) GoString() string { 4477 return s.String() 4478} 4479 4480func newErrorInternalServiceError(v protocol.ResponseMetadata) error { 4481 return &InternalServiceError{ 4482 RespMetadata: v, 4483 } 4484} 4485 4486// Code returns the exception type name. 4487func (s *InternalServiceError) Code() string { 4488 return "InternalServiceError" 4489} 4490 4491// Message returns the exception's message. 4492func (s *InternalServiceError) Message() string { 4493 if s.Message_ != nil { 4494 return *s.Message_ 4495 } 4496 return "" 4497} 4498 4499// OrigErr always returns nil, satisfies awserr.Error interface. 4500func (s *InternalServiceError) OrigErr() error { 4501 return nil 4502} 4503 4504func (s *InternalServiceError) Error() string { 4505 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 4506} 4507 4508// Status code returns the HTTP status code for the request's response error. 4509func (s *InternalServiceError) StatusCode() int { 4510 return s.RespMetadata.StatusCode 4511} 4512 4513// RequestID returns the service's response RequestID for request. 4514func (s *InternalServiceError) RequestID() string { 4515 return s.RespMetadata.RequestID 4516} 4517 4518// You provided an invalid NextToken value. 4519type InvalidNextTokenException struct { 4520 _ struct{} `type:"structure"` 4521 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 4522 4523 Message_ *string `locationName:"Message" type:"string"` 4524} 4525 4526// String returns the string representation 4527func (s InvalidNextTokenException) String() string { 4528 return awsutil.Prettify(s) 4529} 4530 4531// GoString returns the string representation 4532func (s InvalidNextTokenException) GoString() string { 4533 return s.String() 4534} 4535 4536func newErrorInvalidNextTokenException(v protocol.ResponseMetadata) error { 4537 return &InvalidNextTokenException{ 4538 RespMetadata: v, 4539 } 4540} 4541 4542// Code returns the exception type name. 4543func (s *InvalidNextTokenException) Code() string { 4544 return "InvalidNextTokenException" 4545} 4546 4547// Message returns the exception's message. 4548func (s *InvalidNextTokenException) Message() string { 4549 if s.Message_ != nil { 4550 return *s.Message_ 4551 } 4552 return "" 4553} 4554 4555// OrigErr always returns nil, satisfies awserr.Error interface. 4556func (s *InvalidNextTokenException) OrigErr() error { 4557 return nil 4558} 4559 4560func (s *InvalidNextTokenException) Error() string { 4561 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 4562} 4563 4564// Status code returns the HTTP status code for the request's response error. 4565func (s *InvalidNextTokenException) StatusCode() int { 4566 return s.RespMetadata.StatusCode 4567} 4568 4569// RequestID returns the service's response RequestID for request. 4570func (s *InvalidNextTokenException) RequestID() string { 4571 return s.RespMetadata.RequestID 4572} 4573 4574// You provided an invalid value for a parameter. 4575type InvalidParameterException struct { 4576 _ struct{} `type:"structure"` 4577 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 4578 4579 Message_ *string `locationName:"Message" type:"string"` 4580} 4581 4582// String returns the string representation 4583func (s InvalidParameterException) String() string { 4584 return awsutil.Prettify(s) 4585} 4586 4587// GoString returns the string representation 4588func (s InvalidParameterException) GoString() string { 4589 return s.String() 4590} 4591 4592func newErrorInvalidParameterException(v protocol.ResponseMetadata) error { 4593 return &InvalidParameterException{ 4594 RespMetadata: v, 4595 } 4596} 4597 4598// Code returns the exception type name. 4599func (s *InvalidParameterException) Code() string { 4600 return "InvalidParameterException" 4601} 4602 4603// Message returns the exception's message. 4604func (s *InvalidParameterException) Message() string { 4605 if s.Message_ != nil { 4606 return *s.Message_ 4607 } 4608 return "" 4609} 4610 4611// OrigErr always returns nil, satisfies awserr.Error interface. 4612func (s *InvalidParameterException) OrigErr() error { 4613 return nil 4614} 4615 4616func (s *InvalidParameterException) Error() string { 4617 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 4618} 4619 4620// Status code returns the HTTP status code for the request's response error. 4621func (s *InvalidParameterException) StatusCode() int { 4622 return s.RespMetadata.StatusCode 4623} 4624 4625// RequestID returns the service's response RequestID for request. 4626func (s *InvalidParameterException) RequestID() string { 4627 return s.RespMetadata.RequestID 4628} 4629 4630// You provided a parameter value that is not valid for the current state of 4631// the resource. 4632// 4633// Possible causes: 4634// 4635// * You tried to perform the operation on a secret that's currently marked 4636// deleted. 4637// 4638// * You tried to enable rotation on a secret that doesn't already have a 4639// Lambda function ARN configured and you didn't include such an ARN as a 4640// parameter in this call. 4641type InvalidRequestException struct { 4642 _ struct{} `type:"structure"` 4643 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 4644 4645 Message_ *string `locationName:"Message" type:"string"` 4646} 4647 4648// String returns the string representation 4649func (s InvalidRequestException) String() string { 4650 return awsutil.Prettify(s) 4651} 4652 4653// GoString returns the string representation 4654func (s InvalidRequestException) GoString() string { 4655 return s.String() 4656} 4657 4658func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { 4659 return &InvalidRequestException{ 4660 RespMetadata: v, 4661 } 4662} 4663 4664// Code returns the exception type name. 4665func (s *InvalidRequestException) Code() string { 4666 return "InvalidRequestException" 4667} 4668 4669// Message returns the exception's message. 4670func (s *InvalidRequestException) Message() string { 4671 if s.Message_ != nil { 4672 return *s.Message_ 4673 } 4674 return "" 4675} 4676 4677// OrigErr always returns nil, satisfies awserr.Error interface. 4678func (s *InvalidRequestException) OrigErr() error { 4679 return nil 4680} 4681 4682func (s *InvalidRequestException) Error() string { 4683 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 4684} 4685 4686// Status code returns the HTTP status code for the request's response error. 4687func (s *InvalidRequestException) StatusCode() int { 4688 return s.RespMetadata.StatusCode 4689} 4690 4691// RequestID returns the service's response RequestID for request. 4692func (s *InvalidRequestException) RequestID() string { 4693 return s.RespMetadata.RequestID 4694} 4695 4696// The request failed because it would exceed one of the Secrets Manager internal 4697// limits. 4698type LimitExceededException struct { 4699 _ struct{} `type:"structure"` 4700 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 4701 4702 Message_ *string `locationName:"Message" type:"string"` 4703} 4704 4705// String returns the string representation 4706func (s LimitExceededException) String() string { 4707 return awsutil.Prettify(s) 4708} 4709 4710// GoString returns the string representation 4711func (s LimitExceededException) GoString() string { 4712 return s.String() 4713} 4714 4715func newErrorLimitExceededException(v protocol.ResponseMetadata) error { 4716 return &LimitExceededException{ 4717 RespMetadata: v, 4718 } 4719} 4720 4721// Code returns the exception type name. 4722func (s *LimitExceededException) Code() string { 4723 return "LimitExceededException" 4724} 4725 4726// Message returns the exception's message. 4727func (s *LimitExceededException) Message() string { 4728 if s.Message_ != nil { 4729 return *s.Message_ 4730 } 4731 return "" 4732} 4733 4734// OrigErr always returns nil, satisfies awserr.Error interface. 4735func (s *LimitExceededException) OrigErr() error { 4736 return nil 4737} 4738 4739func (s *LimitExceededException) Error() string { 4740 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 4741} 4742 4743// Status code returns the HTTP status code for the request's response error. 4744func (s *LimitExceededException) StatusCode() int { 4745 return s.RespMetadata.StatusCode 4746} 4747 4748// RequestID returns the service's response RequestID for request. 4749func (s *LimitExceededException) RequestID() string { 4750 return s.RespMetadata.RequestID 4751} 4752 4753type ListSecretVersionIdsInput struct { 4754 _ struct{} `type:"structure"` 4755 4756 // (Optional) Specifies that you want the results to include versions that do 4757 // not have any staging labels attached to them. Such versions are considered 4758 // deprecated and are subject to deletion by Secrets Manager as needed. 4759 IncludeDeprecated *bool `type:"boolean"` 4760 4761 // (Optional) Limits the number of results you want to include in the response. 4762 // If you don't include this parameter, it defaults to a value that's specific 4763 // to the operation. If additional items exist beyond the maximum you specify, 4764 // the NextToken response element is present and has a value (isn't null). Include 4765 // that value as the NextToken request parameter in the next call to the operation 4766 // to get the next part of the results. Note that Secrets Manager might return 4767 // fewer results than the maximum even when there are more results available. 4768 // You should check NextToken after every operation to ensure that you receive 4769 // all of the results. 4770 MaxResults *int64 `min:"1" type:"integer"` 4771 4772 // (Optional) Use this parameter in a request if you receive a NextToken response 4773 // in a previous request indicating there's more output available. In a subsequent 4774 // call, set it to the value of the previous call NextToken response to indicate 4775 // where the output should continue from. 4776 NextToken *string `min:"1" type:"string"` 4777 4778 // The identifier for the secret containing the versions you want to list. You 4779 // can specify either the Amazon Resource Name (ARN) or the friendly name of 4780 // the secret. 4781 // 4782 // If you specify an ARN, we generally recommend that you specify a complete 4783 // ARN. You can specify a partial ARN too—for example, if you don’t include 4784 // the final hyphen and six random characters that Secrets Manager adds at the 4785 // end of the ARN when you created the secret. A partial ARN match can work 4786 // as long as it uniquely matches only one secret. However, if your secret has 4787 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4788 // adds the hyphen and six characters to the ARN) and you try to use that as 4789 // a partial ARN, then those characters cause Secrets Manager to assume that 4790 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4791 // To avoid this situation, we recommend that you don’t create secret names 4792 // ending with a hyphen followed by six characters. 4793 // 4794 // If you specify an incomplete ARN without the random suffix, and instead provide 4795 // the 'friendly name', you must not include the random suffix. If you do include 4796 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 4797 // or an AccessDeniedException error, depending on your permissions. 4798 // 4799 // SecretId is a required field 4800 SecretId *string `min:"1" type:"string" required:"true"` 4801} 4802 4803// String returns the string representation 4804func (s ListSecretVersionIdsInput) String() string { 4805 return awsutil.Prettify(s) 4806} 4807 4808// GoString returns the string representation 4809func (s ListSecretVersionIdsInput) GoString() string { 4810 return s.String() 4811} 4812 4813// Validate inspects the fields of the type to determine if they are valid. 4814func (s *ListSecretVersionIdsInput) Validate() error { 4815 invalidParams := request.ErrInvalidParams{Context: "ListSecretVersionIdsInput"} 4816 if s.MaxResults != nil && *s.MaxResults < 1 { 4817 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 4818 } 4819 if s.NextToken != nil && len(*s.NextToken) < 1 { 4820 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 4821 } 4822 if s.SecretId == nil { 4823 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4824 } 4825 if s.SecretId != nil && len(*s.SecretId) < 1 { 4826 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4827 } 4828 4829 if invalidParams.Len() > 0 { 4830 return invalidParams 4831 } 4832 return nil 4833} 4834 4835// SetIncludeDeprecated sets the IncludeDeprecated field's value. 4836func (s *ListSecretVersionIdsInput) SetIncludeDeprecated(v bool) *ListSecretVersionIdsInput { 4837 s.IncludeDeprecated = &v 4838 return s 4839} 4840 4841// SetMaxResults sets the MaxResults field's value. 4842func (s *ListSecretVersionIdsInput) SetMaxResults(v int64) *ListSecretVersionIdsInput { 4843 s.MaxResults = &v 4844 return s 4845} 4846 4847// SetNextToken sets the NextToken field's value. 4848func (s *ListSecretVersionIdsInput) SetNextToken(v string) *ListSecretVersionIdsInput { 4849 s.NextToken = &v 4850 return s 4851} 4852 4853// SetSecretId sets the SecretId field's value. 4854func (s *ListSecretVersionIdsInput) SetSecretId(v string) *ListSecretVersionIdsInput { 4855 s.SecretId = &v 4856 return s 4857} 4858 4859type ListSecretVersionIdsOutput struct { 4860 _ struct{} `type:"structure"` 4861 4862 // The Amazon Resource Name (ARN) for the secret. 4863 // 4864 // Secrets Manager automatically adds several random characters to the name 4865 // at the end of the ARN when you initially create a secret. This affects only 4866 // the ARN and not the actual friendly name. This ensures that if you create 4867 // a new secret with the same name as an old secret that you previously deleted, 4868 // then users with access to the old secret don't automatically get access to 4869 // the new secret because the ARNs are different. 