1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package secretsmanager 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opCancelRotateSecret = "CancelRotateSecret" 17 18// CancelRotateSecretRequest generates a "aws/request.Request" representing the 19// client's request for the CancelRotateSecret operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See CancelRotateSecret for more information on using the CancelRotateSecret 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the CancelRotateSecretRequest method. 34// req, resp := client.CancelRotateSecretRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret 42func (c *SecretsManager) CancelRotateSecretRequest(input *CancelRotateSecretInput) (req *request.Request, output *CancelRotateSecretOutput) { 43 op := &request.Operation{ 44 Name: opCancelRotateSecret, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &CancelRotateSecretInput{} 51 } 52 53 output = &CancelRotateSecretOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// CancelRotateSecret API operation for AWS Secrets Manager. 59// 60// Disables automatic scheduled rotation and cancels the rotation of a secret 61// if one is currently in progress. 62// 63// To re-enable scheduled rotation, call RotateSecret with AutomaticallyRotateAfterDays 64// set to a value greater than 0. This will immediately rotate your secret and 65// then enable the automatic schedule. 66// 67// If you cancel a rotation that is in progress, it can leave the VersionStage 68// labels in an unexpected state. Depending on what step of the rotation was 69// in progress, you might need to remove the staging label AWSPENDING from the 70// partially created version, specified by the VersionId response value. You 71// should also evaluate the partially rotated new version to see if it should 72// be deleted, which you can do by removing all staging labels from the new 73// version's VersionStage field. 74// 75// To successfully start a rotation, the staging label AWSPENDING must be in 76// one of the following states: 77// 78// * Not be attached to any version at all 79// 80// * Attached to the same version as the staging label AWSCURRENT 81// 82// If the staging label AWSPENDING is attached to a different version than the 83// version with AWSCURRENT then the attempt to rotate fails. 84// 85// Minimum permissions 86// 87// To run this command, you must have the following permissions: 88// 89// * secretsmanager:CancelRotateSecret 90// 91// Related operations 92// 93// * To configure rotation for a secret or to manually trigger a rotation, 94// use RotateSecret. 95// 96// * To get the rotation configuration details for a secret, use DescribeSecret. 97// 98// * To list all of the currently available secrets, use ListSecrets. 99// 100// * To list all of the versions currently associated with a secret, use 101// ListSecretVersionIds. 102// 103// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 104// with awserr.Error's Code and Message methods to get detailed information about 105// the error. 106// 107// See the AWS API reference guide for AWS Secrets Manager's 108// API operation CancelRotateSecret for usage and error information. 109// 110// Returned Error Codes: 111// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 112// We can't find the resource that you asked for. 113// 114// * ErrCodeInvalidParameterException "InvalidParameterException" 115// You provided an invalid value for a parameter. 116// 117// * ErrCodeInternalServiceError "InternalServiceError" 118// An error occurred on the server side. 119// 120// * ErrCodeInvalidRequestException "InvalidRequestException" 121// You provided a parameter value that is not valid for the current state of 122// the resource. 123// 124// Possible causes: 125// 126// * You tried to perform the operation on a secret that's currently marked 127// deleted. 128// 129// * You tried to enable rotation on a secret that doesn't already have a 130// Lambda function ARN configured and you didn't include such an ARN as a 131// parameter in this call. 132// 133// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret 134func (c *SecretsManager) CancelRotateSecret(input *CancelRotateSecretInput) (*CancelRotateSecretOutput, error) { 135 req, out := c.CancelRotateSecretRequest(input) 136 return out, req.Send() 137} 138 139// CancelRotateSecretWithContext is the same as CancelRotateSecret with the addition of 140// the ability to pass a context and additional request options. 141// 142// See CancelRotateSecret for details on how to use this API operation. 143// 144// The context must be non-nil and will be used for request cancellation. If 145// the context is nil a panic will occur. In the future the SDK may create 146// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 147// for more information on using Contexts. 148func (c *SecretsManager) CancelRotateSecretWithContext(ctx aws.Context, input *CancelRotateSecretInput, opts ...request.Option) (*CancelRotateSecretOutput, error) { 149 req, out := c.CancelRotateSecretRequest(input) 150 req.SetContext(ctx) 151 req.ApplyOptions(opts...) 152 return out, req.Send() 153} 154 155const opCreateSecret = "CreateSecret" 156 157// CreateSecretRequest generates a "aws/request.Request" representing the 158// client's request for the CreateSecret operation. The "output" return 159// value will be populated with the request's response once the request completes 160// successfully. 161// 162// Use "Send" method on the returned Request to send the API call to the service. 163// the "output" return value is not valid until after Send returns without error. 164// 165// See CreateSecret for more information on using the CreateSecret 166// API call, and error handling. 167// 168// This method is useful when you want to inject custom logic or configuration 169// into the SDK's request lifecycle. Such as custom headers, or retry logic. 170// 171// 172// // Example sending a request using the CreateSecretRequest method. 173// req, resp := client.CreateSecretRequest(params) 174// 175// err := req.Send() 176// if err == nil { // resp is now filled 177// fmt.Println(resp) 178// } 179// 180// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret 181func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *request.Request, output *CreateSecretOutput) { 182 op := &request.Operation{ 183 Name: opCreateSecret, 184 HTTPMethod: "POST", 185 HTTPPath: "/", 186 } 187 188 if input == nil { 189 input = &CreateSecretInput{} 190 } 191 192 output = &CreateSecretOutput{} 193 req = c.newRequest(op, input, output) 194 return 195} 196 197// CreateSecret API operation for AWS Secrets Manager. 198// 199// Creates a new secret. A secret in Secrets Manager consists of both the protected 200// secret data and the important information needed to manage the secret. 201// 202// Secrets Manager stores the encrypted secret data in one of a collection of 203// "versions" associated with the secret. Each version contains a copy of the 204// encrypted secret data. Each version is associated with one or more "staging 205// labels" that identify where the version is in the rotation cycle. The SecretVersionsToStages 206// field of the secret contains the mapping of staging labels to the active 207// versions of the secret. Versions without a staging label are considered deprecated 208// and are not included in the list. 209// 210// You provide the secret data to be encrypted by putting text in either the 211// SecretString parameter or binary data in the SecretBinary parameter, but 212// not both. If you include SecretString or SecretBinary then Secrets Manager 213// also creates an initial secret version and automatically attaches the staging 214// label AWSCURRENT to the new version. 215// 216// * If you call an operation that needs to encrypt or decrypt the SecretString 217// or SecretBinary for a secret in the same account as the calling user and 218// that secret doesn't specify a AWS KMS encryption key, Secrets Manager 219// uses the account's default AWS managed customer master key (CMK) with 220// the alias aws/secretsmanager. If this key doesn't already exist in your 221// account then Secrets Manager creates it for you automatically. All users 222// and roles in the same AWS account automatically have access to use the 223// default CMK. Note that if an Secrets Manager API call results in AWS having 224// to create the account's AWS-managed CMK, it can result in a one-time significant 225// delay in returning the result. 226// 227// * If the secret is in a different AWS account from the credentials calling 228// an API that requires encryption or decryption of the secret value then 229// you must create and use a custom AWS KMS CMK because you can't access 230// the default CMK for the account using credentials from a different AWS 231// account. Store the ARN of the CMK in the secret when you create the secret 232// or when you update it by including it in the KMSKeyId. If you call an 233// API that must encrypt or decrypt SecretString or SecretBinary using credentials 234// from a different account then the AWS KMS key policy must grant cross-account 235// access to that other account's user or role for both the kms:GenerateDataKey 236// and kms:Decrypt operations. 237// 238// Minimum permissions 239// 240// To run this command, you must have the following permissions: 241// 242// * secretsmanager:CreateSecret 243// 244// * kms:GenerateDataKey - needed only if you use a customer-managed AWS 245// KMS key to encrypt the secret. You do not need this permission to use 246// the account's default AWS managed CMK for Secrets Manager. 247// 248// * kms:Decrypt - needed only if you use a customer-managed AWS KMS key 249// to encrypt the secret. You do not need this permission to use the account's 250// default AWS managed CMK for Secrets Manager. 251// 252// * secretsmanager:TagResource - needed only if you include the Tags parameter. 253// 254// Related operations 255// 256// * To delete a secret, use DeleteSecret. 257// 258// * To modify an existing secret, use UpdateSecret. 259// 260// * To create a new version of a secret, use PutSecretValue. 261// 262// * To retrieve the encrypted secure string and secure binary values, use 263// GetSecretValue. 264// 265// * To retrieve all other details for a secret, use DescribeSecret. This 266// does not include the encrypted secure string and secure binary values. 267// 268// * To retrieve the list of secret versions associated with the current 269// secret, use DescribeSecret and examine the SecretVersionsToStages response 270// value. 271// 272// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 273// with awserr.Error's Code and Message methods to get detailed information about 274// the error. 275// 276// See the AWS API reference guide for AWS Secrets Manager's 277// API operation CreateSecret for usage and error information. 278// 279// Returned Error Codes: 280// * ErrCodeInvalidParameterException "InvalidParameterException" 281// You provided an invalid value for a parameter. 282// 283// * ErrCodeInvalidRequestException "InvalidRequestException" 284// You provided a parameter value that is not valid for the current state of 285// the resource. 286// 287// Possible causes: 288// 289// * You tried to perform the operation on a secret that's currently marked 290// deleted. 291// 292// * You tried to enable rotation on a secret that doesn't already have a 293// Lambda function ARN configured and you didn't include such an ARN as a 294// parameter in this call. 295// 296// * ErrCodeLimitExceededException "LimitExceededException" 297// The request failed because it would exceed one of the Secrets Manager internal 298// limits. 299// 300// * ErrCodeEncryptionFailure "EncryptionFailure" 301// Secrets Manager can't encrypt the protected secret text using the provided 302// KMS key. Check that the customer master key (CMK) is available, enabled, 303// and not in an invalid state. For more information, see How Key State Affects 304// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 305// 306// * ErrCodeResourceExistsException "ResourceExistsException" 307// A resource with the ID you requested already exists. 308// 309// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 310// We can't find the resource that you asked for. 311// 312// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 313// The policy document that you provided isn't valid. 314// 315// * ErrCodeInternalServiceError "InternalServiceError" 316// An error occurred on the server side. 317// 318// * ErrCodePreconditionNotMetException "PreconditionNotMetException" 319// The request failed because you did not complete all the prerequisite steps. 320// 321// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret 322func (c *SecretsManager) CreateSecret(input *CreateSecretInput) (*CreateSecretOutput, error) { 323 req, out := c.CreateSecretRequest(input) 324 return out, req.Send() 325} 326 327// CreateSecretWithContext is the same as CreateSecret with the addition of 328// the ability to pass a context and additional request options. 329// 330// See CreateSecret for details on how to use this API operation. 331// 332// The context must be non-nil and will be used for request cancellation. If 333// the context is nil a panic will occur. In the future the SDK may create 334// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 335// for more information on using Contexts. 336func (c *SecretsManager) CreateSecretWithContext(ctx aws.Context, input *CreateSecretInput, opts ...request.Option) (*CreateSecretOutput, error) { 337 req, out := c.CreateSecretRequest(input) 338 req.SetContext(ctx) 339 req.ApplyOptions(opts...) 340 return out, req.Send() 341} 342 343const opDeleteResourcePolicy = "DeleteResourcePolicy" 344 345// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the 346// client's request for the DeleteResourcePolicy operation. The "output" return 347// value will be populated with the request's response once the request completes 348// successfully. 349// 350// Use "Send" method on the returned Request to send the API call to the service. 351// the "output" return value is not valid until after Send returns without error. 352// 353// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy 354// API call, and error handling. 355// 356// This method is useful when you want to inject custom logic or configuration 357// into the SDK's request lifecycle. Such as custom headers, or retry logic. 358// 359// 360// // Example sending a request using the DeleteResourcePolicyRequest method. 361// req, resp := client.DeleteResourcePolicyRequest(params) 362// 363// err := req.Send() 364// if err == nil { // resp is now filled 365// fmt.Println(resp) 366// } 367// 368// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy 369func (c *SecretsManager) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) { 370 op := &request.Operation{ 371 Name: opDeleteResourcePolicy, 372 HTTPMethod: "POST", 373 HTTPPath: "/", 374 } 375 376 if input == nil { 377 input = &DeleteResourcePolicyInput{} 378 } 379 380 output = &DeleteResourcePolicyOutput{} 381 req = c.newRequest(op, input, output) 382 return 383} 384 385// DeleteResourcePolicy API operation for AWS Secrets Manager. 386// 387// Deletes the resource-based permission policy that's attached to the secret. 388// 389// Minimum permissions 390// 391// To run this command, you must have the following permissions: 392// 393// * secretsmanager:DeleteResourcePolicy 394// 395// Related operations 396// 397// * To attach a resource policy to a secret, use PutResourcePolicy. 398// 399// * To retrieve the current resource-based policy that's attached to a secret, 400// use GetResourcePolicy. 401// 402// * To list all of the currently available secrets, use ListSecrets. 403// 404// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 405// with awserr.Error's Code and Message methods to get detailed information about 406// the error. 407// 408// See the AWS API reference guide for AWS Secrets Manager's 409// API operation DeleteResourcePolicy for usage and error information. 410// 411// Returned Error Codes: 412// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 413// We can't find the resource that you asked for. 414// 415// * ErrCodeInternalServiceError "InternalServiceError" 416// An error occurred on the server side. 417// 418// * ErrCodeInvalidRequestException "InvalidRequestException" 419// You provided a parameter value that is not valid for the current state of 420// the resource. 421// 422// Possible causes: 423// 424// * You tried to perform the operation on a secret that's currently marked 425// deleted. 426// 427// * You tried to enable rotation on a secret that doesn't already have a 428// Lambda function ARN configured and you didn't include such an ARN as a 429// parameter in this call. 430// 431// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy 432func (c *SecretsManager) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) { 433 req, out := c.DeleteResourcePolicyRequest(input) 434 return out, req.Send() 435} 436 437// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of 438// the ability to pass a context and additional request options. 439// 440// See DeleteResourcePolicy for details on how to use this API operation. 441// 442// The context must be non-nil and will be used for request cancellation. If 443// the context is nil a panic will occur. In the future the SDK may create 444// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 445// for more information on using Contexts. 446func (c *SecretsManager) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) { 447 req, out := c.DeleteResourcePolicyRequest(input) 448 req.SetContext(ctx) 449 req.ApplyOptions(opts...) 450 return out, req.Send() 451} 452 453const opDeleteSecret = "DeleteSecret" 454 455// DeleteSecretRequest generates a "aws/request.Request" representing the 456// client's request for the DeleteSecret operation. The "output" return 457// value will be populated with the request's response once the request completes 458// successfully. 459// 460// Use "Send" method on the returned Request to send the API call to the service. 461// the "output" return value is not valid until after Send returns without error. 462// 463// See DeleteSecret for more information on using the DeleteSecret 464// API call, and error handling. 465// 466// This method is useful when you want to inject custom logic or configuration 467// into the SDK's request lifecycle. Such as custom headers, or retry logic. 468// 469// 470// // Example sending a request using the DeleteSecretRequest method. 471// req, resp := client.DeleteSecretRequest(params) 472// 473// err := req.Send() 474// if err == nil { // resp is now filled 475// fmt.Println(resp) 476// } 477// 478// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret 479func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *request.Request, output *DeleteSecretOutput) { 480 op := &request.Operation{ 481 Name: opDeleteSecret, 482 HTTPMethod: "POST", 483 HTTPPath: "/", 484 } 485 486 if input == nil { 487 input = &DeleteSecretInput{} 488 } 489 490 output = &DeleteSecretOutput{} 491 req = c.newRequest(op, input, output) 492 return 493} 494 495// DeleteSecret API operation for AWS Secrets Manager. 496// 497// Deletes an entire secret and all of its versions. You can optionally include 498// a recovery window during which you can restore the secret. If you don't specify 499// a recovery window value, the operation defaults to 30 days. Secrets Manager 500// attaches a DeletionDate stamp to the secret that specifies the end of the 501// recovery window. At the end of the recovery window, Secrets Manager deletes 502// the secret permanently. 503// 504// At any time before recovery window ends, you can use RestoreSecret to remove 505// the DeletionDate and cancel the deletion of the secret. 506// 507// You cannot access the encrypted secret information in any secret that is 508// scheduled for deletion. If you need to access that information, you must 509// cancel the deletion with RestoreSecret and then retrieve the information. 510// 511// * There is no explicit operation to delete a version of a secret. Instead, 512// remove all staging labels from the VersionStage field of a version. That 513// marks the version as deprecated and allows Secrets Manager to delete it 514// as needed. Versions that do not have any staging labels do not show up 515// in ListSecretVersionIds unless you specify IncludeDeprecated. 516// 517// * The permanent secret deletion at the end of the waiting period is performed 518// as a background task with low priority. There is no guarantee of a specific 519// time after the recovery window for the actual delete operation to occur. 520// 521// Minimum permissions 522// 523// To run this command, you must have the following permissions: 524// 525// * secretsmanager:DeleteSecret 526// 527// Related operations 528// 529// * To create a secret, use CreateSecret. 530// 531// * To cancel deletion of a version of a secret before the recovery window 532// has expired, use RestoreSecret. 533// 534// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 535// with awserr.Error's Code and Message methods to get detailed information about 536// the error. 537// 538// See the AWS API reference guide for AWS Secrets Manager's 539// API operation DeleteSecret for usage and error information. 540// 541// Returned Error Codes: 542// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 543// We can't find the resource that you asked for. 544// 545// * ErrCodeInvalidParameterException "InvalidParameterException" 546// You provided an invalid value for a parameter. 547// 548// * ErrCodeInvalidRequestException "InvalidRequestException" 549// You provided a parameter value that is not valid for the current state of 550// the resource. 551// 552// Possible causes: 553// 554// * You tried to perform the operation on a secret that's currently marked 555// deleted. 556// 557// * You tried to enable rotation on a secret that doesn't already have a 558// Lambda function ARN configured and you didn't include such an ARN as a 559// parameter in this call. 560// 561// * ErrCodeInternalServiceError "InternalServiceError" 562// An error occurred on the server side. 563// 564// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret 565func (c *SecretsManager) DeleteSecret(input *DeleteSecretInput) (*DeleteSecretOutput, error) { 566 req, out := c.DeleteSecretRequest(input) 567 return out, req.Send() 568} 569 570// DeleteSecretWithContext is the same as DeleteSecret with the addition of 571// the ability to pass a context and additional request options. 572// 573// See DeleteSecret for details on how to use this API operation. 574// 575// The context must be non-nil and will be used for request cancellation. If 576// the context is nil a panic will occur. In the future the SDK may create 577// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 578// for more information on using Contexts. 579func (c *SecretsManager) DeleteSecretWithContext(ctx aws.Context, input *DeleteSecretInput, opts ...request.Option) (*DeleteSecretOutput, error) { 580 req, out := c.DeleteSecretRequest(input) 581 req.SetContext(ctx) 582 req.ApplyOptions(opts...) 583 return out, req.Send() 584} 585 586const opDescribeSecret = "DescribeSecret" 587 588// DescribeSecretRequest generates a "aws/request.Request" representing the 589// client's request for the DescribeSecret operation. The "output" return 590// value will be populated with the request's response once the request completes 591// successfully. 592// 593// Use "Send" method on the returned Request to send the API call to the service. 594// the "output" return value is not valid until after Send returns without error. 595// 596// See DescribeSecret for more information on using the DescribeSecret 597// API call, and error handling. 598// 599// This method is useful when you want to inject custom logic or configuration 600// into the SDK's request lifecycle. Such as custom headers, or retry logic. 601// 602// 603// // Example sending a request using the DescribeSecretRequest method. 604// req, resp := client.DescribeSecretRequest(params) 605// 606// err := req.Send() 607// if err == nil { // resp is now filled 608// fmt.Println(resp) 609// } 610// 611// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret 612func (c *SecretsManager) DescribeSecretRequest(input *DescribeSecretInput) (req *request.Request, output *DescribeSecretOutput) { 613 op := &request.Operation{ 614 Name: opDescribeSecret, 615 HTTPMethod: "POST", 616 HTTPPath: "/", 617 } 618 619 if input == nil { 620 input = &DescribeSecretInput{} 621 } 622 623 output = &DescribeSecretOutput{} 624 req = c.newRequest(op, input, output) 625 return 626} 627 628// DescribeSecret API operation for AWS Secrets Manager. 629// 630// Retrieves the details of a secret. It does not include the encrypted fields. 631// Only those fields that are populated with a value are returned in the response. 632// 633// Minimum permissions 634// 635// To run this command, you must have the following permissions: 636// 637// * secretsmanager:DescribeSecret 638// 639// Related operations 640// 641// * To create a secret, use CreateSecret. 642// 643// * To modify a secret, use UpdateSecret. 644// 645// * To retrieve the encrypted secret information in a version of the secret, 646// use GetSecretValue. 647// 648// * To list all of the secrets in the AWS account, use ListSecrets. 649// 650// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 651// with awserr.Error's Code and Message methods to get detailed information about 652// the error. 653// 654// See the AWS API reference guide for AWS Secrets Manager's 655// API operation DescribeSecret for usage and error information. 656// 657// Returned Error Codes: 658// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 659// We can't find the resource that you asked for. 660// 661// * ErrCodeInternalServiceError "InternalServiceError" 662// An error occurred on the server side. 663// 664// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret 665func (c *SecretsManager) DescribeSecret(input *DescribeSecretInput) (*DescribeSecretOutput, error) { 666 req, out := c.DescribeSecretRequest(input) 667 return out, req.Send() 668} 669 670// DescribeSecretWithContext is the same as DescribeSecret with the addition of 671// the ability to pass a context and additional request options. 672// 673// See DescribeSecret for details on how to use this API operation. 674// 675// The context must be non-nil and will be used for request cancellation. If 676// the context is nil a panic will occur. In the future the SDK may create 677// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 678// for more information on using Contexts. 679func (c *SecretsManager) DescribeSecretWithContext(ctx aws.Context, input *DescribeSecretInput, opts ...request.Option) (*DescribeSecretOutput, error) { 680 req, out := c.DescribeSecretRequest(input) 681 req.SetContext(ctx) 682 req.ApplyOptions(opts...) 683 return out, req.Send() 684} 685 686const opGetRandomPassword = "GetRandomPassword" 687 688// GetRandomPasswordRequest generates a "aws/request.Request" representing the 689// client's request for the GetRandomPassword operation. The "output" return 690// value will be populated with the request's response once the request completes 691// successfully. 692// 693// Use "Send" method on the returned Request to send the API call to the service. 