1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package secretsmanager
4
5import (
6	"context"
7	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
8	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
9	"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
10	"github.com/aws/smithy-go/middleware"
11	smithyhttp "github.com/aws/smithy-go/transport/http"
12	"time"
13)
14
15// Retrieves the details of a secret. It does not include the encrypted fields.
16// Secrets Manager only returns fields populated with a value in the response.
17// Minimum permissions To run this command, you must have the following
18// permissions:
19//
20// * secretsmanager:DescribeSecret
21//
22// Related operations
23//
24// * To create a
25// secret, use CreateSecret.
26//
27// * To modify a secret, use UpdateSecret.
28//
29// * To
30// retrieve the encrypted secret information in a version of the secret, use
31// GetSecretValue.
32//
33// * To list all of the secrets in the AWS account, use
34// ListSecrets.
35func (c *Client) DescribeSecret(ctx context.Context, params *DescribeSecretInput, optFns ...func(*Options)) (*DescribeSecretOutput, error) {
36	if params == nil {
37		params = &DescribeSecretInput{}
38	}
39
40	result, metadata, err := c.invokeOperation(ctx, "DescribeSecret", params, optFns, addOperationDescribeSecretMiddlewares)
41	if err != nil {
42		return nil, err
43	}
44
45	out := result.(*DescribeSecretOutput)
46	out.ResultMetadata = metadata
47	return out, nil
48}
49
50type DescribeSecretInput struct {
51
52	// The identifier of the secret whose details you want to retrieve. You can specify
53	// either the Amazon Resource Name (ARN) or the friendly name of the secret. If you
54	// specify an ARN, we generally recommend that you specify a complete ARN. You can
55	// specify a partial ARN too—for example, if you don’t include the final hyphen and
56	// six random characters that Secrets Manager adds at the end of the ARN when you
57	// created the secret. A partial ARN match can work as long as it uniquely matches
58	// only one secret. However, if your secret has a name that ends in a hyphen
59	// followed by six characters (before Secrets Manager adds the hyphen and six
60	// characters to the ARN) and you try to use that as a partial ARN, then those
61	// characters cause Secrets Manager to assume that you’re specifying a complete
62	// ARN. This confusion can cause unexpected results. To avoid this situation, we
63	// recommend that you don’t create secret names ending with a hyphen followed by
64	// six characters. If you specify an incomplete ARN without the random suffix, and
65	// instead provide the 'friendly name', you must not include the random suffix. If
66	// you do include the random suffix added by Secrets Manager, you receive either a
67	// ResourceNotFoundException or an AccessDeniedException error, depending on your
68	// permissions.
69	//
70	// This member is required.
71	SecretId *string
72}
73
74type DescribeSecretOutput struct {
75
76	// The ARN of the secret.
77	ARN *string
78
79	// The date you created the secret.
80	CreatedDate *time.Time
81
82	// This value exists if the secret is scheduled for deletion. Some time after the
83	// specified date and time, Secrets Manager deletes the secret and all of its
84	// versions. If a secret is scheduled for deletion, then its details, including the
85	// encrypted secret information, is not accessible. To cancel a scheduled deletion
86	// and restore access, use RestoreSecret.
87	DeletedDate *time.Time
88
89	// The user-provided description of the secret.
90	Description *string
91
92	// The ARN or alias of the AWS KMS customer master key (CMK) that's used to encrypt
93	// the SecretString or SecretBinary fields in each version of the secret. If you
94	// don't provide a key, then Secrets Manager defaults to encrypting the secret
95	// fields with the default AWS KMS CMK (the one named awssecretsmanager) for this
96	// account.
97	KmsKeyId *string
98
99	// The last date that this secret was accessed. This value is truncated to midnight
100	// of the date and therefore shows only the date, not the time.
101	LastAccessedDate *time.Time
102
103	// The last date and time that this secret was modified in any way.
104	LastChangedDate *time.Time
105
106	// The last date and time that the rotation process for this secret was invoked.
107	// The most recent date and time that the Secrets Manager rotation process
108	// successfully completed. If the secret doesn't rotate, Secrets Manager returns a
109	// null value.
110	LastRotatedDate *time.Time
111
112	// The user-provided friendly name of the secret.
113	Name *string
114
115	// Returns the name of the service that created this secret.
116	OwningService *string
117
118	// Specifies the primary region for secret replication.
119	PrimaryRegion *string
120
121	// Describes a list of replication status objects as InProgress, Failed or InSync.P
122	ReplicationStatus []types.ReplicationStatusType
123
124	// Specifies whether automatic rotation is enabled for this secret. To enable
125	// rotation, use RotateSecret with AutomaticallyRotateAfterDays set to a value
126	// greater than 0. To disable rotation, use CancelRotateSecret.
127	RotationEnabled bool
128
129	// The ARN of a Lambda function that's invoked by Secrets Manager to rotate the
130	// secret either automatically per the schedule or manually by a call to
131	// RotateSecret.
132	RotationLambdaARN *string
133
134	// A structure with the rotation configuration for this secret.
135	RotationRules *types.RotationRulesType
136
137	// The list of user-defined tags that are associated with the secret. To add tags
138	// to a secret, use TagResource. To remove tags, use UntagResource.
139	Tags []types.Tag
140
141	// A list of all of the currently assigned VersionStage staging labels and the
142	// VersionId that each is attached to. Staging labels are used to keep track of the
143	// different versions during the rotation process. A version that does not have any
144	// staging labels attached is considered deprecated and subject to deletion. Such
145	// versions are not included in this list.
146	VersionIdsToStages map[string][]string
147
148	// Metadata pertaining to the operation's result.
149	ResultMetadata middleware.Metadata
150}
151
152func addOperationDescribeSecretMiddlewares(stack *middleware.Stack, options Options) (err error) {
153	err = stack.Serialize.Add(&awsAwsjson11_serializeOpDescribeSecret{}, middleware.After)
154	if err != nil {
155		return err
156	}
157	err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpDescribeSecret{}, middleware.After)
158	if err != nil {
159		return err
160	}
161	if err = addSetLoggerMiddleware(stack, options); err != nil {
162		return err
163	}
164	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
165		return err
166	}
167	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
168		return err
169	}
170	if err = addResolveEndpointMiddleware(stack, options); err != nil {
171		return err
172	}
173	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
174		return err
175	}
176	if err = addRetryMiddlewares(stack, options); err != nil {
177		return err
178	}
179	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
180		return err
181	}
182	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
183		return err
184	}
185	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
186		return err
187	}
188	if err = addClientUserAgent(stack); err != nil {
189		return err
190	}
191	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
192		return err
193	}
194	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
195		return err
196	}
197	if err = addOpDescribeSecretValidationMiddleware(stack); err != nil {
198		return err
199	}
200	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeSecret(options.Region), middleware.Before); err != nil {
201		return err
202	}
203	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
204		return err
205	}
206	if err = addResponseErrorMiddleware(stack); err != nil {
207		return err
208	}
209	if err = addRequestResponseLogging(stack, options); err != nil {
210		return err
211	}
212	return nil
213}
214
215func newServiceMetadataMiddleware_opDescribeSecret(region string) *awsmiddleware.RegisterServiceMetadata {
216	return &awsmiddleware.RegisterServiceMetadata{
217		Region:        region,
218		ServiceID:     ServiceID,
219		SigningName:   "secretsmanager",
220		OperationName: "DescribeSecret",
221	}
222}
223