4870 ARN *string `min:"20" type:"string"` 4871 4872 // The friendly name of the secret. 4873 Name *string `min:"1" type:"string"` 4874 4875 // If present in the response, this value indicates that there's more output 4876 // available than included in the current response. This can occur even when 4877 // the response includes no values at all, such as when you ask for a filtered 4878 // view of a very long list. Use this value in the NextToken request parameter 4879 // in a subsequent call to the operation to continue processing and get the 4880 // next part of the output. You should repeat this until the NextToken response 4881 // element comes back empty (as null). 4882 NextToken *string `min:"1" type:"string"` 4883 4884 // The list of the currently available versions of the specified secret. 4885 Versions []*SecretVersionsListEntry `type:"list"` 4886} 4887 4888// String returns the string representation 4889func (s ListSecretVersionIdsOutput) String() string { 4890 return awsutil.Prettify(s) 4891} 4892 4893// GoString returns the string representation 4894func (s ListSecretVersionIdsOutput) GoString() string { 4895 return s.String() 4896} 4897 4898// SetARN sets the ARN field's value. 4899func (s *ListSecretVersionIdsOutput) SetARN(v string) *ListSecretVersionIdsOutput { 4900 s.ARN = &v 4901 return s 4902} 4903 4904// SetName sets the Name field's value. 4905func (s *ListSecretVersionIdsOutput) SetName(v string) *ListSecretVersionIdsOutput { 4906 s.Name = &v 4907 return s 4908} 4909 4910// SetNextToken sets the NextToken field's value. 4911func (s *ListSecretVersionIdsOutput) SetNextToken(v string) *ListSecretVersionIdsOutput { 4912 s.NextToken = &v 4913 return s 4914} 4915 4916// SetVersions sets the Versions field's value. 4917func (s *ListSecretVersionIdsOutput) SetVersions(v []*SecretVersionsListEntry) *ListSecretVersionIdsOutput { 4918 s.Versions = v 4919 return s 4920} 4921 4922type ListSecretsInput struct { 4923 _ struct{} `type:"structure"` 4924 4925 // Lists the secret request filters. 4926 Filters []*Filter `type:"list"` 4927 4928 // (Optional) Limits the number of results you want to include in the response. 4929 // If you don't include this parameter, it defaults to a value that's specific 4930 // to the operation. If additional items exist beyond the maximum you specify, 4931 // the NextToken response element is present and has a value (isn't null). Include 4932 // that value as the NextToken request parameter in the next call to the operation 4933 // to get the next part of the results. Note that Secrets Manager might return 4934 // fewer results than the maximum even when there are more results available. 4935 // You should check NextToken after every operation to ensure that you receive 4936 // all of the results. 4937 MaxResults *int64 `min:"1" type:"integer"` 4938 4939 // (Optional) Use this parameter in a request if you receive a NextToken response 4940 // in a previous request indicating there's more output available. In a subsequent 4941 // call, set it to the value of the previous call NextToken response to indicate 4942 // where the output should continue from. 4943 NextToken *string `min:"1" type:"string"` 4944 4945 // Lists secrets in the requested order. 4946 SortOrder *string `type:"string" enum:"SortOrderType"` 4947} 4948 4949// String returns the string representation 4950func (s ListSecretsInput) String() string { 4951 return awsutil.Prettify(s) 4952} 4953 4954// GoString returns the string representation 4955func (s ListSecretsInput) GoString() string { 4956 return s.String() 4957} 4958 4959// Validate inspects the fields of the type to determine if they are valid. 4960func (s *ListSecretsInput) Validate() error { 4961 invalidParams := request.ErrInvalidParams{Context: "ListSecretsInput"} 4962 if s.MaxResults != nil && *s.MaxResults < 1 { 4963 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 4964 } 4965 if s.NextToken != nil && len(*s.NextToken) < 1 { 4966 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 4967 } 4968 if s.Filters != nil { 4969 for i, v := range s.Filters { 4970 if v == nil { 4971 continue 4972 } 4973 if err := v.Validate(); err != nil { 4974 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) 4975 } 4976 } 4977 } 4978 4979 if invalidParams.Len() > 0 { 4980 return invalidParams 4981 } 4982 return nil 4983} 4984 4985// SetFilters sets the Filters field's value. 4986func (s *ListSecretsInput) SetFilters(v []*Filter) *ListSecretsInput { 4987 s.Filters = v 4988 return s 4989} 4990 4991// SetMaxResults sets the MaxResults field's value. 4992func (s *ListSecretsInput) SetMaxResults(v int64) *ListSecretsInput { 4993 s.MaxResults = &v 4994 return s 4995} 4996 4997// SetNextToken sets the NextToken field's value. 4998func (s *ListSecretsInput) SetNextToken(v string) *ListSecretsInput { 4999 s.NextToken = &v 5000 return s 5001} 5002 5003// SetSortOrder sets the SortOrder field's value. 5004func (s *ListSecretsInput) SetSortOrder(v string) *ListSecretsInput { 5005 s.SortOrder = &v 5006 return s 5007} 5008 5009type ListSecretsOutput struct { 5010 _ struct{} `type:"structure"` 5011 5012 // If present in the response, this value indicates that there's more output 5013 // available than included in the current response. This can occur even when 5014 // the response includes no values at all, such as when you ask for a filtered 5015 // view of a very long list. Use this value in the NextToken request parameter 5016 // in a subsequent call to the operation to continue processing and get the 5017 // next part of the output. You should repeat this until the NextToken response 5018 // element comes back empty (as null). 5019 NextToken *string `min:"1" type:"string"` 5020 5021 // A list of the secrets in the account. 5022 SecretList []*SecretListEntry `type:"list"` 5023} 5024 5025// String returns the string representation 5026func (s ListSecretsOutput) String() string { 5027 return awsutil.Prettify(s) 5028} 5029 5030// GoString returns the string representation 5031func (s ListSecretsOutput) GoString() string { 5032 return s.String() 5033} 5034 5035// SetNextToken sets the NextToken field's value. 5036func (s *ListSecretsOutput) SetNextToken(v string) *ListSecretsOutput { 5037 s.NextToken = &v 5038 return s 5039} 5040 5041// SetSecretList sets the SecretList field's value. 5042func (s *ListSecretsOutput) SetSecretList(v []*SecretListEntry) *ListSecretsOutput { 5043 s.SecretList = v 5044 return s 5045} 5046 5047// You provided a resource-based policy with syntax errors. 5048type MalformedPolicyDocumentException struct { 5049 _ struct{} `type:"structure"` 5050 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5051 5052 Message_ *string `locationName:"Message" type:"string"` 5053} 5054 5055// String returns the string representation 5056func (s MalformedPolicyDocumentException) String() string { 5057 return awsutil.Prettify(s) 5058} 5059 5060// GoString returns the string representation 5061func (s MalformedPolicyDocumentException) GoString() string { 5062 return s.String() 5063} 5064 5065func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error { 5066 return &MalformedPolicyDocumentException{ 5067 RespMetadata: v, 5068 } 5069} 5070 5071// Code returns the exception type name. 5072func (s *MalformedPolicyDocumentException) Code() string { 5073 return "MalformedPolicyDocumentException" 5074} 5075 5076// Message returns the exception's message. 5077func (s *MalformedPolicyDocumentException) Message() string { 5078 if s.Message_ != nil { 5079 return *s.Message_ 5080 } 5081 return "" 5082} 5083 5084// OrigErr always returns nil, satisfies awserr.Error interface. 5085func (s *MalformedPolicyDocumentException) OrigErr() error { 5086 return nil 5087} 5088 5089func (s *MalformedPolicyDocumentException) Error() string { 5090 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5091} 5092 5093// Status code returns the HTTP status code for the request's response error. 5094func (s *MalformedPolicyDocumentException) StatusCode() int { 5095 return s.RespMetadata.StatusCode 5096} 5097 5098// RequestID returns the service's response RequestID for request. 5099func (s *MalformedPolicyDocumentException) RequestID() string { 5100 return s.RespMetadata.RequestID 5101} 5102 5103// The request failed because you did not complete all the prerequisite steps. 5104type PreconditionNotMetException struct { 5105 _ struct{} `type:"structure"` 5106 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5107 5108 Message_ *string `locationName:"Message" type:"string"` 5109} 5110 5111// String returns the string representation 5112func (s PreconditionNotMetException) String() string { 5113 return awsutil.Prettify(s) 5114} 5115 5116// GoString returns the string representation 5117func (s PreconditionNotMetException) GoString() string { 5118 return s.String() 5119} 5120 5121func newErrorPreconditionNotMetException(v protocol.ResponseMetadata) error { 5122 return &PreconditionNotMetException{ 5123 RespMetadata: v, 5124 } 5125} 5126 5127// Code returns the exception type name. 5128func (s *PreconditionNotMetException) Code() string { 5129 return "PreconditionNotMetException" 5130} 5131 5132// Message returns the exception's message. 5133func (s *PreconditionNotMetException) Message() string { 5134 if s.Message_ != nil { 5135 return *s.Message_ 5136 } 5137 return "" 5138} 5139 5140// OrigErr always returns nil, satisfies awserr.Error interface. 5141func (s *PreconditionNotMetException) OrigErr() error { 5142 return nil 5143} 5144 5145func (s *PreconditionNotMetException) Error() string { 5146 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5147} 5148 5149// Status code returns the HTTP status code for the request's response error. 5150func (s *PreconditionNotMetException) StatusCode() int { 5151 return s.RespMetadata.StatusCode 5152} 5153 5154// RequestID returns the service's response RequestID for request. 5155func (s *PreconditionNotMetException) RequestID() string { 5156 return s.RespMetadata.RequestID 5157} 5158 5159// The BlockPublicPolicy parameter is set to true and the resource policy did 5160// not prevent broad access to the secret. 5161type PublicPolicyException struct { 5162 _ struct{} `type:"structure"` 5163 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5164 5165 Message_ *string `locationName:"Message" type:"string"` 5166} 5167 5168// String returns the string representation 5169func (s PublicPolicyException) String() string { 5170 return awsutil.Prettify(s) 5171} 5172 5173// GoString returns the string representation 5174func (s PublicPolicyException) GoString() string { 5175 return s.String() 5176} 5177 5178func newErrorPublicPolicyException(v protocol.ResponseMetadata) error { 5179 return &PublicPolicyException{ 5180 RespMetadata: v, 5181 } 5182} 5183 5184// Code returns the exception type name. 5185func (s *PublicPolicyException) Code() string { 5186 return "PublicPolicyException" 5187} 5188 5189// Message returns the exception's message. 5190func (s *PublicPolicyException) Message() string { 5191 if s.Message_ != nil { 5192 return *s.Message_ 5193 } 5194 return "" 5195} 5196 5197// OrigErr always returns nil, satisfies awserr.Error interface. 5198func (s *PublicPolicyException) OrigErr() error { 5199 return nil 5200} 5201 5202func (s *PublicPolicyException) Error() string { 5203 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5204} 5205 5206// Status code returns the HTTP status code for the request's response error. 5207func (s *PublicPolicyException) StatusCode() int { 5208 return s.RespMetadata.StatusCode 5209} 5210 5211// RequestID returns the service's response RequestID for request. 5212func (s *PublicPolicyException) RequestID() string { 5213 return s.RespMetadata.RequestID 5214} 5215 5216type PutResourcePolicyInput struct { 5217 _ struct{} `type:"structure"` 5218 5219 // (Optional) If you set the parameter, BlockPublicPolicy to true, then you 5220 // block resource-based policies that allow broad access to the secret. 5221 BlockPublicPolicy *bool `type:"boolean"` 5222 5223 // A JSON-formatted string constructed according to the grammar and syntax for 5224 // an Amazon Web Services resource-based policy. The policy in the string identifies 5225 // who can access or manage this secret and its versions. For information on 5226 // how to format a JSON parameter for the various command line tool environments, 5227 // see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 5228 // in the CLI User Guide. 5229 // 5230 // ResourcePolicy is a required field 5231 ResourcePolicy *string `min:"1" type:"string" required:"true"` 5232 5233 // Specifies the secret that you want to attach the resource-based policy. You 5234 // can specify either the ARN or the friendly name of the secret. 5235 // 5236 // If you specify an ARN, we generally recommend that you specify a complete 5237 // ARN. You can specify a partial ARN too—for example, if you don’t include 5238 // the final hyphen and six random characters that Secrets Manager adds at the 5239 // end of the ARN when you created the secret. A partial ARN match can work 5240 // as long as it uniquely matches only one secret. However, if your secret has 5241 // a name that ends in a hyphen followed by six characters (before Secrets Manager 5242 // adds the hyphen and six characters to the ARN) and you try to use that as 5243 // a partial ARN, then those characters cause Secrets Manager to assume that 5244 // you’re specifying a complete ARN. This confusion can cause unexpected results. 5245 // To avoid this situation, we recommend that you don’t create secret names 5246 // ending with a hyphen followed by six characters. 