694// the "output" return value is not valid until after Send returns without error. 695// 696// See GetRandomPassword for more information on using the GetRandomPassword 697// API call, and error handling. 698// 699// This method is useful when you want to inject custom logic or configuration 700// into the SDK's request lifecycle. Such as custom headers, or retry logic. 701// 702// 703// // Example sending a request using the GetRandomPasswordRequest method. 704// req, resp := client.GetRandomPasswordRequest(params) 705// 706// err := req.Send() 707// if err == nil { // resp is now filled 708// fmt.Println(resp) 709// } 710// 711// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword 712func (c *SecretsManager) GetRandomPasswordRequest(input *GetRandomPasswordInput) (req *request.Request, output *GetRandomPasswordOutput) { 713 op := &request.Operation{ 714 Name: opGetRandomPassword, 715 HTTPMethod: "POST", 716 HTTPPath: "/", 717 } 718 719 if input == nil { 720 input = &GetRandomPasswordInput{} 721 } 722 723 output = &GetRandomPasswordOutput{} 724 req = c.newRequest(op, input, output) 725 return 726} 727 728// GetRandomPassword API operation for AWS Secrets Manager. 729// 730// Generates a random password of the specified complexity. This operation is 731// intended for use in the Lambda rotation function. Per best practice, we recommend 732// that you specify the maximum length and include every character type that 733// the system you are generating a password for can support. 734// 735// Minimum permissions 736// 737// To run this command, you must have the following permissions: 738// 739// * secretsmanager:GetRandomPassword 740// 741// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 742// with awserr.Error's Code and Message methods to get detailed information about 743// the error. 744// 745// See the AWS API reference guide for AWS Secrets Manager's 746// API operation GetRandomPassword for usage and error information. 747// 748// Returned Error Codes: 749// * ErrCodeInvalidParameterException "InvalidParameterException" 750// You provided an invalid value for a parameter. 751// 752// * ErrCodeInvalidRequestException "InvalidRequestException" 753// You provided a parameter value that is not valid for the current state of 754// the resource. 755// 756// Possible causes: 757// 758// * You tried to perform the operation on a secret that's currently marked 759// deleted. 760// 761// * You tried to enable rotation on a secret that doesn't already have a 762// Lambda function ARN configured and you didn't include such an ARN as a 763// parameter in this call. 764// 765// * ErrCodeInternalServiceError "InternalServiceError" 766// An error occurred on the server side. 767// 768// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword 769func (c *SecretsManager) GetRandomPassword(input *GetRandomPasswordInput) (*GetRandomPasswordOutput, error) { 770 req, out := c.GetRandomPasswordRequest(input) 771 return out, req.Send() 772} 773 774// GetRandomPasswordWithContext is the same as GetRandomPassword with the addition of 775// the ability to pass a context and additional request options. 776// 777// See GetRandomPassword for details on how to use this API operation. 778// 779// The context must be non-nil and will be used for request cancellation. If 780// the context is nil a panic will occur. In the future the SDK may create 781// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 782// for more information on using Contexts. 783func (c *SecretsManager) GetRandomPasswordWithContext(ctx aws.Context, input *GetRandomPasswordInput, opts ...request.Option) (*GetRandomPasswordOutput, error) { 784 req, out := c.GetRandomPasswordRequest(input) 785 req.SetContext(ctx) 786 req.ApplyOptions(opts...) 787 return out, req.Send() 788} 789 790const opGetResourcePolicy = "GetResourcePolicy" 791 792// GetResourcePolicyRequest generates a "aws/request.Request" representing the 793// client's request for the GetResourcePolicy operation. The "output" return 794// value will be populated with the request's response once the request completes 795// successfully. 796// 797// Use "Send" method on the returned Request to send the API call to the service. 798// the "output" return value is not valid until after Send returns without error. 799// 800// See GetResourcePolicy for more information on using the GetResourcePolicy 801// API call, and error handling. 802// 803// This method is useful when you want to inject custom logic or configuration 804// into the SDK's request lifecycle. Such as custom headers, or retry logic. 805// 806// 807// // Example sending a request using the GetResourcePolicyRequest method. 808// req, resp := client.GetResourcePolicyRequest(params) 809// 810// err := req.Send() 811// if err == nil { // resp is now filled 812// fmt.Println(resp) 813// } 814// 815// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy 816func (c *SecretsManager) GetResourcePolicyRequest(input *GetResourcePolicyInput) (req *request.Request, output *GetResourcePolicyOutput) { 817 op := &request.Operation{ 818 Name: opGetResourcePolicy, 819 HTTPMethod: "POST", 820 HTTPPath: "/", 821 } 822 823 if input == nil { 824 input = &GetResourcePolicyInput{} 825 } 826 827 output = &GetResourcePolicyOutput{} 828 req = c.newRequest(op, input, output) 829 return 830} 831 832// GetResourcePolicy API operation for AWS Secrets Manager. 833// 834// Retrieves the JSON text of the resource-based policy document that's attached 835// to the specified secret. The JSON request string input and response output 836// are shown formatted with white space and line breaks for better readability. 837// Submit your input as a single line JSON string. 838// 839// Minimum permissions 840// 841// To run this command, you must have the following permissions: 842// 843// * secretsmanager:GetResourcePolicy 844// 845// Related operations 846// 847// * To attach a resource policy to a secret, use PutResourcePolicy. 848// 849// * To delete the resource-based policy that's attached to a secret, use 850// DeleteResourcePolicy. 851// 852// * To list all of the currently available secrets, use ListSecrets. 853// 854// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 855// with awserr.Error's Code and Message methods to get detailed information about 856// the error. 857// 858// See the AWS API reference guide for AWS Secrets Manager's 859// API operation GetResourcePolicy for usage and error information. 860// 861// Returned Error Codes: 862// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 863// We can't find the resource that you asked for. 864// 865// * ErrCodeInternalServiceError "InternalServiceError" 866// An error occurred on the server side. 867// 868// * ErrCodeInvalidRequestException "InvalidRequestException" 869// You provided a parameter value that is not valid for the current state of 870// the resource. 871// 872// Possible causes: 873// 874// * You tried to perform the operation on a secret that's currently marked 875// deleted. 876// 877// * You tried to enable rotation on a secret that doesn't already have a 878// Lambda function ARN configured and you didn't include such an ARN as a 879// parameter in this call. 880// 881// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy 882func (c *SecretsManager) GetResourcePolicy(input *GetResourcePolicyInput) (*GetResourcePolicyOutput, error) { 883 req, out := c.GetResourcePolicyRequest(input) 884 return out, req.Send() 885} 886 887// GetResourcePolicyWithContext is the same as GetResourcePolicy with the addition of 888// the ability to pass a context and additional request options. 889// 890// See GetResourcePolicy for details on how to use this API operation. 891// 892// The context must be non-nil and will be used for request cancellation. If 893// the context is nil a panic will occur. In the future the SDK may create 894// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 895// for more information on using Contexts. 896func (c *SecretsManager) GetResourcePolicyWithContext(ctx aws.Context, input *GetResourcePolicyInput, opts ...request.Option) (*GetResourcePolicyOutput, error) { 897 req, out := c.GetResourcePolicyRequest(input) 898 req.SetContext(ctx) 899 req.ApplyOptions(opts...) 900 return out, req.Send() 901} 902 903const opGetSecretValue = "GetSecretValue" 904 905// GetSecretValueRequest generates a "aws/request.Request" representing the 906// client's request for the GetSecretValue operation. The "output" return 907// value will be populated with the request's response once the request completes 908// successfully. 909// 910// Use "Send" method on the returned Request to send the API call to the service. 911// the "output" return value is not valid until after Send returns without error. 912// 913// See GetSecretValue for more information on using the GetSecretValue 914// API call, and error handling. 915// 916// This method is useful when you want to inject custom logic or configuration 917// into the SDK's request lifecycle. Such as custom headers, or retry logic. 918// 919// 920// // Example sending a request using the GetSecretValueRequest method. 921// req, resp := client.GetSecretValueRequest(params) 922// 923// err := req.Send() 924// if err == nil { // resp is now filled 925// fmt.Println(resp) 926// } 927// 928// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue 929func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req *request.Request, output *GetSecretValueOutput) { 930 op := &request.Operation{ 931 Name: opGetSecretValue, 932 HTTPMethod: "POST", 933 HTTPPath: "/", 934 } 935 936 if input == nil { 937 input = &GetSecretValueInput{} 938 } 939 940 output = &GetSecretValueOutput{} 941 req = c.newRequest(op, input, output) 942 return 943} 944 945// GetSecretValue API operation for AWS Secrets Manager. 946// 947// Retrieves the contents of the encrypted fields SecretString or SecretBinary 948// from the specified version of a secret, whichever contains content. 949// 950// Minimum permissions 951// 952// To run this command, you must have the following permissions: 953// 954// * secretsmanager:GetSecretValue 955// 956// * kms:Decrypt - required only if you use a customer-managed AWS KMS key 957// to encrypt the secret. You do not need this permission to use the account's 958// default AWS managed CMK for Secrets Manager. 959// 960// Related operations 961// 962// * To create a new version of the secret with different encrypted information, 963// use PutSecretValue. 964// 965// * To retrieve the non-encrypted details for the secret, use DescribeSecret. 966// 967// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 968// with awserr.Error's Code and Message methods to get detailed information about 969// the error. 970// 971// See the AWS API reference guide for AWS Secrets Manager's 972// API operation GetSecretValue for usage and error information. 973// 974// Returned Error Codes: 975// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 976// We can't find the resource that you asked for. 977// 978// * ErrCodeInvalidParameterException "InvalidParameterException" 979// You provided an invalid value for a parameter. 980// 981// * ErrCodeInvalidRequestException "InvalidRequestException" 982// You provided a parameter value that is not valid for the current state of 983// the resource. 984// 985// Possible causes: 986// 987// * You tried to perform the operation on a secret that's currently marked 988// deleted. 989// 990// * You tried to enable rotation on a secret that doesn't already have a 991// Lambda function ARN configured and you didn't include such an ARN as a 992// parameter in this call. 993// 994// * ErrCodeDecryptionFailure "DecryptionFailure" 995// Secrets Manager can't decrypt the protected secret text using the provided 996// KMS key. 997// 998// * ErrCodeInternalServiceError "InternalServiceError" 999// An error occurred on the server side. 1000// 1001// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue 1002func (c *SecretsManager) GetSecretValue(input *GetSecretValueInput) (*GetSecretValueOutput, error) { 1003 req, out := c.GetSecretValueRequest(input) 1004 return out, req.Send() 1005} 1006 1007// GetSecretValueWithContext is the same as GetSecretValue with the addition of 1008// the ability to pass a context and additional request options. 1009// 1010// See GetSecretValue for details on how to use this API operation. 1011// 1012// The context must be non-nil and will be used for request cancellation. If 1013// the context is nil a panic will occur. In the future the SDK may create 1014// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1015// for more information on using Contexts. 1016func (c *SecretsManager) GetSecretValueWithContext(ctx aws.Context, input *GetSecretValueInput, opts ...request.Option) (*GetSecretValueOutput, error) { 1017 req, out := c.GetSecretValueRequest(input) 1018 req.SetContext(ctx) 1019 req.ApplyOptions(opts...) 1020 return out, req.Send() 1021} 1022 1023const opListSecretVersionIds = "ListSecretVersionIds" 1024 1025// ListSecretVersionIdsRequest generates a "aws/request.Request" representing the 1026// client's request for the ListSecretVersionIds operation. The "output" return 1027// value will be populated with the request's response once the request completes 1028// successfully. 1029// 1030// Use "Send" method on the returned Request to send the API call to the service. 1031// the "output" return value is not valid until after Send returns without error. 1032// 1033// See ListSecretVersionIds for more information on using the ListSecretVersionIds 1034// API call, and error handling. 1035// 1036// This method is useful when you want to inject custom logic or configuration 1037// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1038// 1039// 1040// // Example sending a request using the ListSecretVersionIdsRequest method. 1041// req, resp := client.ListSecretVersionIdsRequest(params) 1042// 1043// err := req.Send() 1044// if err == nil { // resp is now filled 1045// fmt.Println(resp) 1046// } 1047// 1048// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds 1049func (c *SecretsManager) ListSecretVersionIdsRequest(input *ListSecretVersionIdsInput) (req *request.Request, output *ListSecretVersionIdsOutput) { 1050 op := &request.Operation{ 1051 Name: opListSecretVersionIds, 1052 HTTPMethod: "POST", 1053 HTTPPath: "/", 1054 Paginator: &request.Paginator{ 1055 InputTokens: []string{"NextToken"}, 1056 OutputTokens: []string{"NextToken"}, 1057 LimitToken: "MaxResults", 1058 TruncationToken: "", 1059 }, 1060 } 1061 1062 if input == nil { 1063 input = &ListSecretVersionIdsInput{} 1064 } 1065 1066 output = &ListSecretVersionIdsOutput{} 1067 req = c.newRequest(op, input, output) 1068 return 1069} 1070 1071// ListSecretVersionIds API operation for AWS Secrets Manager. 1072// 1073// Lists all of the versions attached to the specified secret. The output does 1074// not include the SecretString or SecretBinary fields. By default, the list 1075// includes only versions that have at least one staging label in VersionStage 1076// attached. 1077// 1078// Always check the NextToken response parameter when calling any of the List* 1079// operations. These operations can occasionally return an empty or shorter 1080// than expected list of results even when there are more results available. 1081// When this happens, the NextToken response parameter contains a value to pass 1082// to the next call to the same API to request the next part of the list. 1083// 1084// Minimum permissions 1085// 1086// To run this command, you must have the following permissions: 1087// 1088// * secretsmanager:ListSecretVersionIds 1089// 1090// Related operations 1091// 1092// * To list the secrets in an account, use ListSecrets. 1093// 1094// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1095// with awserr.Error's Code and Message methods to get detailed information about 1096// the error. 1097// 1098// See the AWS API reference guide for AWS Secrets Manager's 1099// API operation ListSecretVersionIds for usage and error information. 1100// 1101// Returned Error Codes: 1102// * ErrCodeInvalidNextTokenException "InvalidNextTokenException" 1103// You provided an invalid NextToken value. 1104// 1105// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1106// We can't find the resource that you asked for. 1107// 1108// * ErrCodeInternalServiceError "InternalServiceError" 1109// An error occurred on the server side. 1110// 1111// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds 1112func (c *SecretsManager) ListSecretVersionIds(input *ListSecretVersionIdsInput) (*ListSecretVersionIdsOutput, error) { 1113 req, out := c.ListSecretVersionIdsRequest(input) 1114 return out, req.Send() 1115} 1116 1117// ListSecretVersionIdsWithContext is the same as ListSecretVersionIds with the addition of 1118// the ability to pass a context and additional request options. 1119// 1120// See ListSecretVersionIds for details on how to use this API operation. 1121// 1122// The context must be non-nil and will be used for request cancellation. If 1123// the context is nil a panic will occur. In the future the SDK may create 1124// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1125// for more information on using Contexts. 1126func (c *SecretsManager) ListSecretVersionIdsWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, opts ...request.Option) (*ListSecretVersionIdsOutput, error) { 1127 req, out := c.ListSecretVersionIdsRequest(input) 1128 req.SetContext(ctx) 1129 req.ApplyOptions(opts...) 1130 return out, req.Send() 1131} 1132 1133// ListSecretVersionIdsPages iterates over the pages of a ListSecretVersionIds operation, 1134// calling the "fn" function with the response data for each page. To stop 1135// iterating, return false from the fn function. 1136// 1137// See ListSecretVersionIds method for more information on how to use this operation. 1138// 1139// Note: This operation can generate multiple requests to a service. 1140// 1141// // Example iterating over at most 3 pages of a ListSecretVersionIds operation. 1142// pageNum := 0 1143// err := client.ListSecretVersionIdsPages(params, 1144// func(page *secretsmanager.ListSecretVersionIdsOutput, lastPage bool) bool { 1145// pageNum++ 1146// fmt.Println(page) 1147// return pageNum <= 3 1148// }) 1149// 1150func (c *SecretsManager) ListSecretVersionIdsPages(input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool) error { 1151 return c.ListSecretVersionIdsPagesWithContext(aws.BackgroundContext(), input, fn) 1152} 1153 1154// ListSecretVersionIdsPagesWithContext same as ListSecretVersionIdsPages except 1155// it takes a Context and allows setting request options on the pages. 1156// 1157// The context must be non-nil and will be used for request cancellation. If 1158// the context is nil a panic will occur. In the future the SDK may create 1159// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1160// for more information on using Contexts. 1161func (c *SecretsManager) ListSecretVersionIdsPagesWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool, opts ...request.Option) error { 1162 p := request.Pagination{ 1163 NewRequest: func() (*request.Request, error) { 1164 var inCpy *ListSecretVersionIdsInput 1165 if input != nil { 1166 tmp := *input 1167 inCpy = &tmp 1168 } 1169 req, _ := c.ListSecretVersionIdsRequest(inCpy) 1170 req.SetContext(ctx) 1171 req.ApplyOptions(opts...) 1172 return req, nil 1173 }, 1174 } 1175 1176 cont := true 1177 for p.Next() && cont { 1178 cont = fn(p.Page().(*ListSecretVersionIdsOutput), !p.HasNextPage()) 1179 } 1180 return p.Err() 1181} 1182 1183const opListSecrets = "ListSecrets" 1184 1185// ListSecretsRequest generates a "aws/request.Request" representing the 1186// client's request for the ListSecrets operation. The "output" return 1187// value will be populated with the request's response once the request completes 1188// successfully. 1189// 1190// Use "Send" method on the returned Request to send the API call to the service. 1191// the "output" return value is not valid until after Send returns without error. 1192// 1193// See ListSecrets for more information on using the ListSecrets 1194// API call, and error handling. 1195// 1196// This method is useful when you want to inject custom logic or configuration 1197// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1198// 1199// 1200// // Example sending a request using the ListSecretsRequest method. 1201// req, resp := client.ListSecretsRequest(params) 1202// 1203// err := req.Send() 1204// if err == nil { // resp is now filled 1205// fmt.Println(resp) 1206// } 1207// 1208// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets 1209func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) (req *request.Request, output *ListSecretsOutput) { 1210 op := &request.Operation{ 1211 Name: opListSecrets, 1212 HTTPMethod: "POST", 1213 HTTPPath: "/", 1214 Paginator: &request.Paginator{ 1215 InputTokens: []string{"NextToken"}, 1216 OutputTokens: []string{"NextToken"}, 1217 LimitToken: "MaxResults", 1218 TruncationToken: "", 1219 }, 1220 } 1221 1222 if input == nil { 1223 input = &ListSecretsInput{} 1224 } 1225 1226 output = &ListSecretsOutput{} 1227 req = c.newRequest(op, input, output) 1228 return 1229} 1230 1231// ListSecrets API operation for AWS Secrets Manager. 1232// 1233// Lists all of the secrets that are stored by Secrets Manager in the AWS account. 1234// To list the versions currently stored for a specific secret, use ListSecretVersionIds. 1235// The encrypted fields SecretString and SecretBinary are not included in the 1236// output. To get that information, call the GetSecretValue operation. 1237// 1238// Always check the NextToken response parameter when calling any of the List* 1239// operations. These operations can occasionally return an empty or shorter 1240// than expected list of results even when there are more results available. 1241// When this happens, the NextToken response parameter contains a value to pass 1242// to the next call to the same API to request the next part of the list. 1243// 1244// Minimum permissions 1245// 1246// To run this command, you must have the following permissions: 1247// 1248// * secretsmanager:ListSecrets 1249// 1250// Related operations 1251// 1252// * To list the versions attached to a secret, use ListSecretVersionIds. 1253// 1254// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1255// with awserr.Error's Code and Message methods to get detailed information about 1256// the error. 1257// 1258// See the AWS API reference guide for AWS Secrets Manager's 1259// API operation ListSecrets for usage and error information. 1260// 1261// Returned Error Codes: 1262// * ErrCodeInvalidParameterException "InvalidParameterException" 1263// You provided an invalid value for a parameter. 1264// 1265// * ErrCodeInvalidNextTokenException "InvalidNextTokenException" 1266// You provided an invalid NextToken value. 1267// 1268// * ErrCodeInternalServiceError "InternalServiceError" 1269// An error occurred on the server side. 1270// 1271// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets 1272func (c *SecretsManager) ListSecrets(input *ListSecretsInput) (*ListSecretsOutput, error) { 1273 req, out := c.ListSecretsRequest(input) 1274 return out, req.Send() 1275} 1276 1277// ListSecretsWithContext is the same as ListSecrets with the addition of 1278// the ability to pass a context and additional request options. 1279// 1280// See ListSecrets for details on how to use this API operation. 1281// 1282// The context must be non-nil and will be used for request cancellation. If 1283// the context is nil a panic will occur. In the future the SDK may create 1284// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1285// for more information on using Contexts. 1286func (c *SecretsManager) ListSecretsWithContext(ctx aws.Context, input *ListSecretsInput, opts ...request.Option) (*ListSecretsOutput, error) { 1287 req, out := c.ListSecretsRequest(input) 1288 req.SetContext(ctx) 1289 req.ApplyOptions(opts...) 1290 return out, req.Send() 1291} 1292 1293// ListSecretsPages iterates over the pages of a ListSecrets operation, 1294// calling the "fn" function with the response data for each page. To stop 1295// iterating, return false from the fn function. 1296// 1297// See ListSecrets method for more information on how to use this operation. 1298// 1299// Note: This operation can generate multiple requests to a service. 1300// 1301// // Example iterating over at most 3 pages of a ListSecrets operation. 1302// pageNum := 0 1303// err := client.ListSecretsPages(params, 1304// func(page *secretsmanager.ListSecretsOutput, lastPage bool) bool { 1305// pageNum++ 1306// fmt.Println(page) 1307// return pageNum <= 3 1308// }) 1309// 1310func (c *SecretsManager) ListSecretsPages(input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool) error { 1311 return c.ListSecretsPagesWithContext(aws.BackgroundContext(), input, fn) 1312} 1313 1314// ListSecretsPagesWithContext same as ListSecretsPages except 1315// it takes a Context and allows setting request options on the pages. 1316// 1317// The context must be non-nil and will be used for request cancellation. If 1318// the context is nil a panic will occur. In the future the SDK may create 1319// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1320// for more information on using Contexts. 1321func (c *SecretsManager) ListSecretsPagesWithContext(ctx aws.Context, input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool, opts ...request.Option) error { 1322 p := request.Pagination{ 1323 NewRequest: func() (*request.Request, error) { 1324 var inCpy *ListSecretsInput 1325 if input != nil { 1326 tmp := *input 1327 inCpy = &tmp 1328 } 1329 req, _ := c.ListSecretsRequest(inCpy) 1330 req.SetContext(ctx) 1331 req.ApplyOptions(opts...) 1332 return req, nil 1333 }, 1334 } 1335 1336 cont := true 1337 for p.Next() && cont { 1338 cont = fn(p.Page().(*ListSecretsOutput), !p.HasNextPage()) 1339 } 1340 return p.Err() 1341} 1342 1343const opPutResourcePolicy = "PutResourcePolicy" 1344 1345// PutResourcePolicyRequest generates a "aws/request.Request" representing the 1346// client's request for the PutResourcePolicy operation. The "output" return 1347// value will be populated with the request's response once the request completes 1348// successfully. 1349// 1350// Use "Send" method on the returned Request to send the API call to the service. 1351// the "output" return value is not valid until after Send returns without error. 1352// 1353// See PutResourcePolicy for more information on using the PutResourcePolicy 1354// API call, and error handling. 1355// 1356// This method is useful when you want to inject custom logic or configuration 1357// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1358// 1359// 1360// // Example sending a request using the PutResourcePolicyRequest method. 1361// req, resp := client.PutResourcePolicyRequest(params) 1362// 1363// err := req.Send() 1364// if err == nil { // resp is now filled 1365// fmt.Println(resp) 1366// } 1367// 1368// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy 1369func (c *SecretsManager) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) { 1370 op := &request.Operation{ 1371 Name: opPutResourcePolicy, 1372 HTTPMethod: "POST", 1373 HTTPPath: "/", 1374 } 1375 1376 if input == nil { 1377 input = &PutResourcePolicyInput{} 1378 } 1379 1380 output = &PutResourcePolicyOutput{} 1381 req = c.newRequest(op, input, output) 1382 return 1383} 1384 1385// PutResourcePolicy API operation for AWS Secrets Manager. 1386// 1387// Attaches the contents of the specified resource-based permission policy to 1388// a secret. A resource-based policy is optional. Alternatively, you can use 1389// IAM identity-based policies that specify the secret's Amazon Resource Name 1390// (ARN) in the policy statement's Resources element. You can also use a combination 1391// of both identity-based and resource-based policies. The affected users and 1392// roles receive the permissions that are permitted by all of the relevant policies. 1393// For more information, see Using Resource-Based Policies for AWS Secrets Manager 1394// (http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). 1395// For the complete description of the AWS policy syntax and grammar, see IAM 1396// JSON Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) 1397// in the IAM User Guide. 1398// 1399// Minimum permissions 1400// 1401// To run this command, you must have the following permissions: 1402// 1403// * secretsmanager:PutResourcePolicy 1404// 1405// Related operations 1406// 1407// * To retrieve the resource policy that's attached to a secret, use GetResourcePolicy. 1408// 1409// * To delete the resource-based policy that's attached to a secret, use 1410// DeleteResourcePolicy. 1411// 1412// * To list all of the currently available secrets, use ListSecrets. 1413// 1414// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1415// with awserr.Error's Code and Message methods to get detailed information about 1416// the error. 1417// 1418// See the AWS API reference guide for AWS Secrets Manager's 1419// API operation PutResourcePolicy for usage and error information. 1420// 1421// Returned Error Codes: 1422// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 1423// The policy document that you provided isn't valid. 1424// 1425// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1426// We can't find the resource that you asked for. 1427// 1428// * ErrCodeInvalidParameterException "InvalidParameterException" 1429// You provided an invalid value for a parameter. 1430// 1431// * ErrCodeInternalServiceError "InternalServiceError" 1432// An error occurred on the server side. 1433// 1434// * ErrCodeInvalidRequestException "InvalidRequestException" 1435// You provided a parameter value that is not valid for the current state of 1436// the resource. 1437// 1438// Possible causes: 1439// 1440// * You tried to perform the operation on a secret that's currently marked 1441// deleted. 1442// 1443// * You tried to enable rotation on a secret that doesn't already have a 1444// Lambda function ARN configured and you didn't include such an ARN as a 1445// parameter in this call. 1446// 1447// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy 1448func (c *SecretsManager) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) { 1449 req, out := c.PutResourcePolicyRequest(input) 1450 return out, req.Send() 1451} 1452 1453// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of 1454// the ability to pass a context and additional request options. 1455// 1456// See PutResourcePolicy for details on how to use this API operation. 1457// 1458// The context must be non-nil and will be used for request cancellation. If 1459// the context is nil a panic will occur. In the future the SDK may create 1460// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1461// for more information on using Contexts. 1462func (c *SecretsManager) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) { 1463 req, out := c.PutResourcePolicyRequest(input) 1464 req.SetContext(ctx) 1465 req.ApplyOptions(opts...) 1466 return out, req.Send() 1467} 1468 1469const opPutSecretValue = "PutSecretValue" 1470 1471// PutSecretValueRequest generates a "aws/request.Request" representing the 1472// client's request for the PutSecretValue operation. The "output" return 1473// value will be populated with the request's response once the request completes 1474// successfully. 1475// 1476// Use "Send" method on the returned Request to send the API call to the service. 1477// the "output" return value is not valid until after Send returns without error. 1478// 1479// See PutSecretValue for more information on using the PutSecretValue 1480// API call, and error handling. 1481// 1482// This method is useful when you want to inject custom logic or configuration 1483// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1484// 1485// 1486// // Example sending a request using the PutSecretValueRequest method. 1487// req, resp := client.PutSecretValueRequest(params) 1488// 1489// err := req.Send() 1490// if err == nil { // resp is now filled 1491// fmt.Println(resp) 1492// } 1493// 1494// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue 1495func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req *request.Request, output *PutSecretValueOutput) { 1496 op := &request.Operation{ 1497 Name: opPutSecretValue, 1498 HTTPMethod: "POST", 1499 HTTPPath: "/", 1500 } 1501 1502 if input == nil { 1503 input = &PutSecretValueInput{} 1504 } 1505 1506 output = &PutSecretValueOutput{} 1507 req = c.newRequest(op, input, output) 1508 return 1509} 1510 1511// PutSecretValue API operation for AWS Secrets Manager. 1512// 1513// Stores a new encrypted secret value in the specified secret. To do this, 1514// the operation creates a new version and attaches it to the secret. The version 1515// can contain a new SecretString value or a new SecretBinary value. You can 1516// also specify the staging labels that are initially attached to the new version. 1517// 1518// The Secrets Manager console uses only the SecretString field. To add binary 1519// data to a secret with the SecretBinary field you must use the AWS CLI or 1520// one of the AWS SDKs. 1521// 1522// * If this operation creates the first version for the secret then Secrets 1523// Manager automatically attaches the staging label AWSCURRENT to the new 1524// version. 1525// 1526// * If another version of this secret already exists, then this operation 1527// does not automatically move any staging labels other than those that you 1528// explicitly specify in the VersionStages parameter. 1529// 1530// * If this operation moves the staging label AWSCURRENT from another version 1531// to this version (because you included it in the StagingLabels parameter) 1532// then Secrets Manager also automatically moves the staging label AWSPREVIOUS 1533// to the version that AWSCURRENT was removed from. 1534// 1535// * This operation is idempotent. If a version with a VersionId with the 1536// same value as the ClientRequestToken parameter already exists and you 1537// specify the same secret data, the operation succeeds but does nothing. 1538// However, if the secret data is different, then the operation fails because 1539// you cannot modify an existing version; you can only create new ones. 1540// 1541// * If you call an operation that needs to encrypt or decrypt the SecretString 1542// or SecretBinary for a secret in the same account as the calling user and 1543// that secret doesn't specify a AWS KMS encryption key, Secrets Manager 1544// uses the account's default AWS managed customer master key (CMK) with 1545// the alias aws/secretsmanager. If this key doesn't already exist in your 1546// account then Secrets Manager creates it for you automatically. All users 1547// and roles in the same AWS account automatically have access to use the 1548// default CMK. Note that if an Secrets Manager API call results in AWS having 1549// to create the account's AWS-managed CMK, it can result in a one-time significant 1550// delay in returning the result. 1551// 1552// * If the secret is in a different AWS account from the credentials calling 1553// an API that requires encryption or decryption of the secret value then 1554// you must create and use a custom AWS KMS CMK because you can't access 1555// the default CMK for the account using credentials from a different AWS 1556// account. Store the ARN of the CMK in the secret when you create the secret 1557// or when you update it by including it in the KMSKeyId. If you call an 1558// API that must encrypt or decrypt SecretString or SecretBinary using credentials 1559// from a different account then the AWS KMS key policy must grant cross-account 1560// access to that other account's user or role for both the kms:GenerateDataKey 1561// and kms:Decrypt operations. 1562// 1563// Minimum permissions 1564// 1565// To run this command, you must have the following permissions: 1566// 1567// * secretsmanager:PutSecretValue 1568// 1569// * kms:GenerateDataKey - needed only if you use a customer-managed AWS 1570// KMS key to encrypt the secret. You do not need this permission to use 1571// the account's default AWS managed CMK for Secrets Manager. 1572// 1573// Related operations 1574// 1575// * To retrieve the encrypted value you store in the version of a secret, 1576// use GetSecretValue. 1577// 1578// * To create a secret, use CreateSecret. 1579// 1580// * To get the details for a secret, use DescribeSecret. 1581// 1582// * To list the versions attached to a secret, use ListSecretVersionIds. 1583// 1584// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1585// with awserr.Error's Code and Message methods to get detailed information about 1586// the error. 1587// 1588// See the AWS API reference guide for AWS Secrets Manager's 1589// API operation PutSecretValue for usage and error information. 1590// 1591// Returned Error Codes: 1592// * ErrCodeInvalidParameterException "InvalidParameterException" 1593// You provided an invalid value for a parameter. 1594// 1595// * ErrCodeInvalidRequestException "InvalidRequestException" 1596// You provided a parameter value that is not valid for the current state of 1597// the resource. 1598// 1599// Possible causes: 1600// 1601// * You tried to perform the operation on a secret that's currently marked 1602// deleted. 1603// 1604// * You tried to enable rotation on a secret that doesn't already have a 1605// Lambda function ARN configured and you didn't include such an ARN as a 1606// parameter in this call. 1607// 1608// * ErrCodeLimitExceededException "LimitExceededException" 1609// The request failed because it would exceed one of the Secrets Manager internal 1610// limits. 1611// 1612// * ErrCodeEncryptionFailure "EncryptionFailure" 1613// Secrets Manager can't encrypt the protected secret text using the provided 1614// KMS key. Check that the customer master key (CMK) is available, enabled, 1615// and not in an invalid state. For more information, see How Key State Affects 1616// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 1617// 1618// * ErrCodeResourceExistsException "ResourceExistsException" 1619// A resource with the ID you requested already exists. 1620// 1621// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1622// We can't find the resource that you asked for. 1623// 1624// * ErrCodeInternalServiceError "InternalServiceError" 1625// An error occurred on the server side. 1626// 1627// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue 1628func (c *SecretsManager) PutSecretValue(input *PutSecretValueInput) (*PutSecretValueOutput, error) { 1629 req, out := c.PutSecretValueRequest(input) 1630 return out, req.Send() 1631} 1632 1633// PutSecretValueWithContext is the same as PutSecretValue with the addition of 1634// the ability to pass a context and additional request options. 1635// 1636// See PutSecretValue for details on how to use this API operation. 1637// 1638// The context must be non-nil and will be used for request cancellation. If 1639// the context is nil a panic will occur. In the future the SDK may create 1640// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1641// for more information on using Contexts. 1642func (c *SecretsManager) PutSecretValueWithContext(ctx aws.Context, input *PutSecretValueInput, opts ...request.Option) (*PutSecretValueOutput, error) { 1643 req, out := c.PutSecretValueRequest(input) 1644 req.SetContext(ctx) 1645 req.ApplyOptions(opts...) 1646 return out, req.Send() 1647} 1648 1649const opRestoreSecret = "RestoreSecret" 1650 1651// RestoreSecretRequest generates a "aws/request.Request" representing the 1652// client's request for the RestoreSecret operation. The "output" return 1653// value will be populated with the request's response once the request completes 1654// successfully. 1655// 1656// Use "Send" method on the returned Request to send the API call to the service. 1657// the "output" return value is not valid until after Send returns without error. 1658// 1659// See RestoreSecret for more information on using the RestoreSecret 1660// API call, and error handling. 1661// 1662// This method is useful when you want to inject custom logic or configuration 1663// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1664// 1665// 1666// // Example sending a request using the RestoreSecretRequest method. 1667// req, resp := client.RestoreSecretRequest(params) 1668// 1669// err := req.Send() 1670// if err == nil { // resp is now filled 1671// fmt.Println(resp) 1672// } 1673// 1674// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret 1675func (c *SecretsManager) RestoreSecretRequest(input *RestoreSecretInput) (req *request.Request, output *RestoreSecretOutput) { 1676 op := &request.Operation{ 1677 Name: opRestoreSecret, 1678 HTTPMethod: "POST", 1679 HTTPPath: "/", 1680 } 1681 1682 if input == nil { 1683 input = &RestoreSecretInput{} 1684 } 1685 1686 output = &RestoreSecretOutput{} 1687 req = c.newRequest(op, input, output) 1688 return 1689} 1690 1691// RestoreSecret API operation for AWS Secrets Manager. 1692// 1693// Cancels the scheduled deletion of a secret by removing the DeletedDate time 1694// stamp. This makes the secret accessible to query once again. 1695// 1696// Minimum permissions 1697// 1698// To run this command, you must have the following permissions: 1699// 1700// * secretsmanager:RestoreSecret 1701// 1702// Related operations 1703// 1704// * To delete a secret, use DeleteSecret. 1705// 1706// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1707// with awserr.Error's Code and Message methods to get detailed information about 1708// the error. 1709// 1710// See the AWS API reference guide for AWS Secrets Manager's 1711// API operation RestoreSecret for usage and error information. 1712// 1713// Returned Error Codes: 1714// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1715// We can't find the resource that you asked for. 1716// 1717// * ErrCodeInvalidParameterException "InvalidParameterException" 1718// You provided an invalid value for a parameter. 1719// 1720// * ErrCodeInvalidRequestException "InvalidRequestException" 1721// You provided a parameter value that is not valid for the current state of 1722// the resource. 1723// 1724// Possible causes: 1725// 1726// * You tried to perform the operation on a secret that's currently marked 1727// deleted. 1728// 1729// * You tried to enable rotation on a secret that doesn't already have a 1730// Lambda function ARN configured and you didn't include such an ARN as a 1731// parameter in this call. 1732// 1733// * ErrCodeInternalServiceError "InternalServiceError" 1734// An error occurred on the server side. 1735// 1736// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret 1737func (c *SecretsManager) RestoreSecret(input *RestoreSecretInput) (*RestoreSecretOutput, error) { 1738 req, out := c.RestoreSecretRequest(input) 1739 return out, req.Send() 1740} 1741 1742// RestoreSecretWithContext is the same as RestoreSecret with the addition of 1743// the ability to pass a context and additional request options. 1744// 1745// See RestoreSecret for details on how to use this API operation. 1746// 1747// The context must be non-nil and will be used for request cancellation. If 1748// the context is nil a panic will occur. In the future the SDK may create 1749// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1750// for more information on using Contexts. 1751func (c *SecretsManager) RestoreSecretWithContext(ctx aws.Context, input *RestoreSecretInput, opts ...request.Option) (*RestoreSecretOutput, error) { 1752 req, out := c.RestoreSecretRequest(input) 1753 req.SetContext(ctx) 1754 req.ApplyOptions(opts...) 1755 return out, req.Send() 1756} 1757 1758const opRotateSecret = "RotateSecret" 1759 1760// RotateSecretRequest generates a "aws/request.Request" representing the 1761// client's request for the RotateSecret operation. The "output" return 1762// value will be populated with the request's response once the request completes 1763// successfully. 1764// 1765// Use "Send" method on the returned Request to send the API call to the service. 1766// the "output" return value is not valid until after Send returns without error. 1767// 1768// See RotateSecret for more information on using the RotateSecret 1769// API call, and error handling. 1770// 1771// This method is useful when you want to inject custom logic or configuration 1772// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1773// 1774// 1775// // Example sending a request using the RotateSecretRequest method. 1776// req, resp := client.RotateSecretRequest(params) 1777// 1778// err := req.Send() 1779// if err == nil { // resp is now filled 1780// fmt.Println(resp) 1781// } 1782// 1783// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret 1784func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) (req *request.Request, output *RotateSecretOutput) { 1785 op := &request.Operation{ 1786 Name: opRotateSecret, 1787 HTTPMethod: "POST", 1788 HTTPPath: "/", 1789 } 1790 1791 if input == nil { 1792 input = &RotateSecretInput{} 1793 } 1794 1795 output = &RotateSecretOutput{} 1796 req = c.newRequest(op, input, output) 1797 return 1798} 1799 1800// RotateSecret API operation for AWS Secrets Manager. 1801// 1802// Configures and starts the asynchronous process of rotating this secret. If 1803// you include the configuration parameters, the operation sets those values 1804// for the secret and then immediately starts a rotation. If you do not include 1805// the configuration parameters, the operation starts a rotation with the values 1806// already stored in the secret. After the rotation completes, the protected 1807// service and its clients all use the new version of the secret. 1808// 1809// This required configuration information includes the ARN of an AWS Lambda 1810// function and the time between scheduled rotations. The Lambda rotation function 1811// creates a new version of the secret and creates or updates the credentials 1812// on the protected service to match. After testing the new credentials, the 1813// function marks the new secret with the staging label AWSCURRENT so that your 1814// clients all immediately begin to use the new version. For more information 1815// about rotating secrets and how to configure a Lambda function to rotate the 1816// secrets for your protected service, see Rotating Secrets in AWS Secrets Manager 1817// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) 1818// in the AWS Secrets Manager User Guide. 1819// 1820// Secrets Manager schedules the next rotation when the previous one is complete. 1821// Secrets Manager schedules the date by adding the rotation interval (number 1822// of days) to the actual date of the last rotation. The service chooses the 1823// hour within that 24-hour date window randomly. The minute is also chosen 1824// somewhat randomly, but weighted towards the top of the hour and influenced 1825// by a variety of factors that help distribute load. 1826// 1827// The rotation function must end with the versions of the secret in one of 1828// two states: 1829// 1830// * The AWSPENDING and AWSCURRENT staging labels are attached to the same 1831// version of the secret, or 1832// 1833// * The AWSPENDING staging label is not attached to any version of the secret. 1834// 1835// If instead the AWSPENDING staging label is present but is not attached to 1836// the same version as AWSCURRENT then any later invocation of RotateSecret 1837// assumes that a previous rotation request is still in progress and returns 1838// an error. 1839// 1840// Minimum permissions 1841// 1842// To run this command, you must have the following permissions: 1843// 1844// * secretsmanager:RotateSecret 1845// 1846// * lambda:InvokeFunction (on the function specified in the secret's metadata) 1847// 1848// Related operations 1849// 1850// * To list the secrets in your account, use ListSecrets. 1851// 1852// * To get the details for a version of a secret, use DescribeSecret. 1853// 1854// * To create a new version of a secret, use CreateSecret. 1855// 1856// * To attach staging labels to or remove staging labels from a version 1857// of a secret, use UpdateSecretVersionStage. 1858// 1859// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1860// with awserr.Error's Code and Message methods to get detailed information about 1861// the error. 1862// 1863// See the AWS API reference guide for AWS Secrets Manager's 1864// API operation RotateSecret for usage and error information. 1865// 1866// Returned Error Codes: 1867// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1868// We can't find the resource that you asked for. 1869// 1870// * ErrCodeInvalidParameterException "InvalidParameterException" 1871// You provided an invalid value for a parameter. 1872// 1873// * ErrCodeInternalServiceError "InternalServiceError" 1874// An error occurred on the server side. 1875// 1876// * ErrCodeInvalidRequestException "InvalidRequestException" 1877// You provided a parameter value that is not valid for the current state of 1878// the resource. 1879// 1880// Possible causes: 1881// 1882// * You tried to perform the operation on a secret that's currently marked 1883// deleted. 1884// 1885// * You tried to enable rotation on a secret that doesn't already have a 1886// Lambda function ARN configured and you didn't include such an ARN as a 1887// parameter in this call. 1888// 1889// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret 1890func (c *SecretsManager) RotateSecret(input *RotateSecretInput) (*RotateSecretOutput, error) { 1891 req, out := c.RotateSecretRequest(input) 1892 return out, req.Send() 1893} 1894 1895// RotateSecretWithContext is the same as RotateSecret with the addition of 1896// the ability to pass a context and additional request options. 1897// 1898// See RotateSecret for details on how to use this API operation. 1899// 1900// The context must be non-nil and will be used for request cancellation. If 1901// the context is nil a panic will occur. In the future the SDK may create 1902// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1903// for more information on using Contexts. 1904func (c *SecretsManager) RotateSecretWithContext(ctx aws.Context, input *RotateSecretInput, opts ...request.Option) (*RotateSecretOutput, error) { 1905 req, out := c.RotateSecretRequest(input) 1906 req.SetContext(ctx) 1907 req.ApplyOptions(opts...) 1908 return out, req.Send() 1909} 1910 1911const opTagResource = "TagResource" 1912 1913// TagResourceRequest generates a "aws/request.Request" representing the 1914// client's request for the TagResource operation. The "output" return 1915// value will be populated with the request's response once the request completes 1916// successfully. 1917// 1918// Use "Send" method on the returned Request to send the API call to the service. 1919// the "output" return value is not valid until after Send returns without error. 1920// 1921// See TagResource for more information on using the TagResource 1922// API call, and error handling. 1923// 1924// This method is useful when you want to inject custom logic or configuration 1925// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1926// 1927// 1928// // Example sending a request using the TagResourceRequest method. 1929// req, resp := client.TagResourceRequest(params) 1930// 1931// err := req.Send() 1932// if err == nil { // resp is now filled 1933// fmt.Println(resp) 1934// } 1935// 1936// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource 1937func (c *SecretsManager) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { 1938 op := &request.Operation{ 1939 Name: opTagResource, 1940 HTTPMethod: "POST", 1941 HTTPPath: "/", 1942 } 1943 1944 if input == nil { 1945 input = &TagResourceInput{} 1946 } 1947 1948 output = &TagResourceOutput{} 1949 req = c.newRequest(op, input, output) 1950 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1951 return 1952} 1953 1954// TagResource API operation for AWS Secrets Manager. 1955// 1956// Attaches one or more tags, each consisting of a key name and a value, to 1957// the specified secret. Tags are part of the secret's overall metadata, and 1958// are not associated with any specific version of the secret. This operation 1959// only appends tags to the existing list of tags. To remove tags, you must 1960// use UntagResource. 1961// 1962// The following basic restrictions apply to tags: 1963// 1964// * Maximum number of tags per secret—50 1965// 1966// * Maximum key length—127 Unicode characters in UTF-8 1967// 1968// * Maximum value length—255 Unicode characters in UTF-8 1969// 1970// * Tag keys and values are case sensitive. 1971// 1972// * Do not use the aws: prefix in your tag names or values because it is 1973// reserved for AWS use. You can't edit or delete tag names or values with 1974// this prefix. Tags with this prefix do not count against your tags per 1975// secret limit. 1976// 1977// * If your tagging schema will be used across multiple services and resources, 1978// remember that other services might have restrictions on allowed characters. 1979// Generally allowed characters are: letters, spaces, and numbers representable 1980// in UTF-8, plus the following special characters: + - = . _ : / @. 1981// 1982// If you use tags as part of your security strategy, then adding or removing 1983// a tag can change permissions. If successfully completing this operation would 1984// result in you losing your permissions for this secret, then the operation 1985// is blocked and returns an Access Denied error. 1986// 1987// Minimum permissions 1988// 1989// To run this command, you must have the following permissions: 1990// 1991// * secretsmanager:TagResource 1992// 1993// Related operations 1994// 1995// * To remove one or more tags from the collection attached to a secret, 1996// use UntagResource. 1997// 1998// * To view the list of tags attached to a secret, use DescribeSecret. 1999// 2000// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2001// with awserr.Error's Code and Message methods to get detailed information about 2002// the error. 2003// 2004// See the AWS API reference guide for AWS Secrets Manager's 2005// API operation TagResource for usage and error information. 2006// 2007// Returned Error Codes: 2008// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 2009// We can't find the resource that you asked for. 2010// 2011// * ErrCodeInvalidRequestException "InvalidRequestException" 2012// You provided a parameter value that is not valid for the current state of 2013// the resource. 2014// 2015// Possible causes: 2016// 2017// * You tried to perform the operation on a secret that's currently marked 2018// deleted. 2019// 2020// * You tried to enable rotation on a secret that doesn't already have a 2021// Lambda function ARN configured and you didn't include such an ARN as a 2022// parameter in this call. 2023// 2024// * ErrCodeInvalidParameterException "InvalidParameterException" 2025// You provided an invalid value for a parameter. 