5247 // 5248 // If you specify an incomplete ARN without the random suffix, and instead provide 5249 // the 'friendly name', you must not include the random suffix. If you do include 5250 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 5251 // or an AccessDeniedException error, depending on your permissions. 5252 // 5253 // SecretId is a required field 5254 SecretId *string `min:"1" type:"string" required:"true"` 5255} 5256 5257// String returns the string representation 5258func (s PutResourcePolicyInput) String() string { 5259 return awsutil.Prettify(s) 5260} 5261 5262// GoString returns the string representation 5263func (s PutResourcePolicyInput) GoString() string { 5264 return s.String() 5265} 5266 5267// Validate inspects the fields of the type to determine if they are valid. 5268func (s *PutResourcePolicyInput) Validate() error { 5269 invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"} 5270 if s.ResourcePolicy == nil { 5271 invalidParams.Add(request.NewErrParamRequired("ResourcePolicy")) 5272 } 5273 if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 { 5274 invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1)) 5275 } 5276 if s.SecretId == nil { 5277 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5278 } 5279 if s.SecretId != nil && len(*s.SecretId) < 1 { 5280 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5281 } 5282 5283 if invalidParams.Len() > 0 { 5284 return invalidParams 5285 } 5286 return nil 5287} 5288 5289// SetBlockPublicPolicy sets the BlockPublicPolicy field's value. 5290func (s *PutResourcePolicyInput) SetBlockPublicPolicy(v bool) *PutResourcePolicyInput { 5291 s.BlockPublicPolicy = &v 5292 return s 5293} 5294 5295// SetResourcePolicy sets the ResourcePolicy field's value. 5296func (s *PutResourcePolicyInput) SetResourcePolicy(v string) *PutResourcePolicyInput { 5297 s.ResourcePolicy = &v 5298 return s 5299} 5300 5301// SetSecretId sets the SecretId field's value. 5302func (s *PutResourcePolicyInput) SetSecretId(v string) *PutResourcePolicyInput { 5303 s.SecretId = &v 5304 return s 5305} 5306 5307type PutResourcePolicyOutput struct { 5308 _ struct{} `type:"structure"` 5309 5310 // The ARN of the secret retrieved by the resource-based policy. 5311 ARN *string `min:"20" type:"string"` 5312 5313 // The friendly name of the secret retrieved by the resource-based policy. 5314 Name *string `min:"1" type:"string"` 5315} 5316 5317// String returns the string representation 5318func (s PutResourcePolicyOutput) String() string { 5319 return awsutil.Prettify(s) 5320} 5321 5322// GoString returns the string representation 5323func (s PutResourcePolicyOutput) GoString() string { 5324 return s.String() 5325} 5326 5327// SetARN sets the ARN field's value. 5328func (s *PutResourcePolicyOutput) SetARN(v string) *PutResourcePolicyOutput { 5329 s.ARN = &v 5330 return s 5331} 5332 5333// SetName sets the Name field's value. 5334func (s *PutResourcePolicyOutput) SetName(v string) *PutResourcePolicyOutput { 5335 s.Name = &v 5336 return s 5337} 5338 5339type PutSecretValueInput struct { 5340 _ struct{} `type:"structure"` 5341 5342 // (Optional) Specifies a unique identifier for the new version of the secret. 5343 // 5344 // If you use the Amazon Web Services CLI or one of the Amazon Web Services 5345 // SDK to call this operation, then you can leave this parameter empty. The 5346 // CLI or SDK generates a random UUID for you and includes that in the request. 5347 // If you don't use the SDK and instead generate a raw HTTP request to the Secrets 5348 // Manager service endpoint, then you must generate a ClientRequestToken yourself 5349 // for new versions and include that value in the request. 5350 // 5351 // This value helps ensure idempotency. Secrets Manager uses this value to prevent 5352 // the accidental creation of duplicate versions if there are failures and retries 5353 // during the Lambda rotation function's processing. We recommend that you generate 5354 // a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value 5355 // to ensure uniqueness within the specified secret. 5356 // 5357 // * If the ClientRequestToken value isn't already associated with a version 5358 // of the secret then a new version of the secret is created. 5359 // 5360 // * If a version with this value already exists and that version's SecretString 5361 // or SecretBinary values are the same as those in the request then the request 5362 // is ignored (the operation is idempotent). 5363 // 5364 // * If a version with this value already exists and the version of the SecretString 5365 // and SecretBinary values are different from those in the request then the 5366 // request fails because you cannot modify an existing secret version. You 5367 // can only create new versions to store new secret values. 5368 // 5369 // This value becomes the VersionId of the new version. 5370 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 5371 5372 // (Optional) Specifies binary data that you want to encrypt and store in the 5373 // new version of the secret. To use this parameter in the command-line tools, 5374 // we recommend that you store your binary data in a file and then use the appropriate 5375 // technique for your tool to pass the contents of the file as a parameter. 5376 // Either SecretBinary or SecretString must have a value, but not both. They 5377 // cannot both be empty. 5378 // 5379 // This parameter is not accessible if the secret using the Secrets Manager 5380 // console. 5381 // 5382 // SecretBinary is automatically base64 encoded/decoded by the SDK. 5383 SecretBinary []byte `type:"blob" sensitive:"true"` 5384 5385 // Specifies the secret to which you want to add a new version. You can specify 5386 // either the Amazon Resource Name (ARN) or the friendly name of the secret. 5387 // The secret must already exist. 5388 // 5389 // If you specify an ARN, we generally recommend that you specify a complete 5390 // ARN. You can specify a partial ARN too—for example, if you don’t include 5391 // the final hyphen and six random characters that Secrets Manager adds at the 5392 // end of the ARN when you created the secret. A partial ARN match can work 5393 // as long as it uniquely matches only one secret. However, if your secret has 5394 // a name that ends in a hyphen followed by six characters (before Secrets Manager 5395 // adds the hyphen and six characters to the ARN) and you try to use that as 5396 // a partial ARN, then those characters cause Secrets Manager to assume that 5397 // you’re specifying a complete ARN. This confusion can cause unexpected results. 5398 // To avoid this situation, we recommend that you don’t create secret names 5399 // ending with a hyphen followed by six characters. 5400 // 5401 // If you specify an incomplete ARN without the random suffix, and instead provide 5402 // the 'friendly name', you must not include the random suffix. If you do include 5403 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 5404 // or an AccessDeniedException error, depending on your permissions. 5405 // 5406 // SecretId is a required field 5407 SecretId *string `min:"1" type:"string" required:"true"` 5408 5409 // (Optional) Specifies text data that you want to encrypt and store in this 5410 // new version of the secret. Either SecretString or SecretBinary must have 5411 // a value, but not both. They cannot both be empty. 5412 // 5413 // If you create this secret by using the Secrets Manager console then Secrets 5414 // Manager puts the protected secret text in only the SecretString parameter. 5415 // The Secrets Manager console stores the information as a JSON structure of 5416 // key/value pairs that the default Lambda rotation function knows how to parse. 5417 // 5418 // For storing multiple values, we recommend that you use a JSON text string 5419 // argument and specify key/value pairs. For information on how to format a 5420 // JSON parameter for the various command line tool environments, see Using 5421 // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 5422 // in the CLI User Guide. 5423 // 5424 // For example: 5425 // 5426 // [{"username":"bob"},{"password":"abc123xyz456"}] 5427 // 5428 // If your command-line tool or SDK requires quotation marks around the parameter, 5429 // you should use single quotes to avoid confusion with the double quotes required 5430 // in the JSON text. 5431 SecretString *string `type:"string" sensitive:"true"` 5432 5433 // (Optional) Specifies a list of staging labels that are attached to this version 5434 // of the secret. These staging labels are used to track the versions through 5435 // the rotation process by the Lambda rotation function. 5436 // 5437 // A staging label must be unique to a single version of the secret. If you 5438 // specify a staging label that's already associated with a different version 5439 // of the same secret then that staging label is automatically removed from 5440 // the other version and attached to this version. 5441 // 5442 // If you do not specify a value for VersionStages then Secrets Manager automatically 5443 // moves the staging label AWSCURRENT to this new version. 5444 VersionStages []*string `min:"1" type:"list"` 5445} 5446 5447// String returns the string representation 5448func (s PutSecretValueInput) String() string { 5449 return awsutil.Prettify(s) 5450} 5451 5452// GoString returns the string representation 5453func (s PutSecretValueInput) GoString() string { 5454 return s.String() 5455} 5456 5457// Validate inspects the fields of the type to determine if they are valid. 5458func (s *PutSecretValueInput) Validate() error { 5459 invalidParams := request.ErrInvalidParams{Context: "PutSecretValueInput"} 5460 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 5461 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 5462 } 5463 if s.SecretId == nil { 5464 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5465 } 5466 if s.SecretId != nil && len(*s.SecretId) < 1 { 5467 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5468 } 5469 if s.VersionStages != nil && len(s.VersionStages) < 1 { 5470 invalidParams.Add(request.NewErrParamMinLen("VersionStages", 1)) 5471 } 5472 5473 if invalidParams.Len() > 0 { 5474 return invalidParams 5475 } 5476 return nil 5477} 5478 5479// SetClientRequestToken sets the ClientRequestToken field's value. 5480func (s *PutSecretValueInput) SetClientRequestToken(v string) *PutSecretValueInput { 5481 s.ClientRequestToken = &v 5482 return s 5483} 5484 5485// SetSecretBinary sets the SecretBinary field's value. 5486func (s *PutSecretValueInput) SetSecretBinary(v []byte) *PutSecretValueInput { 5487 s.SecretBinary = v 5488 return s 5489} 5490 5491// SetSecretId sets the SecretId field's value. 5492func (s *PutSecretValueInput) SetSecretId(v string) *PutSecretValueInput { 5493 s.SecretId = &v 5494 return s 5495} 5496 5497// SetSecretString sets the SecretString field's value. 5498func (s *PutSecretValueInput) SetSecretString(v string) *PutSecretValueInput { 5499 s.SecretString = &v 5500 return s 5501} 5502 5503// SetVersionStages sets the VersionStages field's value. 5504func (s *PutSecretValueInput) SetVersionStages(v []*string) *PutSecretValueInput { 5505 s.VersionStages = v 5506 return s 5507} 5508 5509type PutSecretValueOutput struct { 5510 _ struct{} `type:"structure"` 5511 5512 // The Amazon Resource Name (ARN) for the secret for which you just created 5513 // a version. 5514 ARN *string `min:"20" type:"string"` 5515 5516 // The friendly name of the secret for which you just created or updated a version. 5517 Name *string `min:"1" type:"string"` 5518 5519 // The unique identifier of the version of the secret you just created or updated. 5520 VersionId *string `min:"32" type:"string"` 5521 5522 // The list of staging labels that are currently attached to this version of 5523 // the secret. Staging labels are used to track a version as it progresses through 5524 // the secret rotation process. 5525 VersionStages []*string `min:"1" type:"list"` 5526} 5527 5528// String returns the string representation 5529func (s PutSecretValueOutput) String() string { 5530 return awsutil.Prettify(s) 5531} 5532 5533// GoString returns the string representation 5534func (s PutSecretValueOutput) GoString() string { 5535 return s.String() 5536} 5537 5538// SetARN sets the ARN field's value. 5539func (s *PutSecretValueOutput) SetARN(v string) *PutSecretValueOutput { 5540 s.ARN = &v 5541 return s 5542} 5543 5544// SetName sets the Name field's value. 5545func (s *PutSecretValueOutput) SetName(v string) *PutSecretValueOutput { 5546 s.Name = &v 5547 return s 5548} 5549 5550// SetVersionId sets the VersionId field's value. 5551func (s *PutSecretValueOutput) SetVersionId(v string) *PutSecretValueOutput { 5552 s.VersionId = &v 5553 return s 5554} 5555 5556// SetVersionStages sets the VersionStages field's value. 5557func (s *PutSecretValueOutput) SetVersionStages(v []*string) *PutSecretValueOutput { 5558 s.VersionStages = v 5559 return s 5560} 5561 5562type RemoveRegionsFromReplicationInput struct { 5563 _ struct{} `type:"structure"` 5564 5565 // Remove replication from specific Regions. 5566 // 5567 // RemoveReplicaRegions is a required field 5568 RemoveReplicaRegions []*string `min:"1" type:"list" required:"true"` 5569 5570 // Remove a secret by SecretId from replica Regions. 5571 // 5572 // SecretId is a required field 5573 SecretId *string `min:"1" type:"string" required:"true"` 5574} 5575 5576// String returns the string representation 5577func (s RemoveRegionsFromReplicationInput) String() string { 5578 return awsutil.Prettify(s) 5579} 5580 5581// GoString returns the string representation 5582func (s RemoveRegionsFromReplicationInput) GoString() string { 5583 return s.String() 5584} 5585 5586// Validate inspects the fields of the type to determine if they are valid. 5587func (s *RemoveRegionsFromReplicationInput) Validate() error { 5588 invalidParams := request.ErrInvalidParams{Context: "RemoveRegionsFromReplicationInput"} 5589 if s.RemoveReplicaRegions == nil { 5590 invalidParams.Add(request.NewErrParamRequired("RemoveReplicaRegions")) 5591 } 5592 if s.RemoveReplicaRegions != nil && len(s.RemoveReplicaRegions) < 1 { 5593 invalidParams.Add(request.NewErrParamMinLen("RemoveReplicaRegions", 1)) 5594 } 5595 if s.SecretId == nil { 5596 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5597 } 5598 if s.SecretId != nil && len(*s.SecretId) < 1 { 5599 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5600 } 5601 5602 if invalidParams.Len() > 0 { 5603 return invalidParams 5604 } 5605 return nil 5606} 5607 5608// SetRemoveReplicaRegions sets the RemoveReplicaRegions field's value. 5609func (s *RemoveRegionsFromReplicationInput) SetRemoveReplicaRegions(v []*string) *RemoveRegionsFromReplicationInput { 5610 s.RemoveReplicaRegions = v 5611 return s 5612} 5613 5614// SetSecretId sets the SecretId field's value. 5615func (s *RemoveRegionsFromReplicationInput) SetSecretId(v string) *RemoveRegionsFromReplicationInput { 5616 s.SecretId = &v 5617 return s 5618} 5619 5620type RemoveRegionsFromReplicationOutput struct { 5621 _ struct{} `type:"structure"` 5622 5623 // The secret ARN removed from replication regions. 5624 ARN *string `min:"20" type:"string"` 5625 5626 // Describes the remaining replication status after you remove regions from 5627 // the replication list. 5628 ReplicationStatus []*ReplicationStatusType `type:"list"` 5629} 5630 5631// String returns the string representation 5632func (s RemoveRegionsFromReplicationOutput) String() string { 5633 return awsutil.Prettify(s) 5634} 5635 5636// GoString returns the string representation 5637func (s RemoveRegionsFromReplicationOutput) GoString() string { 5638 return s.String() 5639} 5640 5641// SetARN sets the ARN field's value. 5642func (s *RemoveRegionsFromReplicationOutput) SetARN(v string) *RemoveRegionsFromReplicationOutput { 5643 s.ARN = &v 5644 return s 5645} 5646 5647// SetReplicationStatus sets the ReplicationStatus field's value. 5648func (s *RemoveRegionsFromReplicationOutput) SetReplicationStatus(v []*ReplicationStatusType) *RemoveRegionsFromReplicationOutput { 5649 s.ReplicationStatus = v 5650 return s 5651} 5652 5653// (Optional) Custom type consisting of a Region (required) and the KmsKeyId 5654// which can be an ARN, Key ID, or Alias. 5655type ReplicaRegionType struct { 5656 _ struct{} `type:"structure"` 5657 5658 // Can be an ARN, Key ID, or Alias. 5659 KmsKeyId *string `type:"string"` 5660 5661 // Describes a single instance of Region objects. 5662 Region *string `min:"1" type:"string"` 5663} 5664 5665// String returns the string representation 5666func (s ReplicaRegionType) String() string { 5667 return awsutil.Prettify(s) 5668} 5669 5670// GoString returns the string representation 5671func (s ReplicaRegionType) GoString() string { 5672 return s.String() 5673} 5674 5675// Validate inspects the fields of the type to determine if they are valid. 5676func (s *ReplicaRegionType) Validate() error { 5677 invalidParams := request.ErrInvalidParams{Context: "ReplicaRegionType"} 5678 if s.Region != nil && len(*s.Region) < 1 { 5679 invalidParams.Add(request.NewErrParamMinLen("Region", 1)) 5680 } 5681 5682 if invalidParams.Len() > 0 { 5683 return invalidParams 5684 } 5685 return nil 5686} 5687 5688// SetKmsKeyId sets the KmsKeyId field's value. 5689func (s *ReplicaRegionType) SetKmsKeyId(v string) *ReplicaRegionType { 5690 s.KmsKeyId = &v 5691 return s 5692} 5693 5694// SetRegion sets the Region field's value. 5695func (s *ReplicaRegionType) SetRegion(v string) *ReplicaRegionType { 5696 s.Region = &v 5697 return s 5698} 5699 5700type ReplicateSecretToRegionsInput struct { 5701 _ struct{} `type:"structure"` 5702 5703 // Add Regions to replicate the secret. 5704 // 5705 // AddReplicaRegions is a required field 5706 AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list" required:"true"` 5707 5708 // (Optional) If set, Secrets Manager replication overwrites a secret with the 5709 // same name in the destination region. 5710 ForceOverwriteReplicaSecret *bool `type:"boolean"` 5711 5712 // Use the Secret Id to replicate a secret to regions. 5713 // 5714 // SecretId is a required field 5715 SecretId *string `min:"1" type:"string" required:"true"` 5716} 5717 5718// String returns the string representation 5719func (s ReplicateSecretToRegionsInput) String() string { 5720 return awsutil.Prettify(s) 5721} 5722 5723// GoString returns the string representation 5724func (s ReplicateSecretToRegionsInput) GoString() string { 5725 return s.String() 5726} 5727 5728// Validate inspects the fields of the type to determine if they are valid. 5729func (s *ReplicateSecretToRegionsInput) Validate() error { 5730 invalidParams := request.ErrInvalidParams{Context: "ReplicateSecretToRegionsInput"} 5731 if s.AddReplicaRegions == nil { 5732 invalidParams.Add(request.NewErrParamRequired("AddReplicaRegions")) 5733 } 5734 if s.AddReplicaRegions != nil && len(s.AddReplicaRegions) < 1 { 5735 invalidParams.Add(request.NewErrParamMinLen("AddReplicaRegions", 1)) 5736 } 5737 if s.SecretId == nil { 5738 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5739 } 5740 if s.SecretId != nil && len(*s.SecretId) < 1 { 5741 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5742 } 5743 if s.AddReplicaRegions != nil { 5744 for i, v := range s.AddReplicaRegions { 5745 if v == nil { 5746 continue 5747 } 5748 if err := v.Validate(); err != nil { 5749 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AddReplicaRegions", i), err.(request.ErrInvalidParams)) 5750 } 5751 } 5752 } 5753 5754 if invalidParams.Len() > 0 { 5755 return invalidParams 5756 } 5757 return nil 5758} 5759 5760// SetAddReplicaRegions sets the AddReplicaRegions field's value. 5761func (s *ReplicateSecretToRegionsInput) SetAddReplicaRegions(v []*ReplicaRegionType) *ReplicateSecretToRegionsInput { 5762 s.AddReplicaRegions = v 5763 return s 5764} 5765 5766// SetForceOverwriteReplicaSecret sets the ForceOverwriteReplicaSecret field's value. 5767func (s *ReplicateSecretToRegionsInput) SetForceOverwriteReplicaSecret(v bool) *ReplicateSecretToRegionsInput { 5768 s.ForceOverwriteReplicaSecret = &v 5769 return s 5770} 5771 5772// SetSecretId sets the SecretId field's value. 5773func (s *ReplicateSecretToRegionsInput) SetSecretId(v string) *ReplicateSecretToRegionsInput { 5774 s.SecretId = &v 5775 return s 5776} 5777 5778type ReplicateSecretToRegionsOutput struct { 5779 _ struct{} `type:"structure"` 5780 5781 // Replicate a secret based on the ReplicaRegionType> consisting of a Region(required) 5782 // and a KMSKeyId (optional) which can be the ARN, KeyID, or Alias. 5783 ARN *string `min:"20" type:"string"` 5784 5785 // Describes the secret replication status as PENDING, SUCCESS or FAIL. 5786 ReplicationStatus []*ReplicationStatusType `type:"list"` 5787} 5788 5789// String returns the string representation 5790func (s ReplicateSecretToRegionsOutput) String() string { 5791 return awsutil.Prettify(s) 5792} 5793 5794// GoString returns the string representation 5795func (s ReplicateSecretToRegionsOutput) GoString() string { 5796 return s.String() 5797} 5798 5799// SetARN sets the ARN field's value. 5800func (s *ReplicateSecretToRegionsOutput) SetARN(v string) *ReplicateSecretToRegionsOutput { 5801 s.ARN = &v 5802 return s 5803} 5804 5805// SetReplicationStatus sets the ReplicationStatus field's value. 5806func (s *ReplicateSecretToRegionsOutput) SetReplicationStatus(v []*ReplicationStatusType) *ReplicateSecretToRegionsOutput { 5807 s.ReplicationStatus = v 5808 return s 5809} 5810 5811// A replication object consisting of a RegionReplicationStatus object and includes 5812// a Region, KMSKeyId, status, and status message. 5813type ReplicationStatusType struct { 5814 _ struct{} `type:"structure"` 5815 5816 // Can be an ARN, Key ID, or Alias. 5817 KmsKeyId *string `type:"string"` 5818 5819 // The date that you last accessed the secret in the Region. 5820 LastAccessedDate *time.Time `type:"timestamp"` 5821 5822 // The Region where replication occurs. 5823 Region *string `min:"1" type:"string"` 5824 5825 // The status can be InProgress, Failed, or InSync. 5826 Status *string `type:"string" enum:"StatusType"` 5827 5828 // Status message such as "Secret with this name already exists in this region". 5829 StatusMessage *string `min:"1" type:"string"` 5830} 5831 5832// String returns the string representation 5833func (s ReplicationStatusType) String() string { 5834 return awsutil.Prettify(s) 5835} 5836 5837// GoString returns the string representation 5838func (s ReplicationStatusType) GoString() string { 5839 return s.String() 5840} 5841 5842// SetKmsKeyId sets the KmsKeyId field's value. 5843func (s *ReplicationStatusType) SetKmsKeyId(v string) *ReplicationStatusType { 5844 s.KmsKeyId = &v 5845 return s 5846} 5847 5848// SetLastAccessedDate sets the LastAccessedDate field's value. 5849func (s *ReplicationStatusType) SetLastAccessedDate(v time.Time) *ReplicationStatusType { 5850 s.LastAccessedDate = &v 5851 return s 5852} 5853 5854// SetRegion sets the Region field's value. 5855func (s *ReplicationStatusType) SetRegion(v string) *ReplicationStatusType { 5856 s.Region = &v 5857 return s 5858} 5859 5860// SetStatus sets the Status field's value. 5861func (s *ReplicationStatusType) SetStatus(v string) *ReplicationStatusType { 5862 s.Status = &v 5863 return s 5864} 5865 5866// SetStatusMessage sets the StatusMessage field's value. 5867func (s *ReplicationStatusType) SetStatusMessage(v string) *ReplicationStatusType { 5868 s.StatusMessage = &v 5869 return s 5870} 5871 5872// A resource with the ID you requested already exists. 5873type ResourceExistsException struct { 5874 _ struct{} `type:"structure"` 5875 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5876 5877 Message_ *string `locationName:"Message" type:"string"` 5878} 5879 5880// String returns the string representation 5881func (s ResourceExistsException) String() string { 5882 return awsutil.Prettify(s) 5883} 5884 5885// GoString returns the string representation 5886func (s ResourceExistsException) GoString() string { 5887 return s.String() 5888} 5889 5890func newErrorResourceExistsException(v protocol.ResponseMetadata) error { 5891 return &ResourceExistsException{ 5892 RespMetadata: v, 5893 } 5894} 5895 5896// Code returns the exception type name. 5897func (s *ResourceExistsException) Code() string { 5898 return "ResourceExistsException" 5899} 5900 5901// Message returns the exception's message. 5902func (s *ResourceExistsException) Message() string { 5903 if s.Message_ != nil { 5904 return *s.Message_ 5905 } 5906 return "" 5907} 5908 5909// OrigErr always returns nil, satisfies awserr.Error interface. 5910func (s *ResourceExistsException) OrigErr() error { 5911 return nil 5912} 5913 5914func (s *ResourceExistsException) Error() string { 5915 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5916} 5917 5918// Status code returns the HTTP status code for the request's response error. 5919func (s *ResourceExistsException) StatusCode() int { 5920 return s.RespMetadata.StatusCode 5921} 5922 5923// RequestID returns the service's response RequestID for request. 5924func (s *ResourceExistsException) RequestID() string { 5925 return s.RespMetadata.RequestID 5926} 5927 5928// We can't find the resource that you asked for. 5929type ResourceNotFoundException struct { 5930 _ struct{} `type:"structure"` 5931 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 5932 5933 Message_ *string `locationName:"Message" type:"string"` 5934} 5935 5936// String returns the string representation 5937func (s ResourceNotFoundException) String() string { 5938 return awsutil.Prettify(s) 5939} 5940 5941// GoString returns the string representation 5942func (s ResourceNotFoundException) GoString() string { 5943 return s.String() 5944} 5945 5946func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { 5947 return &ResourceNotFoundException{ 5948 RespMetadata: v, 5949 } 5950} 5951 5952// Code returns the exception type name. 5953func (s *ResourceNotFoundException) Code() string { 5954 return "ResourceNotFoundException" 5955} 5956 5957// Message returns the exception's message. 5958func (s *ResourceNotFoundException) Message() string { 5959 if s.Message_ != nil { 5960 return *s.Message_ 5961 } 5962 return "" 5963} 5964 5965// OrigErr always returns nil, satisfies awserr.Error interface. 5966func (s *ResourceNotFoundException) OrigErr() error { 5967 return nil 5968} 5969 5970func (s *ResourceNotFoundException) Error() string { 5971 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 5972} 5973 5974// Status code returns the HTTP status code for the request's response error. 5975func (s *ResourceNotFoundException) StatusCode() int { 5976 return s.RespMetadata.StatusCode 5977} 5978 5979// RequestID returns the service's response RequestID for request. 5980func (s *ResourceNotFoundException) RequestID() string { 5981 return s.RespMetadata.RequestID 5982} 5983 5984type RestoreSecretInput struct { 5985 _ struct{} `type:"structure"` 5986 5987 // Specifies the secret that you want to restore from a previously scheduled 5988 // deletion. You can specify either the Amazon Resource Name (ARN) or the friendly 5989 // name of the secret. 5990 // 5991 // If you specify an ARN, we generally recommend that you specify a complete 5992 // ARN. You can specify a partial ARN too—for example, if you don’t include 5993 // the final hyphen and six random characters that Secrets Manager adds at the 5994 // end of the ARN when you created the secret. A partial ARN match can work 5995 // as long as it uniquely matches only one secret. However, if your secret has 5996 // a name that ends in a hyphen followed by six characters (before Secrets Manager 5997 // adds the hyphen and six characters to the ARN) and you try to use that as 5998 // a partial ARN, then those characters cause Secrets Manager to assume that 5999 // you’re specifying a complete ARN. This confusion can cause unexpected results. 