2026// 2027// * ErrCodeInternalServiceError "InternalServiceError" 2028// An error occurred on the server side. 2029// 2030// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource 2031func (c *SecretsManager) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { 2032 req, out := c.TagResourceRequest(input) 2033 return out, req.Send() 2034} 2035 2036// TagResourceWithContext is the same as TagResource with the addition of 2037// the ability to pass a context and additional request options. 2038// 2039// See TagResource for details on how to use this API operation. 2040// 2041// The context must be non-nil and will be used for request cancellation. If 2042// the context is nil a panic will occur. In the future the SDK may create 2043// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2044// for more information on using Contexts. 2045func (c *SecretsManager) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { 2046 req, out := c.TagResourceRequest(input) 2047 req.SetContext(ctx) 2048 req.ApplyOptions(opts...) 2049 return out, req.Send() 2050} 2051 2052const opUntagResource = "UntagResource" 2053 2054// UntagResourceRequest generates a "aws/request.Request" representing the 2055// client's request for the UntagResource operation. The "output" return 2056// value will be populated with the request's response once the request completes 2057// successfully. 2058// 2059// Use "Send" method on the returned Request to send the API call to the service. 2060// the "output" return value is not valid until after Send returns without error. 2061// 2062// See UntagResource for more information on using the UntagResource 2063// API call, and error handling. 2064// 2065// This method is useful when you want to inject custom logic or configuration 2066// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2067// 2068// 2069// // Example sending a request using the UntagResourceRequest method. 2070// req, resp := client.UntagResourceRequest(params) 2071// 2072// err := req.Send() 2073// if err == nil { // resp is now filled 2074// fmt.Println(resp) 2075// } 2076// 2077// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource 2078func (c *SecretsManager) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { 2079 op := &request.Operation{ 2080 Name: opUntagResource, 2081 HTTPMethod: "POST", 2082 HTTPPath: "/", 2083 } 2084 2085 if input == nil { 2086 input = &UntagResourceInput{} 2087 } 2088 2089 output = &UntagResourceOutput{} 2090 req = c.newRequest(op, input, output) 2091 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2092 return 2093} 2094 2095// UntagResource API operation for AWS Secrets Manager. 2096// 2097// Removes one or more tags from the specified secret. 2098// 2099// This operation is idempotent. If a requested tag is not attached to the secret, 2100// no error is returned and the secret metadata is unchanged. 2101// 2102// If you use tags as part of your security strategy, then removing a tag can 2103// change permissions. If successfully completing this operation would result 2104// in you losing your permissions for this secret, then the operation is blocked 2105// and returns an Access Denied error. 2106// 2107// Minimum permissions 2108// 2109// To run this command, you must have the following permissions: 2110// 2111// * secretsmanager:UntagResource 2112// 2113// Related operations 2114// 2115// * To add one or more tags to the collection attached to a secret, use 2116// TagResource. 2117// 2118// * To view the list of tags attached to a secret, use DescribeSecret. 2119// 2120// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2121// with awserr.Error's Code and Message methods to get detailed information about 2122// the error. 2123// 2124// See the AWS API reference guide for AWS Secrets Manager's 2125// API operation UntagResource for usage and error information. 2126// 2127// Returned Error Codes: 2128// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 2129// We can't find the resource that you asked for. 2130// 2131// * ErrCodeInvalidRequestException "InvalidRequestException" 2132// You provided a parameter value that is not valid for the current state of 2133// the resource. 2134// 2135// Possible causes: 2136// 2137// * You tried to perform the operation on a secret that's currently marked 2138// deleted. 2139// 2140// * You tried to enable rotation on a secret that doesn't already have a 2141// Lambda function ARN configured and you didn't include such an ARN as a 2142// parameter in this call. 2143// 2144// * ErrCodeInvalidParameterException "InvalidParameterException" 2145// You provided an invalid value for a parameter. 2146// 2147// * ErrCodeInternalServiceError "InternalServiceError" 2148// An error occurred on the server side. 2149// 2150// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource 2151func (c *SecretsManager) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { 2152 req, out := c.UntagResourceRequest(input) 2153 return out, req.Send() 2154} 2155 2156// UntagResourceWithContext is the same as UntagResource with the addition of 2157// the ability to pass a context and additional request options. 2158// 2159// See UntagResource for details on how to use this API operation. 2160// 2161// The context must be non-nil and will be used for request cancellation. If 2162// the context is nil a panic will occur. In the future the SDK may create 2163// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2164// for more information on using Contexts. 2165func (c *SecretsManager) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { 2166 req, out := c.UntagResourceRequest(input) 2167 req.SetContext(ctx) 2168 req.ApplyOptions(opts...) 2169 return out, req.Send() 2170} 2171 2172const opUpdateSecret = "UpdateSecret" 2173 2174// UpdateSecretRequest generates a "aws/request.Request" representing the 2175// client's request for the UpdateSecret operation. The "output" return 2176// value will be populated with the request's response once the request completes 2177// successfully. 2178// 2179// Use "Send" method on the returned Request to send the API call to the service. 2180// the "output" return value is not valid until after Send returns without error. 2181// 2182// See UpdateSecret for more information on using the UpdateSecret 2183// API call, and error handling. 2184// 2185// This method is useful when you want to inject custom logic or configuration 2186// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2187// 2188// 2189// // Example sending a request using the UpdateSecretRequest method. 2190// req, resp := client.UpdateSecretRequest(params) 2191// 2192// err := req.Send() 2193// if err == nil { // resp is now filled 2194// fmt.Println(resp) 2195// } 2196// 2197// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret 2198func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *request.Request, output *UpdateSecretOutput) { 2199 op := &request.Operation{ 2200 Name: opUpdateSecret, 2201 HTTPMethod: "POST", 2202 HTTPPath: "/", 2203 } 2204 2205 if input == nil { 2206 input = &UpdateSecretInput{} 2207 } 2208 2209 output = &UpdateSecretOutput{} 2210 req = c.newRequest(op, input, output) 2211 return 2212} 2213 2214// UpdateSecret API operation for AWS Secrets Manager. 2215// 2216// Modifies many of the details of the specified secret. If you include a ClientRequestToken 2217// and either SecretString or SecretBinary then it also creates a new version 2218// attached to the secret. 2219// 2220// To modify the rotation configuration of a secret, use RotateSecret instead. 2221// 2222// The Secrets Manager console uses only the SecretString parameter and therefore 2223// limits you to encrypting and storing only a text string. To encrypt and store 2224// binary data as part of the version of a secret, you must use either the AWS 2225// CLI or one of the AWS SDKs. 2226// 2227// * If a version with a VersionId with the same value as the ClientRequestToken 2228// parameter already exists, the operation results in an error. You cannot 2229// modify an existing version, you can only create a new version. 2230// 2231// * If you include SecretString or SecretBinary to create a new secret version, 2232// Secrets Manager automatically attaches the staging label AWSCURRENT to 2233// the new version. 2234// 2235// * If you call an operation that needs to encrypt or decrypt the SecretString 2236// or SecretBinary for a secret in the same account as the calling user and 2237// that secret doesn't specify a AWS KMS encryption key, Secrets Manager 2238// uses the account's default AWS managed customer master key (CMK) with 2239// the alias aws/secretsmanager. If this key doesn't already exist in your 2240// account then Secrets Manager creates it for you automatically. All users 2241// and roles in the same AWS account automatically have access to use the 2242// default CMK. Note that if an Secrets Manager API call results in AWS having 2243// to create the account's AWS-managed CMK, it can result in a one-time significant 2244// delay in returning the result. 2245// 2246// * If the secret is in a different AWS account from the credentials calling 2247// an API that requires encryption or decryption of the secret value then 2248// you must create and use a custom AWS KMS CMK because you can't access 2249// the default CMK for the account using credentials from a different AWS 2250// account. Store the ARN of the CMK in the secret when you create the secret 2251// or when you update it by including it in the KMSKeyId. If you call an 2252// API that must encrypt or decrypt SecretString or SecretBinary using credentials 2253// from a different account then the AWS KMS key policy must grant cross-account 2254// access to that other account's user or role for both the kms:GenerateDataKey 2255// and kms:Decrypt operations. 2256// 2257// Minimum permissions 2258// 2259// To run this command, you must have the following permissions: 2260// 2261// * secretsmanager:UpdateSecret 2262// 2263// * kms:GenerateDataKey - needed only if you use a custom AWS KMS key to 2264// encrypt the secret. You do not need this permission to use the account's 2265// AWS managed CMK for Secrets Manager. 2266// 2267// * kms:Decrypt - needed only if you use a custom AWS KMS key to encrypt 2268// the secret. You do not need this permission to use the account's AWS managed 2269// CMK for Secrets Manager. 2270// 2271// Related operations 2272// 2273// * To create a new secret, use CreateSecret. 2274// 2275// * To add only a new version to an existing secret, use PutSecretValue. 2276// 2277// * To get the details for a secret, use DescribeSecret. 2278// 2279// * To list the versions contained in a secret, use ListSecretVersionIds. 2280// 2281// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2282// with awserr.Error's Code and Message methods to get detailed information about 2283// the error. 2284// 2285// See the AWS API reference guide for AWS Secrets Manager's 2286// API operation UpdateSecret for usage and error information. 2287// 2288// Returned Error Codes: 2289// * ErrCodeInvalidParameterException "InvalidParameterException" 2290// You provided an invalid value for a parameter. 2291// 2292// * ErrCodeInvalidRequestException "InvalidRequestException" 2293// You provided a parameter value that is not valid for the current state of 2294// the resource. 2295// 2296// Possible causes: 2297// 2298// * You tried to perform the operation on a secret that's currently marked 2299// deleted. 2300// 2301// * You tried to enable rotation on a secret that doesn't already have a 2302// Lambda function ARN configured and you didn't include such an ARN as a 2303// parameter in this call. 2304// 2305// * ErrCodeLimitExceededException "LimitExceededException" 2306// The request failed because it would exceed one of the Secrets Manager internal 2307// limits. 2308// 2309// * ErrCodeEncryptionFailure "EncryptionFailure" 2310// Secrets Manager can't encrypt the protected secret text using the provided 2311// KMS key. Check that the customer master key (CMK) is available, enabled, 2312// and not in an invalid state. For more information, see How Key State Affects 2313// Use of a Customer Master Key (http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). 2314// 2315// * ErrCodeResourceExistsException "ResourceExistsException" 2316// A resource with the ID you requested already exists. 2317// 2318// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 2319// We can't find the resource that you asked for. 2320// 2321// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 2322// The policy document that you provided isn't valid. 2323// 2324// * ErrCodeInternalServiceError "InternalServiceError" 2325// An error occurred on the server side. 2326// 2327// * ErrCodePreconditionNotMetException "PreconditionNotMetException" 2328// The request failed because you did not complete all the prerequisite steps. 2329// 2330// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret 2331func (c *SecretsManager) UpdateSecret(input *UpdateSecretInput) (*UpdateSecretOutput, error) { 2332 req, out := c.UpdateSecretRequest(input) 2333 return out, req.Send() 2334} 2335 2336// UpdateSecretWithContext is the same as UpdateSecret with the addition of 2337// the ability to pass a context and additional request options. 2338// 2339// See UpdateSecret for details on how to use this API operation. 2340// 2341// The context must be non-nil and will be used for request cancellation. If 2342// the context is nil a panic will occur. In the future the SDK may create 2343// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2344// for more information on using Contexts. 2345func (c *SecretsManager) UpdateSecretWithContext(ctx aws.Context, input *UpdateSecretInput, opts ...request.Option) (*UpdateSecretOutput, error) { 2346 req, out := c.UpdateSecretRequest(input) 2347 req.SetContext(ctx) 2348 req.ApplyOptions(opts...) 2349 return out, req.Send() 2350} 2351 2352const opUpdateSecretVersionStage = "UpdateSecretVersionStage" 2353 2354// UpdateSecretVersionStageRequest generates a "aws/request.Request" representing the 2355// client's request for the UpdateSecretVersionStage operation. The "output" return 2356// value will be populated with the request's response once the request completes 2357// successfully. 2358// 2359// Use "Send" method on the returned Request to send the API call to the service. 2360// the "output" return value is not valid until after Send returns without error. 2361// 2362// See UpdateSecretVersionStage for more information on using the UpdateSecretVersionStage 2363// API call, and error handling. 2364// 2365// This method is useful when you want to inject custom logic or configuration 2366// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2367// 2368// 2369// // Example sending a request using the UpdateSecretVersionStageRequest method. 2370// req, resp := client.UpdateSecretVersionStageRequest(params) 2371// 2372// err := req.Send() 2373// if err == nil { // resp is now filled 2374// fmt.Println(resp) 2375// } 2376// 2377// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage 2378func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVersionStageInput) (req *request.Request, output *UpdateSecretVersionStageOutput) { 2379 op := &request.Operation{ 2380 Name: opUpdateSecretVersionStage, 2381 HTTPMethod: "POST", 2382 HTTPPath: "/", 2383 } 2384 2385 if input == nil { 2386 input = &UpdateSecretVersionStageInput{} 2387 } 2388 2389 output = &UpdateSecretVersionStageOutput{} 2390 req = c.newRequest(op, input, output) 2391 return 2392} 2393 2394// UpdateSecretVersionStage API operation for AWS Secrets Manager. 2395// 2396// Modifies the staging labels attached to a version of a secret. Staging labels 2397// are used to track a version as it progresses through the secret rotation 2398// process. You can attach a staging label to only one version of a secret at 2399// a time. If a staging label to be added is already attached to another version, 2400// then it is moved--removed from the other version first and then attached 2401// to this one. For more information about staging labels, see Staging Labels 2402// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label) 2403// in the AWS Secrets Manager User Guide. 2404// 2405// The staging labels that you specify in the VersionStage parameter are added 2406// to the existing list of staging labels--they don't replace it. 2407// 2408// You can move the AWSCURRENT staging label to this version by including it 2409// in this call. 2410// 2411// Whenever you move AWSCURRENT, Secrets Manager automatically moves the label 2412// AWSPREVIOUS to the version that AWSCURRENT was removed from. 2413// 2414// If this action results in the last label being removed from a version, then 2415// the version is considered to be 'deprecated' and can be deleted by Secrets 2416// Manager. 2417// 2418// Minimum permissions 2419// 2420// To run this command, you must have the following permissions: 2421// 2422// * secretsmanager:UpdateSecretVersionStage 2423// 2424// Related operations 2425// 2426// * To get the list of staging labels that are currently associated with 2427// a version of a secret, use DescribeSecret and examine the SecretVersionsToStages 2428// response value. 2429// 2430// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2431// with awserr.Error's Code and Message methods to get detailed information about 2432// the error. 2433// 2434// See the AWS API reference guide for AWS Secrets Manager's 2435// API operation UpdateSecretVersionStage for usage and error information. 2436// 2437// Returned Error Codes: 2438// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 2439// We can't find the resource that you asked for. 2440// 2441// * ErrCodeInvalidParameterException "InvalidParameterException" 2442// You provided an invalid value for a parameter. 2443// 2444// * ErrCodeInvalidRequestException "InvalidRequestException" 2445// You provided a parameter value that is not valid for the current state of 2446// the resource. 2447// 2448// Possible causes: 2449// 2450// * You tried to perform the operation on a secret that's currently marked 2451// deleted. 2452// 2453// * You tried to enable rotation on a secret that doesn't already have a 2454// Lambda function ARN configured and you didn't include such an ARN as a 2455// parameter in this call. 2456// 2457// * ErrCodeLimitExceededException "LimitExceededException" 2458// The request failed because it would exceed one of the Secrets Manager internal 2459// limits. 2460// 2461// * ErrCodeInternalServiceError "InternalServiceError" 2462// An error occurred on the server side. 2463// 2464// See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage 2465func (c *SecretsManager) UpdateSecretVersionStage(input *UpdateSecretVersionStageInput) (*UpdateSecretVersionStageOutput, error) { 2466 req, out := c.UpdateSecretVersionStageRequest(input) 2467 return out, req.Send() 2468} 2469 2470// UpdateSecretVersionStageWithContext is the same as UpdateSecretVersionStage with the addition of 2471// the ability to pass a context and additional request options. 2472// 2473// See UpdateSecretVersionStage for details on how to use this API operation. 2474// 2475// The context must be non-nil and will be used for request cancellation. If 2476// the context is nil a panic will occur. In the future the SDK may create 2477// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2478// for more information on using Contexts. 2479func (c *SecretsManager) UpdateSecretVersionStageWithContext(ctx aws.Context, input *UpdateSecretVersionStageInput, opts ...request.Option) (*UpdateSecretVersionStageOutput, error) { 2480 req, out := c.UpdateSecretVersionStageRequest(input) 2481 req.SetContext(ctx) 2482 req.ApplyOptions(opts...) 2483 return out, req.Send() 2484} 2485 2486type CancelRotateSecretInput struct { 2487 _ struct{} `type:"structure"` 2488 2489 // Specifies the secret for which you want to cancel a rotation request. You 2490 // can specify either the Amazon Resource Name (ARN) or the friendly name of 2491 // the secret. 2492 // 2493 // If you specify an ARN, we generally recommend that you specify a complete 2494 // ARN. You can specify a partial ARN too—for example, if you don’t include 2495 // the final hyphen and six random characters that Secrets Manager adds at the 2496 // end of the ARN when you created the secret. A partial ARN match can work 2497 // as long as it uniquely matches only one secret. However, if your secret has 2498 // a name that ends in a hyphen followed by six characters (before Secrets Manager 2499 // adds the hyphen and six characters to the ARN) and you try to use that as 2500 // a partial ARN, then those characters cause Secrets Manager to assume that 2501 // you’re specifying a complete ARN. This confusion can cause unexpected results. 2502 // To avoid this situation, we recommend that you don’t create secret names 2503 // that end with a hyphen followed by six characters. 2504 // 2505 // SecretId is a required field 2506 SecretId *string `min:"1" type:"string" required:"true"` 2507} 2508 2509// String returns the string representation 2510func (s CancelRotateSecretInput) String() string { 2511 return awsutil.Prettify(s) 2512} 2513 2514// GoString returns the string representation 2515func (s CancelRotateSecretInput) GoString() string { 2516 return s.String() 2517} 2518 2519// Validate inspects the fields of the type to determine if they are valid. 2520func (s *CancelRotateSecretInput) Validate() error { 2521 invalidParams := request.ErrInvalidParams{Context: "CancelRotateSecretInput"} 2522 if s.SecretId == nil { 2523 invalidParams.Add(request.NewErrParamRequired("SecretId")) 2524 } 2525 if s.SecretId != nil && len(*s.SecretId) < 1 { 2526 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 2527 } 2528 2529 if invalidParams.Len() > 0 { 2530 return invalidParams 2531 } 2532 return nil 2533} 2534 2535// SetSecretId sets the SecretId field's value. 2536func (s *CancelRotateSecretInput) SetSecretId(v string) *CancelRotateSecretInput { 2537 s.SecretId = &v 2538 return s 2539} 2540 2541type CancelRotateSecretOutput struct { 2542 _ struct{} `type:"structure"` 2543 2544 // The ARN of the secret for which rotation was canceled. 2545 ARN *string `min:"20" type:"string"` 2546 2547 // The friendly name of the secret for which rotation was canceled. 2548 Name *string `min:"1" type:"string"` 2549 2550 // The unique identifier of the version of the secret that was created during 2551 // the rotation. This version might not be complete, and should be evaluated 2552 // for possible deletion. At the very least, you should remove the VersionStage 2553 // value AWSPENDING to enable this version to be deleted. Failing to clean up 2554 // a cancelled rotation can block you from successfully starting future rotations. 2555 VersionId *string `min:"32" type:"string"` 2556} 2557 2558// String returns the string representation 2559func (s CancelRotateSecretOutput) String() string { 2560 return awsutil.Prettify(s) 2561} 2562 2563// GoString returns the string representation 2564func (s CancelRotateSecretOutput) GoString() string { 2565 return s.String() 2566} 2567 2568// SetARN sets the ARN field's value. 2569func (s *CancelRotateSecretOutput) SetARN(v string) *CancelRotateSecretOutput { 2570 s.ARN = &v 2571 return s 2572} 2573 2574// SetName sets the Name field's value. 2575func (s *CancelRotateSecretOutput) SetName(v string) *CancelRotateSecretOutput { 2576 s.Name = &v 2577 return s 2578} 2579 2580// SetVersionId sets the VersionId field's value. 2581func (s *CancelRotateSecretOutput) SetVersionId(v string) *CancelRotateSecretOutput { 2582 s.VersionId = &v 2583 return s 2584} 2585 2586type CreateSecretInput struct { 2587 _ struct{} `type:"structure"` 2588 2589 // (Optional) If you include SecretString or SecretBinary, then an initial version 2590 // is created as part of the secret, and this parameter specifies a unique identifier 2591 // for the new version. 2592 // 2593 // If you use the AWS CLI or one of the AWS SDK to call this operation, then 2594 // you can leave this parameter empty. The CLI or SDK generates a random UUID 2595 // for you and includes it as the value for this parameter in the request. If 2596 // you don't use the SDK and instead generate a raw HTTP request to the Secrets 2597 // Manager service endpoint, then you must generate a ClientRequestToken yourself 2598 // for the new version and include that value in the request. 2599 // 2600 // This value helps ensure idempotency. Secrets Manager uses this value to prevent 2601 // the accidental creation of duplicate versions if there are failures and retries 2602 // during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 2603 // value to ensure uniqueness of your versions within the specified secret. 2604 // 2605 // * If the ClientRequestToken value isn't already associated with a version 2606 // of the secret then a new version of the secret is created. 2607 // 2608 // * If a version with this value already exists and that version's SecretString 2609 // and SecretBinary values are the same as those in the request, then the 2610 // request is ignored (the operation is idempotent). 2611 // 2612 // * If a version with this value already exists and that version's SecretString 2613 // and SecretBinary values are different from those in the request then the 2614 // request fails because you cannot modify an existing version. Instead, 2615 // use PutSecretValue to create a new version. 2616 // 2617 // This value becomes the VersionId of the new version. 2618 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 2619 2620 // (Optional) Specifies a user-provided description of the secret. 2621 Description *string `type:"string"` 2622 2623 // (Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master 2624 // key (CMK) to be used to encrypt the SecretString or SecretBinary values in 2625 // the versions stored in this secret. 2626 // 2627 // You can specify any of the supported ways to identify a AWS KMS key ID. If 2628 // you need to reference a CMK in a different account, you can use only the 2629 // key ARN or the alias ARN. 2630 // 2631 // If you don't specify this value, then Secrets Manager defaults to using the 2632 // AWS account's default CMK (the one named aws/secretsmanager). If a AWS KMS 2633 // CMK with that name doesn't yet exist, then Secrets Manager creates it for 2634 // you automatically the first time it needs to encrypt a version's SecretString 2635 // or SecretBinary fields. 2636 // 2637 // You can use the account's default CMK to encrypt and decrypt only if you 2638 // call this operation using credentials from the same account that owns the 2639 // secret. If the secret is in a different account, then you must create a custom 2640 // CMK and specify the ARN in this field. 2641 KmsKeyId *string `type:"string"` 2642 2643 // Specifies the friendly name of the new secret. 2644 // 2645 // The secret name must be ASCII letters, digits, or the following characters 2646 // : /_+=.