6000 // To avoid this situation, we recommend that you don’t create secret names 6001 // ending with a hyphen followed by six characters. 6002 // 6003 // If you specify an incomplete ARN without the random suffix, and instead provide 6004 // the 'friendly name', you must not include the random suffix. If you do include 6005 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 6006 // or an AccessDeniedException error, depending on your permissions. 6007 // 6008 // SecretId is a required field 6009 SecretId *string `min:"1" type:"string" required:"true"` 6010} 6011 6012// String returns the string representation 6013func (s RestoreSecretInput) String() string { 6014 return awsutil.Prettify(s) 6015} 6016 6017// GoString returns the string representation 6018func (s RestoreSecretInput) GoString() string { 6019 return s.String() 6020} 6021 6022// Validate inspects the fields of the type to determine if they are valid. 6023func (s *RestoreSecretInput) Validate() error { 6024 invalidParams := request.ErrInvalidParams{Context: "RestoreSecretInput"} 6025 if s.SecretId == nil { 6026 invalidParams.Add(request.NewErrParamRequired("SecretId")) 6027 } 6028 if s.SecretId != nil && len(*s.SecretId) < 1 { 6029 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 6030 } 6031 6032 if invalidParams.Len() > 0 { 6033 return invalidParams 6034 } 6035 return nil 6036} 6037 6038// SetSecretId sets the SecretId field's value. 6039func (s *RestoreSecretInput) SetSecretId(v string) *RestoreSecretInput { 6040 s.SecretId = &v 6041 return s 6042} 6043 6044type RestoreSecretOutput struct { 6045 _ struct{} `type:"structure"` 6046 6047 // The ARN of the secret that was restored. 6048 ARN *string `min:"20" type:"string"` 6049 6050 // The friendly name of the secret that was restored. 6051 Name *string `min:"1" type:"string"` 6052} 6053 6054// String returns the string representation 6055func (s RestoreSecretOutput) String() string { 6056 return awsutil.Prettify(s) 6057} 6058 6059// GoString returns the string representation 6060func (s RestoreSecretOutput) GoString() string { 6061 return s.String() 6062} 6063 6064// SetARN sets the ARN field's value. 6065func (s *RestoreSecretOutput) SetARN(v string) *RestoreSecretOutput { 6066 s.ARN = &v 6067 return s 6068} 6069 6070// SetName sets the Name field's value. 6071func (s *RestoreSecretOutput) SetName(v string) *RestoreSecretOutput { 6072 s.Name = &v 6073 return s 6074} 6075 6076type RotateSecretInput struct { 6077 _ struct{} `type:"structure"` 6078 6079 // (Optional) Specifies a unique identifier for the new version of the secret 6080 // that helps ensure idempotency. 6081 // 6082 // If you use the Amazon Web Services CLI or one of the Amazon Web Services 6083 // SDK to call this operation, then you can leave this parameter empty. The 6084 // CLI or SDK generates a random UUID for you and includes that in the request 6085 // for this parameter. If you don't use the SDK and instead generate a raw HTTP 6086 // request to the Secrets Manager service endpoint, then you must generate a 6087 // ClientRequestToken yourself for new versions and include that value in the 6088 // request. 6089 // 6090 // You only need to specify your own value if you implement your own retry logic 6091 // and want to ensure that a given secret is not created twice. We recommend 6092 // that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 6093 // value to ensure uniqueness within the specified secret. 6094 // 6095 // Secrets Manager uses this value to prevent the accidental creation of duplicate 6096 // versions if there are failures and retries during the function's processing. 6097 // This value becomes the VersionId of the new version. 6098 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 6099 6100 // (Optional) Specifies the ARN of the Lambda function that can rotate the secret. 6101 RotationLambdaARN *string `type:"string"` 6102 6103 // A structure that defines the rotation configuration for this secret. 6104 RotationRules *RotationRulesType `type:"structure"` 6105 6106 // Specifies the secret that you want to rotate. You can specify either the 6107 // Amazon Resource Name (ARN) or the friendly name of the secret. 6108 // 6109 // If you specify an ARN, we generally recommend that you specify a complete 6110 // ARN. You can specify a partial ARN too—for example, if you don’t include 6111 // the final hyphen and six random characters that Secrets Manager adds at the 6112 // end of the ARN when you created the secret. A partial ARN match can work 6113 // as long as it uniquely matches only one secret. However, if your secret has 6114 // a name that ends in a hyphen followed by six characters (before Secrets Manager 6115 // adds the hyphen and six characters to the ARN) and you try to use that as 6116 // a partial ARN, then those characters cause Secrets Manager to assume that 6117 // you’re specifying a complete ARN. This confusion can cause unexpected results. 6118 // To avoid this situation, we recommend that you don’t create secret names 6119 // ending with a hyphen followed by six characters. 6120 // 6121 // If you specify an incomplete ARN without the random suffix, and instead provide 6122 // the 'friendly name', you must not include the random suffix. If you do include 6123 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 6124 // or an AccessDeniedException error, depending on your permissions. 6125 // 6126 // SecretId is a required field 6127 SecretId *string `min:"1" type:"string" required:"true"` 6128} 6129 6130// String returns the string representation 6131func (s RotateSecretInput) String() string { 6132 return awsutil.Prettify(s) 6133} 6134 6135// GoString returns the string representation 6136func (s RotateSecretInput) GoString() string { 6137 return s.String() 6138} 6139 6140// Validate inspects the fields of the type to determine if they are valid. 6141func (s *RotateSecretInput) Validate() error { 6142 invalidParams := request.ErrInvalidParams{Context: "RotateSecretInput"} 6143 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 6144 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 6145 } 6146 if s.SecretId == nil { 6147 invalidParams.Add(request.NewErrParamRequired("SecretId")) 6148 } 6149 if s.SecretId != nil && len(*s.SecretId) < 1 { 6150 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 6151 } 6152 if s.RotationRules != nil { 6153 if err := s.RotationRules.Validate(); err != nil { 6154 invalidParams.AddNested("RotationRules", err.(request.ErrInvalidParams)) 6155 } 6156 } 6157 6158 if invalidParams.Len() > 0 { 6159 return invalidParams 6160 } 6161 return nil 6162} 6163 6164// SetClientRequestToken sets the ClientRequestToken field's value. 6165func (s *RotateSecretInput) SetClientRequestToken(v string) *RotateSecretInput { 6166 s.ClientRequestToken = &v 6167 return s 6168} 6169 6170// SetRotationLambdaARN sets the RotationLambdaARN field's value. 6171func (s *RotateSecretInput) SetRotationLambdaARN(v string) *RotateSecretInput { 6172 s.RotationLambdaARN = &v 6173 return s 6174} 6175 6176// SetRotationRules sets the RotationRules field's value. 6177func (s *RotateSecretInput) SetRotationRules(v *RotationRulesType) *RotateSecretInput { 6178 s.RotationRules = v 6179 return s 6180} 6181 6182// SetSecretId sets the SecretId field's value. 6183func (s *RotateSecretInput) SetSecretId(v string) *RotateSecretInput { 6184 s.SecretId = &v 6185 return s 6186} 6187 6188type RotateSecretOutput struct { 6189 _ struct{} `type:"structure"` 6190 6191 // The ARN of the secret. 6192 ARN *string `min:"20" type:"string"` 6193 6194 // The friendly name of the secret. 6195 Name *string `min:"1" type:"string"` 6196 6197 // The ID of the new version of the secret created by the rotation started by 6198 // this request. 6199 VersionId *string `min:"32" type:"string"` 6200} 6201 6202// String returns the string representation 6203func (s RotateSecretOutput) String() string { 6204 return awsutil.Prettify(s) 6205} 6206 6207// GoString returns the string representation 6208func (s RotateSecretOutput) GoString() string { 6209 return s.String() 6210} 6211 6212// SetARN sets the ARN field's value. 6213func (s *RotateSecretOutput) SetARN(v string) *RotateSecretOutput { 6214 s.ARN = &v 6215 return s 6216} 6217 6218// SetName sets the Name field's value. 6219func (s *RotateSecretOutput) SetName(v string) *RotateSecretOutput { 6220 s.Name = &v 6221 return s 6222} 6223 6224// SetVersionId sets the VersionId field's value. 6225func (s *RotateSecretOutput) SetVersionId(v string) *RotateSecretOutput { 6226 s.VersionId = &v 6227 return s 6228} 6229 6230// A structure that defines the rotation configuration for the secret. 6231type RotationRulesType struct { 6232 _ struct{} `type:"structure"` 6233 6234 // Specifies the number of days between automatic scheduled rotations of the 6235 // secret. 6236 // 6237 // Secrets Manager schedules the next rotation when the previous one is complete. 6238 // Secrets Manager schedules the date by adding the rotation interval (number 6239 // of days) to the actual date of the last rotation. The service chooses the 6240 // hour within that 24-hour date window randomly. The minute is also chosen 6241 // somewhat randomly, but weighted towards the top of the hour and influenced 6242 // by a variety of factors that help distribute load. 6243 AutomaticallyAfterDays *int64 `min:"1" type:"long"` 6244} 6245 6246// String returns the string representation 6247func (s RotationRulesType) String() string { 6248 return awsutil.Prettify(s) 6249} 6250 6251// GoString returns the string representation 6252func (s RotationRulesType) GoString() string { 6253 return s.String() 6254} 6255 6256// Validate inspects the fields of the type to determine if they are valid. 6257func (s *RotationRulesType) Validate() error { 6258 invalidParams := request.ErrInvalidParams{Context: "RotationRulesType"} 6259 if s.AutomaticallyAfterDays != nil && *s.AutomaticallyAfterDays < 1 { 6260 invalidParams.Add(request.NewErrParamMinValue("AutomaticallyAfterDays", 1)) 6261 } 6262 6263 if invalidParams.Len() > 0 { 6264 return invalidParams 6265 } 6266 return nil 6267} 6268 6269// SetAutomaticallyAfterDays sets the AutomaticallyAfterDays field's value. 6270func (s *RotationRulesType) SetAutomaticallyAfterDays(v int64) *RotationRulesType { 6271 s.AutomaticallyAfterDays = &v 6272 return s 6273} 6274 6275// A structure that contains the details about a secret. It does not include 6276// the encrypted SecretString and SecretBinary values. To get those values, 6277// use the GetSecretValue operation. 6278type SecretListEntry struct { 6279 _ struct{} `type:"structure"` 6280 6281 // The Amazon Resource Name (ARN) of the secret. 6282 // 6283 // For more information about ARNs in Secrets Manager, see Policy Resources 6284 // (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources) 6285 // in the Amazon Web Services Secrets Manager User Guide. 6286 ARN *string `min:"20" type:"string"` 6287 6288 // The date and time when a secret was created. 6289 CreatedDate *time.Time `type:"timestamp"` 6290 6291 // The date and time the deletion of the secret occurred. Not present on active 6292 // secrets. The secret can be recovered until the number of days in the recovery 6293 // window has passed, as specified in the RecoveryWindowInDays parameter of 6294 // the DeleteSecret operation. 6295 DeletedDate *time.Time `type:"timestamp"` 6296 6297 // The user-provided description of the secret. 6298 Description *string `type:"string"` 6299 6300 // The ARN or alias of the Amazon Web Services KMS customer master key (CMK) 6301 // used to encrypt the SecretString and SecretBinary fields in each version 6302 // of the secret. If you don't provide a key, then Secrets Manager defaults 6303 // to encrypting the secret fields with the default KMS CMK, the key named awssecretsmanager, 6304 // for this account. 6305 KmsKeyId *string `type:"string"` 6306 6307 // The last date that this secret was accessed. This value is truncated to midnight 6308 // of the date and therefore shows only the date, not the time. 6309 LastAccessedDate *time.Time `type:"timestamp"` 6310 6311 // The last date and time that this secret was modified in any way. 6312 LastChangedDate *time.Time `type:"timestamp"` 6313 6314 // The most recent date and time that the Secrets Manager rotation process was 6315 // successfully completed. This value is null if the secret hasn't ever rotated. 6316 LastRotatedDate *time.Time `type:"timestamp"` 6317 6318 // The friendly name of the secret. You can use forward slashes in the name 6319 // to represent a path hierarchy. For example, /prod/databases/dbserver1 could 6320 // represent the secret for a server named dbserver1 in the folder databases 6321 // in the folder prod. 6322 Name *string `min:"1" type:"string"` 6323 6324 // Returns the name of the service that created the secret. 6325 OwningService *string `min:"1" type:"string"` 6326 6327 // The Region where Secrets Manager originated the secret. 6328 PrimaryRegion *string `min:"1" type:"string"` 6329 6330 // Indicates whether automatic, scheduled rotation is enabled for this secret. 6331 RotationEnabled *bool `type:"boolean"` 6332 6333 // The ARN of an Amazon Web Services Lambda function invoked by Secrets Manager 6334 // to rotate and expire the secret either automatically per the schedule or 6335 // manually by a call to RotateSecret. 6336 RotationLambdaARN *string `type:"string"` 6337 6338 // A structure that defines the rotation configuration for the secret. 6339 RotationRules *RotationRulesType `type:"structure"` 6340 6341 // A list of all of the currently assigned SecretVersionStage staging labels 6342 // and the SecretVersionId attached to each one. Staging labels are used to 6343 // keep track of the different versions during the rotation process. 6344 // 6345 // A version that does not have any SecretVersionStage is considered deprecated 6346 // and subject to deletion. Such versions are not included in this list. 6347 SecretVersionsToStages map[string][]*string `type:"map"` 6348 6349 // The list of user-defined tags associated with the secret. To add tags to 6350 // a secret, use TagResource. To remove tags, use UntagResource. 6351 Tags []*Tag `type:"list"` 6352} 6353 6354// String returns the string representation 6355func (s SecretListEntry) String() string { 6356 return awsutil.Prettify(s) 6357} 6358 6359// GoString returns the string representation 6360func (s SecretListEntry) GoString() string { 6361 return s.String() 6362} 6363 6364// SetARN sets the ARN field's value. 6365func (s *SecretListEntry) SetARN(v string) *SecretListEntry { 6366 s.ARN = &v 6367 return s 6368} 6369 6370// SetCreatedDate sets the CreatedDate field's value. 6371func (s *SecretListEntry) SetCreatedDate(v time.Time) *SecretListEntry { 6372 s.CreatedDate = &v 6373 return s 6374} 6375 6376// SetDeletedDate sets the DeletedDate field's value. 6377func (s *SecretListEntry) SetDeletedDate(v time.Time) *SecretListEntry { 6378 s.DeletedDate = &v 6379 return s 6380} 6381 6382// SetDescription sets the Description field's value. 6383func (s *SecretListEntry) SetDescription(v string) *SecretListEntry { 6384 s.Description = &v 6385 return s 6386} 6387 6388// SetKmsKeyId sets the KmsKeyId field's value. 6389func (s *SecretListEntry) SetKmsKeyId(v string) *SecretListEntry { 6390 s.KmsKeyId = &v 6391 return s 6392} 6393 6394// SetLastAccessedDate sets the LastAccessedDate field's value. 6395func (s *SecretListEntry) SetLastAccessedDate(v time.Time) *SecretListEntry { 6396 s.LastAccessedDate = &v 6397 return s 6398} 6399 6400// SetLastChangedDate sets the LastChangedDate field's value. 6401func (s *SecretListEntry) SetLastChangedDate(v time.Time) *SecretListEntry { 6402 s.LastChangedDate = &v 6403 return s 6404} 6405 6406// SetLastRotatedDate sets the LastRotatedDate field's value. 6407func (s *SecretListEntry) SetLastRotatedDate(v time.Time) *SecretListEntry { 6408 s.LastRotatedDate = &v 6409 return s 6410} 6411 6412// SetName sets the Name field's value. 6413func (s *SecretListEntry) SetName(v string) *SecretListEntry { 6414 s.Name = &v 6415 return s 6416} 6417 6418// SetOwningService sets the OwningService field's value. 6419func (s *SecretListEntry) SetOwningService(v string) *SecretListEntry { 6420 s.OwningService = &v 6421 return s 6422} 6423 6424// SetPrimaryRegion sets the PrimaryRegion field's value. 6425func (s *SecretListEntry) SetPrimaryRegion(v string) *SecretListEntry { 6426 s.PrimaryRegion = &v 6427 return s 6428} 6429 6430// SetRotationEnabled sets the RotationEnabled field's value. 6431func (s *SecretListEntry) SetRotationEnabled(v bool) *SecretListEntry { 6432 s.RotationEnabled = &v 6433 return s 6434} 6435 6436// SetRotationLambdaARN sets the RotationLambdaARN field's value. 6437func (s *SecretListEntry) SetRotationLambdaARN(v string) *SecretListEntry { 6438 s.RotationLambdaARN = &v 6439 return s 6440} 6441 6442// SetRotationRules sets the RotationRules field's value. 6443func (s *SecretListEntry) SetRotationRules(v *RotationRulesType) *SecretListEntry { 6444 s.RotationRules = v 6445 return s 6446} 6447 6448// SetSecretVersionsToStages sets the SecretVersionsToStages field's value. 6449func (s *SecretListEntry) SetSecretVersionsToStages(v map[string][]*string) *SecretListEntry { 6450 s.SecretVersionsToStages = v 6451 return s 6452} 6453 6454// SetTags sets the Tags field's value. 6455func (s *SecretListEntry) SetTags(v []*Tag) *SecretListEntry { 6456 s.Tags = v 6457 return s 6458} 6459 6460// A structure that contains information about one version of a secret. 6461type SecretVersionsListEntry struct { 6462 _ struct{} `type:"structure"` 6463 6464 // The date and time this version of the secret was created. 6465 CreatedDate *time.Time `type:"timestamp"` 6466 6467 // The KMS keys used to encrypt the secret version. 6468 KmsKeyIds []*string `type:"list"` 6469 6470 // The date that this version of the secret was last accessed. Note that the 6471 // resolution of this field is at the date level and does not include the time. 6472 LastAccessedDate *time.Time `type:"timestamp"` 6473 6474 // The unique version identifier of this version of the secret. 6475 VersionId *string `min:"32" type:"string"` 6476 6477 // An array of staging labels that are currently associated with this version 6478 // of the secret. 6479 VersionStages []*string `min:"1" type:"list"` 6480} 6481 6482// String returns the string representation 6483func (s SecretVersionsListEntry) String() string { 6484 return awsutil.Prettify(s) 6485} 6486 6487// GoString returns the string representation 6488func (s SecretVersionsListEntry) GoString() string { 6489 return s.String() 6490} 6491 6492// SetCreatedDate sets the CreatedDate field's value. 6493func (s *SecretVersionsListEntry) SetCreatedDate(v time.Time) *SecretVersionsListEntry { 6494 s.CreatedDate = &v 6495 return s 6496} 6497 6498// SetKmsKeyIds sets the KmsKeyIds field's value. 6499func (s *SecretVersionsListEntry) SetKmsKeyIds(v []*string) *SecretVersionsListEntry { 6500 s.KmsKeyIds = v 6501 return s 6502} 6503 6504// SetLastAccessedDate sets the LastAccessedDate field's value. 6505func (s *SecretVersionsListEntry) SetLastAccessedDate(v time.Time) *SecretVersionsListEntry { 6506 s.LastAccessedDate = &v 6507 return s 6508} 6509 6510// SetVersionId sets the VersionId field's value. 6511func (s *SecretVersionsListEntry) SetVersionId(v string) *SecretVersionsListEntry { 6512 s.VersionId = &v 6513 return s 6514} 6515 6516// SetVersionStages sets the VersionStages field's value. 6517func (s *SecretVersionsListEntry) SetVersionStages(v []*string) *SecretVersionsListEntry { 6518 s.VersionStages = v 6519 return s 6520} 6521 6522type StopReplicationToReplicaInput struct { 6523 _ struct{} `type:"structure"` 6524 6525 // Response to StopReplicationToReplica of a secret, based on the SecretId. 6526 // 6527 // SecretId is a required field 6528 SecretId *string `min:"1" type:"string" required:"true"` 6529} 6530 6531// String returns the string representation 6532func (s StopReplicationToReplicaInput) String() string { 6533 return awsutil.Prettify(s) 6534} 6535 6536// GoString returns the string representation 6537func (s StopReplicationToReplicaInput) GoString() string { 6538 return s.String() 6539} 6540 6541// Validate inspects the fields of the type to determine if they are valid. 6542func (s *StopReplicationToReplicaInput) Validate() error { 6543 invalidParams := request.ErrInvalidParams{Context: "StopReplicationToReplicaInput"} 6544 if s.SecretId == nil { 6545 invalidParams.Add(request.NewErrParamRequired("SecretId")) 6546 } 6547 if s.SecretId != nil && len(*s.SecretId) < 1 { 6548 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 6549 } 6550 6551 if invalidParams.Len() > 0 { 6552 return invalidParams 6553 } 6554 return nil 6555} 6556 6557// SetSecretId sets the SecretId field's value. 6558func (s *StopReplicationToReplicaInput) SetSecretId(v string) *StopReplicationToReplicaInput { 6559 s.SecretId = &v 6560 return s 6561} 6562 6563type StopReplicationToReplicaOutput struct { 6564 _ struct{} `type:"structure"` 6565 6566 // Response StopReplicationToReplica of a secret, based on the ARN,. 6567 ARN *string `min:"20" type:"string"` 6568} 6569 6570// String returns the string representation 6571func (s StopReplicationToReplicaOutput) String() string { 6572 return awsutil.Prettify(s) 6573} 6574 6575// GoString returns the string representation 6576func (s StopReplicationToReplicaOutput) GoString() string { 6577 return s.String() 6578} 6579 6580// SetARN sets the ARN field's value. 6581func (s *StopReplicationToReplicaOutput) SetARN(v string) *StopReplicationToReplicaOutput { 6582 s.ARN = &v 6583 return s 6584} 6585 6586// A structure that contains information about a tag. 6587type Tag struct { 6588 _ struct{} `type:"structure"` 6589 6590 // The key identifier, or name, of the tag. 6591 Key *string `min:"1" type:"string"` 6592 6593 // The string value associated with the key of the tag. 6594 Value *string `type:"string"` 6595} 6596 6597// String returns the string representation 6598func (s Tag) String() string { 6599 return awsutil.Prettify(s) 6600} 6601 6602// GoString returns the string representation 6603func (s Tag) GoString() string { 6604 return s.String() 6605} 6606 6607// Validate inspects the fields of the type to determine if they are valid. 6608func (s *Tag) Validate() error { 6609 invalidParams := request.ErrInvalidParams{Context: "Tag"} 6610 if s.Key != nil && len(*s.Key) < 1 { 6611 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 6612 } 6613 6614 if invalidParams.Len() > 0 { 6615 return invalidParams 6616 } 6617 return nil 6618} 6619 6620// SetKey sets the Key field's value. 6621func (s *Tag) SetKey(v string) *Tag { 6622 s.Key = &v 6623 return s 6624} 6625 6626// SetValue sets the Value field's value. 6627func (s *Tag) SetValue(v string) *Tag { 6628 s.Value = &v 6629 return s 6630} 6631 6632type TagResourceInput struct { 6633 _ struct{} `type:"structure"` 6634 6635 // The identifier for the secret that you want to attach tags to. You can specify 6636 // either the Amazon Resource Name (ARN) or the friendly name of the secret. 6637 // 6638 // If you specify an ARN, we generally recommend that you specify a complete 6639 // ARN. You can specify a partial ARN too—for example, if you don’t include 6640 // the final hyphen and six random characters that Secrets Manager adds at the 6641 // end of the ARN when you created the secret. A partial ARN match can work 6642 // as long as it uniquely matches only one secret. However, if your secret has 6643 // a name that ends in a hyphen followed by six characters (before Secrets Manager 6644 // adds the hyphen and six characters to the ARN) and you try to use that as 6645 // a partial ARN, then those characters cause Secrets Manager to assume that 6646 // you’re specifying a complete ARN. This confusion can cause unexpected results. 6647 // To avoid this situation, we recommend that you don’t create secret names 6648 // ending with a hyphen followed by six characters. 6649 // 6650 // If you specify an incomplete ARN without the random suffix, and instead provide 6651 // the 'friendly name', you must not include the random suffix. If you do include 6652 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 6653 // or an AccessDeniedException error, depending on your permissions. 6654 // 6655 // SecretId is a required field 6656 SecretId *string `min:"1" type:"string" required:"true"` 6657 6658 // The tags to attach to the secret. Each element in the list consists of a 6659 // Key and a Value. 6660 // 6661 // This parameter to the API requires a JSON text string argument. For information 6662 // on how to format a JSON parameter for the various command line tool environments, 6663 // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 6664 // in the CLI User Guide. For the CLI, you can also use the syntax: --Tags Key="Key1",Value="Value1" 6665 // Key="Key2",Value="Value2"[,…] 6666 // 6667 // Tags is a required field 6668 Tags []*Tag `type:"list" required:"true"` 6669} 6670 6671// String returns the string representation 6672func (s TagResourceInput) String() string { 6673 return awsutil.Prettify(s) 6674} 6675 6676// GoString returns the string representation 6677func (s TagResourceInput) GoString() string { 6678 return s.String() 6679} 6680 6681// Validate inspects the fields of the type to determine if they are valid. 6682func (s *TagResourceInput) Validate() error { 6683 invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} 6684 if s.SecretId == nil { 6685 invalidParams.Add(request.NewErrParamRequired("SecretId")) 6686 } 6687 if s.SecretId != nil && len(*s.SecretId) < 1 { 6688 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 6689 } 6690 if s.Tags == nil { 6691 invalidParams.Add(request.NewErrParamRequired("Tags")) 6692 } 6693 if s.Tags != nil { 6694 for i, v := range s.Tags { 6695 if v == nil { 6696 continue 6697 } 6698 if err := v.Validate(); err != nil { 6699 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 6700 } 6701 } 6702 } 6703 6704 if invalidParams.Len() > 0 { 6705 return invalidParams 6706 } 6707 return nil 6708} 6709 6710// SetSecretId sets the SecretId field's value. 6711func (s *TagResourceInput) SetSecretId(v string) *TagResourceInput { 6712 s.SecretId = &v 6713 return s 6714} 6715 6716// SetTags sets the Tags field's value. 6717func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { 6718 s.Tags = v 6719 return s 6720} 6721 6722type TagResourceOutput struct { 6723 _ struct{} `type:"structure"` 6724} 6725 6726// String returns the string representation 6727func (s TagResourceOutput) String() string { 6728 return awsutil.Prettify(s) 6729} 6730 6731// GoString returns the string representation 6732func (s TagResourceOutput) GoString() string { 6733 return s.String() 6734} 6735 6736type UntagResourceInput struct { 6737 _ struct{} `type:"structure"` 6738 6739 // The identifier for the secret that you want to remove tags from. You can 6740 // specify either the Amazon Resource Name (ARN) or the friendly name of the 6741 // secret. 