@- 2647 // 2648 // Don't end your secret name with a hyphen followed by six characters. If you 2649 // do so, you risk confusion and unexpected results when searching for a secret 2650 // by partial ARN. This is because Secrets Manager automatically adds a hyphen 2651 // and six random characters at the end of the ARN. 2652 // 2653 // Name is a required field 2654 Name *string `min:"1" type:"string" required:"true"` 2655 2656 // (Optional) Specifies binary data that you want to encrypt and store in the 2657 // new version of the secret. To use this parameter in the command-line tools, 2658 // we recommend that you store your binary data in a file and then use the appropriate 2659 // technique for your tool to pass the contents of the file as a parameter. 2660 // 2661 // Either SecretString or SecretBinary must have a value, but not both. They 2662 // cannot both be empty. 2663 // 2664 // This parameter is not available using the Secrets Manager console. It can 2665 // be accessed only by using the AWS CLI or one of the AWS SDKs. 2666 // 2667 // SecretBinary is automatically base64 encoded/decoded by the SDK. 2668 SecretBinary []byte `type:"blob" sensitive:"true"` 2669 2670 // (Optional) Specifies text data that you want to encrypt and store in this 2671 // new version of the secret. 2672 // 2673 // Either SecretString or SecretBinary must have a value, but not both. They 2674 // cannot both be empty. 2675 // 2676 // If you create a secret by using the Secrets Manager console then Secrets 2677 // Manager puts the protected secret text in only the SecretString parameter. 2678 // The Secrets Manager console stores the information as a JSON structure of 2679 // key/value pairs that the Lambda rotation function knows how to parse. 2680 // 2681 // For storing multiple values, we recommend that you use a JSON text string 2682 // argument and specify key/value pairs. For information on how to format a 2683 // JSON parameter for the various command line tool environments, see Using 2684 // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 2685 // in the AWS CLI User Guide. For example: 2686 // 2687 // [{"username":"bob"},{"password":"abc123xyz456"}] 2688 // 2689 // If your command-line tool or SDK requires quotation marks around the parameter, 2690 // you should use single quotes to avoid confusion with the double quotes required 2691 // in the JSON text. 2692 SecretString *string `type:"string" sensitive:"true"` 2693 2694 // (Optional) Specifies a list of user-defined tags that are attached to the 2695 // secret. Each tag is a "Key" and "Value" pair of strings. This operation only 2696 // appends tags to the existing list of tags. To remove tags, you must use UntagResource. 2697 // 2698 // * Secrets Manager tag key names are case sensitive. A tag with the key 2699 // "ABC" is a different tag from one with key "abc". 2700 // 2701 // * If you check tags in IAM policy Condition elements as part of your security 2702 // strategy, then adding or removing a tag can change permissions. If the 2703 // successful completion of this operation would result in you losing your 2704 // permissions for this secret, then this operation is blocked and returns 2705 // an Access Denied error. 2706 // 2707 // This parameter requires a JSON text string argument. For information on how 2708 // to format a JSON parameter for the various command line tool environments, 2709 // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 2710 // in the AWS CLI User Guide. For example: 2711 // 2712 // [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}] 2713 // 2714 // If your command-line tool or SDK requires quotation marks around the parameter, 2715 // you should use single quotes to avoid confusion with the double quotes required 2716 // in the JSON text. 2717 // 2718 // The following basic restrictions apply to tags: 2719 // 2720 // * Maximum number of tags per secret—50 2721 // 2722 // * Maximum key length—127 Unicode characters in UTF-8 2723 // 2724 // * Maximum value length—255 Unicode characters in UTF-8 2725 // 2726 // * Tag keys and values are case sensitive. 2727 // 2728 // * Do not use the aws: prefix in your tag names or values because it is 2729 // reserved for AWS use. You can't edit or delete tag names or values with 2730 // this prefix. Tags with this prefix do not count against your tags per 2731 // secret limit. 2732 // 2733 // * If your tagging schema will be used across multiple services and resources, 2734 // remember that other services might have restrictions on allowed characters. 2735 // Generally allowed characters are: letters, spaces, and numbers representable 2736 // in UTF-8, plus the following special characters: + - = . _ : / @. 2737 Tags []*Tag `type:"list"` 2738} 2739 2740// String returns the string representation 2741func (s CreateSecretInput) String() string { 2742 return awsutil.Prettify(s) 2743} 2744 2745// GoString returns the string representation 2746func (s CreateSecretInput) GoString() string { 2747 return s.String() 2748} 2749 2750// Validate inspects the fields of the type to determine if they are valid. 2751func (s *CreateSecretInput) Validate() error { 2752 invalidParams := request.ErrInvalidParams{Context: "CreateSecretInput"} 2753 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 2754 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 2755 } 2756 if s.Name == nil { 2757 invalidParams.Add(request.NewErrParamRequired("Name")) 2758 } 2759 if s.Name != nil && len(*s.Name) < 1 { 2760 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 2761 } 2762 if s.Tags != nil { 2763 for i, v := range s.Tags { 2764 if v == nil { 2765 continue 2766 } 2767 if err := v.Validate(); err != nil { 2768 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 2769 } 2770 } 2771 } 2772 2773 if invalidParams.Len() > 0 { 2774 return invalidParams 2775 } 2776 return nil 2777} 2778 2779// SetClientRequestToken sets the ClientRequestToken field's value. 2780func (s *CreateSecretInput) SetClientRequestToken(v string) *CreateSecretInput { 2781 s.ClientRequestToken = &v 2782 return s 2783} 2784 2785// SetDescription sets the Description field's value. 2786func (s *CreateSecretInput) SetDescription(v string) *CreateSecretInput { 2787 s.Description = &v 2788 return s 2789} 2790 2791// SetKmsKeyId sets the KmsKeyId field's value. 2792func (s *CreateSecretInput) SetKmsKeyId(v string) *CreateSecretInput { 2793 s.KmsKeyId = &v 2794 return s 2795} 2796 2797// SetName sets the Name field's value. 2798func (s *CreateSecretInput) SetName(v string) *CreateSecretInput { 2799 s.Name = &v 2800 return s 2801} 2802 2803// SetSecretBinary sets the SecretBinary field's value. 2804func (s *CreateSecretInput) SetSecretBinary(v []byte) *CreateSecretInput { 2805 s.SecretBinary = v 2806 return s 2807} 2808 2809// SetSecretString sets the SecretString field's value. 2810func (s *CreateSecretInput) SetSecretString(v string) *CreateSecretInput { 2811 s.SecretString = &v 2812 return s 2813} 2814 2815// SetTags sets the Tags field's value. 2816func (s *CreateSecretInput) SetTags(v []*Tag) *CreateSecretInput { 2817 s.Tags = v 2818 return s 2819} 2820 2821type CreateSecretOutput struct { 2822 _ struct{} `type:"structure"` 2823 2824 // The Amazon Resource Name (ARN) of the secret that you just created. 2825 // 2826 // Secrets Manager automatically adds several random characters to the name 2827 // at the end of the ARN when you initially create a secret. This affects only 2828 // the ARN and not the actual friendly name. This ensures that if you create 2829 // a new secret with the same name as an old secret that you previously deleted, 2830 // then users with access to the old secret don't automatically get access to 2831 // the new secret because the ARNs are different. 2832 ARN *string `min:"20" type:"string"` 2833 2834 // The friendly name of the secret that you just created. 2835 Name *string `min:"1" type:"string"` 2836 2837 // The unique identifier that's associated with the version of the secret you 2838 // just created. 2839 VersionId *string `min:"32" type:"string"` 2840} 2841 2842// String returns the string representation 2843func (s CreateSecretOutput) String() string { 2844 return awsutil.Prettify(s) 2845} 2846 2847// GoString returns the string representation 2848func (s CreateSecretOutput) GoString() string { 2849 return s.String() 2850} 2851 2852// SetARN sets the ARN field's value. 2853func (s *CreateSecretOutput) SetARN(v string) *CreateSecretOutput { 2854 s.ARN = &v 2855 return s 2856} 2857 2858// SetName sets the Name field's value. 2859func (s *CreateSecretOutput) SetName(v string) *CreateSecretOutput { 2860 s.Name = &v 2861 return s 2862} 2863 2864// SetVersionId sets the VersionId field's value. 2865func (s *CreateSecretOutput) SetVersionId(v string) *CreateSecretOutput { 2866 s.VersionId = &v 2867 return s 2868} 2869 2870type DeleteResourcePolicyInput struct { 2871 _ struct{} `type:"structure"` 2872 2873 // Specifies the secret that you want to delete the attached resource-based 2874 // policy for. You can specify either the Amazon Resource Name (ARN) or the 2875 // friendly name of the secret. 2876 // 2877 // If you specify an ARN, we generally recommend that you specify a complete 2878 // ARN. You can specify a partial ARN too—for example, if you don’t include 2879 // the final hyphen and six random characters that Secrets Manager adds at the 2880 // end of the ARN when you created the secret. A partial ARN match can work 2881 // as long as it uniquely matches only one secret. However, if your secret has 2882 // a name that ends in a hyphen followed by six characters (before Secrets Manager 2883 // adds the hyphen and six characters to the ARN) and you try to use that as 2884 // a partial ARN, then those characters cause Secrets Manager to assume that 2885 // you’re specifying a complete ARN. This confusion can cause unexpected results. 2886 // To avoid this situation, we recommend that you don’t create secret names 2887 // that end with a hyphen followed by six characters. 2888 // 2889 // SecretId is a required field 2890 SecretId *string `min:"1" type:"string" required:"true"` 2891} 2892 2893// String returns the string representation 2894func (s DeleteResourcePolicyInput) String() string { 2895 return awsutil.Prettify(s) 2896} 2897 2898// GoString returns the string representation 2899func (s DeleteResourcePolicyInput) GoString() string { 2900 return s.String() 2901} 2902 2903// Validate inspects the fields of the type to determine if they are valid. 2904func (s *DeleteResourcePolicyInput) Validate() error { 2905 invalidParams := request.ErrInvalidParams{Context: "DeleteResourcePolicyInput"} 2906 if s.SecretId == nil { 2907 invalidParams.Add(request.NewErrParamRequired("SecretId")) 2908 } 2909 if s.SecretId != nil && len(*s.SecretId) < 1 { 2910 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 2911 } 2912 2913 if invalidParams.Len() > 0 { 2914 return invalidParams 2915 } 2916 return nil 2917} 2918 2919// SetSecretId sets the SecretId field's value. 2920func (s *DeleteResourcePolicyInput) SetSecretId(v string) *DeleteResourcePolicyInput { 2921 s.SecretId = &v 2922 return s 2923} 2924 2925type DeleteResourcePolicyOutput struct { 2926 _ struct{} `type:"structure"` 2927 2928 // The ARN of the secret that the resource-based policy was deleted for. 2929 ARN *string `min:"20" type:"string"` 2930 2931 // The friendly name of the secret that the resource-based policy was deleted 2932 // for. 2933 Name *string `min:"1" type:"string"` 2934} 2935 2936// String returns the string representation 2937func (s DeleteResourcePolicyOutput) String() string { 2938 return awsutil.Prettify(s) 2939} 2940 2941// GoString returns the string representation 2942func (s DeleteResourcePolicyOutput) GoString() string { 2943 return s.String() 2944} 2945 2946// SetARN sets the ARN field's value. 2947func (s *DeleteResourcePolicyOutput) SetARN(v string) *DeleteResourcePolicyOutput { 2948 s.ARN = &v 2949 return s 2950} 2951 2952// SetName sets the Name field's value. 2953func (s *DeleteResourcePolicyOutput) SetName(v string) *DeleteResourcePolicyOutput { 2954 s.Name = &v 2955 return s 2956} 2957 2958type DeleteSecretInput struct { 2959 _ struct{} `type:"structure"` 2960 2961 // (Optional) Specifies that the secret is to be deleted without any recovery 2962 // window. You can't use both this parameter and the RecoveryWindowInDays parameter 2963 // in the same API call. 2964 // 2965 // An asynchronous background process performs the actual deletion, so there 2966 // can be a short delay before the operation completes. If you write code to 2967 // delete and then immediately recreate a secret with the same name, ensure 2968 // that your code includes appropriate back off and retry logic. 2969 // 2970 // Use this parameter with caution. This parameter causes the operation to skip 2971 // the normal waiting period before the permanent deletion that AWS would normally 2972 // impose with the RecoveryWindowInDays parameter. If you delete a secret with 2973 // the ForceDeleteWithouRecovery parameter, then you have no opportunity to 2974 // recover the secret. It is permanently lost. 2975 ForceDeleteWithoutRecovery *bool `type:"boolean"` 2976 2977 // (Optional) Specifies the number of days that Secrets Manager waits before 2978 // it can delete the secret. You can't use both this parameter and the ForceDeleteWithoutRecovery 2979 // parameter in the same API call. 2980 // 2981 // This value can range from 7 to 30 days. The default value is 30. 2982 RecoveryWindowInDays *int64 `type:"long"` 2983 2984 // Specifies the secret that you want to delete. You can specify either the 2985 // Amazon Resource Name (ARN) or the friendly name of the secret. 2986 // 2987 // If you specify an ARN, we generally recommend that you specify a complete 2988 // ARN. You can specify a partial ARN too—for example, if you don’t include 2989 // the final hyphen and six random characters that Secrets Manager adds at the 2990 // end of the ARN when you created the secret. A partial ARN match can work 2991 // as long as it uniquely matches only one secret. However, if your secret has 2992 // a name that ends in a hyphen followed by six characters (before Secrets Manager 2993 // adds the hyphen and six characters to the ARN) and you try to use that as 2994 // a partial ARN, then those characters cause Secrets Manager to assume that 2995 // you’re specifying a complete ARN. This confusion can cause unexpected results. 2996 // To avoid this situation, we recommend that you don’t create secret names 2997 // that end with a hyphen followed by six characters. 2998 // 2999 // SecretId is a required field 3000 SecretId *string `min:"1" type:"string" required:"true"` 3001} 3002 3003// String returns the string representation 3004func (s DeleteSecretInput) String() string { 3005 return awsutil.Prettify(s) 3006} 3007 3008// GoString returns the string representation 3009func (s DeleteSecretInput) GoString() string { 3010 return s.String() 3011} 3012 3013// Validate inspects the fields of the type to determine if they are valid. 3014func (s *DeleteSecretInput) Validate() error { 3015 invalidParams := request.ErrInvalidParams{Context: "DeleteSecretInput"} 3016 if s.SecretId == nil { 3017 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3018 } 3019 if s.SecretId != nil && len(*s.SecretId) < 1 { 3020 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3021 } 3022 3023 if invalidParams.Len() > 0 { 3024 return invalidParams 3025 } 3026 return nil 3027} 3028 3029// SetForceDeleteWithoutRecovery sets the ForceDeleteWithoutRecovery field's value. 3030func (s *DeleteSecretInput) SetForceDeleteWithoutRecovery(v bool) *DeleteSecretInput { 3031 s.ForceDeleteWithoutRecovery = &v 3032 return s 3033} 3034 3035// SetRecoveryWindowInDays sets the RecoveryWindowInDays field's value. 3036func (s *DeleteSecretInput) SetRecoveryWindowInDays(v int64) *DeleteSecretInput { 3037 s.RecoveryWindowInDays = &v 3038 return s 3039} 3040 3041// SetSecretId sets the SecretId field's value. 3042func (s *DeleteSecretInput) SetSecretId(v string) *DeleteSecretInput { 3043 s.SecretId = &v 3044 return s 3045} 3046 3047type DeleteSecretOutput struct { 3048 _ struct{} `type:"structure"` 3049 3050 // The ARN of the secret that is now scheduled for deletion. 3051 ARN *string `min:"20" type:"string"` 3052 3053 // The date and time after which this secret can be deleted by Secrets Manager 3054 // and can no longer be restored. This value is the date and time of the delete 3055 // request plus the number of days specified in RecoveryWindowInDays. 3056 DeletionDate *time.Time `type:"timestamp"` 3057 3058 // The friendly name of the secret that is now scheduled for deletion. 3059 Name *string `min:"1" type:"string"` 3060} 3061 3062// String returns the string representation 3063func (s DeleteSecretOutput) String() string { 3064 return awsutil.Prettify(s) 3065} 3066 3067// GoString returns the string representation 3068func (s DeleteSecretOutput) GoString() string { 3069 return s.String() 3070} 3071 3072// SetARN sets the ARN field's value. 3073func (s *DeleteSecretOutput) SetARN(v string) *DeleteSecretOutput { 3074 s.ARN = &v 3075 return s 3076} 3077 3078// SetDeletionDate sets the DeletionDate field's value. 3079func (s *DeleteSecretOutput) SetDeletionDate(v time.Time) *DeleteSecretOutput { 3080 s.DeletionDate = &v 3081 return s 3082} 3083 3084// SetName sets the Name field's value. 3085func (s *DeleteSecretOutput) SetName(v string) *DeleteSecretOutput { 3086 s.Name = &v 3087 return s 3088} 3089 3090type DescribeSecretInput struct { 3091 _ struct{} `type:"structure"` 3092 3093 // The identifier of the secret whose details you want to retrieve. You can 3094 // specify either the Amazon Resource Name (ARN) or the friendly name of the 3095 // secret. 3096 // 3097 // If you specify an ARN, we generally recommend that you specify a complete 3098 // ARN. You can specify a partial ARN too—for example, if you don’t include 3099 // the final hyphen and six random characters that Secrets Manager adds at the 3100 // end of the ARN when you created the secret. A partial ARN match can work 3101 // as long as it uniquely matches only one secret. However, if your secret has 3102 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3103 // adds the hyphen and six characters to the ARN) and you try to use that as 3104 // a partial ARN, then those characters cause Secrets Manager to assume that 3105 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3106 // To avoid this situation, we recommend that you don’t create secret names 3107 // that end with a hyphen followed by six characters. 3108 // 3109 // SecretId is a required field 3110 SecretId *string `min:"1" type:"string" required:"true"` 3111} 3112 3113// String returns the string representation 3114func (s DescribeSecretInput) String() string { 3115 return awsutil.Prettify(s) 3116} 3117 3118// GoString returns the string representation 3119func (s DescribeSecretInput) GoString() string { 3120 return s.String() 3121} 3122 3123// Validate inspects the fields of the type to determine if they are valid. 3124func (s *DescribeSecretInput) Validate() error { 3125 invalidParams := request.ErrInvalidParams{Context: "DescribeSecretInput"} 3126 if s.SecretId == nil { 3127 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3128 } 3129 if s.SecretId != nil && len(*s.SecretId) < 1 { 3130 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3131 } 3132 3133 if invalidParams.Len() > 0 { 3134 return invalidParams 3135 } 3136 return nil 3137} 3138 3139// SetSecretId sets the SecretId field's value. 3140func (s *DescribeSecretInput) SetSecretId(v string) *DescribeSecretInput { 3141 s.SecretId = &v 3142 return s 3143} 3144 3145type DescribeSecretOutput struct { 3146 _ struct{} `type:"structure"` 3147 3148 // The ARN of the secret. 3149 ARN *string `min:"20" type:"string"` 3150 3151 // This value exists if the secret is scheduled for deletion. Some time after 3152 // the specified date and time, Secrets Manager deletes the secret and all of 3153 // its versions. 3154 // 3155 // If a secret is scheduled for deletion, then its details, including the encrypted 3156 // secret information, is not accessible. To cancel a scheduled deletion and 3157 // restore access, use RestoreSecret. 3158 DeletedDate *time.Time `type:"timestamp"` 3159 3160 // The user-provided description of the secret. 3161 Description *string `type:"string"` 3162 3163 // The ARN or alias of the AWS KMS customer master key (CMK) that's used to 3164 // encrypt the SecretString or SecretBinary fields in each version of the secret. 3165 // If you don't provide a key, then Secrets Manager defaults to encrypting the 3166 // secret fields with the default AWS KMS CMK (the one named awssecretsmanager) 3167 // for this account. 3168 KmsKeyId *string `type:"string"` 3169 3170 // The last date that this secret was accessed. This value is truncated to midnight 3171 // of the date and therefore shows only the date, not the time. 3172 LastAccessedDate *time.Time `type:"timestamp"` 3173 3174 // The last date and time that this secret was modified in any way. 3175 LastChangedDate *time.Time `type:"timestamp"` 3176 3177 // The most recent date and time that the Secrets Manager rotation process was 3178 // successfully completed. This value is null if the secret has never rotated. 3179 LastRotatedDate *time.Time `type:"timestamp"` 3180 3181 // The user-provided friendly name of the secret. 3182 Name *string `min:"1" type:"string"` 3183 3184 OwningService *string `min:"1" type:"string"` 3185 3186 // Specifies whether automatic rotation is enabled for this secret. 3187 // 3188 // To enable rotation, use RotateSecret with AutomaticallyRotateAfterDays set 3189 // to a value greater than 0. To disable rotation, use CancelRotateSecret. 3190 RotationEnabled *bool `type:"boolean"` 3191 3192 // The ARN of a Lambda function that's invoked by Secrets Manager to rotate 3193 // the secret either automatically per the schedule or manually by a call to 3194 // RotateSecret. 3195 RotationLambdaARN *string `type:"string"` 3196 3197 // A structure that contains the rotation configuration for this secret. 3198 RotationRules *RotationRulesType `type:"structure"` 3199 3200 // The list of user-defined tags that are associated with the secret. To add 3201 // tags to a secret, use TagResource. To remove tags, use UntagResource. 3202 Tags []*Tag `type:"list"` 3203 3204 // A list of all of the currently assigned VersionStage staging labels and the 3205 // VersionId that each is attached to. Staging labels are used to keep track 3206 // of the different versions during the rotation process. 3207 // 3208 // A version that does not have any staging labels attached is considered deprecated 3209 // and subject to deletion. Such versions are not included in this list. 3210 VersionIdsToStages map[string][]*string `type:"map"` 3211} 3212 3213// String returns the string representation 3214func (s DescribeSecretOutput) String() string { 3215 return awsutil.Prettify(s) 3216} 3217 3218// GoString returns the string representation 3219func (s DescribeSecretOutput) GoString() string { 3220 return s.String() 3221} 3222 3223// SetARN sets the ARN field's value. 3224func (s *DescribeSecretOutput) SetARN(v string) *DescribeSecretOutput { 3225 s.ARN = &v 3226 return s 3227} 3228 3229// SetDeletedDate sets the DeletedDate field's value. 3230func (s *DescribeSecretOutput) SetDeletedDate(v time.Time) *DescribeSecretOutput { 3231 s.DeletedDate = &v 3232 return s 3233} 3234 3235// SetDescription sets the Description field's value. 3236func (s *DescribeSecretOutput) SetDescription(v string) *DescribeSecretOutput { 3237 s.Description = &v 3238 return s 3239} 3240 3241// SetKmsKeyId sets the KmsKeyId field's value. 3242func (s *DescribeSecretOutput) SetKmsKeyId(v string) *DescribeSecretOutput { 3243 s.KmsKeyId = &v 3244 return s 3245} 3246 3247// SetLastAccessedDate sets the LastAccessedDate field's value. 3248func (s *DescribeSecretOutput) SetLastAccessedDate(v time.Time) *DescribeSecretOutput { 3249 s.LastAccessedDate = &v 3250 return s 3251} 3252 3253// SetLastChangedDate sets the LastChangedDate field's value. 3254func (s *DescribeSecretOutput) SetLastChangedDate(v time.Time) *DescribeSecretOutput { 3255 s.LastChangedDate = &v 3256 return s 3257} 3258 3259// SetLastRotatedDate sets the LastRotatedDate field's value. 3260func (s *DescribeSecretOutput) SetLastRotatedDate(v time.Time) *DescribeSecretOutput { 3261 s.LastRotatedDate = &v 3262 return s 3263} 3264 3265// SetName sets the Name field's value. 3266func (s *DescribeSecretOutput) SetName(v string) *DescribeSecretOutput { 3267 s.Name = &v 3268 return s 3269} 3270 3271// SetOwningService sets the OwningService field's value. 3272func (s *DescribeSecretOutput) SetOwningService(v string) *DescribeSecretOutput { 3273 s.OwningService = &v 3274 return s 3275} 3276 3277// SetRotationEnabled sets the RotationEnabled field's value. 3278func (s *DescribeSecretOutput) SetRotationEnabled(v bool) *DescribeSecretOutput { 3279 s.RotationEnabled = &v 3280 return s 3281} 3282 3283// SetRotationLambdaARN sets the RotationLambdaARN field's value. 3284func (s *DescribeSecretOutput) SetRotationLambdaARN(v string) *DescribeSecretOutput { 3285 s.RotationLambdaARN = &v 3286 return s 3287} 3288 3289// SetRotationRules sets the RotationRules field's value. 3290func (s *DescribeSecretOutput) SetRotationRules(v *RotationRulesType) *DescribeSecretOutput { 3291 s.RotationRules = v 3292 return s 3293} 3294 3295// SetTags sets the Tags field's value. 3296func (s *DescribeSecretOutput) SetTags(v []*Tag) *DescribeSecretOutput { 3297 s.Tags = v 3298 return s 3299} 3300 3301// SetVersionIdsToStages sets the VersionIdsToStages field's value. 3302func (s *DescribeSecretOutput) SetVersionIdsToStages(v map[string][]*string) *DescribeSecretOutput { 3303 s.VersionIdsToStages = v 3304 return s 3305} 3306 3307type GetRandomPasswordInput struct { 3308 _ struct{} `type:"structure"` 3309 3310 // A string that includes characters that should not be included in the generated 3311 // password. The default is that all characters from the included sets can be 3312 // used. 3313 ExcludeCharacters *string `type:"string"` 3314 3315 // Specifies that the generated password should not include lowercase letters. 3316 // The default if you do not include this switch parameter is that lowercase 3317 // letters can be included. 3318 ExcludeLowercase *bool `type:"boolean"` 3319 3320 // Specifies that the generated password should not include digits. The default 3321 // if you do not include this switch parameter is that digits can be included. 3322 ExcludeNumbers *bool `type:"boolean"` 3323 3324 // Specifies that the generated password should not include punctuation characters. 3325 // The default if you do not include this switch parameter is that punctuation 3326 // characters can be included. 3327 // 3328 // The following are the punctuation characters that can be included in the 3329 // generated password if you don't explicitly exclude them with ExcludeCharacters 3330 // or ExcludePunctuation: 3331 // 3332 // ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ 3333 ExcludePunctuation *bool `type:"boolean"` 3334 3335 // Specifies that the generated password should not include uppercase letters. 3336 // The default if you do not include this switch parameter is that uppercase 3337 // letters can be included. 3338 ExcludeUppercase *bool `type:"boolean"` 3339 3340 // Specifies that the generated password can include the space character. The 3341 // default if you do not include this switch parameter is that the space character 3342 // is not included. 3343 IncludeSpace *bool `type:"boolean"` 3344 3345 // The desired length of the generated password. The default value if you do 3346 // not include this parameter is 32 characters. 