6742 // 6743 // If you specify an ARN, we generally recommend that you specify a complete 6744 // ARN. You can specify a partial ARN too—for example, if you don’t include 6745 // the final hyphen and six random characters that Secrets Manager adds at the 6746 // end of the ARN when you created the secret. A partial ARN match can work 6747 // as long as it uniquely matches only one secret. However, if your secret has 6748 // a name that ends in a hyphen followed by six characters (before Secrets Manager 6749 // adds the hyphen and six characters to the ARN) and you try to use that as 6750 // a partial ARN, then those characters cause Secrets Manager to assume that 6751 // you’re specifying a complete ARN. This confusion can cause unexpected results. 6752 // To avoid this situation, we recommend that you don’t create secret names 6753 // ending with a hyphen followed by six characters. 6754 // 6755 // If you specify an incomplete ARN without the random suffix, and instead provide 6756 // the 'friendly name', you must not include the random suffix. If you do include 6757 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 6758 // or an AccessDeniedException error, depending on your permissions. 6759 // 6760 // SecretId is a required field 6761 SecretId *string `min:"1" type:"string" required:"true"` 6762 6763 // A list of tag key names to remove from the secret. You don't specify the 6764 // value. Both the key and its associated value are removed. 6765 // 6766 // This parameter to the API requires a JSON text string argument. For information 6767 // on how to format a JSON parameter for the various command line tool environments, 6768 // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 6769 // in the CLI User Guide. 6770 // 6771 // TagKeys is a required field 6772 TagKeys []*string `type:"list" required:"true"` 6773} 6774 6775// String returns the string representation 6776func (s UntagResourceInput) String() string { 6777 return awsutil.Prettify(s) 6778} 6779 6780// GoString returns the string representation 6781func (s UntagResourceInput) GoString() string { 6782 return s.String() 6783} 6784 6785// Validate inspects the fields of the type to determine if they are valid. 6786func (s *UntagResourceInput) Validate() error { 6787 invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} 6788 if s.SecretId == nil { 6789 invalidParams.Add(request.NewErrParamRequired("SecretId")) 6790 } 6791 if s.SecretId != nil && len(*s.SecretId) < 1 { 6792 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 6793 } 6794 if s.TagKeys == nil { 6795 invalidParams.Add(request.NewErrParamRequired("TagKeys")) 6796 } 6797 6798 if invalidParams.Len() > 0 { 6799 return invalidParams 6800 } 6801 return nil 6802} 6803 6804// SetSecretId sets the SecretId field's value. 6805func (s *UntagResourceInput) SetSecretId(v string) *UntagResourceInput { 6806 s.SecretId = &v 6807 return s 6808} 6809 6810// SetTagKeys sets the TagKeys field's value. 6811func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { 6812 s.TagKeys = v 6813 return s 6814} 6815 6816type UntagResourceOutput struct { 6817 _ struct{} `type:"structure"` 6818} 6819 6820// String returns the string representation 6821func (s UntagResourceOutput) String() string { 6822 return awsutil.Prettify(s) 6823} 6824 6825// GoString returns the string representation 6826func (s UntagResourceOutput) GoString() string { 6827 return s.String() 6828} 6829 6830type UpdateSecretInput struct { 6831 _ struct{} `type:"structure"` 6832 6833 // (Optional) If you want to add a new version to the secret, this parameter 6834 // specifies a unique identifier for the new version that helps ensure idempotency. 6835 // 6836 // If you use the Amazon Web Services CLI or one of the Amazon Web Services 6837 // SDK to call this operation, then you can leave this parameter empty. The 6838 // CLI or SDK generates a random UUID for you and includes that in the request. 6839 // If you don't use the SDK and instead generate a raw HTTP request to the Secrets 6840 // Manager service endpoint, then you must generate a ClientRequestToken yourself 6841 // for new versions and include that value in the request. 6842 // 6843 // You typically only need to interact with this value if you implement your 6844 // own retry logic and want to ensure that a given secret is not created twice. 6845 // We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 6846 // value to ensure uniqueness within the specified secret. 6847 // 6848 // Secrets Manager uses this value to prevent the accidental creation of duplicate 6849 // versions if there are failures and retries during the Lambda rotation function's 6850 // processing. 6851 // 6852 // * If the ClientRequestToken value isn't already associated with a version 6853 // of the secret then a new version of the secret is created. 6854 // 6855 // * If a version with this value already exists and that version's SecretString 6856 // and SecretBinary values are the same as those in the request then the 6857 // request is ignored (the operation is idempotent). 6858 // 6859 // * If a version with this value already exists and that version's SecretString 6860 // and SecretBinary values are different from the request then an error occurs 6861 // because you cannot modify an existing secret value. 6862 // 6863 // This value becomes the VersionId of the new version. 6864 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 6865 6866 // (Optional) Specifies an updated user-provided description of the secret. 6867 Description *string `type:"string"` 6868 6869 // (Optional) Specifies an updated ARN or alias of the Amazon Web Services KMS 6870 // customer master key (CMK) to be used to encrypt the protected text in new 6871 // versions of this secret. 6872 // 6873 // You can only use the account's default CMK to encrypt and decrypt if you 6874 // call this operation using credentials from the same account that owns the 6875 // secret. If the secret is in a different account, then you must create a custom 6876 // CMK and provide the ARN of that CMK in this field. The user making the call 6877 // must have permissions to both the secret and the CMK in their respective 6878 // accounts. 6879 KmsKeyId *string `type:"string"` 6880 6881 // (Optional) Specifies updated binary data that you want to encrypt and store 6882 // in the new version of the secret. To use this parameter in the command-line 6883 // tools, we recommend that you store your binary data in a file and then use 6884 // the appropriate technique for your tool to pass the contents of the file 6885 // as a parameter. Either SecretBinary or SecretString must have a value, but 6886 // not both. They cannot both be empty. 6887 // 6888 // This parameter is not accessible using the Secrets Manager console. 6889 // 6890 // SecretBinary is automatically base64 encoded/decoded by the SDK. 6891 SecretBinary []byte `type:"blob" sensitive:"true"` 6892 6893 // Specifies the secret that you want to modify or to which you want to add 6894 // a new version. You can specify either the Amazon Resource Name (ARN) or the 6895 // friendly name of the secret. 6896 // 6897 // If you specify an ARN, we generally recommend that you specify a complete 6898 // ARN. You can specify a partial ARN too—for example, if you don’t include 6899 // the final hyphen and six random characters that Secrets Manager adds at the 6900 // end of the ARN when you created the secret. A partial ARN match can work 6901 // as long as it uniquely matches only one secret. However, if your secret has 6902 // a name that ends in a hyphen followed by six characters (before Secrets Manager 6903 // adds the hyphen and six characters to the ARN) and you try to use that as 6904 // a partial ARN, then those characters cause Secrets Manager to assume that 6905 // you’re specifying a complete ARN. This confusion can cause unexpected results. 6906 // To avoid this situation, we recommend that you don’t create secret names 6907 // ending with a hyphen followed by six characters. 6908 // 6909 // If you specify an incomplete ARN without the random suffix, and instead provide 6910 // the 'friendly name', you must not include the random suffix. If you do include 6911 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 6912 // or an AccessDeniedException error, depending on your permissions. 6913 // 6914 // SecretId is a required field 6915 SecretId *string `min:"1" type:"string" required:"true"` 6916 6917 // (Optional) Specifies updated text data that you want to encrypt and store 6918 // in this new version of the secret. Either SecretBinary or SecretString must 6919 // have a value, but not both. They cannot both be empty. 6920 // 6921 // If you create this secret by using the Secrets Manager console then Secrets 6922 // Manager puts the protected secret text in only the SecretString parameter. 6923 // The Secrets Manager console stores the information as a JSON structure of 6924 // key/value pairs that the default Lambda rotation function knows how to parse. 6925 // 6926 // For storing multiple values, we recommend that you use a JSON text string 6927 // argument and specify key/value pairs. For information on how to format a 6928 // JSON parameter for the various command line tool environments, see Using 6929 // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 6930 // in the CLI User Guide. For example: 6931 // 6932 // [{"username":"bob"},{"password":"abc123xyz456"}] 6933 // 6934 // If your command-line tool or SDK requires quotation marks around the parameter, 6935 // you should use single quotes to avoid confusion with the double quotes required 6936 // in the JSON text. You can also 'escape' the double quote character in the 6937 // embedded JSON text by prefacing each with a backslash. For example, the following 6938 // string is surrounded by double-quotes. All of the embedded double quotes 6939 // are escaped: 6940 // 6941 // "[{\"username\":\"bob\"},{\"password\":\"abc123xyz456\"}]" 6942 SecretString *string `type:"string" sensitive:"true"` 6943} 6944 6945// String returns the string representation 6946func (s UpdateSecretInput) String() string { 6947 return awsutil.Prettify(s) 6948} 6949 6950// GoString returns the string representation 6951func (s UpdateSecretInput) GoString() string { 6952 return s.String() 6953} 6954 6955// Validate inspects the fields of the type to determine if they are valid. 6956func (s *UpdateSecretInput) Validate() error { 6957 invalidParams := request.ErrInvalidParams{Context: "UpdateSecretInput"} 6958 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 6959 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 6960 } 6961 if s.SecretId == nil { 6962 invalidParams.Add(request.NewErrParamRequired("SecretId")) 6963 } 6964 if s.SecretId != nil && len(*s.SecretId) < 1 { 6965 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 6966 } 6967 6968 if invalidParams.Len() > 0 { 6969 return invalidParams 6970 } 6971 return nil 6972} 6973 6974// SetClientRequestToken sets the ClientRequestToken field's value. 6975func (s *UpdateSecretInput) SetClientRequestToken(v string) *UpdateSecretInput { 6976 s.ClientRequestToken = &v 6977 return s 6978} 6979 6980// SetDescription sets the Description field's value. 6981func (s *UpdateSecretInput) SetDescription(v string) *UpdateSecretInput { 6982 s.Description = &v 6983 return s 6984} 6985 6986// SetKmsKeyId sets the KmsKeyId field's value. 6987func (s *UpdateSecretInput) SetKmsKeyId(v string) *UpdateSecretInput { 6988 s.KmsKeyId = &v 6989 return s 6990} 6991 6992// SetSecretBinary sets the SecretBinary field's value. 6993func (s *UpdateSecretInput) SetSecretBinary(v []byte) *UpdateSecretInput { 6994 s.SecretBinary = v 6995 return s 6996} 6997 6998// SetSecretId sets the SecretId field's value. 6999func (s *UpdateSecretInput) SetSecretId(v string) *UpdateSecretInput { 7000 s.SecretId = &v 7001 return s 7002} 7003 7004// SetSecretString sets the SecretString field's value. 7005func (s *UpdateSecretInput) SetSecretString(v string) *UpdateSecretInput { 7006 s.SecretString = &v 7007 return s 7008} 7009 7010type UpdateSecretOutput struct { 7011 _ struct{} `type:"structure"` 7012 7013 // The ARN of the secret that was updated. 7014 // 7015 // Secrets Manager automatically adds several random characters to the name 7016 // at the end of the ARN when you initially create a secret. This affects only 7017 // the ARN and not the actual friendly name. This ensures that if you create 7018 // a new secret with the same name as an old secret that you previously deleted, 7019 // then users with access to the old secret don't automatically get access to 7020 // the new secret because the ARNs are different. 7021 ARN *string `min:"20" type:"string"` 7022 7023 // The friendly name of the secret that was updated. 7024 Name *string `min:"1" type:"string"` 7025 7026 // If a new version of the secret was created by this operation, then VersionId 7027 // contains the unique identifier of the new version. 7028 VersionId *string `min:"32" type:"string"` 7029} 7030 7031// String returns the string representation 7032func (s UpdateSecretOutput) String() string { 7033 return awsutil.Prettify(s) 7034} 7035 7036// GoString returns the string representation 7037func (s UpdateSecretOutput) GoString() string { 7038 return s.String() 7039} 7040 7041// SetARN sets the ARN field's value. 7042func (s *UpdateSecretOutput) SetARN(v string) *UpdateSecretOutput { 7043 s.ARN = &v 7044 return s 7045} 7046 7047// SetName sets the Name field's value. 7048func (s *UpdateSecretOutput) SetName(v string) *UpdateSecretOutput { 7049 s.Name = &v 7050 return s 7051} 7052 7053// SetVersionId sets the VersionId field's value. 7054func (s *UpdateSecretOutput) SetVersionId(v string) *UpdateSecretOutput { 7055 s.VersionId = &v 7056 return s 7057} 7058 7059type UpdateSecretVersionStageInput struct { 7060 _ struct{} `type:"structure"` 7061 7062 // (Optional) The secret version ID that you want to add the staging label. 