3347 PasswordLength *int64 `min:"1" type:"long"` 3348 3349 // A boolean value that specifies whether the generated password must include 3350 // at least one of every allowed character type. The default value is True and 3351 // the operation requires at least one of every character type. 3352 RequireEachIncludedType *bool `type:"boolean"` 3353} 3354 3355// String returns the string representation 3356func (s GetRandomPasswordInput) String() string { 3357 return awsutil.Prettify(s) 3358} 3359 3360// GoString returns the string representation 3361func (s GetRandomPasswordInput) GoString() string { 3362 return s.String() 3363} 3364 3365// Validate inspects the fields of the type to determine if they are valid. 3366func (s *GetRandomPasswordInput) Validate() error { 3367 invalidParams := request.ErrInvalidParams{Context: "GetRandomPasswordInput"} 3368 if s.PasswordLength != nil && *s.PasswordLength < 1 { 3369 invalidParams.Add(request.NewErrParamMinValue("PasswordLength", 1)) 3370 } 3371 3372 if invalidParams.Len() > 0 { 3373 return invalidParams 3374 } 3375 return nil 3376} 3377 3378// SetExcludeCharacters sets the ExcludeCharacters field's value. 3379func (s *GetRandomPasswordInput) SetExcludeCharacters(v string) *GetRandomPasswordInput { 3380 s.ExcludeCharacters = &v 3381 return s 3382} 3383 3384// SetExcludeLowercase sets the ExcludeLowercase field's value. 3385func (s *GetRandomPasswordInput) SetExcludeLowercase(v bool) *GetRandomPasswordInput { 3386 s.ExcludeLowercase = &v 3387 return s 3388} 3389 3390// SetExcludeNumbers sets the ExcludeNumbers field's value. 3391func (s *GetRandomPasswordInput) SetExcludeNumbers(v bool) *GetRandomPasswordInput { 3392 s.ExcludeNumbers = &v 3393 return s 3394} 3395 3396// SetExcludePunctuation sets the ExcludePunctuation field's value. 3397func (s *GetRandomPasswordInput) SetExcludePunctuation(v bool) *GetRandomPasswordInput { 3398 s.ExcludePunctuation = &v 3399 return s 3400} 3401 3402// SetExcludeUppercase sets the ExcludeUppercase field's value. 3403func (s *GetRandomPasswordInput) SetExcludeUppercase(v bool) *GetRandomPasswordInput { 3404 s.ExcludeUppercase = &v 3405 return s 3406} 3407 3408// SetIncludeSpace sets the IncludeSpace field's value. 3409func (s *GetRandomPasswordInput) SetIncludeSpace(v bool) *GetRandomPasswordInput { 3410 s.IncludeSpace = &v 3411 return s 3412} 3413 3414// SetPasswordLength sets the PasswordLength field's value. 3415func (s *GetRandomPasswordInput) SetPasswordLength(v int64) *GetRandomPasswordInput { 3416 s.PasswordLength = &v 3417 return s 3418} 3419 3420// SetRequireEachIncludedType sets the RequireEachIncludedType field's value. 3421func (s *GetRandomPasswordInput) SetRequireEachIncludedType(v bool) *GetRandomPasswordInput { 3422 s.RequireEachIncludedType = &v 3423 return s 3424} 3425 3426type GetRandomPasswordOutput struct { 3427 _ struct{} `type:"structure"` 3428 3429 // A string with the generated password. 3430 RandomPassword *string `type:"string" sensitive:"true"` 3431} 3432 3433// String returns the string representation 3434func (s GetRandomPasswordOutput) String() string { 3435 return awsutil.Prettify(s) 3436} 3437 3438// GoString returns the string representation 3439func (s GetRandomPasswordOutput) GoString() string { 3440 return s.String() 3441} 3442 3443// SetRandomPassword sets the RandomPassword field's value. 3444func (s *GetRandomPasswordOutput) SetRandomPassword(v string) *GetRandomPasswordOutput { 3445 s.RandomPassword = &v 3446 return s 3447} 3448 3449type GetResourcePolicyInput struct { 3450 _ struct{} `type:"structure"` 3451 3452 // Specifies the secret that you want to retrieve the attached resource-based 3453 // policy for. You can specify either the Amazon Resource Name (ARN) or the 3454 // friendly name of the secret. 3455 // 3456 // If you specify an ARN, we generally recommend that you specify a complete 3457 // ARN. You can specify a partial ARN too—for example, if you don’t include 3458 // the final hyphen and six random characters that Secrets Manager adds at the 3459 // end of the ARN when you created the secret. A partial ARN match can work 3460 // as long as it uniquely matches only one secret. However, if your secret has 3461 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3462 // adds the hyphen and six characters to the ARN) and you try to use that as 3463 // a partial ARN, then those characters cause Secrets Manager to assume that 3464 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3465 // To avoid this situation, we recommend that you don’t create secret names 3466 // that end with a hyphen followed by six characters. 3467 // 3468 // SecretId is a required field 3469 SecretId *string `min:"1" type:"string" required:"true"` 3470} 3471 3472// String returns the string representation 3473func (s GetResourcePolicyInput) String() string { 3474 return awsutil.Prettify(s) 3475} 3476 3477// GoString returns the string representation 3478func (s GetResourcePolicyInput) GoString() string { 3479 return s.String() 3480} 3481 3482// Validate inspects the fields of the type to determine if they are valid. 3483func (s *GetResourcePolicyInput) Validate() error { 3484 invalidParams := request.ErrInvalidParams{Context: "GetResourcePolicyInput"} 3485 if s.SecretId == nil { 3486 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3487 } 3488 if s.SecretId != nil && len(*s.SecretId) < 1 { 3489 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3490 } 3491 3492 if invalidParams.Len() > 0 { 3493 return invalidParams 3494 } 3495 return nil 3496} 3497 3498// SetSecretId sets the SecretId field's value. 3499func (s *GetResourcePolicyInput) SetSecretId(v string) *GetResourcePolicyInput { 3500 s.SecretId = &v 3501 return s 3502} 3503 3504type GetResourcePolicyOutput struct { 3505 _ struct{} `type:"structure"` 3506 3507 // The ARN of the secret that the resource-based policy was retrieved for. 3508 ARN *string `min:"20" type:"string"` 3509 3510 // The friendly name of the secret that the resource-based policy was retrieved 3511 // for. 3512 Name *string `min:"1" type:"string"` 3513 3514 // A JSON-formatted string that describes the permissions that are associated 3515 // with the attached secret. These permissions are combined with any permissions 3516 // that are associated with the user or role that attempts to access this secret. 3517 // The combined permissions specify who can access the secret and what actions 3518 // they can perform. For more information, see Authentication and Access Control 3519 // for AWS Secrets Manager (http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html) 3520 // in the AWS Secrets Manager User Guide. 3521 ResourcePolicy *string `min:"1" type:"string"` 3522} 3523 3524// String returns the string representation 3525func (s GetResourcePolicyOutput) String() string { 3526 return awsutil.Prettify(s) 3527} 3528 3529// GoString returns the string representation 3530func (s GetResourcePolicyOutput) GoString() string { 3531 return s.String() 3532} 3533 3534// SetARN sets the ARN field's value. 3535func (s *GetResourcePolicyOutput) SetARN(v string) *GetResourcePolicyOutput { 3536 s.ARN = &v 3537 return s 3538} 3539 3540// SetName sets the Name field's value. 3541func (s *GetResourcePolicyOutput) SetName(v string) *GetResourcePolicyOutput { 3542 s.Name = &v 3543 return s 3544} 3545 3546// SetResourcePolicy sets the ResourcePolicy field's value. 3547func (s *GetResourcePolicyOutput) SetResourcePolicy(v string) *GetResourcePolicyOutput { 3548 s.ResourcePolicy = &v 3549 return s 3550} 3551 3552type GetSecretValueInput struct { 3553 _ struct{} `type:"structure"` 3554 3555 // Specifies the secret containing the version that you want to retrieve. You 3556 // can specify either the Amazon Resource Name (ARN) or the friendly name of 3557 // the secret. 3558 // 3559 // If you specify an ARN, we generally recommend that you specify a complete 3560 // ARN. You can specify a partial ARN too—for example, if you don’t include 3561 // the final hyphen and six random characters that Secrets Manager adds at the 3562 // end of the ARN when you created the secret. A partial ARN match can work 3563 // as long as it uniquely matches only one secret. However, if your secret has 3564 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3565 // adds the hyphen and six characters to the ARN) and you try to use that as 3566 // a partial ARN, then those characters cause Secrets Manager to assume that 3567 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3568 // To avoid this situation, we recommend that you don’t create secret names 3569 // that end with a hyphen followed by six characters. 3570 // 3571 // SecretId is a required field 3572 SecretId *string `min:"1" type:"string" required:"true"` 3573 3574 // Specifies the unique identifier of the version of the secret that you want 3575 // to retrieve. If you specify this parameter then don't specify VersionStage. 3576 // If you don't specify either a VersionStage or VersionId then the default 3577 // is to perform the operation on the version with the VersionStage value of 3578 // AWSCURRENT. 3579 // 3580 // This value is typically a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 3581 // value with 32 hexadecimal digits. 3582 VersionId *string `min:"32" type:"string"` 3583 3584 // Specifies the secret version that you want to retrieve by the staging label 3585 // attached to the version. 3586 // 3587 // Staging labels are used to keep track of different versions during the rotation 3588 // process. If you use this parameter then don't specify VersionId. If you don't 3589 // specify either a VersionStage or VersionId, then the default is to perform 3590 // the operation on the version with the VersionStage value of AWSCURRENT. 3591 VersionStage *string `min:"1" type:"string"` 3592} 3593 3594// String returns the string representation 3595func (s GetSecretValueInput) String() string { 3596 return awsutil.Prettify(s) 3597} 3598 3599// GoString returns the string representation 3600func (s GetSecretValueInput) GoString() string { 3601 return s.String() 3602} 3603 3604// Validate inspects the fields of the type to determine if they are valid. 3605func (s *GetSecretValueInput) Validate() error { 3606 invalidParams := request.ErrInvalidParams{Context: "GetSecretValueInput"} 3607 if s.SecretId == nil { 3608 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3609 } 3610 if s.SecretId != nil && len(*s.SecretId) < 1 { 3611 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3612 } 3613 if s.VersionId != nil && len(*s.VersionId) < 32 { 3614 invalidParams.Add(request.NewErrParamMinLen("VersionId", 32)) 3615 } 3616 if s.VersionStage != nil && len(*s.VersionStage) < 1 { 3617 invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) 3618 } 3619 3620 if invalidParams.Len() > 0 { 3621 return invalidParams 3622 } 3623 return nil 3624} 3625 3626// SetSecretId sets the SecretId field's value. 3627func (s *GetSecretValueInput) SetSecretId(v string) *GetSecretValueInput { 3628 s.SecretId = &v 3629 return s 3630} 3631 3632// SetVersionId sets the VersionId field's value. 3633func (s *GetSecretValueInput) SetVersionId(v string) *GetSecretValueInput { 3634 s.VersionId = &v 3635 return s 3636} 3637 3638// SetVersionStage sets the VersionStage field's value. 3639func (s *GetSecretValueInput) SetVersionStage(v string) *GetSecretValueInput { 3640 s.VersionStage = &v 3641 return s 3642} 3643 3644type GetSecretValueOutput struct { 3645 _ struct{} `type:"structure"` 3646 3647 // The ARN of the secret. 3648 ARN *string `min:"20" type:"string"` 3649 3650 // The date and time that this version of the secret was created. 3651 CreatedDate *time.Time `type:"timestamp"` 3652 3653 // The friendly name of the secret. 3654 Name *string `min:"1" type:"string"` 3655 3656 // The decrypted part of the protected secret information that was originally 3657 // provided as binary data in the form of a byte array. The response parameter 3658 // represents the binary data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4) 3659 // string. 3660 // 3661 // This parameter is not used if the secret is created by the Secrets Manager 3662 // console. 3663 // 3664 // If you store custom information in this field of the secret, then you must 3665 // code your Lambda rotation function to parse and interpret whatever you store 3666 // in the SecretString or SecretBinary fields. 3667 // 3668 // SecretBinary is automatically base64 encoded/decoded by the SDK. 3669 SecretBinary []byte `type:"blob" sensitive:"true"` 3670 3671 // The decrypted part of the protected secret information that was originally 3672 // provided as a string. 3673 // 3674 // If you create this secret by using the Secrets Manager console then only 3675 // the SecretString parameter contains data. Secrets Manager stores the information 3676 // as a JSON structure of key/value pairs that the Lambda rotation function 3677 // knows how to parse. 3678 // 3679 // If you store custom information in the secret by using the CreateSecret, 3680 // UpdateSecret, or PutSecretValue API operations instead of the Secrets Manager 3681 // console, or by using the Other secret type in the console, then you must 3682 // code your Lambda rotation function to parse and interpret those values. 3683 SecretString *string `type:"string" sensitive:"true"` 3684 3685 // The unique identifier of this version of the secret. 3686 VersionId *string `min:"32" type:"string"` 3687 3688 // A list of all of the staging labels currently attached to this version of 3689 // the secret. 3690 VersionStages []*string `min:"1" type:"list"` 3691} 3692 3693// String returns the string representation 3694func (s GetSecretValueOutput) String() string { 3695 return awsutil.Prettify(s) 3696} 3697 3698// GoString returns the string representation 3699func (s GetSecretValueOutput) GoString() string { 3700 return s.String() 3701} 3702 3703// SetARN sets the ARN field's value. 3704func (s *GetSecretValueOutput) SetARN(v string) *GetSecretValueOutput { 3705 s.ARN = &v 3706 return s 3707} 3708 3709// SetCreatedDate sets the CreatedDate field's value. 3710func (s *GetSecretValueOutput) SetCreatedDate(v time.Time) *GetSecretValueOutput { 3711 s.CreatedDate = &v 3712 return s 3713} 3714 3715// SetName sets the Name field's value. 3716func (s *GetSecretValueOutput) SetName(v string) *GetSecretValueOutput { 3717 s.Name = &v 3718 return s 3719} 3720 3721// SetSecretBinary sets the SecretBinary field's value. 3722func (s *GetSecretValueOutput) SetSecretBinary(v []byte) *GetSecretValueOutput { 3723 s.SecretBinary = v 3724 return s 3725} 3726 3727// SetSecretString sets the SecretString field's value. 3728func (s *GetSecretValueOutput) SetSecretString(v string) *GetSecretValueOutput { 3729 s.SecretString = &v 3730 return s 3731} 3732 3733// SetVersionId sets the VersionId field's value. 3734func (s *GetSecretValueOutput) SetVersionId(v string) *GetSecretValueOutput { 3735 s.VersionId = &v 3736 return s 3737} 3738 3739// SetVersionStages sets the VersionStages field's value. 3740func (s *GetSecretValueOutput) SetVersionStages(v []*string) *GetSecretValueOutput { 3741 s.VersionStages = v 3742 return s 3743} 3744 3745type ListSecretVersionIdsInput struct { 3746 _ struct{} `type:"structure"` 3747 3748 // (Optional) Specifies that you want the results to include versions that do 3749 // not have any staging labels attached to them. Such versions are considered 3750 // deprecated and are subject to deletion by Secrets Manager as needed. 3751 IncludeDeprecated *bool `type:"boolean"` 3752 3753 // (Optional) Limits the number of results that you want to include in the response. 3754 // If you don't include this parameter, it defaults to a value that's specific 3755 // to the operation. If additional items exist beyond the maximum you specify, 3756 // the NextToken response element is present and has a value (isn't null). Include 3757 // that value as the NextToken request parameter in the next call to the operation 3758 // to get the next part of the results. Note that Secrets Manager might return 3759 // fewer results than the maximum even when there are more results available. 3760 // You should check NextToken after every operation to ensure that you receive 3761 // all of the results. 3762 MaxResults *int64 `min:"1" type:"integer"` 3763 3764 // (Optional) Use this parameter in a request if you receive a NextToken response 3765 // in a previous request that indicates that there's more output available. 3766 // In a subsequent call, set it to the value of the previous call's NextToken 3767 // response to indicate where the output should continue from. 3768 NextToken *string `min:"1" type:"string"` 3769 3770 // The identifier for the secret containing the versions you want to list. You 3771 // can specify either the Amazon Resource Name (ARN) or the friendly name of 3772 // the secret. 3773 // 3774 // If you specify an ARN, we generally recommend that you specify a complete 3775 // ARN. You can specify a partial ARN too—for example, if you don’t include 3776 // the final hyphen and six random characters that Secrets Manager adds at the 3777 // end of the ARN when you created the secret. A partial ARN match can work 3778 // as long as it uniquely matches only one secret. However, if your secret has 3779 // a name that ends in a hyphen followed by six characters (before Secrets Manager 3780 // adds the hyphen and six characters to the ARN) and you try to use that as 3781 // a partial ARN, then those characters cause Secrets Manager to assume that 3782 // you’re specifying a complete ARN. This confusion can cause unexpected results. 3783 // To avoid this situation, we recommend that you don’t create secret names 3784 // that end with a hyphen followed by six characters. 3785 // 3786 // SecretId is a required field 3787 SecretId *string `min:"1" type:"string" required:"true"` 3788} 3789 3790// String returns the string representation 3791func (s ListSecretVersionIdsInput) String() string { 3792 return awsutil.Prettify(s) 3793} 3794 3795// GoString returns the string representation 3796func (s ListSecretVersionIdsInput) GoString() string { 3797 return s.String() 3798} 3799 3800// Validate inspects the fields of the type to determine if they are valid. 3801func (s *ListSecretVersionIdsInput) Validate() error { 3802 invalidParams := request.ErrInvalidParams{Context: "ListSecretVersionIdsInput"} 3803 if s.MaxResults != nil && *s.MaxResults < 1 { 3804 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 3805 } 3806 if s.NextToken != nil && len(*s.NextToken) < 1 { 3807 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 3808 } 3809 if s.SecretId == nil { 3810 invalidParams.Add(request.NewErrParamRequired("SecretId")) 3811 } 3812 if s.SecretId != nil && len(*s.SecretId) < 1 { 3813 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 3814 } 3815 3816 if invalidParams.Len() > 0 { 3817 return invalidParams 3818 } 3819 return nil 3820} 3821 3822// SetIncludeDeprecated sets the IncludeDeprecated field's value. 3823func (s *ListSecretVersionIdsInput) SetIncludeDeprecated(v bool) *ListSecretVersionIdsInput { 3824 s.IncludeDeprecated = &v 3825 return s 3826} 3827 3828// SetMaxResults sets the MaxResults field's value. 3829func (s *ListSecretVersionIdsInput) SetMaxResults(v int64) *ListSecretVersionIdsInput { 3830 s.MaxResults = &v 3831 return s 3832} 3833 3834// SetNextToken sets the NextToken field's value. 3835func (s *ListSecretVersionIdsInput) SetNextToken(v string) *ListSecretVersionIdsInput { 3836 s.NextToken = &v 3837 return s 3838} 3839 3840// SetSecretId sets the SecretId field's value. 3841func (s *ListSecretVersionIdsInput) SetSecretId(v string) *ListSecretVersionIdsInput { 3842 s.SecretId = &v 3843 return s 3844} 3845 3846type ListSecretVersionIdsOutput struct { 3847 _ struct{} `type:"structure"` 3848 3849 // The Amazon Resource Name (ARN) for the secret. 3850 // 3851 // Secrets Manager automatically adds several random characters to the name 3852 // at the end of the ARN when you initially create a secret. This affects only 3853 // the ARN and not the actual friendly name. This ensures that if you create 3854 // a new secret with the same name as an old secret that you previously deleted, 3855 // then users with access to the old secret don't automatically get access to 3856 // the new secret because the ARNs are different. 3857 ARN *string `min:"20" type:"string"` 3858 3859 // The friendly name of the secret. 3860 Name *string `min:"1" type:"string"` 3861 3862 // If present in the response, this value indicates that there's more output 3863 // available than what's included in the current response. This can occur even 3864 // when the response includes no values at all, such as when you ask for a filtered 3865 // view of a very long list. Use this value in the NextToken request parameter 3866 // in a subsequent call to the operation to continue processing and get the 3867 // next part of the output. You should repeat this until the NextToken response 3868 // element comes back empty (as null). 3869 NextToken *string `min:"1" type:"string"` 3870 3871 // The list of the currently available versions of the specified secret. 3872 Versions []*SecretVersionsListEntry `type:"list"` 3873} 3874 3875// String returns the string representation 3876func (s ListSecretVersionIdsOutput) String() string { 3877 return awsutil.Prettify(s) 3878} 3879 3880// GoString returns the string representation 3881func (s ListSecretVersionIdsOutput) GoString() string { 3882 return s.String() 3883} 3884 3885// SetARN sets the ARN field's value. 3886func (s *ListSecretVersionIdsOutput) SetARN(v string) *ListSecretVersionIdsOutput { 3887 s.ARN = &v 3888 return s 3889} 3890 3891// SetName sets the Name field's value. 3892func (s *ListSecretVersionIdsOutput) SetName(v string) *ListSecretVersionIdsOutput { 3893 s.Name = &v 3894 return s 3895} 3896 3897// SetNextToken sets the NextToken field's value. 3898func (s *ListSecretVersionIdsOutput) SetNextToken(v string) *ListSecretVersionIdsOutput { 3899 s.NextToken = &v 3900 return s 3901} 3902 3903// SetVersions sets the Versions field's value. 3904func (s *ListSecretVersionIdsOutput) SetVersions(v []*SecretVersionsListEntry) *ListSecretVersionIdsOutput { 3905 s.Versions = v 3906 return s 3907} 3908 3909type ListSecretsInput struct { 3910 _ struct{} `type:"structure"` 3911 3912 // (Optional) Limits the number of results that you want to include in the response. 3913 // If you don't include this parameter, it defaults to a value that's specific 3914 // to the operation. If additional items exist beyond the maximum you specify, 3915 // the NextToken response element is present and has a value (isn't null). Include 3916 // that value as the NextToken request parameter in the next call to the operation 3917 // to get the next part of the results. Note that Secrets Manager might return 3918 // fewer results than the maximum even when there are more results available. 3919 // You should check NextToken after every operation to ensure that you receive 3920 // all of the results. 3921 MaxResults *int64 `min:"1" type:"integer"` 3922 3923 // (Optional) Use this parameter in a request if you receive a NextToken response 3924 // in a previous request that indicates that there's more output available. 3925 // In a subsequent call, set it to the value of the previous call's NextToken 3926 // response to indicate where the output should continue from. 3927 NextToken *string `min:"1" type:"string"` 3928} 3929 3930// String returns the string representation 3931func (s ListSecretsInput) String() string { 3932 return awsutil.Prettify(s) 3933} 3934 3935// GoString returns the string representation 3936func (s ListSecretsInput) GoString() string { 3937 return s.String() 3938} 3939 3940// Validate inspects the fields of the type to determine if they are valid. 3941func (s *ListSecretsInput) Validate() error { 3942 invalidParams := request.ErrInvalidParams{Context: "ListSecretsInput"} 3943 if s.MaxResults != nil && *s.MaxResults < 1 { 3944 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 3945 } 3946 if s.NextToken != nil && len(*s.NextToken) < 1 { 3947 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 3948 } 3949 3950 if invalidParams.Len() > 0 { 3951 return invalidParams 3952 } 3953 return nil 3954} 3955 3956// SetMaxResults sets the MaxResults field's value. 3957func (s *ListSecretsInput) SetMaxResults(v int64) *ListSecretsInput { 3958 s.MaxResults = &v 3959 return s 3960} 3961 3962// SetNextToken sets the NextToken field's value. 3963func (s *ListSecretsInput) SetNextToken(v string) *ListSecretsInput { 3964 s.NextToken = &v 3965 return s 3966} 3967 3968type ListSecretsOutput struct { 3969 _ struct{} `type:"structure"` 3970 3971 // If present in the response, this value indicates that there's more output 3972 // available than what's included in the current response. This can occur even 3973 // when the response includes no values at all, such as when you ask for a filtered 3974 // view of a very long list. Use this value in the NextToken request parameter 3975 // in a subsequent call to the operation to continue processing and get the 3976 // next part of the output. You should repeat this until the NextToken response 3977 // element comes back empty (as null). 3978 NextToken *string `min:"1" type:"string"` 3979 3980 // A list of the secrets in the account. 3981 SecretList []*SecretListEntry `type:"list"` 3982} 3983 3984// String returns the string representation 3985func (s ListSecretsOutput) String() string { 3986 return awsutil.Prettify(s) 3987} 3988 3989// GoString returns the string representation 3990func (s ListSecretsOutput) GoString() string { 3991 return s.String() 3992} 3993 3994// SetNextToken sets the NextToken field's value. 3995func (s *ListSecretsOutput) SetNextToken(v string) *ListSecretsOutput { 3996 s.NextToken = &v 3997 return s 3998} 3999 4000// SetSecretList sets the SecretList field's value. 4001func (s *ListSecretsOutput) SetSecretList(v []*SecretListEntry) *ListSecretsOutput { 4002 s.SecretList = v 4003 return s 4004} 4005 4006type PutResourcePolicyInput struct { 4007 _ struct{} `type:"structure"` 4008 4009 // A JSON-formatted string that's constructed according to the grammar and syntax 4010 // for an AWS resource-based policy. The policy in the string identifies who 4011 // can access or manage this secret and its versions. For information on how 4012 // to format a JSON parameter for the various command line tool environments, 4013 // see Using JSON for Parameters (http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 4014 // in the AWS CLI User Guide. 4015 // 4016 // ResourcePolicy is a required field 4017 ResourcePolicy *string `min:"1" type:"string" required:"true"` 4018 4019 // Specifies the secret that you want to attach the resource-based policy to. 4020 // You can specify either the ARN or the friendly name of the secret. 4021 // 4022 // If you specify an ARN, we generally recommend that you specify a complete 4023 // ARN. You can specify a partial ARN too—for example, if you don’t include 4024 // the final hyphen and six random characters that Secrets Manager adds at the 4025 // end of the ARN when you created the secret. A partial ARN match can work 4026 // as long as it uniquely matches only one secret. However, if your secret has 4027 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4028 // adds the hyphen and six characters to the ARN) and you try to use that as 4029 // a partial ARN, then those characters cause Secrets Manager to assume that 4030 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4031 // To avoid this situation, we recommend that you don’t create secret names 4032 // that end with a hyphen followed by six characters. 4033 // 4034 // SecretId is a required field 4035 SecretId *string `min:"1" type:"string" required:"true"` 4036} 4037 4038// String returns the string representation 4039func (s PutResourcePolicyInput) String() string { 4040 return awsutil.Prettify(s) 4041} 4042 4043// GoString returns the string representation 4044func (s PutResourcePolicyInput) GoString() string { 4045 return s.String() 4046} 4047 4048// Validate inspects the fields of the type to determine if they are valid. 4049func (s *PutResourcePolicyInput) Validate() error { 4050 invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"} 4051 if s.ResourcePolicy == nil { 4052 invalidParams.Add(request.NewErrParamRequired("ResourcePolicy")) 4053 } 4054 if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 { 4055 invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1)) 4056 } 4057 if s.SecretId == nil { 4058 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4059 } 4060 if s.SecretId != nil && len(*s.SecretId) < 1 { 4061 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4062 } 4063 4064 if invalidParams.Len() > 0 { 4065 return invalidParams 4066 } 4067 return nil 4068} 4069 4070// SetResourcePolicy sets the ResourcePolicy field's value. 4071func (s *PutResourcePolicyInput) SetResourcePolicy(v string) *PutResourcePolicyInput { 4072 s.ResourcePolicy = &v 4073 return s 4074} 4075 4076// SetSecretId sets the SecretId field's value. 4077func (s *PutResourcePolicyInput) SetSecretId(v string) *PutResourcePolicyInput { 4078 s.SecretId = &v 4079 return s 4080} 4081 4082type PutResourcePolicyOutput struct { 4083 _ struct{} `type:"structure"` 4084 4085 // The ARN of the secret that the resource-based policy was retrieved for. 4086 ARN *string `min:"20" type:"string"` 4087 4088 // The friendly name of the secret that the resource-based policy was retrieved 4089 // for. 4090 Name *string `min:"1" type:"string"` 4091} 4092 4093// String returns the string representation 4094func (s PutResourcePolicyOutput) String() string { 4095 return awsutil.Prettify(s) 4096} 4097 4098// GoString returns the string representation 4099func (s PutResourcePolicyOutput) GoString() string { 4100 return s.String() 4101} 4102 4103// SetARN sets the ARN field's value. 4104func (s *PutResourcePolicyOutput) SetARN(v string) *PutResourcePolicyOutput { 4105 s.ARN = &v 4106 return s 4107} 4108 4109// SetName sets the Name field's value. 4110func (s *PutResourcePolicyOutput) SetName(v string) *PutResourcePolicyOutput { 4111 s.Name = &v 4112 return s 4113} 4114 4115type PutSecretValueInput struct { 4116 _ struct{} `type:"structure"` 4117 4118 // (Optional) Specifies a unique identifier for the new version of the secret. 4119 // 4120 // If you use the AWS CLI or one of the AWS SDK to call this operation, then 4121 // you can leave this parameter empty. The CLI or SDK generates a random UUID 4122 // for you and includes that in the request. If you don't use the SDK and instead 4123 // generate a raw HTTP request to the Secrets Manager service endpoint, then 4124 // you must generate a ClientRequestToken yourself for new versions and include 4125 // that value in the request. 4126 // 4127 // This value helps ensure idempotency. Secrets Manager uses this value to prevent 4128 // the accidental creation of duplicate versions if there are failures and retries 4129 // during the Lambda rotation function's processing. We recommend that you generate 4130 // a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value 4131 // to ensure uniqueness within the specified secret. 4132 // 4133 // * If the ClientRequestToken value isn't already associated with a version 4134 // of the secret then a new version of the secret is created. 4135 // 4136 // * If a version with this value already exists and that version's SecretString 4137 // or SecretBinary values are the same as those in the request then the request 4138 // is ignored (the operation is idempotent). 4139 // 4140 // * If a version with this value already exists and that version's SecretString 4141 // and SecretBinary values are different from those in the request then the 4142 // request fails because you cannot modify an existing secret version. You 4143 // can only create new versions to store new secret values. 4144 // 4145 // This value becomes the VersionId of the new version. 4146 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 4147 4148 // (Optional) Specifies binary data that you want to encrypt and store in the 4149 // new version of the secret. To use this parameter in the command-line tools, 4150 // we recommend that you store your binary data in a file and then use the appropriate 4151 // technique for your tool to pass the contents of the file as a parameter. 4152 // Either SecretBinary or SecretString must have a value, but not both. They 4153 // cannot both be empty. 4154 // 4155 // This parameter is not accessible if the secret using the Secrets Manager 4156 // console. 4157 // 4158 // SecretBinary is automatically base64 encoded/decoded by the SDK. 4159 SecretBinary []byte `type:"blob" sensitive:"true"` 4160 4161 // Specifies the secret to which you want to add a new version. You can specify 4162 // either the Amazon Resource Name (ARN) or the friendly name of the secret. 4163 // The secret must already exist. 4164 // 4165 // If you specify an ARN, we generally recommend that you specify a complete 4166 // ARN. You can specify a partial ARN too—for example, if you don’t include 4167 // the final hyphen and six random characters that Secrets Manager adds at the 4168 // end of the ARN when you created the secret. A partial ARN match can work 4169 // as long as it uniquely matches only one secret. However, if your secret has 4170 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4171 // adds the hyphen and six characters to the ARN) and you try to use that as 4172 // a partial ARN, then those characters cause Secrets Manager to assume that 4173 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4174 // To avoid this situation, we recommend that you don’t create secret names 4175 // that end with a hyphen followed by six characters. 4176 // 4177 // SecretId is a required field 4178 SecretId *string `min:"1" type:"string" required:"true"` 4179 4180 // (Optional) Specifies text data that you want to encrypt and store in this 4181 // new version of the secret. Either SecretString or SecretBinary must have 4182 // a value, but not both. They cannot both be empty. 4183 // 4184 // If you create this secret by using the Secrets Manager console then Secrets 4185 // Manager puts the protected secret text in only the SecretString parameter. 4186 // The Secrets Manager console stores the information as a JSON structure of 4187 // key/value pairs that the default Lambda rotation function knows how to parse. 4188 // 4189 // For storing multiple values, we recommend that you use a JSON text string 4190 // argument and specify key/value pairs. For information on how to format a 4191 // JSON parameter for the various command line tool environments, see Using 4192 // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 4193 // in the AWS CLI User Guide. 4194 // 4195 // For example: 4196 // 4197 // [{"username":"bob"},{"password":"abc123xyz456"}] 4198 // 4199 // If your command-line tool or SDK requires quotation marks around the parameter, 4200 // you should use single quotes to avoid confusion with the double quotes required 4201 // in the JSON text. 4202 SecretString *string `type:"string" sensitive:"true"` 4203 4204 // (Optional) Specifies a list of staging labels that are attached to this version 4205 // of the secret. These staging labels are used to track the versions through 4206 // the rotation process by the Lambda rotation function. 4207 // 4208 // A staging label must be unique to a single version of the secret. If you 4209 // specify a staging label that's already associated with a different version 4210 // of the same secret then that staging label is automatically removed from 4211 // the other version and attached to this version. 4212 // 4213 // If you do not specify a value for VersionStages then Secrets Manager automatically 4214 // moves the staging label AWSCURRENT to this new version. 4215 VersionStages []*string `min:"1" type:"list"` 4216} 4217 4218// String returns the string representation 4219func (s PutSecretValueInput) String() string { 4220 return awsutil.Prettify(s) 4221} 4222 4223// GoString returns the string representation 4224func (s PutSecretValueInput) GoString() string { 4225 return s.String() 4226} 4227 4228// Validate inspects the fields of the type to determine if they are valid. 4229func (s *PutSecretValueInput) Validate() error { 4230 invalidParams := request.ErrInvalidParams{Context: "PutSecretValueInput"} 4231 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 4232 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 4233 } 4234 if s.SecretId == nil { 4235 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4236 } 4237 if s.SecretId != nil && len(*s.SecretId) < 1 { 4238 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4239 } 4240 if s.VersionStages != nil && len(s.VersionStages) < 1 { 4241 invalidParams.Add(request.NewErrParamMinLen("VersionStages", 1)) 4242 } 4243 4244 if invalidParams.Len() > 0 { 4245 return invalidParams 4246 } 4247 return nil 4248} 4249 4250// SetClientRequestToken sets the ClientRequestToken field's value. 4251func (s *PutSecretValueInput) SetClientRequestToken(v string) *PutSecretValueInput { 4252 s.ClientRequestToken = &v 4253 return s 4254} 4255 4256// SetSecretBinary sets the SecretBinary field's value. 4257func (s *PutSecretValueInput) SetSecretBinary(v []byte) *PutSecretValueInput { 4258 s.SecretBinary = v 4259 return s 4260} 4261 4262// SetSecretId sets the SecretId field's value. 4263func (s *PutSecretValueInput) SetSecretId(v string) *PutSecretValueInput { 4264 s.SecretId = &v 4265 return s 4266} 4267 4268// SetSecretString sets the SecretString field's value. 4269func (s *PutSecretValueInput) SetSecretString(v string) *PutSecretValueInput { 4270 s.SecretString = &v 4271 return s 4272} 4273 4274// SetVersionStages sets the VersionStages field's value. 4275func (s *PutSecretValueInput) SetVersionStages(v []*string) *PutSecretValueInput { 4276 s.VersionStages = v 4277 return s 4278} 4279 4280type PutSecretValueOutput struct { 4281 _ struct{} `type:"structure"` 4282 4283 // The Amazon Resource Name (ARN) for the secret for which you just created 4284 // a version. 4285 ARN *string `min:"20" type:"string"` 4286 4287 // The friendly name of the secret for which you just created or updated a version. 4288 Name *string `min:"1" type:"string"` 4289 4290 // The unique identifier of the version of the secret you just created or updated. 4291 VersionId *string `min:"32" type:"string"` 4292 4293 // The list of staging labels that are currently attached to this version of 4294 // the secret. Staging labels are used to track a version as it progresses through 4295 // the secret rotation process. 4296 VersionStages []*string `min:"1" type:"list"` 4297} 4298 4299// String returns the string representation 4300func (s PutSecretValueOutput) String() string { 4301 return awsutil.Prettify(s) 4302} 4303 4304// GoString returns the string representation 4305func (s PutSecretValueOutput) GoString() string { 4306 return s.String() 4307} 4308 4309// SetARN sets the ARN field's value. 4310func (s *PutSecretValueOutput) SetARN(v string) *PutSecretValueOutput { 4311 s.ARN = &v 4312 return s 4313} 4314 4315// SetName sets the Name field's value. 4316func (s *PutSecretValueOutput) SetName(v string) *PutSecretValueOutput { 4317 s.Name = &v 4318 return s 4319} 4320 4321// SetVersionId sets the VersionId field's value. 4322func (s *PutSecretValueOutput) SetVersionId(v string) *PutSecretValueOutput { 4323 s.VersionId = &v 4324 return s 4325} 4326 4327// SetVersionStages sets the VersionStages field's value. 4328func (s *PutSecretValueOutput) SetVersionStages(v []*string) *PutSecretValueOutput { 4329 s.VersionStages = v 4330 return s 4331} 4332 4333type RestoreSecretInput struct { 4334 _ struct{} `type:"structure"` 4335 4336 // Specifies the secret that you want to restore from a previously scheduled 4337 // deletion. You can specify either the Amazon Resource Name (ARN) or the friendly 4338 // name of the secret. 4339 // 4340 // If you specify an ARN, we generally recommend that you specify a complete 4341 // ARN. You can specify a partial ARN too—for example, if you don’t include 4342 // the final hyphen and six random characters that Secrets Manager adds at the 4343 // end of the ARN when you created the secret. A partial ARN match can work 4344 // as long as it uniquely matches only one secret. However, if your secret has 4345 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4346 // adds the hyphen and six characters to the ARN) and you try to use that as 4347 // a partial ARN, then those characters cause Secrets Manager to assume that 4348 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4349 // To avoid this situation, we recommend that you don’t create secret names 4350 // that end with a hyphen followed by six characters. 4351 // 4352 // SecretId is a required field 4353 SecretId *string `min:"1" type:"string" required:"true"` 4354} 4355 4356// String returns the string representation 4357func (s RestoreSecretInput) String() string { 4358 return awsutil.Prettify(s) 4359} 4360 4361// GoString returns the string representation 4362func (s RestoreSecretInput) GoString() string { 4363 return s.String() 4364} 4365 4366// Validate inspects the fields of the type to determine if they are valid. 4367func (s *RestoreSecretInput) Validate() error { 4368 invalidParams := request.ErrInvalidParams{Context: "RestoreSecretInput"} 4369 if s.SecretId == nil { 4370 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4371 } 4372 if s.SecretId != nil && len(*s.SecretId) < 1 { 4373 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4374 } 4375 4376 if invalidParams.Len() > 0 { 4377 return invalidParams 4378 } 4379 return nil 4380} 4381 4382// SetSecretId sets the SecretId field's value. 4383func (s *RestoreSecretInput) SetSecretId(v string) *RestoreSecretInput { 4384 s.SecretId = &v 4385 return s 4386} 4387 4388type RestoreSecretOutput struct { 4389 _ struct{} `type:"structure"` 4390 4391 // The ARN of the secret that was restored. 4392 ARN *string `min:"20" type:"string"` 4393 4394 // The friendly name of the secret that was restored. 4395 Name *string `min:"1" type:"string"` 4396} 4397 4398// String returns the string representation 4399func (s RestoreSecretOutput) String() string { 4400 return awsutil.Prettify(s) 4401} 4402 4403// GoString returns the string representation 4404func (s RestoreSecretOutput) GoString() string { 4405 return s.String() 4406} 4407 4408// SetARN sets the ARN field's value. 4409func (s *RestoreSecretOutput) SetARN(v string) *RestoreSecretOutput { 4410 s.ARN = &v 4411 return s 4412} 4413 4414// SetName sets the Name field's value. 4415func (s *RestoreSecretOutput) SetName(v string) *RestoreSecretOutput { 4416 s.Name = &v 4417 return s 4418} 4419 4420type RotateSecretInput struct { 4421 _ struct{} `type:"structure"` 4422 4423 // (Optional) Specifies a unique identifier for the new version of the secret 4424 // that helps ensure idempotency. 4425 // 4426 // If you use the AWS CLI or one of the AWS SDK to call this operation, then 4427 // you can leave this parameter empty. The CLI or SDK generates a random UUID 4428 // for you and includes that in the request for this parameter. If you don't 4429 // use the SDK and instead generate a raw HTTP request to the Secrets Manager 4430 // service endpoint, then you must generate a ClientRequestToken yourself for 4431 // new versions and include that value in the request. 4432 // 4433 // You only need to specify your own value if you are implementing your own 4434 // retry logic and want to ensure that a given secret is not created twice. 4435 // We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 4436 // value to ensure uniqueness within the specified secret. 4437 // 4438 // Secrets Manager uses this value to prevent the accidental creation of duplicate 4439 // versions if there are failures and retries during the function's processing. 4440 // This value becomes the VersionId of the new version. 4441 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 4442 4443 // (Optional) Specifies the ARN of the Lambda function that can rotate the secret. 4444 RotationLambdaARN *string `type:"string"` 4445 4446 // A structure that defines the rotation configuration for this secret. 4447 RotationRules *RotationRulesType `type:"structure"` 4448 4449 // Specifies the secret that you want to rotate. You can specify either the 4450 // Amazon Resource Name (ARN) or the friendly name of the secret. 4451 // 4452 // If you specify an ARN, we generally recommend that you specify a complete 4453 // ARN. You can specify a partial ARN too—for example, if you don’t include 4454 // the final hyphen and six random characters that Secrets Manager adds at the 4455 // end of the ARN when you created the secret. A partial ARN match can work 4456 // as long as it uniquely matches only one secret. However, if your secret has 4457 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4458 // adds the hyphen and six characters to the ARN) and you try to use that as 4459 // a partial ARN, then those characters cause Secrets Manager to assume that 4460 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4461 // To avoid this situation, we recommend that you don’t create secret names 4462 // that end with a hyphen followed by six characters. 4463 // 4464 // SecretId is a required field 4465 SecretId *string `min:"1" type:"string" required:"true"` 4466} 4467 4468// String returns the string representation 4469func (s RotateSecretInput) String() string { 4470 return awsutil.Prettify(s) 4471} 4472 4473// GoString returns the string representation 4474func (s RotateSecretInput) GoString() string { 4475 return s.String() 4476} 4477 4478// Validate inspects the fields of the type to determine if they are valid. 4479func (s *RotateSecretInput) Validate() error { 4480 invalidParams := request.ErrInvalidParams{Context: "RotateSecretInput"} 4481 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 4482 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 4483 } 4484 if s.SecretId == nil { 4485 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4486 } 4487 if s.SecretId != nil && len(*s.SecretId) < 1 { 4488 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4489 } 4490 if s.RotationRules != nil { 4491 if err := s.RotationRules.Validate(); err != nil { 4492 invalidParams.AddNested("RotationRules", err.(request.ErrInvalidParams)) 4493 } 4494 } 4495 4496 if invalidParams.Len() > 0 { 4497 return invalidParams 4498 } 4499 return nil 4500} 4501 4502// SetClientRequestToken sets the ClientRequestToken field's value. 4503func (s *RotateSecretInput) SetClientRequestToken(v string) *RotateSecretInput { 4504 s.ClientRequestToken = &v 4505 return s 4506} 4507 4508// SetRotationLambdaARN sets the RotationLambdaARN field's value. 4509func (s *RotateSecretInput) SetRotationLambdaARN(v string) *RotateSecretInput { 4510 s.RotationLambdaARN = &v 4511 return s 4512} 4513 4514// SetRotationRules sets the RotationRules field's value. 4515func (s *RotateSecretInput) SetRotationRules(v *RotationRulesType) *RotateSecretInput { 4516 s.RotationRules = v 4517 return s 4518} 4519 4520// SetSecretId sets the SecretId field's value. 4521func (s *RotateSecretInput) SetSecretId(v string) *RotateSecretInput { 4522 s.SecretId = &v 4523 return s 4524} 4525 4526type RotateSecretOutput struct { 4527 _ struct{} `type:"structure"` 4528 4529 // The ARN of the secret. 4530 ARN *string `min:"20" type:"string"` 4531 4532 // The friendly name of the secret. 4533 Name *string `min:"1" type:"string"` 4534 4535 // The ID of the new version of the secret created by the rotation started by 4536 // this request. 4537 VersionId *string `min:"32" type:"string"` 4538} 4539 4540// String returns the string representation 4541func (s RotateSecretOutput) String() string { 4542 return awsutil.Prettify(s) 4543} 4544 4545// GoString returns the string representation 4546func (s RotateSecretOutput) GoString() string { 4547 return s.String() 4548} 4549 4550// SetARN sets the ARN field's value. 4551func (s *RotateSecretOutput) SetARN(v string) *RotateSecretOutput { 4552 s.ARN = &v 4553 return s 4554} 4555 4556// SetName sets the Name field's value. 4557func (s *RotateSecretOutput) SetName(v string) *RotateSecretOutput { 4558 s.Name = &v 4559 return s 4560} 4561 4562// SetVersionId sets the VersionId field's value. 4563func (s *RotateSecretOutput) SetVersionId(v string) *RotateSecretOutput { 4564 s.VersionId = &v 4565 return s 4566} 4567 4568// A structure that defines the rotation configuration for the secret. 4569type RotationRulesType struct { 4570 _ struct{} `type:"structure"` 4571 4572 // Specifies the number of days between automatic scheduled rotations of the 4573 // secret. 4574 // 4575 // Secrets Manager schedules the next rotation when the previous one is complete. 4576 // Secrets Manager schedules the date by adding the rotation interval (number 4577 // of days) to the actual date of the last rotation. The service chooses the 4578 // hour within that 24-hour date window randomly. The minute is also chosen 4579 // somewhat randomly, but weighted towards the top of the hour and influenced 4580 // by a variety of factors that help distribute load. 4581 AutomaticallyAfterDays *int64 `min:"1" type:"long"` 4582} 4583 4584// String returns the string representation 4585func (s RotationRulesType) String() string { 4586 return awsutil.Prettify(s) 4587} 4588 4589// GoString returns the string representation 4590func (s RotationRulesType) GoString() string { 4591 return s.String() 4592} 4593 4594// Validate inspects the fields of the type to determine if they are valid. 4595func (s *RotationRulesType) Validate() error { 4596 invalidParams := request.ErrInvalidParams{Context: "RotationRulesType"} 4597 if s.AutomaticallyAfterDays != nil && *s.AutomaticallyAfterDays < 1 { 4598 invalidParams.Add(request.NewErrParamMinValue("AutomaticallyAfterDays", 1)) 4599 } 4600 4601 if invalidParams.Len() > 0 { 4602 return invalidParams 4603 } 4604 return nil 4605} 4606 4607// SetAutomaticallyAfterDays sets the AutomaticallyAfterDays field's value. 4608func (s *RotationRulesType) SetAutomaticallyAfterDays(v int64) *RotationRulesType { 4609 s.AutomaticallyAfterDays = &v 4610 return s 4611} 4612 4613// A structure that contains the details about a secret. It does not include 4614// the encrypted SecretString and SecretBinary values. To get those values, 4615// use the GetSecretValue operation. 4616type SecretListEntry struct { 4617 _ struct{} `type:"structure"` 4618 4619 // The Amazon Resource Name (ARN) of the secret. 4620 // 4621 // For more information about ARNs in Secrets Manager, see Policy Resources 4622 // (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources) 4623 // in the AWS Secrets Manager User Guide. 4624 ARN *string `min:"20" type:"string"` 4625 4626 // The date and time on which this secret was deleted. Not present on active 4627 // secrets. The secret can be recovered until the number of days in the recovery 4628 // window has passed, as specified in the RecoveryWindowInDays parameter of 4629 // the DeleteSecret operation. 4630 DeletedDate *time.Time `type:"timestamp"` 4631 4632 // The user-provided description of the secret. 4633 Description *string `type:"string"` 4634 4635 // The ARN or alias of the AWS KMS customer master key (CMK) that's used to 4636 // encrypt the SecretString and SecretBinary fields in each version of the secret. 4637 // If you don't provide a key, then Secrets Manager defaults to encrypting the 4638 // secret fields with the default KMS CMK (the one named awssecretsmanager) 4639 // for this account. 4640 KmsKeyId *string `type:"string"` 4641 4642 // The last date that this secret was accessed. This value is truncated to midnight 4643 // of the date and therefore shows only the date, not the time. 4644 LastAccessedDate *time.Time `type:"timestamp"` 4645 4646 // The last date and time that this secret was modified in any way. 4647 LastChangedDate *time.Time `type:"timestamp"` 4648 4649 // The last date and time that the rotation process for this secret was invoked. 4650 LastRotatedDate *time.Time `type:"timestamp"` 4651 4652 // The friendly name of the secret. You can use forward slashes in the name 4653 // to represent a path hierarchy. For example, /prod/databases/dbserver1 could 4654 // represent the secret for a server named dbserver1 in the folder databases 4655 // in the folder prod. 4656 Name *string `min:"1" type:"string"` 4657 4658 OwningService *string `min:"1" type:"string"` 4659 4660 // Indicated whether automatic, scheduled rotation is enabled for this secret. 4661 RotationEnabled *bool `type:"boolean"` 4662 4663 // The ARN of an AWS Lambda function that's invoked by Secrets Manager to rotate 4664 // and expire the secret either automatically per the schedule or manually by 4665 // a call to RotateSecret. 4666 RotationLambdaARN *string `type:"string"` 4667 4668 // A structure that defines the rotation configuration for the secret. 4669 RotationRules *RotationRulesType `type:"structure"` 4670 4671 // A list of all of the currently assigned SecretVersionStage staging labels 4672 // and the SecretVersionId that each is attached to. Staging labels are used 4673 // to keep track of the different versions during the rotation process. 4674 // 4675 // A version that does not have any SecretVersionStage is considered deprecated 4676 // and subject to deletion. Such versions are not included in this list. 4677 SecretVersionsToStages map[string][]*string `type:"map"` 4678 4679 // The list of user-defined tags that are associated with the secret. To add 4680 // tags to a secret, use TagResource. To remove tags, use UntagResource. 4681 Tags []*Tag `type:"list"` 4682} 4683 4684// String returns the string representation 4685func (s SecretListEntry) String() string { 4686 return awsutil.Prettify(s) 4687} 4688 4689// GoString returns the string representation 4690func (s SecretListEntry) GoString() string { 4691 return s.String() 4692} 4693 4694// SetARN sets the ARN field's value. 4695func (s *SecretListEntry) SetARN(v string) *SecretListEntry { 4696 s.ARN = &v 4697 return s 4698} 4699 4700// SetDeletedDate sets the DeletedDate field's value. 4701func (s *SecretListEntry) SetDeletedDate(v time.Time) *SecretListEntry { 4702 s.DeletedDate = &v 4703 return s 4704} 4705 4706// SetDescription sets the Description field's value. 4707func (s *SecretListEntry) SetDescription(v string) *SecretListEntry { 4708 s.Description = &v 4709 return s 4710} 4711 4712// SetKmsKeyId sets the KmsKeyId field's value. 4713func (s *SecretListEntry) SetKmsKeyId(v string) *SecretListEntry { 4714 s.KmsKeyId = &v 4715 return s 4716} 4717 4718// SetLastAccessedDate sets the LastAccessedDate field's value. 