7063 // If you want to remove a label from a version, then do not specify this parameter. 7064 // 7065 // If the staging label is already attached to a different version of the secret, 7066 // then you must also specify the RemoveFromVersionId parameter. 7067 MoveToVersionId *string `min:"32" type:"string"` 7068 7069 // Specifies the secret version ID of the version that the staging label is 7070 // to be removed from. If the staging label you are trying to attach to one 7071 // version is already attached to a different version, then you must include 7072 // this parameter and specify the version that the label is to be removed from. 7073 // If the label is attached and you either do not specify this parameter, or 7074 // the version ID does not match, then the operation fails. 7075 RemoveFromVersionId *string `min:"32" type:"string"` 7076 7077 // Specifies the secret with the version with the list of staging labels you 7078 // want to modify. You can specify either the Amazon Resource Name (ARN) or 7079 // the friendly name of the secret. 7080 // 7081 // If you specify an ARN, we generally recommend that you specify a complete 7082 // ARN. You can specify a partial ARN too—for example, if you don’t include 7083 // the final hyphen and six random characters that Secrets Manager adds at the 7084 // end of the ARN when you created the secret. A partial ARN match can work 7085 // as long as it uniquely matches only one secret. However, if your secret has 7086 // a name that ends in a hyphen followed by six characters (before Secrets Manager 7087 // adds the hyphen and six characters to the ARN) and you try to use that as 7088 // a partial ARN, then those characters cause Secrets Manager to assume that 7089 // you’re specifying a complete ARN. This confusion can cause unexpected results. 7090 // To avoid this situation, we recommend that you don’t create secret names 7091 // ending with a hyphen followed by six characters. 7092 // 7093 // If you specify an incomplete ARN without the random suffix, and instead provide 7094 // the 'friendly name', you must not include the random suffix. If you do include 7095 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 7096 // or an AccessDeniedException error, depending on your permissions. 7097 // 7098 // SecretId is a required field 7099 SecretId *string `min:"1" type:"string" required:"true"` 7100 7101 // The staging label to add to this version. 7102 // 7103 // VersionStage is a required field 7104 VersionStage *string `min:"1" type:"string" required:"true"` 7105} 7106 7107// String returns the string representation 7108func (s UpdateSecretVersionStageInput) String() string { 7109 return awsutil.Prettify(s) 7110} 7111 7112// GoString returns the string representation 7113func (s UpdateSecretVersionStageInput) GoString() string { 7114 return s.String() 7115} 7116 7117// Validate inspects the fields of the type to determine if they are valid. 7118func (s *UpdateSecretVersionStageInput) Validate() error { 7119 invalidParams := request.ErrInvalidParams{Context: "UpdateSecretVersionStageInput"} 7120 if s.MoveToVersionId != nil && len(*s.MoveToVersionId) < 32 { 7121 invalidParams.Add(request.NewErrParamMinLen("MoveToVersionId", 32)) 7122 } 7123 if s.RemoveFromVersionId != nil && len(*s.RemoveFromVersionId) < 32 { 7124 invalidParams.Add(request.NewErrParamMinLen("RemoveFromVersionId", 32)) 7125 } 7126 if s.SecretId == nil { 7127 invalidParams.Add(request.NewErrParamRequired("SecretId")) 7128 } 7129 if s.SecretId != nil && len(*s.SecretId) < 1 { 7130 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 7131 } 7132 if s.VersionStage == nil { 7133 invalidParams.Add(request.NewErrParamRequired("VersionStage")) 7134 } 7135 if s.VersionStage != nil && len(*s.VersionStage) < 1 { 7136 invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) 7137 } 7138 7139 if invalidParams.Len() > 0 { 7140 return invalidParams 7141 } 7142 return nil 7143} 7144 7145// SetMoveToVersionId sets the MoveToVersionId field's value. 7146func (s *UpdateSecretVersionStageInput) SetMoveToVersionId(v string) *UpdateSecretVersionStageInput { 7147 s.MoveToVersionId = &v 7148 return s 7149} 7150 7151// SetRemoveFromVersionId sets the RemoveFromVersionId field's value. 7152func (s *UpdateSecretVersionStageInput) SetRemoveFromVersionId(v string) *UpdateSecretVersionStageInput { 7153 s.RemoveFromVersionId = &v 7154 return s 7155} 7156 7157// SetSecretId sets the SecretId field's value. 7158func (s *UpdateSecretVersionStageInput) SetSecretId(v string) *UpdateSecretVersionStageInput { 7159 s.SecretId = &v 7160 return s 7161} 7162 7163// SetVersionStage sets the VersionStage field's value. 7164func (s *UpdateSecretVersionStageInput) SetVersionStage(v string) *UpdateSecretVersionStageInput { 7165 s.VersionStage = &v 7166 return s 7167} 7168 7169type UpdateSecretVersionStageOutput struct { 7170 _ struct{} `type:"structure"` 7171 7172 // The ARN of the secret with the modified staging label. 7173 ARN *string `min:"20" type:"string"` 7174 7175 // The friendly name of the secret with the modified staging label. 7176 Name *string `min:"1" type:"string"` 7177} 7178 7179// String returns the string representation 7180func (s UpdateSecretVersionStageOutput) String() string { 7181 return awsutil.Prettify(s) 7182} 7183 7184// GoString returns the string representation 7185func (s UpdateSecretVersionStageOutput) GoString() string { 7186 return s.String() 7187} 7188 7189// SetARN sets the ARN field's value. 7190func (s *UpdateSecretVersionStageOutput) SetARN(v string) *UpdateSecretVersionStageOutput { 7191 s.ARN = &v 7192 return s 7193} 7194 7195// SetName sets the Name field's value. 7196func (s *UpdateSecretVersionStageOutput) SetName(v string) *UpdateSecretVersionStageOutput { 7197 s.Name = &v 7198 return s 7199} 7200 7201type ValidateResourcePolicyInput struct { 7202 _ struct{} `type:"structure"` 7203 7204 // A JSON-formatted string constructed according to the grammar and syntax for 7205 // an Amazon Web Services resource-based policy. The policy in the string identifies 7206 // who can access or manage this secret and its versions. For information on 7207 // how to format a JSON parameter for the various command line tool environments, 7208 // see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 7209 // in the CLI User Guide.publi 7210 // 7211 // ResourcePolicy is a required field 7212 ResourcePolicy *string `min:"1" type:"string" required:"true"` 7213 7214 // (Optional) The identifier of the secret with the resource-based policy you 7215 // want to validate. You can specify either the Amazon Resource Name (ARN) or 7216 // the friendly name of the secret. 7217 // 7218 // If you specify an ARN, we generally recommend that you specify a complete 7219 // ARN. You can specify a partial ARN too—for example, if you don’t include 7220 // the final hyphen and six random characters that Secrets Manager adds at the 7221 // end of the ARN when you created the secret. A partial ARN match can work 7222 // as long as it uniquely matches only one secret. However, if your secret has 7223 // a name that ends in a hyphen followed by six characters (before Secrets Manager 7224 // adds the hyphen and six characters to the ARN) and you try to use that as 7225 // a partial ARN, then those characters cause Secrets Manager to assume that 7226 // you’re specifying a complete ARN. This confusion can cause unexpected results. 7227 // To avoid this situation, we recommend that you don’t create secret names 7228 // ending with a hyphen followed by six characters. 7229 // 7230 // If you specify an incomplete ARN without the random suffix, and instead provide 7231 // the 'friendly name', you must not include the random suffix. If you do include 7232 // the random suffix added by Secrets Manager, you receive either a ResourceNotFoundException 7233 // or an AccessDeniedException error, depending on your permissions. 7234 SecretId *string `min:"1" type:"string"` 7235} 7236 7237// String returns the string representation 7238func (s ValidateResourcePolicyInput) String() string { 7239 return awsutil.Prettify(s) 7240} 7241 7242// GoString returns the string representation 7243func (s ValidateResourcePolicyInput) GoString() string { 7244 return s.String() 7245} 7246 7247// Validate inspects the fields of the type to determine if they are valid. 7248func (s *ValidateResourcePolicyInput) Validate() error { 7249 invalidParams := request.ErrInvalidParams{Context: "ValidateResourcePolicyInput"} 7250 if s.ResourcePolicy == nil { 7251 invalidParams.Add(request.NewErrParamRequired("ResourcePolicy")) 7252 } 7253 if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 { 7254 invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1)) 7255 } 7256 if s.SecretId != nil && len(*s.SecretId) < 1 { 7257 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 7258 } 7259 7260 if invalidParams.Len() > 0 { 7261 return invalidParams 7262 } 7263 return nil 7264} 7265 7266// SetResourcePolicy sets the ResourcePolicy field's value. 7267func (s *ValidateResourcePolicyInput) SetResourcePolicy(v string) *ValidateResourcePolicyInput { 7268 s.ResourcePolicy = &v 7269 return s 7270} 7271 7272// SetSecretId sets the SecretId field's value. 7273func (s *ValidateResourcePolicyInput) SetSecretId(v string) *ValidateResourcePolicyInput { 7274 s.SecretId = &v 7275 return s 7276} 7277 7278type ValidateResourcePolicyOutput struct { 7279 _ struct{} `type:"structure"` 7280 7281 // Returns a message stating that your Reource Policy passed validation. 7282 PolicyValidationPassed *bool `type:"boolean"` 7283 7284 // Returns an error message if your policy doesn't pass validatation. 7285 ValidationErrors []*ValidationErrorsEntry `type:"list"` 7286} 7287 7288// String returns the string representation 7289func (s ValidateResourcePolicyOutput) String() string { 7290 return awsutil.Prettify(s) 7291} 7292 7293// GoString returns the string representation 7294func (s ValidateResourcePolicyOutput) GoString() string { 7295 return s.String() 7296} 7297 7298// SetPolicyValidationPassed sets the PolicyValidationPassed field's value. 7299func (s *ValidateResourcePolicyOutput) SetPolicyValidationPassed(v bool) *ValidateResourcePolicyOutput { 7300 s.PolicyValidationPassed = &v 7301 return s 7302} 7303 7304// SetValidationErrors sets the ValidationErrors field's value. 7305func (s *ValidateResourcePolicyOutput) SetValidationErrors(v []*ValidationErrorsEntry) *ValidateResourcePolicyOutput { 7306 s.ValidationErrors = v 7307 return s 7308} 7309 7310// Displays errors that occurred during validation of the resource policy. 7311type ValidationErrorsEntry struct { 7312 _ struct{} `type:"structure"` 7313 7314 // Checks the name of the policy. 7315 CheckName *string `min:"1" type:"string"` 7316 7317 // Displays error messages if validation encounters problems during validation 7318 // of the resource policy. 7319 ErrorMessage *string `type:"string"` 7320} 7321 7322// String returns the string representation 7323func (s ValidationErrorsEntry) String() string { 7324 return awsutil.Prettify(s) 7325} 7326 7327// GoString returns the string representation 7328func (s ValidationErrorsEntry) GoString() string { 7329 return s.String() 7330} 7331 7332// SetCheckName sets the CheckName field's value. 7333func (s *ValidationErrorsEntry) SetCheckName(v string) *ValidationErrorsEntry { 7334 s.CheckName = &v 7335 return s 7336} 7337 7338// SetErrorMessage sets the ErrorMessage field's value. 7339func (s *ValidationErrorsEntry) SetErrorMessage(v string) *ValidationErrorsEntry { 7340 s.ErrorMessage = &v 7341 return s 7342} 7343 7344const ( 7345 // FilterNameStringTypeDescription is a FilterNameStringType enum value 7346 FilterNameStringTypeDescription = "description" 7347 7348 // FilterNameStringTypeName is a FilterNameStringType enum value 7349 FilterNameStringTypeName = "name" 7350 7351 // FilterNameStringTypeTagKey is a FilterNameStringType enum value 7352 FilterNameStringTypeTagKey = "tag-key" 7353 7354 // FilterNameStringTypeTagValue is a FilterNameStringType enum value 7355 FilterNameStringTypeTagValue = "tag-value" 7356 7357 // FilterNameStringTypePrimaryRegion is a FilterNameStringType enum value 7358 FilterNameStringTypePrimaryRegion = "primary-region" 7359 7360 // FilterNameStringTypeAll is a FilterNameStringType enum value 7361 FilterNameStringTypeAll = "all" 7362) 7363 7364// FilterNameStringType_Values returns all elements of the FilterNameStringType enum 7365func FilterNameStringType_Values() []string { 7366 return []string{ 7367 FilterNameStringTypeDescription, 7368 FilterNameStringTypeName, 7369 FilterNameStringTypeTagKey, 7370 FilterNameStringTypeTagValue, 7371 FilterNameStringTypePrimaryRegion, 7372 FilterNameStringTypeAll, 7373 } 7374} 7375 7376const ( 7377 // SortOrderTypeAsc is a SortOrderType enum value 7378 SortOrderTypeAsc = "asc" 7379 7380 // SortOrderTypeDesc is a SortOrderType enum value 7381 SortOrderTypeDesc = "desc" 7382) 7383 7384// SortOrderType_Values returns all elements of the SortOrderType enum 7385func SortOrderType_Values() []string { 7386 return []string{ 7387 SortOrderTypeAsc, 7388 SortOrderTypeDesc, 7389 } 7390} 7391 7392const ( 7393 // StatusTypeInSync is a StatusType enum value 7394 StatusTypeInSync = "InSync" 7395 7396 // StatusTypeFailed is a StatusType enum value 7397 StatusTypeFailed = "Failed" 7398 7399 // StatusTypeInProgress is a StatusType enum value 7400 StatusTypeInProgress = "InProgress" 7401) 7402 7403// StatusType_Values returns all elements of the StatusType enum 7404func StatusType_Values() []string { 7405 return []string{ 7406 StatusTypeInSync, 7407 StatusTypeFailed, 7408 StatusTypeInProgress, 7409 } 7410} 7411