4719func (s *SecretListEntry) SetLastAccessedDate(v time.Time) *SecretListEntry { 4720 s.LastAccessedDate = &v 4721 return s 4722} 4723 4724// SetLastChangedDate sets the LastChangedDate field's value. 4725func (s *SecretListEntry) SetLastChangedDate(v time.Time) *SecretListEntry { 4726 s.LastChangedDate = &v 4727 return s 4728} 4729 4730// SetLastRotatedDate sets the LastRotatedDate field's value. 4731func (s *SecretListEntry) SetLastRotatedDate(v time.Time) *SecretListEntry { 4732 s.LastRotatedDate = &v 4733 return s 4734} 4735 4736// SetName sets the Name field's value. 4737func (s *SecretListEntry) SetName(v string) *SecretListEntry { 4738 s.Name = &v 4739 return s 4740} 4741 4742// SetOwningService sets the OwningService field's value. 4743func (s *SecretListEntry) SetOwningService(v string) *SecretListEntry { 4744 s.OwningService = &v 4745 return s 4746} 4747 4748// SetRotationEnabled sets the RotationEnabled field's value. 4749func (s *SecretListEntry) SetRotationEnabled(v bool) *SecretListEntry { 4750 s.RotationEnabled = &v 4751 return s 4752} 4753 4754// SetRotationLambdaARN sets the RotationLambdaARN field's value. 4755func (s *SecretListEntry) SetRotationLambdaARN(v string) *SecretListEntry { 4756 s.RotationLambdaARN = &v 4757 return s 4758} 4759 4760// SetRotationRules sets the RotationRules field's value. 4761func (s *SecretListEntry) SetRotationRules(v *RotationRulesType) *SecretListEntry { 4762 s.RotationRules = v 4763 return s 4764} 4765 4766// SetSecretVersionsToStages sets the SecretVersionsToStages field's value. 4767func (s *SecretListEntry) SetSecretVersionsToStages(v map[string][]*string) *SecretListEntry { 4768 s.SecretVersionsToStages = v 4769 return s 4770} 4771 4772// SetTags sets the Tags field's value. 4773func (s *SecretListEntry) SetTags(v []*Tag) *SecretListEntry { 4774 s.Tags = v 4775 return s 4776} 4777 4778// A structure that contains information about one version of a secret. 4779type SecretVersionsListEntry struct { 4780 _ struct{} `type:"structure"` 4781 4782 // The date and time this version of the secret was created. 4783 CreatedDate *time.Time `type:"timestamp"` 4784 4785 // The date that this version of the secret was last accessed. Note that the 4786 // resolution of this field is at the date level and does not include the time. 4787 LastAccessedDate *time.Time `type:"timestamp"` 4788 4789 // The unique version identifier of this version of the secret. 4790 VersionId *string `min:"32" type:"string"` 4791 4792 // An array of staging labels that are currently associated with this version 4793 // of the secret. 4794 VersionStages []*string `min:"1" type:"list"` 4795} 4796 4797// String returns the string representation 4798func (s SecretVersionsListEntry) String() string { 4799 return awsutil.Prettify(s) 4800} 4801 4802// GoString returns the string representation 4803func (s SecretVersionsListEntry) GoString() string { 4804 return s.String() 4805} 4806 4807// SetCreatedDate sets the CreatedDate field's value. 4808func (s *SecretVersionsListEntry) SetCreatedDate(v time.Time) *SecretVersionsListEntry { 4809 s.CreatedDate = &v 4810 return s 4811} 4812 4813// SetLastAccessedDate sets the LastAccessedDate field's value. 4814func (s *SecretVersionsListEntry) SetLastAccessedDate(v time.Time) *SecretVersionsListEntry { 4815 s.LastAccessedDate = &v 4816 return s 4817} 4818 4819// SetVersionId sets the VersionId field's value. 4820func (s *SecretVersionsListEntry) SetVersionId(v string) *SecretVersionsListEntry { 4821 s.VersionId = &v 4822 return s 4823} 4824 4825// SetVersionStages sets the VersionStages field's value. 4826func (s *SecretVersionsListEntry) SetVersionStages(v []*string) *SecretVersionsListEntry { 4827 s.VersionStages = v 4828 return s 4829} 4830 4831// A structure that contains information about a tag. 4832type Tag struct { 4833 _ struct{} `type:"structure"` 4834 4835 // The key identifier, or name, of the tag. 4836 Key *string `min:"1" type:"string"` 4837 4838 // The string value that's associated with the key of the tag. 4839 Value *string `type:"string"` 4840} 4841 4842// String returns the string representation 4843func (s Tag) String() string { 4844 return awsutil.Prettify(s) 4845} 4846 4847// GoString returns the string representation 4848func (s Tag) GoString() string { 4849 return s.String() 4850} 4851 4852// Validate inspects the fields of the type to determine if they are valid. 4853func (s *Tag) Validate() error { 4854 invalidParams := request.ErrInvalidParams{Context: "Tag"} 4855 if s.Key != nil && len(*s.Key) < 1 { 4856 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 4857 } 4858 4859 if invalidParams.Len() > 0 { 4860 return invalidParams 4861 } 4862 return nil 4863} 4864 4865// SetKey sets the Key field's value. 4866func (s *Tag) SetKey(v string) *Tag { 4867 s.Key = &v 4868 return s 4869} 4870 4871// SetValue sets the Value field's value. 4872func (s *Tag) SetValue(v string) *Tag { 4873 s.Value = &v 4874 return s 4875} 4876 4877type TagResourceInput struct { 4878 _ struct{} `type:"structure"` 4879 4880 // The identifier for the secret that you want to attach tags to. You can specify 4881 // either the Amazon Resource Name (ARN) or the friendly name of the secret. 4882 // 4883 // If you specify an ARN, we generally recommend that you specify a complete 4884 // ARN. You can specify a partial ARN too—for example, if you don’t include 4885 // the final hyphen and six random characters that Secrets Manager adds at the 4886 // end of the ARN when you created the secret. A partial ARN match can work 4887 // as long as it uniquely matches only one secret. However, if your secret has 4888 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4889 // adds the hyphen and six characters to the ARN) and you try to use that as 4890 // a partial ARN, then those characters cause Secrets Manager to assume that 4891 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4892 // To avoid this situation, we recommend that you don’t create secret names 4893 // that end with a hyphen followed by six characters. 4894 // 4895 // SecretId is a required field 4896 SecretId *string `min:"1" type:"string" required:"true"` 4897 4898 // The tags to attach to the secret. Each element in the list consists of a 4899 // Key and a Value. 4900 // 4901 // This parameter to the API requires a JSON text string argument. For information 4902 // on how to format a JSON parameter for the various command line tool environments, 4903 // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 4904 // in the AWS CLI User Guide. For the AWS CLI, you can also use the syntax: 4905 // --Tags Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…] 4906 // 4907 // Tags is a required field 4908 Tags []*Tag `type:"list" required:"true"` 4909} 4910 4911// String returns the string representation 4912func (s TagResourceInput) String() string { 4913 return awsutil.Prettify(s) 4914} 4915 4916// GoString returns the string representation 4917func (s TagResourceInput) GoString() string { 4918 return s.String() 4919} 4920 4921// Validate inspects the fields of the type to determine if they are valid. 4922func (s *TagResourceInput) Validate() error { 4923 invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} 4924 if s.SecretId == nil { 4925 invalidParams.Add(request.NewErrParamRequired("SecretId")) 4926 } 4927 if s.SecretId != nil && len(*s.SecretId) < 1 { 4928 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 4929 } 4930 if s.Tags == nil { 4931 invalidParams.Add(request.NewErrParamRequired("Tags")) 4932 } 4933 if s.Tags != nil { 4934 for i, v := range s.Tags { 4935 if v == nil { 4936 continue 4937 } 4938 if err := v.Validate(); err != nil { 4939 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 4940 } 4941 } 4942 } 4943 4944 if invalidParams.Len() > 0 { 4945 return invalidParams 4946 } 4947 return nil 4948} 4949 4950// SetSecretId sets the SecretId field's value. 4951func (s *TagResourceInput) SetSecretId(v string) *TagResourceInput { 4952 s.SecretId = &v 4953 return s 4954} 4955 4956// SetTags sets the Tags field's value. 4957func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { 4958 s.Tags = v 4959 return s 4960} 4961 4962type TagResourceOutput struct { 4963 _ struct{} `type:"structure"` 4964} 4965 4966// String returns the string representation 4967func (s TagResourceOutput) String() string { 4968 return awsutil.Prettify(s) 4969} 4970 4971// GoString returns the string representation 4972func (s TagResourceOutput) GoString() string { 4973 return s.String() 4974} 4975 4976type UntagResourceInput struct { 4977 _ struct{} `type:"structure"` 4978 4979 // The identifier for the secret that you want to remove tags from. You can 4980 // specify either the Amazon Resource Name (ARN) or the friendly name of the 4981 // secret. 4982 // 4983 // If you specify an ARN, we generally recommend that you specify a complete 4984 // ARN. You can specify a partial ARN too—for example, if you don’t include 4985 // the final hyphen and six random characters that Secrets Manager adds at the 4986 // end of the ARN when you created the secret. A partial ARN match can work 4987 // as long as it uniquely matches only one secret. However, if your secret has 4988 // a name that ends in a hyphen followed by six characters (before Secrets Manager 4989 // adds the hyphen and six characters to the ARN) and you try to use that as 4990 // a partial ARN, then those characters cause Secrets Manager to assume that 4991 // you’re specifying a complete ARN. This confusion can cause unexpected results. 4992 // To avoid this situation, we recommend that you don’t create secret names 4993 // that end with a hyphen followed by six characters. 4994 // 4995 // SecretId is a required field 4996 SecretId *string `min:"1" type:"string" required:"true"` 4997 4998 // A list of tag key names to remove from the secret. You don't specify the 4999 // value. Both the key and its associated value are removed. 5000 // 5001 // This parameter to the API requires a JSON text string argument. For information 5002 // on how to format a JSON parameter for the various command line tool environments, 5003 // see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 5004 // in the AWS CLI User Guide. 5005 // 5006 // TagKeys is a required field 5007 TagKeys []*string `type:"list" required:"true"` 5008} 5009 5010// String returns the string representation 5011func (s UntagResourceInput) String() string { 5012 return awsutil.Prettify(s) 5013} 5014 5015// GoString returns the string representation 5016func (s UntagResourceInput) GoString() string { 5017 return s.String() 5018} 5019 5020// Validate inspects the fields of the type to determine if they are valid. 5021func (s *UntagResourceInput) Validate() error { 5022 invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} 5023 if s.SecretId == nil { 5024 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5025 } 5026 if s.SecretId != nil && len(*s.SecretId) < 1 { 5027 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5028 } 5029 if s.TagKeys == nil { 5030 invalidParams.Add(request.NewErrParamRequired("TagKeys")) 5031 } 5032 5033 if invalidParams.Len() > 0 { 5034 return invalidParams 5035 } 5036 return nil 5037} 5038 5039// SetSecretId sets the SecretId field's value. 5040func (s *UntagResourceInput) SetSecretId(v string) *UntagResourceInput { 5041 s.SecretId = &v 5042 return s 5043} 5044 5045// SetTagKeys sets the TagKeys field's value. 5046func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { 5047 s.TagKeys = v 5048 return s 5049} 5050 5051type UntagResourceOutput struct { 5052 _ struct{} `type:"structure"` 5053} 5054 5055// String returns the string representation 5056func (s UntagResourceOutput) String() string { 5057 return awsutil.Prettify(s) 5058} 5059 5060// GoString returns the string representation 5061func (s UntagResourceOutput) GoString() string { 5062 return s.String() 5063} 5064 5065type UpdateSecretInput struct { 5066 _ struct{} `type:"structure"` 5067 5068 // (Optional) If you want to add a new version to the secret, this parameter 5069 // specifies a unique identifier for the new version that helps ensure idempotency. 5070 // 5071 // If you use the AWS CLI or one of the AWS SDK to call this operation, then 5072 // you can leave this parameter empty. The CLI or SDK generates a random UUID 5073 // for you and includes that in the request. If you don't use the SDK and instead 5074 // generate a raw HTTP request to the Secrets Manager service endpoint, then 5075 // you must generate a ClientRequestToken yourself for new versions and include 5076 // that value in the request. 5077 // 5078 // You typically only need to interact with this value if you implement your 5079 // own retry logic and want to ensure that a given secret is not created twice. 5080 // We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) 5081 // value to ensure uniqueness within the specified secret. 5082 // 5083 // Secrets Manager uses this value to prevent the accidental creation of duplicate 5084 // versions if there are failures and retries during the Lambda rotation function's 5085 // processing. 5086 // 5087 // * If the ClientRequestToken value isn't already associated with a version 5088 // of the secret then a new version of the secret is created. 5089 // 5090 // * If a version with this value already exists and that version's SecretString 5091 // and SecretBinary values are the same as those in the request then the 5092 // request is ignored (the operation is idempotent). 5093 // 5094 // * If a version with this value already exists and that version's SecretString 5095 // and SecretBinary values are different from the request then an error occurs 5096 // because you cannot modify an existing secret value. 5097 // 5098 // This value becomes the VersionId of the new version. 5099 ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` 5100 5101 // (Optional) Specifies an updated user-provided description of the secret. 5102 Description *string `type:"string"` 5103 5104 // (Optional) Specifies an updated ARN or alias of the AWS KMS customer master 5105 // key (CMK) to be used to encrypt the protected text in new versions of this 5106 // secret. 5107 // 5108 // You can only use the account's default CMK to encrypt and decrypt if you 5109 // call this operation using credentials from the same account that owns the 5110 // secret. If the secret is in a different account, then you must create a custom 5111 // CMK and provide the ARN of that CMK in this field. The user making the call 5112 // must have permissions to both the secret and the CMK in their respective 5113 // accounts. 5114 KmsKeyId *string `type:"string"` 5115 5116 // (Optional) Specifies updated binary data that you want to encrypt and store 5117 // in the new version of the secret. To use this parameter in the command-line 5118 // tools, we recommend that you store your binary data in a file and then use 5119 // the appropriate technique for your tool to pass the contents of the file 5120 // as a parameter. Either SecretBinary or SecretString must have a value, but 5121 // not both. They cannot both be empty. 5122 // 5123 // This parameter is not accessible using the Secrets Manager console. 5124 // 5125 // SecretBinary is automatically base64 encoded/decoded by the SDK. 5126 SecretBinary []byte `type:"blob" sensitive:"true"` 5127 5128 // Specifies the secret that you want to modify or to which you want to add 5129 // a new version. You can specify either the Amazon Resource Name (ARN) or the 5130 // friendly name of the secret. 5131 // 5132 // If you specify an ARN, we generally recommend that you specify a complete 5133 // ARN. You can specify a partial ARN too—for example, if you don’t include 5134 // the final hyphen and six random characters that Secrets Manager adds at the 5135 // end of the ARN when you created the secret. A partial ARN match can work 5136 // as long as it uniquely matches only one secret. However, if your secret has 5137 // a name that ends in a hyphen followed by six characters (before Secrets Manager 5138 // adds the hyphen and six characters to the ARN) and you try to use that as 5139 // a partial ARN, then those characters cause Secrets Manager to assume that 5140 // you’re specifying a complete ARN. This confusion can cause unexpected results. 5141 // To avoid this situation, we recommend that you don’t create secret names 5142 // that end with a hyphen followed by six characters. 5143 // 5144 // SecretId is a required field 5145 SecretId *string `min:"1" type:"string" required:"true"` 5146 5147 // (Optional) Specifies updated text data that you want to encrypt and store 5148 // in this new version of the secret. Either SecretBinary or SecretString must 5149 // have a value, but not both. They cannot both be empty. 5150 // 5151 // If you create this secret by using the Secrets Manager console then Secrets 5152 // Manager puts the protected secret text in only the SecretString parameter. 5153 // The Secrets Manager console stores the information as a JSON structure of 5154 // key/value pairs that the default Lambda rotation function knows how to parse. 5155 // 5156 // For storing multiple values, we recommend that you use a JSON text string 5157 // argument and specify key/value pairs. For information on how to format a 5158 // JSON parameter for the various command line tool environments, see Using 5159 // JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json) 5160 // in the AWS CLI User Guide. For example: 5161 // 5162 // [{"username":"bob"},{"password":"abc123xyz456"}] 5163 // 5164 // If your command-line tool or SDK requires quotation marks around the parameter, 5165 // you should use single quotes to avoid confusion with the double quotes required 5166 // in the JSON text. You can also 'escape' the double quote character in the 5167 // embedded JSON text by prefacing each with a backslash. For example, the following 5168 // string is surrounded by double-quotes. All of the embedded double quotes 5169 // are escaped: 5170 // 5171 // "[{\"username\":\"bob\"},{\"password\":\"abc123xyz456\"}]" 5172 SecretString *string `type:"string" sensitive:"true"` 5173} 5174 5175// String returns the string representation 5176func (s UpdateSecretInput) String() string { 5177 return awsutil.Prettify(s) 5178} 5179 5180// GoString returns the string representation 5181func (s UpdateSecretInput) GoString() string { 5182 return s.String() 5183} 5184 5185// Validate inspects the fields of the type to determine if they are valid. 5186func (s *UpdateSecretInput) Validate() error { 5187 invalidParams := request.ErrInvalidParams{Context: "UpdateSecretInput"} 5188 if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { 5189 invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) 5190 } 5191 if s.SecretId == nil { 5192 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5193 } 5194 if s.SecretId != nil && len(*s.SecretId) < 1 { 5195 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5196 } 5197 5198 if invalidParams.Len() > 0 { 5199 return invalidParams 5200 } 5201 return nil 5202} 5203 5204// SetClientRequestToken sets the ClientRequestToken field's value. 5205func (s *UpdateSecretInput) SetClientRequestToken(v string) *UpdateSecretInput { 5206 s.ClientRequestToken = &v 5207 return s 5208} 5209 5210// SetDescription sets the Description field's value. 5211func (s *UpdateSecretInput) SetDescription(v string) *UpdateSecretInput { 5212 s.Description = &v 5213 return s 5214} 5215 5216// SetKmsKeyId sets the KmsKeyId field's value. 5217func (s *UpdateSecretInput) SetKmsKeyId(v string) *UpdateSecretInput { 5218 s.KmsKeyId = &v 5219 return s 5220} 5221 5222// SetSecretBinary sets the SecretBinary field's value. 5223func (s *UpdateSecretInput) SetSecretBinary(v []byte) *UpdateSecretInput { 5224 s.SecretBinary = v 5225 return s 5226} 5227 5228// SetSecretId sets the SecretId field's value. 5229func (s *UpdateSecretInput) SetSecretId(v string) *UpdateSecretInput { 5230 s.SecretId = &v 5231 return s 5232} 5233 5234// SetSecretString sets the SecretString field's value. 5235func (s *UpdateSecretInput) SetSecretString(v string) *UpdateSecretInput { 5236 s.SecretString = &v 5237 return s 5238} 5239 5240type UpdateSecretOutput struct { 5241 _ struct{} `type:"structure"` 5242 5243 // The ARN of the secret that was updated. 5244 // 5245 // Secrets Manager automatically adds several random characters to the name 5246 // at the end of the ARN when you initially create a secret. This affects only 5247 // the ARN and not the actual friendly name. This ensures that if you create 5248 // a new secret with the same name as an old secret that you previously deleted, 5249 // then users with access to the old secret don't automatically get access to 5250 // the new secret because the ARNs are different. 5251 ARN *string `min:"20" type:"string"` 5252 5253 // The friendly name of the secret that was updated. 5254 Name *string `min:"1" type:"string"` 5255 5256 // If a new version of the secret was created by this operation, then VersionId 5257 // contains the unique identifier of the new version. 5258 VersionId *string `min:"32" type:"string"` 5259} 5260 5261// String returns the string representation 5262func (s UpdateSecretOutput) String() string { 5263 return awsutil.Prettify(s) 5264} 5265 5266// GoString returns the string representation 5267func (s UpdateSecretOutput) GoString() string { 5268 return s.String() 5269} 5270 5271// SetARN sets the ARN field's value. 5272func (s *UpdateSecretOutput) SetARN(v string) *UpdateSecretOutput { 5273 s.ARN = &v 5274 return s 5275} 5276 5277// SetName sets the Name field's value. 5278func (s *UpdateSecretOutput) SetName(v string) *UpdateSecretOutput { 5279 s.Name = &v 5280 return s 5281} 5282 5283// SetVersionId sets the VersionId field's value. 5284func (s *UpdateSecretOutput) SetVersionId(v string) *UpdateSecretOutput { 5285 s.VersionId = &v 5286 return s 5287} 5288 5289type UpdateSecretVersionStageInput struct { 5290 _ struct{} `type:"structure"` 5291 5292 // (Optional) The secret version ID that you want to add the staging label to. 5293 // If you want to remove a label from a version, then do not specify this parameter. 5294 // 5295 // If the staging label is already attached to a different version of the secret, 5296 // then you must also specify the RemoveFromVersionId parameter. 5297 MoveToVersionId *string `min:"32" type:"string"` 5298 5299 // Specifies the secret version ID of the version that the staging label is 5300 // to be removed from. If the staging label you are trying to attach to one 5301 // version is already attached to a different version, then you must include 5302 // this parameter and specify the version that the label is to be removed from. 5303 // If the label is attached and you either do not specify this parameter, or 5304 // the version ID does not match, then the operation fails. 5305 RemoveFromVersionId *string `min:"32" type:"string"` 5306 5307 // Specifies the secret with the version whose list of staging labels you want 5308 // to modify. You can specify either the Amazon Resource Name (ARN) or the friendly 5309 // name of the secret. 5310 // 5311 // If you specify an ARN, we generally recommend that you specify a complete 5312 // ARN. You can specify a partial ARN too—for example, if you don’t include 5313 // the final hyphen and six random characters that Secrets Manager adds at the 5314 // end of the ARN when you created the secret. A partial ARN match can work 5315 // as long as it uniquely matches only one secret. However, if your secret has 5316 // a name that ends in a hyphen followed by six characters (before Secrets Manager 5317 // adds the hyphen and six characters to the ARN) and you try to use that as 5318 // a partial ARN, then those characters cause Secrets Manager to assume that 5319 // you’re specifying a complete ARN. This confusion can cause unexpected results. 5320 // To avoid this situation, we recommend that you don’t create secret names 5321 // that end with a hyphen followed by six characters. 5322 // 5323 // SecretId is a required field 5324 SecretId *string `min:"1" type:"string" required:"true"` 5325 5326 // The staging label to add to this version. 5327 // 5328 // VersionStage is a required field 5329 VersionStage *string `min:"1" type:"string" required:"true"` 5330} 5331 5332// String returns the string representation 5333func (s UpdateSecretVersionStageInput) String() string { 5334 return awsutil.Prettify(s) 5335} 5336 5337// GoString returns the string representation 5338func (s UpdateSecretVersionStageInput) GoString() string { 5339 return s.String() 5340} 5341 5342// Validate inspects the fields of the type to determine if they are valid. 5343func (s *UpdateSecretVersionStageInput) Validate() error { 5344 invalidParams := request.ErrInvalidParams{Context: "UpdateSecretVersionStageInput"} 5345 if s.MoveToVersionId != nil && len(*s.MoveToVersionId) < 32 { 5346 invalidParams.Add(request.NewErrParamMinLen("MoveToVersionId", 32)) 5347 } 5348 if s.RemoveFromVersionId != nil && len(*s.RemoveFromVersionId) < 32 { 5349 invalidParams.Add(request.NewErrParamMinLen("RemoveFromVersionId", 32)) 5350 } 5351 if s.SecretId == nil { 5352 invalidParams.Add(request.NewErrParamRequired("SecretId")) 5353 } 5354 if s.SecretId != nil && len(*s.SecretId) < 1 { 5355 invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) 5356 } 5357 if s.VersionStage == nil { 5358 invalidParams.Add(request.NewErrParamRequired("VersionStage")) 5359 } 5360 if s.VersionStage != nil && len(*s.VersionStage) < 1 { 5361 invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) 5362 } 5363 5364 if invalidParams.Len() > 0 { 5365 return invalidParams 5366 } 5367 return nil 5368} 5369 5370// SetMoveToVersionId sets the MoveToVersionId field's value. 5371func (s *UpdateSecretVersionStageInput) SetMoveToVersionId(v string) *UpdateSecretVersionStageInput { 5372 s.MoveToVersionId = &v 5373 return s 5374} 5375 5376// SetRemoveFromVersionId sets the RemoveFromVersionId field's value. 5377func (s *UpdateSecretVersionStageInput) SetRemoveFromVersionId(v string) *UpdateSecretVersionStageInput { 5378 s.RemoveFromVersionId = &v 5379 return s 5380} 5381 5382// SetSecretId sets the SecretId field's value. 5383func (s *UpdateSecretVersionStageInput) SetSecretId(v string) *UpdateSecretVersionStageInput { 5384 s.SecretId = &v 5385 return s 5386} 5387 5388// SetVersionStage sets the VersionStage field's value. 5389func (s *UpdateSecretVersionStageInput) SetVersionStage(v string) *UpdateSecretVersionStageInput { 5390 s.VersionStage = &v 5391 return s 5392} 5393 5394type UpdateSecretVersionStageOutput struct { 5395 _ struct{} `type:"structure"` 5396 5397 // The ARN of the secret with the staging label that was modified. 5398 ARN *string `min:"20" type:"string"` 5399 5400 // The friendly name of the secret with the staging label that was modified. 5401 Name *string `min:"1" type:"string"` 5402} 5403 5404// String returns the string representation 5405func (s UpdateSecretVersionStageOutput) String() string { 5406 return awsutil.Prettify(s) 5407} 5408 5409// GoString returns the string representation 5410func (s UpdateSecretVersionStageOutput) GoString() string { 5411 return s.String() 5412} 5413 5414// SetARN sets the ARN field's value. 5415func (s *UpdateSecretVersionStageOutput) SetARN(v string) *UpdateSecretVersionStageOutput { 5416 s.ARN = &v 5417 return s 5418} 5419 5420// SetName sets the Name field's value. 5421func (s *UpdateSecretVersionStageOutput) SetName(v string) *UpdateSecretVersionStageOutput { 5422 s.Name = &v 5423 return s 5424} 5425