// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. package secretsmanager import ( "fmt" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awsutil" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/private/protocol" "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" ) const opBatchGetSecretValue = "BatchGetSecretValue" // BatchGetSecretValueRequest generates a "aws/request.Request" representing the // client's request for the BatchGetSecretValue operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See BatchGetSecretValue for more information on using the BatchGetSecretValue // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the BatchGetSecretValueRequest method. // req, resp := client.BatchGetSecretValueRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValue func (c *SecretsManager) BatchGetSecretValueRequest(input *BatchGetSecretValueInput) (req *request.Request, output *BatchGetSecretValueOutput) { op := &request.Operation{ Name: opBatchGetSecretValue, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"NextToken"}, OutputTokens: []string{"NextToken"}, LimitToken: "MaxResults", TruncationToken: "", }, } if input == nil { input = &BatchGetSecretValueInput{} } output = &BatchGetSecretValueOutput{} req = c.newRequest(op, input, output) return } // BatchGetSecretValue API operation for AWS Secrets Manager. // // Retrieves the contents of the encrypted fields SecretString or SecretBinary // for up to 20 secrets. To retrieve a single secret, call GetSecretValue. // // To choose which secrets to retrieve, you can specify a list of secrets by // name or ARN, or you can use filters. If Secrets Manager encounters errors // such as AccessDeniedException while attempting to retrieve any of the secrets, // you can see the errors in Errors in the response. // // Secrets Manager generates CloudTrail GetSecretValue log entries for each // secret you request when you call this action. Do not include sensitive information // in request parameters because it might be logged. For more information, see // Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:BatchGetSecretValue, and you must have // secretsmanager:GetSecretValue for each secret. If you use filters, you must // also have secretsmanager:ListSecrets. If the secrets are encrypted using // customer-managed keys instead of the Amazon Web Services managed key aws/secretsmanager, // then you also need kms:Decrypt permissions for the keys. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation BatchGetSecretValue for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - DecryptionFailure // Secrets Manager can't decrypt the protected secret text using the provided // KMS key. // // - InternalServiceError // An error occurred on the server side. // // - InvalidNextTokenException // The NextToken value is invalid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/BatchGetSecretValue func (c *SecretsManager) BatchGetSecretValue(input *BatchGetSecretValueInput) (*BatchGetSecretValueOutput, error) { req, out := c.BatchGetSecretValueRequest(input) return out, req.Send() } // BatchGetSecretValueWithContext is the same as BatchGetSecretValue with the addition of // the ability to pass a context and additional request options. // // See BatchGetSecretValue for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) BatchGetSecretValueWithContext(ctx aws.Context, input *BatchGetSecretValueInput, opts ...request.Option) (*BatchGetSecretValueOutput, error) { req, out := c.BatchGetSecretValueRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } // BatchGetSecretValuePages iterates over the pages of a BatchGetSecretValue operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // // See BatchGetSecretValue method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // // // Example iterating over at most 3 pages of a BatchGetSecretValue operation. // pageNum := 0 // err := client.BatchGetSecretValuePages(params, // func(page *secretsmanager.BatchGetSecretValueOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) func (c *SecretsManager) BatchGetSecretValuePages(input *BatchGetSecretValueInput, fn func(*BatchGetSecretValueOutput, bool) bool) error { return c.BatchGetSecretValuePagesWithContext(aws.BackgroundContext(), input, fn) } // BatchGetSecretValuePagesWithContext same as BatchGetSecretValuePages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) BatchGetSecretValuePagesWithContext(ctx aws.Context, input *BatchGetSecretValueInput, fn func(*BatchGetSecretValueOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { var inCpy *BatchGetSecretValueInput if input != nil { tmp := *input inCpy = &tmp } req, _ := c.BatchGetSecretValueRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil }, } for p.Next() { if !fn(p.Page().(*BatchGetSecretValueOutput), !p.HasNextPage()) { break } } return p.Err() } const opCancelRotateSecret = "CancelRotateSecret" // CancelRotateSecretRequest generates a "aws/request.Request" representing the // client's request for the CancelRotateSecret operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See CancelRotateSecret for more information on using the CancelRotateSecret // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the CancelRotateSecretRequest method. // req, resp := client.CancelRotateSecretRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret func (c *SecretsManager) CancelRotateSecretRequest(input *CancelRotateSecretInput) (req *request.Request, output *CancelRotateSecretOutput) { op := &request.Operation{ Name: opCancelRotateSecret, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CancelRotateSecretInput{} } output = &CancelRotateSecretOutput{} req = c.newRequest(op, input, output) return } // CancelRotateSecret API operation for AWS Secrets Manager. // // Turns off automatic rotation, and if a rotation is currently in progress, // cancels the rotation. // // If you cancel a rotation in progress, it can leave the VersionStage labels // in an unexpected state. You might need to remove the staging label AWSPENDING // from the partially created version. You also need to determine whether to // roll back to the previous version of the secret by moving the staging label // AWSCURRENT to the version that has AWSPENDING. To determine which version // has a specific staging label, call ListSecretVersionIds. Then use UpdateSecretVersionStage // to change staging labels. For more information, see How rotation works (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html). // // To turn on automatic rotation again, call RotateSecret. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:CancelRotateSecret. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation CancelRotateSecret for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidParameterException // The parameter name or value is invalid. // // - InternalServiceError // An error occurred on the server side. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret func (c *SecretsManager) CancelRotateSecret(input *CancelRotateSecretInput) (*CancelRotateSecretOutput, error) { req, out := c.CancelRotateSecretRequest(input) return out, req.Send() } // CancelRotateSecretWithContext is the same as CancelRotateSecret with the addition of // the ability to pass a context and additional request options. // // See CancelRotateSecret for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) CancelRotateSecretWithContext(ctx aws.Context, input *CancelRotateSecretInput, opts ...request.Option) (*CancelRotateSecretOutput, error) { req, out := c.CancelRotateSecretRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opCreateSecret = "CreateSecret" // CreateSecretRequest generates a "aws/request.Request" representing the // client's request for the CreateSecret operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See CreateSecret for more information on using the CreateSecret // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the CreateSecretRequest method. // req, resp := client.CreateSecretRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *request.Request, output *CreateSecretOutput) { op := &request.Operation{ Name: opCreateSecret, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CreateSecretInput{} } output = &CreateSecretOutput{} req = c.newRequest(op, input, output) return } // CreateSecret API operation for AWS Secrets Manager. // // Creates a new secret. A secret can be a password, a set of credentials such // as a user name and password, an OAuth token, or other secret information // that you store in an encrypted form in Secrets Manager. The secret also includes // the connection information to access a database or other service, which Secrets // Manager doesn't encrypt. A secret in Secrets Manager consists of both the // protected secret data and the important information needed to manage the // secret. // // For secrets that use managed rotation, you need to create the secret through // the managing service. For more information, see Secrets Manager secrets managed // by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // For information about creating a secret in the console, see Create a secret // (https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). // // To create a secret, you can provide the secret value to be encrypted in either // the SecretString parameter or the SecretBinary parameter, but not both. If // you include SecretString or SecretBinary then Secrets Manager creates an // initial secret version and automatically attaches the staging label AWSCURRENT // to it. // // For database credentials you want to rotate, for Secrets Manager to be able // to rotate the secret, you must make sure the JSON you store in the SecretString // matches the JSON structure of a database secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html). // // If you don't specify an KMS encryption key, Secrets Manager uses the Amazon // Web Services managed key aws/secretsmanager. If this key doesn't already // exist in your account, then Secrets Manager creates it for you automatically. // All users and roles in the Amazon Web Services account automatically have // access to use aws/secretsmanager. Creating aws/secretsmanager can result // in a one-time significant delay in returning the result. // // If the secret is in a different Amazon Web Services account from the credentials // calling the API, then you can't use aws/secretsmanager to encrypt the secret, // and you must create and use a customer managed KMS key. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters except SecretBinary // or SecretString because it might be logged. For more information, see Logging // Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:CreateSecret. If you include tags in // the secret, you also need secretsmanager:TagResource. To add replica Regions, // you must also have secretsmanager:ReplicateSecretToRegions. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // To encrypt the secret with a KMS key other than aws/secretsmanager, you need // kms:GenerateDataKey and kms:Decrypt permission to the key. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation CreateSecret for usage and error information. // // Returned Error Types: // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - LimitExceededException // The request failed because it would exceed one of the Secrets Manager quotas. // // - EncryptionFailure // Secrets Manager can't encrypt the protected secret text using the provided // KMS key. Check that the KMS key is available, enabled, and not in an invalid // state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). // // - ResourceExistsException // A resource with the ID you requested already exists. // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - MalformedPolicyDocumentException // The resource policy has syntax errors. // // - InternalServiceError // An error occurred on the server side. // // - PreconditionNotMetException // The request failed because you did not complete all the prerequisite steps. // // - DecryptionFailure // Secrets Manager can't decrypt the protected secret text using the provided // KMS key. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret func (c *SecretsManager) CreateSecret(input *CreateSecretInput) (*CreateSecretOutput, error) { req, out := c.CreateSecretRequest(input) return out, req.Send() } // CreateSecretWithContext is the same as CreateSecret with the addition of // the ability to pass a context and additional request options. // // See CreateSecret for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) CreateSecretWithContext(ctx aws.Context, input *CreateSecretInput, opts ...request.Option) (*CreateSecretOutput, error) { req, out := c.CreateSecretRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDeleteResourcePolicy = "DeleteResourcePolicy" // DeleteResourcePolicyRequest generates a "aws/request.Request" representing the // client's request for the DeleteResourcePolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DeleteResourcePolicy for more information on using the DeleteResourcePolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the DeleteResourcePolicyRequest method. // req, resp := client.DeleteResourcePolicyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy func (c *SecretsManager) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) { op := &request.Operation{ Name: opDeleteResourcePolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DeleteResourcePolicyInput{} } output = &DeleteResourcePolicyOutput{} req = c.newRequest(op, input, output) return } // DeleteResourcePolicy API operation for AWS Secrets Manager. // // Deletes the resource-based permission policy attached to the secret. To attach // a policy to a secret, use PutResourcePolicy. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:DeleteResourcePolicy. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation DeleteResourcePolicy for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InternalServiceError // An error occurred on the server side. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InvalidParameterException // The parameter name or value is invalid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy func (c *SecretsManager) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) { req, out := c.DeleteResourcePolicyRequest(input) return out, req.Send() } // DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of // the ability to pass a context and additional request options. // // See DeleteResourcePolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) { req, out := c.DeleteResourcePolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDeleteSecret = "DeleteSecret" // DeleteSecretRequest generates a "aws/request.Request" representing the // client's request for the DeleteSecret operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DeleteSecret for more information on using the DeleteSecret // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the DeleteSecretRequest method. // req, resp := client.DeleteSecretRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *request.Request, output *DeleteSecretOutput) { op := &request.Operation{ Name: opDeleteSecret, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DeleteSecretInput{} } output = &DeleteSecretOutput{} req = c.newRequest(op, input, output) return } // DeleteSecret API operation for AWS Secrets Manager. // // Deletes a secret and all of its versions. You can specify a recovery window // during which you can restore the secret. The minimum recovery window is 7 // days. The default recovery window is 30 days. Secrets Manager attaches a // DeletionDate stamp to the secret that specifies the end of the recovery window. // At the end of the recovery window, Secrets Manager deletes the secret permanently. // // You can't delete a primary secret that is replicated to other Regions. You // must first delete the replicas using RemoveRegionsFromReplication, and then // delete the primary secret. When you delete a replica, it is deleted immediately. // // You can't directly delete a version of a secret. Instead, you remove all // staging labels from the version using UpdateSecretVersionStage. This marks // the version as deprecated, and then Secrets Manager can automatically delete // the version in the background. // // To determine whether an application still uses a secret, you can create an // Amazon CloudWatch alarm to alert you to any attempts to access a secret during // the recovery window. For more information, see Monitor secrets scheduled // for deletion (https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html). // // Secrets Manager performs the permanent secret deletion at the end of the // waiting period as a background task with low priority. There is no guarantee // of a specific time after the recovery window for the permanent delete to // occur. // // At any time before recovery window ends, you can use RestoreSecret to remove // the DeletionDate and cancel the deletion of the secret. // // When a secret is scheduled for deletion, you cannot retrieve the secret value. // You must first cancel the deletion with RestoreSecret and then you can retrieve // the secret. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:DeleteSecret. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation DeleteSecret for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret func (c *SecretsManager) DeleteSecret(input *DeleteSecretInput) (*DeleteSecretOutput, error) { req, out := c.DeleteSecretRequest(input) return out, req.Send() } // DeleteSecretWithContext is the same as DeleteSecret with the addition of // the ability to pass a context and additional request options. // // See DeleteSecret for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) DeleteSecretWithContext(ctx aws.Context, input *DeleteSecretInput, opts ...request.Option) (*DeleteSecretOutput, error) { req, out := c.DeleteSecretRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDescribeSecret = "DescribeSecret" // DescribeSecretRequest generates a "aws/request.Request" representing the // client's request for the DescribeSecret operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DescribeSecret for more information on using the DescribeSecret // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the DescribeSecretRequest method. // req, resp := client.DescribeSecretRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret func (c *SecretsManager) DescribeSecretRequest(input *DescribeSecretInput) (req *request.Request, output *DescribeSecretOutput) { op := &request.Operation{ Name: opDescribeSecret, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DescribeSecretInput{} } output = &DescribeSecretOutput{} req = c.newRequest(op, input, output) return } // DescribeSecret API operation for AWS Secrets Manager. // // Retrieves the details of a secret. It does not include the encrypted secret // value. Secrets Manager only returns fields that have a value in the response. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:DescribeSecret. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation DescribeSecret for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InternalServiceError // An error occurred on the server side. // // - InvalidParameterException // The parameter name or value is invalid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret func (c *SecretsManager) DescribeSecret(input *DescribeSecretInput) (*DescribeSecretOutput, error) { req, out := c.DescribeSecretRequest(input) return out, req.Send() } // DescribeSecretWithContext is the same as DescribeSecret with the addition of // the ability to pass a context and additional request options. // // See DescribeSecret for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) DescribeSecretWithContext(ctx aws.Context, input *DescribeSecretInput, opts ...request.Option) (*DescribeSecretOutput, error) { req, out := c.DescribeSecretRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opGetRandomPassword = "GetRandomPassword" // GetRandomPasswordRequest generates a "aws/request.Request" representing the // client's request for the GetRandomPassword operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See GetRandomPassword for more information on using the GetRandomPassword // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the GetRandomPasswordRequest method. // req, resp := client.GetRandomPasswordRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword func (c *SecretsManager) GetRandomPasswordRequest(input *GetRandomPasswordInput) (req *request.Request, output *GetRandomPasswordOutput) { op := &request.Operation{ Name: opGetRandomPassword, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GetRandomPasswordInput{} } output = &GetRandomPasswordOutput{} req = c.newRequest(op, input, output) return } // GetRandomPassword API operation for AWS Secrets Manager. // // Generates a random password. We recommend that you specify the maximum length // and include every character type that the system you are generating a password // for can support. By default, Secrets Manager uses uppercase and lowercase // letters, numbers, and the following characters in passwords: !\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~ // // Secrets Manager generates a CloudTrail log entry when you call this action. // // Required permissions: secretsmanager:GetRandomPassword. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation GetRandomPassword for usage and error information. // // Returned Error Types: // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword func (c *SecretsManager) GetRandomPassword(input *GetRandomPasswordInput) (*GetRandomPasswordOutput, error) { req, out := c.GetRandomPasswordRequest(input) return out, req.Send() } // GetRandomPasswordWithContext is the same as GetRandomPassword with the addition of // the ability to pass a context and additional request options. // // See GetRandomPassword for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) GetRandomPasswordWithContext(ctx aws.Context, input *GetRandomPasswordInput, opts ...request.Option) (*GetRandomPasswordOutput, error) { req, out := c.GetRandomPasswordRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opGetResourcePolicy = "GetResourcePolicy" // GetResourcePolicyRequest generates a "aws/request.Request" representing the // client's request for the GetResourcePolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See GetResourcePolicy for more information on using the GetResourcePolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the GetResourcePolicyRequest method. // req, resp := client.GetResourcePolicyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy func (c *SecretsManager) GetResourcePolicyRequest(input *GetResourcePolicyInput) (req *request.Request, output *GetResourcePolicyOutput) { op := &request.Operation{ Name: opGetResourcePolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GetResourcePolicyInput{} } output = &GetResourcePolicyOutput{} req = c.newRequest(op, input, output) return } // GetResourcePolicy API operation for AWS Secrets Manager. // // Retrieves the JSON text of the resource-based policy document attached to // the secret. For more information about permissions policies attached to a // secret, see Permissions policies attached to a secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html). // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:GetResourcePolicy. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation GetResourcePolicy for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InternalServiceError // An error occurred on the server side. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InvalidParameterException // The parameter name or value is invalid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy func (c *SecretsManager) GetResourcePolicy(input *GetResourcePolicyInput) (*GetResourcePolicyOutput, error) { req, out := c.GetResourcePolicyRequest(input) return out, req.Send() } // GetResourcePolicyWithContext is the same as GetResourcePolicy with the addition of // the ability to pass a context and additional request options. // // See GetResourcePolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) GetResourcePolicyWithContext(ctx aws.Context, input *GetResourcePolicyInput, opts ...request.Option) (*GetResourcePolicyOutput, error) { req, out := c.GetResourcePolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opGetSecretValue = "GetSecretValue" // GetSecretValueRequest generates a "aws/request.Request" representing the // client's request for the GetSecretValue operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See GetSecretValue for more information on using the GetSecretValue // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the GetSecretValueRequest method. // req, resp := client.GetSecretValueRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req *request.Request, output *GetSecretValueOutput) { op := &request.Operation{ Name: opGetSecretValue, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GetSecretValueInput{} } output = &GetSecretValueOutput{} req = c.newRequest(op, input, output) return } // GetSecretValue API operation for AWS Secrets Manager. // // Retrieves the contents of the encrypted fields SecretString or SecretBinary // from the specified version of a secret, whichever contains content. // // To retrieve the values for a group of secrets, call BatchGetSecretValue. // // We recommend that you cache your secret values by using client-side caching. // Caching secrets improves speed and reduces your costs. For more information, // see Cache secrets for your applications (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html). // // To retrieve the previous version of a secret, use VersionStage and specify // AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage // (https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html). // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:GetSecretValue. If the secret is encrypted // using a customer-managed key instead of the Amazon Web Services managed key // aws/secretsmanager, then you also need kms:Decrypt permissions for that key. // For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation GetSecretValue for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - DecryptionFailure // Secrets Manager can't decrypt the protected secret text using the provided // KMS key. // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue func (c *SecretsManager) GetSecretValue(input *GetSecretValueInput) (*GetSecretValueOutput, error) { req, out := c.GetSecretValueRequest(input) return out, req.Send() } // GetSecretValueWithContext is the same as GetSecretValue with the addition of // the ability to pass a context and additional request options. // // See GetSecretValue for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) GetSecretValueWithContext(ctx aws.Context, input *GetSecretValueInput, opts ...request.Option) (*GetSecretValueOutput, error) { req, out := c.GetSecretValueRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opListSecretVersionIds = "ListSecretVersionIds" // ListSecretVersionIdsRequest generates a "aws/request.Request" representing the // client's request for the ListSecretVersionIds operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ListSecretVersionIds for more information on using the ListSecretVersionIds // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the ListSecretVersionIdsRequest method. // req, resp := client.ListSecretVersionIdsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds func (c *SecretsManager) ListSecretVersionIdsRequest(input *ListSecretVersionIdsInput) (req *request.Request, output *ListSecretVersionIdsOutput) { op := &request.Operation{ Name: opListSecretVersionIds, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"NextToken"}, OutputTokens: []string{"NextToken"}, LimitToken: "MaxResults", TruncationToken: "", }, } if input == nil { input = &ListSecretVersionIdsInput{} } output = &ListSecretVersionIdsOutput{} req = c.newRequest(op, input, output) return } // ListSecretVersionIds API operation for AWS Secrets Manager. // // Lists the versions of a secret. Secrets Manager uses staging labels to indicate // the different versions of a secret. For more information, see Secrets Manager // concepts: Versions (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version). // // To list the secrets in the account, use ListSecrets. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:ListSecretVersionIds. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation ListSecretVersionIds for usage and error information. // // Returned Error Types: // // - InvalidNextTokenException // The NextToken value is invalid. // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InternalServiceError // An error occurred on the server side. // // - InvalidParameterException // The parameter name or value is invalid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds func (c *SecretsManager) ListSecretVersionIds(input *ListSecretVersionIdsInput) (*ListSecretVersionIdsOutput, error) { req, out := c.ListSecretVersionIdsRequest(input) return out, req.Send() } // ListSecretVersionIdsWithContext is the same as ListSecretVersionIds with the addition of // the ability to pass a context and additional request options. // // See ListSecretVersionIds for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) ListSecretVersionIdsWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, opts ...request.Option) (*ListSecretVersionIdsOutput, error) { req, out := c.ListSecretVersionIdsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } // ListSecretVersionIdsPages iterates over the pages of a ListSecretVersionIds operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // // See ListSecretVersionIds method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // // // Example iterating over at most 3 pages of a ListSecretVersionIds operation. // pageNum := 0 // err := client.ListSecretVersionIdsPages(params, // func(page *secretsmanager.ListSecretVersionIdsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) func (c *SecretsManager) ListSecretVersionIdsPages(input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool) error { return c.ListSecretVersionIdsPagesWithContext(aws.BackgroundContext(), input, fn) } // ListSecretVersionIdsPagesWithContext same as ListSecretVersionIdsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) ListSecretVersionIdsPagesWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { var inCpy *ListSecretVersionIdsInput if input != nil { tmp := *input inCpy = &tmp } req, _ := c.ListSecretVersionIdsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil }, } for p.Next() { if !fn(p.Page().(*ListSecretVersionIdsOutput), !p.HasNextPage()) { break } } return p.Err() } const opListSecrets = "ListSecrets" // ListSecretsRequest generates a "aws/request.Request" representing the // client's request for the ListSecrets operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ListSecrets for more information on using the ListSecrets // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the ListSecretsRequest method. // req, resp := client.ListSecretsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) (req *request.Request, output *ListSecretsOutput) { op := &request.Operation{ Name: opListSecrets, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"NextToken"}, OutputTokens: []string{"NextToken"}, LimitToken: "MaxResults", TruncationToken: "", }, } if input == nil { input = &ListSecretsInput{} } output = &ListSecretsOutput{} req = c.newRequest(op, input, output) return } // ListSecrets API operation for AWS Secrets Manager. // // Lists the secrets that are stored by Secrets Manager in the Amazon Web Services // account, not including secrets that are marked for deletion. To see secrets // marked for deletion, use the Secrets Manager console. // // All Secrets Manager operations are eventually consistent. ListSecrets might // not reflect changes from the last five minutes. You can get more recent information // for a specific secret by calling DescribeSecret. // // To list the versions of a secret, use ListSecretVersionIds. // // To retrieve the values for the secrets, call BatchGetSecretValue or GetSecretValue. // // For information about finding secrets in the console, see Find secrets in // Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html). // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:ListSecrets. For more information, see // IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation ListSecrets for usage and error information. // // Returned Error Types: // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InvalidNextTokenException // The NextToken value is invalid. // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets func (c *SecretsManager) ListSecrets(input *ListSecretsInput) (*ListSecretsOutput, error) { req, out := c.ListSecretsRequest(input) return out, req.Send() } // ListSecretsWithContext is the same as ListSecrets with the addition of // the ability to pass a context and additional request options. // // See ListSecrets for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) ListSecretsWithContext(ctx aws.Context, input *ListSecretsInput, opts ...request.Option) (*ListSecretsOutput, error) { req, out := c.ListSecretsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } // ListSecretsPages iterates over the pages of a ListSecrets operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // // See ListSecrets method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // // // Example iterating over at most 3 pages of a ListSecrets operation. // pageNum := 0 // err := client.ListSecretsPages(params, // func(page *secretsmanager.ListSecretsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) func (c *SecretsManager) ListSecretsPages(input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool) error { return c.ListSecretsPagesWithContext(aws.BackgroundContext(), input, fn) } // ListSecretsPagesWithContext same as ListSecretsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) ListSecretsPagesWithContext(ctx aws.Context, input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { var inCpy *ListSecretsInput if input != nil { tmp := *input inCpy = &tmp } req, _ := c.ListSecretsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil }, } for p.Next() { if !fn(p.Page().(*ListSecretsOutput), !p.HasNextPage()) { break } } return p.Err() } const opPutResourcePolicy = "PutResourcePolicy" // PutResourcePolicyRequest generates a "aws/request.Request" representing the // client's request for the PutResourcePolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See PutResourcePolicy for more information on using the PutResourcePolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the PutResourcePolicyRequest method. // req, resp := client.PutResourcePolicyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy func (c *SecretsManager) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) { op := &request.Operation{ Name: opPutResourcePolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &PutResourcePolicyInput{} } output = &PutResourcePolicyOutput{} req = c.newRequest(op, input, output) return } // PutResourcePolicy API operation for AWS Secrets Manager. // // Attaches a resource-based permission policy to a secret. A resource-based // policy is optional. For more information, see Authentication and access control // for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html) // // For information about attaching a policy in the console, see Attach a permissions // policy to a secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html). // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:PutResourcePolicy. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation PutResourcePolicy for usage and error information. // // Returned Error Types: // // - MalformedPolicyDocumentException // The resource policy has syntax errors. // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidParameterException // The parameter name or value is invalid. // // - InternalServiceError // An error occurred on the server side. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - PublicPolicyException // The BlockPublicPolicy parameter is set to true, and the resource policy did // not prevent broad access to the secret. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy func (c *SecretsManager) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) { req, out := c.PutResourcePolicyRequest(input) return out, req.Send() } // PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of // the ability to pass a context and additional request options. // // See PutResourcePolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) { req, out := c.PutResourcePolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opPutSecretValue = "PutSecretValue" // PutSecretValueRequest generates a "aws/request.Request" representing the // client's request for the PutSecretValue operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See PutSecretValue for more information on using the PutSecretValue // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the PutSecretValueRequest method. // req, resp := client.PutSecretValueRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req *request.Request, output *PutSecretValueOutput) { op := &request.Operation{ Name: opPutSecretValue, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &PutSecretValueInput{} } output = &PutSecretValueOutput{} req = c.newRequest(op, input, output) return } // PutSecretValue API operation for AWS Secrets Manager. // // Creates a new version with a new encrypted secret value and attaches it to // the secret. The version can contain a new SecretString value or a new SecretBinary // value. // // We recommend you avoid calling PutSecretValue at a sustained rate of more // than once every 10 minutes. When you update the secret value, Secrets Manager // creates a new version of the secret. Secrets Manager removes outdated versions // when there are more than 100, but it does not remove versions created less // than 24 hours ago. If you call PutSecretValue more than once every 10 minutes, // you create more versions than Secrets Manager removes, and you will reach // the quota for secret versions. // // You can specify the staging labels to attach to the new version in VersionStages. // If you don't include VersionStages, then Secrets Manager automatically moves // the staging label AWSCURRENT to this version. If this operation creates the // first version for the secret, then Secrets Manager automatically attaches // the staging label AWSCURRENT to it. If this operation moves the staging label // AWSCURRENT from another version to this version, then Secrets Manager also // automatically moves the staging label AWSPREVIOUS to the version that AWSCURRENT // was removed from. // // This operation is idempotent. If you call this operation with a ClientRequestToken // that matches an existing version's VersionId, and you specify the same secret // data, the operation succeeds but does nothing. However, if the secret data // is different, then the operation fails because you can't modify an existing // version; you can only create new ones. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters except SecretBinary, // SecretString, or RotationToken because it might be logged. For more information, // see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:PutSecretValue. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation PutSecretValue for usage and error information. // // Returned Error Types: // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - LimitExceededException // The request failed because it would exceed one of the Secrets Manager quotas. // // - EncryptionFailure // Secrets Manager can't encrypt the protected secret text using the provided // KMS key. Check that the KMS key is available, enabled, and not in an invalid // state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). // // - ResourceExistsException // A resource with the ID you requested already exists. // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InternalServiceError // An error occurred on the server side. // // - DecryptionFailure // Secrets Manager can't decrypt the protected secret text using the provided // KMS key. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue func (c *SecretsManager) PutSecretValue(input *PutSecretValueInput) (*PutSecretValueOutput, error) { req, out := c.PutSecretValueRequest(input) return out, req.Send() } // PutSecretValueWithContext is the same as PutSecretValue with the addition of // the ability to pass a context and additional request options. // // See PutSecretValue for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) PutSecretValueWithContext(ctx aws.Context, input *PutSecretValueInput, opts ...request.Option) (*PutSecretValueOutput, error) { req, out := c.PutSecretValueRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opRemoveRegionsFromReplication = "RemoveRegionsFromReplication" // RemoveRegionsFromReplicationRequest generates a "aws/request.Request" representing the // client's request for the RemoveRegionsFromReplication operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See RemoveRegionsFromReplication for more information on using the RemoveRegionsFromReplication // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the RemoveRegionsFromReplicationRequest method. // req, resp := client.RemoveRegionsFromReplicationRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication func (c *SecretsManager) RemoveRegionsFromReplicationRequest(input *RemoveRegionsFromReplicationInput) (req *request.Request, output *RemoveRegionsFromReplicationOutput) { op := &request.Operation{ Name: opRemoveRegionsFromReplication, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &RemoveRegionsFromReplicationInput{} } output = &RemoveRegionsFromReplicationOutput{} req = c.newRequest(op, input, output) return } // RemoveRegionsFromReplication API operation for AWS Secrets Manager. // // For a secret that is replicated to other Regions, deletes the secret replicas // from the Regions you specify. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:RemoveRegionsFromReplication. For more // information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation RemoveRegionsFromReplication for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InvalidParameterException // The parameter name or value is invalid. // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication func (c *SecretsManager) RemoveRegionsFromReplication(input *RemoveRegionsFromReplicationInput) (*RemoveRegionsFromReplicationOutput, error) { req, out := c.RemoveRegionsFromReplicationRequest(input) return out, req.Send() } // RemoveRegionsFromReplicationWithContext is the same as RemoveRegionsFromReplication with the addition of // the ability to pass a context and additional request options. // // See RemoveRegionsFromReplication for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) RemoveRegionsFromReplicationWithContext(ctx aws.Context, input *RemoveRegionsFromReplicationInput, opts ...request.Option) (*RemoveRegionsFromReplicationOutput, error) { req, out := c.RemoveRegionsFromReplicationRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opReplicateSecretToRegions = "ReplicateSecretToRegions" // ReplicateSecretToRegionsRequest generates a "aws/request.Request" representing the // client's request for the ReplicateSecretToRegions operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ReplicateSecretToRegions for more information on using the ReplicateSecretToRegions // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the ReplicateSecretToRegionsRequest method. // req, resp := client.ReplicateSecretToRegionsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions func (c *SecretsManager) ReplicateSecretToRegionsRequest(input *ReplicateSecretToRegionsInput) (req *request.Request, output *ReplicateSecretToRegionsOutput) { op := &request.Operation{ Name: opReplicateSecretToRegions, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &ReplicateSecretToRegionsInput{} } output = &ReplicateSecretToRegionsOutput{} req = c.newRequest(op, input, output) return } // ReplicateSecretToRegions API operation for AWS Secrets Manager. // // Replicates the secret to a new Regions. See Multi-Region secrets (https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html). // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:ReplicateSecretToRegions. If the primary // secret is encrypted with a KMS key other than aws/secretsmanager, you also // need kms:Decrypt permission to the key. To encrypt the replicated secret // with a KMS key other than aws/secretsmanager, you need kms:GenerateDataKey // and kms:Encrypt to the key. For more information, see IAM policy actions // for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation ReplicateSecretToRegions for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InvalidParameterException // The parameter name or value is invalid. // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions func (c *SecretsManager) ReplicateSecretToRegions(input *ReplicateSecretToRegionsInput) (*ReplicateSecretToRegionsOutput, error) { req, out := c.ReplicateSecretToRegionsRequest(input) return out, req.Send() } // ReplicateSecretToRegionsWithContext is the same as ReplicateSecretToRegions with the addition of // the ability to pass a context and additional request options. // // See ReplicateSecretToRegions for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) ReplicateSecretToRegionsWithContext(ctx aws.Context, input *ReplicateSecretToRegionsInput, opts ...request.Option) (*ReplicateSecretToRegionsOutput, error) { req, out := c.ReplicateSecretToRegionsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opRestoreSecret = "RestoreSecret" // RestoreSecretRequest generates a "aws/request.Request" representing the // client's request for the RestoreSecret operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See RestoreSecret for more information on using the RestoreSecret // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the RestoreSecretRequest method. // req, resp := client.RestoreSecretRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret func (c *SecretsManager) RestoreSecretRequest(input *RestoreSecretInput) (req *request.Request, output *RestoreSecretOutput) { op := &request.Operation{ Name: opRestoreSecret, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &RestoreSecretInput{} } output = &RestoreSecretOutput{} req = c.newRequest(op, input, output) return } // RestoreSecret API operation for AWS Secrets Manager. // // Cancels the scheduled deletion of a secret by removing the DeletedDate time // stamp. You can access a secret again after it has been restored. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:RestoreSecret. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation RestoreSecret for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret func (c *SecretsManager) RestoreSecret(input *RestoreSecretInput) (*RestoreSecretOutput, error) { req, out := c.RestoreSecretRequest(input) return out, req.Send() } // RestoreSecretWithContext is the same as RestoreSecret with the addition of // the ability to pass a context and additional request options. // // See RestoreSecret for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) RestoreSecretWithContext(ctx aws.Context, input *RestoreSecretInput, opts ...request.Option) (*RestoreSecretOutput, error) { req, out := c.RestoreSecretRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opRotateSecret = "RotateSecret" // RotateSecretRequest generates a "aws/request.Request" representing the // client's request for the RotateSecret operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See RotateSecret for more information on using the RotateSecret // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the RotateSecretRequest method. // req, resp := client.RotateSecretRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) (req *request.Request, output *RotateSecretOutput) { op := &request.Operation{ Name: opRotateSecret, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &RotateSecretInput{} } output = &RotateSecretOutput{} req = c.newRequest(op, input, output) return } // RotateSecret API operation for AWS Secrets Manager. // // Configures and starts the asynchronous process of rotating the secret. For // information about rotation, see Rotate secrets (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) // in the Secrets Manager User Guide. If you include the configuration parameters, // the operation sets the values for the secret and then immediately starts // a rotation. If you don't include the configuration parameters, the operation // starts a rotation with the values already stored in the secret. // // When rotation is successful, the AWSPENDING staging label might be attached // to the same version as the AWSCURRENT version, or it might not be attached // to any version. If the AWSPENDING staging label is present but not attached // to the same version as AWSCURRENT, then any later invocation of RotateSecret // assumes that a previous rotation request is still in progress and returns // an error. When rotation is unsuccessful, the AWSPENDING staging label might // be attached to an empty secret version. For more information, see Troubleshoot // rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html) // in the Secrets Manager User Guide. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:RotateSecret. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // You also need lambda:InvokeFunction permissions on the rotation function. // For more information, see Permissions for rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation RotateSecret for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidParameterException // The parameter name or value is invalid. // // - InternalServiceError // An error occurred on the server side. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret func (c *SecretsManager) RotateSecret(input *RotateSecretInput) (*RotateSecretOutput, error) { req, out := c.RotateSecretRequest(input) return out, req.Send() } // RotateSecretWithContext is the same as RotateSecret with the addition of // the ability to pass a context and additional request options. // // See RotateSecret for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) RotateSecretWithContext(ctx aws.Context, input *RotateSecretInput, opts ...request.Option) (*RotateSecretOutput, error) { req, out := c.RotateSecretRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opStopReplicationToReplica = "StopReplicationToReplica" // StopReplicationToReplicaRequest generates a "aws/request.Request" representing the // client's request for the StopReplicationToReplica operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See StopReplicationToReplica for more information on using the StopReplicationToReplica // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the StopReplicationToReplicaRequest method. // req, resp := client.StopReplicationToReplicaRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica func (c *SecretsManager) StopReplicationToReplicaRequest(input *StopReplicationToReplicaInput) (req *request.Request, output *StopReplicationToReplicaOutput) { op := &request.Operation{ Name: opStopReplicationToReplica, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &StopReplicationToReplicaInput{} } output = &StopReplicationToReplicaOutput{} req = c.newRequest(op, input, output) return } // StopReplicationToReplica API operation for AWS Secrets Manager. // // Removes the link between the replica secret and the primary secret and promotes // the replica to a primary secret in the replica Region. // // You must call this operation from the Region in which you want to promote // the replica to a primary secret. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:StopReplicationToReplica. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation StopReplicationToReplica for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InvalidParameterException // The parameter name or value is invalid. // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica func (c *SecretsManager) StopReplicationToReplica(input *StopReplicationToReplicaInput) (*StopReplicationToReplicaOutput, error) { req, out := c.StopReplicationToReplicaRequest(input) return out, req.Send() } // StopReplicationToReplicaWithContext is the same as StopReplicationToReplica with the addition of // the ability to pass a context and additional request options. // // See StopReplicationToReplica for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) StopReplicationToReplicaWithContext(ctx aws.Context, input *StopReplicationToReplicaInput, opts ...request.Option) (*StopReplicationToReplicaOutput, error) { req, out := c.StopReplicationToReplicaRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opTagResource = "TagResource" // TagResourceRequest generates a "aws/request.Request" representing the // client's request for the TagResource operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See TagResource for more information on using the TagResource // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the TagResourceRequest method. // req, resp := client.TagResourceRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource func (c *SecretsManager) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { op := &request.Operation{ Name: opTagResource, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &TagResourceInput{} } output = &TagResourceOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // TagResource API operation for AWS Secrets Manager. // // Attaches tags to a secret. Tags consist of a key name and a value. Tags are // part of the secret's metadata. They are not associated with specific versions // of the secret. This operation appends tags to the existing list of tags. // // For tag quotas and naming restrictions, see Service quotas for Tagging (https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas) // in the Amazon Web Services General Reference guide. // // If you use tags as part of your security strategy, then adding or removing // a tag can change permissions. If successfully completing this operation would // result in you losing your permissions for this secret, then the operation // is blocked and returns an Access Denied error. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:TagResource. For more information, see // IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation TagResource for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InvalidParameterException // The parameter name or value is invalid. // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource func (c *SecretsManager) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { req, out := c.TagResourceRequest(input) return out, req.Send() } // TagResourceWithContext is the same as TagResource with the addition of // the ability to pass a context and additional request options. // // See TagResource for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { req, out := c.TagResourceRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opUntagResource = "UntagResource" // UntagResourceRequest generates a "aws/request.Request" representing the // client's request for the UntagResource operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See UntagResource for more information on using the UntagResource // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the UntagResourceRequest method. // req, resp := client.UntagResourceRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource func (c *SecretsManager) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { op := &request.Operation{ Name: opUntagResource, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &UntagResourceInput{} } output = &UntagResourceOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // UntagResource API operation for AWS Secrets Manager. // // Removes specific tags from a secret. // // This operation is idempotent. If a requested tag is not attached to the secret, // no error is returned and the secret metadata is unchanged. // // If you use tags as part of your security strategy, then removing a tag can // change permissions. If successfully completing this operation would result // in you losing your permissions for this secret, then the operation is blocked // and returns an Access Denied error. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:UntagResource. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation UntagResource for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - InvalidParameterException // The parameter name or value is invalid. // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource func (c *SecretsManager) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { req, out := c.UntagResourceRequest(input) return out, req.Send() } // UntagResourceWithContext is the same as UntagResource with the addition of // the ability to pass a context and additional request options. // // See UntagResource for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { req, out := c.UntagResourceRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opUpdateSecret = "UpdateSecret" // UpdateSecretRequest generates a "aws/request.Request" representing the // client's request for the UpdateSecret operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See UpdateSecret for more information on using the UpdateSecret // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the UpdateSecretRequest method. // req, resp := client.UpdateSecretRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *request.Request, output *UpdateSecretOutput) { op := &request.Operation{ Name: opUpdateSecret, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &UpdateSecretInput{} } output = &UpdateSecretOutput{} req = c.newRequest(op, input, output) return } // UpdateSecret API operation for AWS Secrets Manager. // // Modifies the details of a secret, including metadata and the secret value. // To change the secret value, you can also use PutSecretValue. // // To change the rotation configuration of a secret, use RotateSecret instead. // // To change a secret so that it is managed by another service, you need to // recreate the secret in that service. See Secrets Manager secrets managed // by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // We recommend you avoid calling UpdateSecret at a sustained rate of more than // once every 10 minutes. When you call UpdateSecret to update the secret value, // Secrets Manager creates a new version of the secret. Secrets Manager removes // outdated versions when there are more than 100, but it does not remove versions // created less than 24 hours ago. If you update the secret value more than // once every 10 minutes, you create more versions than Secrets Manager removes, // and you will reach the quota for secret versions. // // If you include SecretString or SecretBinary to create a new secret version, // Secrets Manager automatically moves the staging label AWSCURRENT to the new // version. Then it attaches the label AWSPREVIOUS to the version that AWSCURRENT // was removed from. // // If you call this operation with a ClientRequestToken that matches an existing // version's VersionId, the operation results in an error. You can't modify // an existing version, you can only create a new version. To remove a version, // remove all staging labels from it. See UpdateSecretVersionStage. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters except SecretBinary // or SecretString because it might be logged. For more information, see Logging // Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:UpdateSecret. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // If you use a customer managed key, you must also have kms:GenerateDataKey, // kms:Encrypt, and kms:Decrypt permissions on the key. If you change the KMS // key and you don't have kms:Encrypt permission to the new key, Secrets Manager // does not re-ecrypt existing secret versions with the new key. For more information, // see Secret encryption and decryption (https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation UpdateSecret for usage and error information. // // Returned Error Types: // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - LimitExceededException // The request failed because it would exceed one of the Secrets Manager quotas. // // - EncryptionFailure // Secrets Manager can't encrypt the protected secret text using the provided // KMS key. Check that the KMS key is available, enabled, and not in an invalid // state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). // // - ResourceExistsException // A resource with the ID you requested already exists. // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - MalformedPolicyDocumentException // The resource policy has syntax errors. // // - InternalServiceError // An error occurred on the server side. // // - PreconditionNotMetException // The request failed because you did not complete all the prerequisite steps. // // - DecryptionFailure // Secrets Manager can't decrypt the protected secret text using the provided // KMS key. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret func (c *SecretsManager) UpdateSecret(input *UpdateSecretInput) (*UpdateSecretOutput, error) { req, out := c.UpdateSecretRequest(input) return out, req.Send() } // UpdateSecretWithContext is the same as UpdateSecret with the addition of // the ability to pass a context and additional request options. // // See UpdateSecret for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) UpdateSecretWithContext(ctx aws.Context, input *UpdateSecretInput, opts ...request.Option) (*UpdateSecretOutput, error) { req, out := c.UpdateSecretRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opUpdateSecretVersionStage = "UpdateSecretVersionStage" // UpdateSecretVersionStageRequest generates a "aws/request.Request" representing the // client's request for the UpdateSecretVersionStage operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See UpdateSecretVersionStage for more information on using the UpdateSecretVersionStage // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the UpdateSecretVersionStageRequest method. // req, resp := client.UpdateSecretVersionStageRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVersionStageInput) (req *request.Request, output *UpdateSecretVersionStageOutput) { op := &request.Operation{ Name: opUpdateSecretVersionStage, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &UpdateSecretVersionStageInput{} } output = &UpdateSecretVersionStageOutput{} req = c.newRequest(op, input, output) return } // UpdateSecretVersionStage API operation for AWS Secrets Manager. // // Modifies the staging labels attached to a version of a secret. Secrets Manager // uses staging labels to track a version as it progresses through the secret // rotation process. Each staging label can be attached to only one version // at a time. To add a staging label to a version when it is already attached // to another version, Secrets Manager first removes it from the other version // first and then attaches it to this one. For more information about versions // and staging labels, see Concepts: Version (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version). // // The staging labels that you specify in the VersionStage parameter are added // to the existing list of staging labels for the version. // // You can move the AWSCURRENT staging label to this version by including it // in this call. // // Whenever you move AWSCURRENT, Secrets Manager automatically moves the label // AWSPREVIOUS to the version that AWSCURRENT was removed from. // // If this action results in the last label being removed from a version, then // the version is considered to be 'deprecated' and can be deleted by Secrets // Manager. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:UpdateSecretVersionStage. For more information, // see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation UpdateSecretVersionStage for usage and error information. // // Returned Error Types: // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidParameterException // The parameter name or value is invalid. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // - LimitExceededException // The request failed because it would exceed one of the Secrets Manager quotas. // // - InternalServiceError // An error occurred on the server side. // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage func (c *SecretsManager) UpdateSecretVersionStage(input *UpdateSecretVersionStageInput) (*UpdateSecretVersionStageOutput, error) { req, out := c.UpdateSecretVersionStageRequest(input) return out, req.Send() } // UpdateSecretVersionStageWithContext is the same as UpdateSecretVersionStage with the addition of // the ability to pass a context and additional request options. // // See UpdateSecretVersionStage for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) UpdateSecretVersionStageWithContext(ctx aws.Context, input *UpdateSecretVersionStageInput, opts ...request.Option) (*UpdateSecretVersionStageOutput, error) { req, out := c.UpdateSecretVersionStageRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opValidateResourcePolicy = "ValidateResourcePolicy" // ValidateResourcePolicyRequest generates a "aws/request.Request" representing the // client's request for the ValidateResourcePolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ValidateResourcePolicy for more information on using the ValidateResourcePolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // Example sending a request using the ValidateResourcePolicyRequest method. // req, resp := client.ValidateResourcePolicyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy func (c *SecretsManager) ValidateResourcePolicyRequest(input *ValidateResourcePolicyInput) (req *request.Request, output *ValidateResourcePolicyOutput) { op := &request.Operation{ Name: opValidateResourcePolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &ValidateResourcePolicyInput{} } output = &ValidateResourcePolicyOutput{} req = c.newRequest(op, input, output) return } // ValidateResourcePolicy API operation for AWS Secrets Manager. // // Validates that a resource policy does not grant a wide range of principals // access to your secret. A resource-based policy is optional for secrets. // // The API performs three checks when validating the policy: // // - Sends a call to Zelkova (https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/), // an automated reasoning engine, to ensure your resource policy does not // allow broad access to your secret, for example policies that use a wildcard // for the principal. // // - Checks for correct syntax in a policy. // // - Verifies the policy does not lock out a caller. // // Secrets Manager generates a CloudTrail log entry when you call this action. // Do not include sensitive information in request parameters because it might // be logged. For more information, see Logging Secrets Manager events with // CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html). // // Required permissions: secretsmanager:ValidateResourcePolicy and secretsmanager:PutResourcePolicy. // For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) // and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Secrets Manager's // API operation ValidateResourcePolicy for usage and error information. // // Returned Error Types: // // - MalformedPolicyDocumentException // The resource policy has syntax errors. // // - ResourceNotFoundException // Secrets Manager can't find the resource that you asked for. // // - InvalidParameterException // The parameter name or value is invalid. // // - InternalServiceError // An error occurred on the server side. // // - InvalidRequestException // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). // // See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy func (c *SecretsManager) ValidateResourcePolicy(input *ValidateResourcePolicyInput) (*ValidateResourcePolicyOutput, error) { req, out := c.ValidateResourcePolicyRequest(input) return out, req.Send() } // ValidateResourcePolicyWithContext is the same as ValidateResourcePolicy with the addition of // the ability to pass a context and additional request options. // // See ValidateResourcePolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *SecretsManager) ValidateResourcePolicyWithContext(ctx aws.Context, input *ValidateResourcePolicyInput, opts ...request.Option) (*ValidateResourcePolicyOutput, error) { req, out := c.ValidateResourcePolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } // The error Secrets Manager encountered while retrieving an individual secret // as part of BatchGetSecretValue. type APIErrorType struct { _ struct{} `type:"structure"` // The error Secrets Manager encountered while retrieving an individual secret // as part of BatchGetSecretValue, for example ResourceNotFoundException,InvalidParameterException, // InvalidRequestException, DecryptionFailure, or AccessDeniedException. ErrorCode *string `type:"string"` // A message describing the error. Message *string `type:"string"` // The ARN or name of the secret. SecretId *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s APIErrorType) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s APIErrorType) GoString() string { return s.String() } // SetErrorCode sets the ErrorCode field's value. func (s *APIErrorType) SetErrorCode(v string) *APIErrorType { s.ErrorCode = &v return s } // SetMessage sets the Message field's value. func (s *APIErrorType) SetMessage(v string) *APIErrorType { s.Message = &v return s } // SetSecretId sets the SecretId field's value. func (s *APIErrorType) SetSecretId(v string) *APIErrorType { s.SecretId = &v return s } type BatchGetSecretValueInput struct { _ struct{} `type:"structure"` // The filters to choose which secrets to retrieve. You must include Filters // or SecretIdList, but not both. Filters []*Filter `type:"list"` // The number of results to include in the response. // // If there are more results available, in the response, Secrets Manager includes // NextToken. To get the next results, call BatchGetSecretValue again with the // value from NextToken. To use this parameter, you must also use the Filters // parameter. MaxResults *int64 `min:"1" type:"integer"` // A token that indicates where the output should continue from, if a previous // call did not show all results. To get the next results, call BatchGetSecretValue // again with this value. NextToken *string `min:"1" type:"string"` // The ARN or names of the secrets to retrieve. You must include Filters or // SecretIdList, but not both. SecretIdList []*string `min:"1" type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s BatchGetSecretValueInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s BatchGetSecretValueInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *BatchGetSecretValueInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "BatchGetSecretValueInput"} if s.MaxResults != nil && *s.MaxResults < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) } if s.NextToken != nil && len(*s.NextToken) < 1 { invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) } if s.SecretIdList != nil && len(s.SecretIdList) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretIdList", 1)) } if s.Filters != nil { for i, v := range s.Filters { if v == nil { continue } if err := v.Validate(); err != nil { invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) } } } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetFilters sets the Filters field's value. func (s *BatchGetSecretValueInput) SetFilters(v []*Filter) *BatchGetSecretValueInput { s.Filters = v return s } // SetMaxResults sets the MaxResults field's value. func (s *BatchGetSecretValueInput) SetMaxResults(v int64) *BatchGetSecretValueInput { s.MaxResults = &v return s } // SetNextToken sets the NextToken field's value. func (s *BatchGetSecretValueInput) SetNextToken(v string) *BatchGetSecretValueInput { s.NextToken = &v return s } // SetSecretIdList sets the SecretIdList field's value. func (s *BatchGetSecretValueInput) SetSecretIdList(v []*string) *BatchGetSecretValueInput { s.SecretIdList = v return s } type BatchGetSecretValueOutput struct { _ struct{} `type:"structure"` // A list of errors Secrets Manager encountered while attempting to retrieve // individual secrets. Errors []*APIErrorType `type:"list"` // Secrets Manager includes this value if there's more output available than // what is included in the current response. This can occur even when the response // includes no values at all, such as when you ask for a filtered view of a // long list. To get the next results, call BatchGetSecretValue again with this // value. NextToken *string `min:"1" type:"string"` // A list of secret values. SecretValues []*SecretValueEntry `type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s BatchGetSecretValueOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s BatchGetSecretValueOutput) GoString() string { return s.String() } // SetErrors sets the Errors field's value. func (s *BatchGetSecretValueOutput) SetErrors(v []*APIErrorType) *BatchGetSecretValueOutput { s.Errors = v return s } // SetNextToken sets the NextToken field's value. func (s *BatchGetSecretValueOutput) SetNextToken(v string) *BatchGetSecretValueOutput { s.NextToken = &v return s } // SetSecretValues sets the SecretValues field's value. func (s *BatchGetSecretValueOutput) SetSecretValues(v []*SecretValueEntry) *BatchGetSecretValueOutput { s.SecretValues = v return s } type CancelRotateSecretInput struct { _ struct{} `type:"structure"` // The ARN or name of the secret. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s CancelRotateSecretInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s CancelRotateSecretInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *CancelRotateSecretInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CancelRotateSecretInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetSecretId sets the SecretId field's value. func (s *CancelRotateSecretInput) SetSecretId(v string) *CancelRotateSecretInput { s.SecretId = &v return s } type CancelRotateSecretOutput struct { _ struct{} `type:"structure"` // The ARN of the secret. ARN *string `min:"20" type:"string"` // The name of the secret. Name *string `min:"1" type:"string"` // The unique identifier of the version of the secret created during the rotation. // This version might not be complete, and should be evaluated for possible // deletion. We recommend that you remove the VersionStage value AWSPENDING // from this version so that Secrets Manager can delete it. Failing to clean // up a cancelled rotation can block you from starting future rotations. VersionId *string `min:"32" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s CancelRotateSecretOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s CancelRotateSecretOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *CancelRotateSecretOutput) SetARN(v string) *CancelRotateSecretOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *CancelRotateSecretOutput) SetName(v string) *CancelRotateSecretOutput { s.Name = &v return s } // SetVersionId sets the VersionId field's value. func (s *CancelRotateSecretOutput) SetVersionId(v string) *CancelRotateSecretOutput { s.VersionId = &v return s } type CreateSecretInput struct { _ struct{} `type:"structure"` // A list of Regions and KMS keys to replicate secrets. AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list"` // If you include SecretString or SecretBinary, then Secrets Manager creates // an initial version for the secret, and this parameter specifies the unique // identifier for the new version. // // If you use the Amazon Web Services CLI or one of the Amazon Web Services // SDKs to call this operation, then you can leave this parameter empty. The // CLI or SDK generates a random UUID for you and includes it as the value for // this parameter in the request. // // If you generate a raw HTTP request to the Secrets Manager service endpoint, // then you must generate a ClientRequestToken and include it in the request. // // This value helps ensure idempotency. Secrets Manager uses this value to prevent // the accidental creation of duplicate versions if there are failures and retries // during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) // value to ensure uniqueness of your versions within the specified secret. // // * If the ClientRequestToken value isn't already associated with a version // of the secret then a new version of the secret is created. // // * If a version with this value already exists and the version SecretString // and SecretBinary values are the same as those in the request, then the // request is ignored. // // * If a version with this value already exists and that version's SecretString // and SecretBinary values are different from those in the request, then // the request fails because you cannot modify an existing version. Instead, // use PutSecretValue to create a new version. // // This value becomes the VersionId of the new version. ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` // The description of the secret. Description *string `type:"string"` // Specifies whether to overwrite a secret with the same name in the destination // Region. By default, secrets aren't overwritten. ForceOverwriteReplicaSecret *bool `type:"boolean"` // The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt // the secret value in the secret. An alias is always prefixed by alias/, for // example alias/aws/secretsmanager. For more information, see About aliases // (https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html). // // To use a KMS key in a different account, use the key ARN or the alias ARN. // // If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. // If that key doesn't yet exist, then Secrets Manager creates it for you automatically // the first time it encrypts the secret value. // // If the secret is in a different Amazon Web Services account from the credentials // calling the API, then you can't use aws/secretsmanager to encrypt the secret, // and you must create and use a customer managed KMS key. KmsKeyId *string `type:"string"` // The name of the new secret. // // The secret name can contain ASCII letters, numbers, and the following characters: // /_+=.@- // // Do not end your secret name with a hyphen followed by six characters. If // you do so, you risk confusion and unexpected results when searching for a // secret by partial ARN. Secrets Manager automatically adds a hyphen and six // random characters after the secret name at the end of the ARN. // // Name is a required field Name *string `min:"1" type:"string" required:"true"` // The binary data to encrypt and store in the new version of the secret. We // recommend that you store your binary data in a file and then pass the contents // of the file as a parameter. // // Either SecretString or SecretBinary must have a value, but not both. // // This parameter is not available in the Secrets Manager console. // // Sensitive: This field contains sensitive information, so the service does // not include it in CloudTrail log entries. If you create your own log entries, // you must also avoid logging the information in this field. // // SecretBinary is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateSecretInput's // String and GoString methods. // // SecretBinary is automatically base64 encoded/decoded by the SDK. SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` // The text data to encrypt and store in this new version of the secret. We // recommend you use a JSON structure of key/value pairs for your secret value. // // Either SecretString or SecretBinary must have a value, but not both. // // If you create a secret by using the Secrets Manager console then Secrets // Manager puts the protected secret text in only the SecretString parameter. // The Secrets Manager console stores the information as a JSON structure of // key/value pairs that a Lambda rotation function can parse. // // Sensitive: This field contains sensitive information, so the service does // not include it in CloudTrail log entries. If you create your own log entries, // you must also avoid logging the information in this field. // // SecretString is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateSecretInput's // String and GoString methods. SecretString *string `min:"1" type:"string" sensitive:"true"` // A list of tags to attach to the secret. Each tag is a key and value pair // of strings in a JSON text string, for example: // // [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}] // // Secrets Manager tag key names are case sensitive. A tag with the key "ABC" // is a different tag from one with key "abc". // // If you check tags in permissions policies as part of your security strategy, // then adding or removing a tag can change permissions. If the completion of // this operation would result in you losing your permissions for this secret, // then Secrets Manager blocks the operation and returns an Access Denied error. // For more information, see Control access to secrets using tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) // and Limit access to identities with tags that match secrets' tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2). // // For information about how to format a JSON parameter for the various command // line tool environments, see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). // If your command-line tool or SDK requires quotation marks around the parameter, // you should use single quotes to avoid confusion with the double quotes required // in the JSON text. // // For tag quotas and naming restrictions, see Service quotas for Tagging (https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas) // in the Amazon Web Services General Reference guide. Tags []*Tag `type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s CreateSecretInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s CreateSecretInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *CreateSecretInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateSecretInput"} if s.AddReplicaRegions != nil && len(s.AddReplicaRegions) < 1 { invalidParams.Add(request.NewErrParamMinLen("AddReplicaRegions", 1)) } if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) } if s.Name == nil { invalidParams.Add(request.NewErrParamRequired("Name")) } if s.Name != nil && len(*s.Name) < 1 { invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } if s.SecretBinary != nil && len(s.SecretBinary) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretBinary", 1)) } if s.SecretString != nil && len(*s.SecretString) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretString", 1)) } if s.AddReplicaRegions != nil { for i, v := range s.AddReplicaRegions { if v == nil { continue } if err := v.Validate(); err != nil { invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AddReplicaRegions", i), err.(request.ErrInvalidParams)) } } } if s.Tags != nil { for i, v := range s.Tags { if v == nil { continue } if err := v.Validate(); err != nil { invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) } } } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetAddReplicaRegions sets the AddReplicaRegions field's value. func (s *CreateSecretInput) SetAddReplicaRegions(v []*ReplicaRegionType) *CreateSecretInput { s.AddReplicaRegions = v return s } // SetClientRequestToken sets the ClientRequestToken field's value. func (s *CreateSecretInput) SetClientRequestToken(v string) *CreateSecretInput { s.ClientRequestToken = &v return s } // SetDescription sets the Description field's value. func (s *CreateSecretInput) SetDescription(v string) *CreateSecretInput { s.Description = &v return s } // SetForceOverwriteReplicaSecret sets the ForceOverwriteReplicaSecret field's value. func (s *CreateSecretInput) SetForceOverwriteReplicaSecret(v bool) *CreateSecretInput { s.ForceOverwriteReplicaSecret = &v return s } // SetKmsKeyId sets the KmsKeyId field's value. func (s *CreateSecretInput) SetKmsKeyId(v string) *CreateSecretInput { s.KmsKeyId = &v return s } // SetName sets the Name field's value. func (s *CreateSecretInput) SetName(v string) *CreateSecretInput { s.Name = &v return s } // SetSecretBinary sets the SecretBinary field's value. func (s *CreateSecretInput) SetSecretBinary(v []byte) *CreateSecretInput { s.SecretBinary = v return s } // SetSecretString sets the SecretString field's value. func (s *CreateSecretInput) SetSecretString(v string) *CreateSecretInput { s.SecretString = &v return s } // SetTags sets the Tags field's value. func (s *CreateSecretInput) SetTags(v []*Tag) *CreateSecretInput { s.Tags = v return s } type CreateSecretOutput struct { _ struct{} `type:"structure"` // The ARN of the new secret. The ARN includes the name of the secret followed // by six random characters. This ensures that if you create a new secret with // the same name as a deleted secret, then users with access to the old secret // don't get access to the new secret because the ARNs are different. ARN *string `min:"20" type:"string"` // The name of the new secret. Name *string `min:"1" type:"string"` // A list of the replicas of this secret and their status: // // * Failed, which indicates that the replica was not created. // // * InProgress, which indicates that Secrets Manager is in the process of // creating the replica. // // * InSync, which indicates that the replica was created. ReplicationStatus []*ReplicationStatusType `type:"list"` // The unique identifier associated with the version of the new secret. VersionId *string `min:"32" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s CreateSecretOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s CreateSecretOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *CreateSecretOutput) SetARN(v string) *CreateSecretOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *CreateSecretOutput) SetName(v string) *CreateSecretOutput { s.Name = &v return s } // SetReplicationStatus sets the ReplicationStatus field's value. func (s *CreateSecretOutput) SetReplicationStatus(v []*ReplicationStatusType) *CreateSecretOutput { s.ReplicationStatus = v return s } // SetVersionId sets the VersionId field's value. func (s *CreateSecretOutput) SetVersionId(v string) *CreateSecretOutput { s.VersionId = &v return s } // Secrets Manager can't decrypt the protected secret text using the provided // KMS key. type DecryptionFailure struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DecryptionFailure) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DecryptionFailure) GoString() string { return s.String() } func newErrorDecryptionFailure(v protocol.ResponseMetadata) error { return &DecryptionFailure{ RespMetadata: v, } } // Code returns the exception type name. func (s *DecryptionFailure) Code() string { return "DecryptionFailure" } // Message returns the exception's message. func (s *DecryptionFailure) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *DecryptionFailure) OrigErr() error { return nil } func (s *DecryptionFailure) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *DecryptionFailure) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *DecryptionFailure) RequestID() string { return s.RespMetadata.RequestID } type DeleteResourcePolicyInput struct { _ struct{} `type:"structure"` // The ARN or name of the secret to delete the attached resource-based policy // for. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DeleteResourcePolicyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DeleteResourcePolicyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DeleteResourcePolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DeleteResourcePolicyInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetSecretId sets the SecretId field's value. func (s *DeleteResourcePolicyInput) SetSecretId(v string) *DeleteResourcePolicyInput { s.SecretId = &v return s } type DeleteResourcePolicyOutput struct { _ struct{} `type:"structure"` // The ARN of the secret that the resource-based policy was deleted for. ARN *string `min:"20" type:"string"` // The name of the secret that the resource-based policy was deleted for. Name *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DeleteResourcePolicyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DeleteResourcePolicyOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *DeleteResourcePolicyOutput) SetARN(v string) *DeleteResourcePolicyOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *DeleteResourcePolicyOutput) SetName(v string) *DeleteResourcePolicyOutput { s.Name = &v return s } type DeleteSecretInput struct { _ struct{} `type:"structure"` // Specifies whether to delete the secret without any recovery window. You can't // use both this parameter and RecoveryWindowInDays in the same call. If you // don't use either, then by default Secrets Manager uses a 30 day recovery // window. // // Secrets Manager performs the actual deletion with an asynchronous background // process, so there might be a short delay before the secret is permanently // deleted. If you delete a secret and then immediately create a secret with // the same name, use appropriate back off and retry logic. // // If you forcibly delete an already deleted or nonexistent secret, the operation // does not return ResourceNotFoundException. // // Use this parameter with caution. This parameter causes the operation to skip // the normal recovery window before the permanent deletion that Secrets Manager // would normally impose with the RecoveryWindowInDays parameter. If you delete // a secret with the ForceDeleteWithoutRecovery parameter, then you have no // opportunity to recover the secret. You lose the secret permanently. ForceDeleteWithoutRecovery *bool `type:"boolean"` // The number of days from 7 to 30 that Secrets Manager waits before permanently // deleting the secret. You can't use both this parameter and ForceDeleteWithoutRecovery // in the same call. If you don't use either, then by default Secrets Manager // uses a 30 day recovery window. RecoveryWindowInDays *int64 `type:"long"` // The ARN or name of the secret to delete. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DeleteSecretInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DeleteSecretInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DeleteSecretInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DeleteSecretInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetForceDeleteWithoutRecovery sets the ForceDeleteWithoutRecovery field's value. func (s *DeleteSecretInput) SetForceDeleteWithoutRecovery(v bool) *DeleteSecretInput { s.ForceDeleteWithoutRecovery = &v return s } // SetRecoveryWindowInDays sets the RecoveryWindowInDays field's value. func (s *DeleteSecretInput) SetRecoveryWindowInDays(v int64) *DeleteSecretInput { s.RecoveryWindowInDays = &v return s } // SetSecretId sets the SecretId field's value. func (s *DeleteSecretInput) SetSecretId(v string) *DeleteSecretInput { s.SecretId = &v return s } type DeleteSecretOutput struct { _ struct{} `type:"structure"` // The ARN of the secret. ARN *string `min:"20" type:"string"` // The date and time after which this secret Secrets Manager can permanently // delete this secret, and it can no longer be restored. This value is the date // and time of the delete request plus the number of days in RecoveryWindowInDays. DeletionDate *time.Time `type:"timestamp"` // The name of the secret. Name *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DeleteSecretOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DeleteSecretOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *DeleteSecretOutput) SetARN(v string) *DeleteSecretOutput { s.ARN = &v return s } // SetDeletionDate sets the DeletionDate field's value. func (s *DeleteSecretOutput) SetDeletionDate(v time.Time) *DeleteSecretOutput { s.DeletionDate = &v return s } // SetName sets the Name field's value. func (s *DeleteSecretOutput) SetName(v string) *DeleteSecretOutput { s.Name = &v return s } type DescribeSecretInput struct { _ struct{} `type:"structure"` // The ARN or name of the secret. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DescribeSecretInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DescribeSecretInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DescribeSecretInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DescribeSecretInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetSecretId sets the SecretId field's value. func (s *DescribeSecretInput) SetSecretId(v string) *DescribeSecretInput { s.SecretId = &v return s } type DescribeSecretOutput struct { _ struct{} `type:"structure"` // The ARN of the secret. ARN *string `min:"20" type:"string"` // The date the secret was created. CreatedDate *time.Time `type:"timestamp"` // The date the secret is scheduled for deletion. If it is not scheduled for // deletion, this field is omitted. When you delete a secret, Secrets Manager // requires a recovery window of at least 7 days before deleting the secret. // Some time after the deleted date, Secrets Manager deletes the secret, including // all of its versions. // // If a secret is scheduled for deletion, then its details, including the encrypted // secret value, is not accessible. To cancel a scheduled deletion and restore // access to the secret, use RestoreSecret. DeletedDate *time.Time `type:"timestamp"` // The description of the secret. Description *string `type:"string"` // The key ID or alias ARN of the KMS key that Secrets Manager uses to encrypt // the secret value. If the secret is encrypted with the Amazon Web Services // managed key aws/secretsmanager, this field is omitted. Secrets created using // the console use an KMS key ID. KmsKeyId *string `type:"string"` // The date that the secret was last accessed in the Region. This field is omitted // if the secret has never been retrieved in the Region. LastAccessedDate *time.Time `type:"timestamp"` // The last date and time that this secret was modified in any way. LastChangedDate *time.Time `type:"timestamp"` // The last date and time that Secrets Manager rotated the secret. If the secret // isn't configured for rotation or rotation has been disabled, Secrets Manager // returns null. LastRotatedDate *time.Time `type:"timestamp"` // The name of the secret. Name *string `min:"1" type:"string"` // The next rotation is scheduled to occur on or before this date. If the secret // isn't configured for rotation or rotation has been disabled, Secrets Manager // returns null. If rotation fails, Secrets Manager retries the entire rotation // process multiple times. If rotation is unsuccessful, this date may be in // the past. // // This date represents the latest date that rotation will occur, but it is // not an approximate rotation date. In some cases, for example if you turn // off automatic rotation and then turn it back on, the next rotation may occur // much sooner than this date. NextRotationDate *time.Time `type:"timestamp"` // The ID of the service that created this secret. For more information, see // Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). OwningService *string `min:"1" type:"string"` // The Region the secret is in. If a secret is replicated to other Regions, // the replicas are listed in ReplicationStatus. PrimaryRegion *string `min:"1" type:"string"` // A list of the replicas of this secret and their status: // // * Failed, which indicates that the replica was not created. // // * InProgress, which indicates that Secrets Manager is in the process of // creating the replica. // // * InSync, which indicates that the replica was created. ReplicationStatus []*ReplicationStatusType `type:"list"` // Specifies whether automatic rotation is turned on for this secret. If the // secret has never been configured for rotation, Secrets Manager returns null. // // To turn on rotation, use RotateSecret. To turn off rotation, use CancelRotateSecret. RotationEnabled *bool `type:"boolean"` // The ARN of the Lambda function that Secrets Manager invokes to rotate the // secret. RotationLambdaARN *string `type:"string"` // The rotation schedule and Lambda function for this secret. If the secret // previously had rotation turned on, but it is now turned off, this field shows // the previous rotation schedule and rotation function. If the secret never // had rotation turned on, this field is omitted. RotationRules *RotationRulesType `type:"structure"` // The list of tags attached to the secret. To add tags to a secret, use TagResource. // To remove tags, use UntagResource. Tags []*Tag `type:"list"` // A list of the versions of the secret that have staging labels attached. Versions // that don't have staging labels are considered deprecated and Secrets Manager // can delete them. // // Secrets Manager uses staging labels to indicate the status of a secret version // during rotation. The three staging labels for rotation are: // // * AWSCURRENT, which indicates the current version of the secret. // // * AWSPENDING, which indicates the version of the secret that contains // new secret information that will become the next current version when // rotation finishes. During rotation, Secrets Manager creates an AWSPENDING // version ID before creating the new secret version. To check if a secret // version exists, call GetSecretValue. // // * AWSPREVIOUS, which indicates the previous current version of the secret. // You can use this as the last known good version. // // For more information about rotation and staging labels, see How rotation // works (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html). VersionIdsToStages map[string][]*string `type:"map"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DescribeSecretOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s DescribeSecretOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *DescribeSecretOutput) SetARN(v string) *DescribeSecretOutput { s.ARN = &v return s } // SetCreatedDate sets the CreatedDate field's value. func (s *DescribeSecretOutput) SetCreatedDate(v time.Time) *DescribeSecretOutput { s.CreatedDate = &v return s } // SetDeletedDate sets the DeletedDate field's value. func (s *DescribeSecretOutput) SetDeletedDate(v time.Time) *DescribeSecretOutput { s.DeletedDate = &v return s } // SetDescription sets the Description field's value. func (s *DescribeSecretOutput) SetDescription(v string) *DescribeSecretOutput { s.Description = &v return s } // SetKmsKeyId sets the KmsKeyId field's value. func (s *DescribeSecretOutput) SetKmsKeyId(v string) *DescribeSecretOutput { s.KmsKeyId = &v return s } // SetLastAccessedDate sets the LastAccessedDate field's value. func (s *DescribeSecretOutput) SetLastAccessedDate(v time.Time) *DescribeSecretOutput { s.LastAccessedDate = &v return s } // SetLastChangedDate sets the LastChangedDate field's value. func (s *DescribeSecretOutput) SetLastChangedDate(v time.Time) *DescribeSecretOutput { s.LastChangedDate = &v return s } // SetLastRotatedDate sets the LastRotatedDate field's value. func (s *DescribeSecretOutput) SetLastRotatedDate(v time.Time) *DescribeSecretOutput { s.LastRotatedDate = &v return s } // SetName sets the Name field's value. func (s *DescribeSecretOutput) SetName(v string) *DescribeSecretOutput { s.Name = &v return s } // SetNextRotationDate sets the NextRotationDate field's value. func (s *DescribeSecretOutput) SetNextRotationDate(v time.Time) *DescribeSecretOutput { s.NextRotationDate = &v return s } // SetOwningService sets the OwningService field's value. func (s *DescribeSecretOutput) SetOwningService(v string) *DescribeSecretOutput { s.OwningService = &v return s } // SetPrimaryRegion sets the PrimaryRegion field's value. func (s *DescribeSecretOutput) SetPrimaryRegion(v string) *DescribeSecretOutput { s.PrimaryRegion = &v return s } // SetReplicationStatus sets the ReplicationStatus field's value. func (s *DescribeSecretOutput) SetReplicationStatus(v []*ReplicationStatusType) *DescribeSecretOutput { s.ReplicationStatus = v return s } // SetRotationEnabled sets the RotationEnabled field's value. func (s *DescribeSecretOutput) SetRotationEnabled(v bool) *DescribeSecretOutput { s.RotationEnabled = &v return s } // SetRotationLambdaARN sets the RotationLambdaARN field's value. func (s *DescribeSecretOutput) SetRotationLambdaARN(v string) *DescribeSecretOutput { s.RotationLambdaARN = &v return s } // SetRotationRules sets the RotationRules field's value. func (s *DescribeSecretOutput) SetRotationRules(v *RotationRulesType) *DescribeSecretOutput { s.RotationRules = v return s } // SetTags sets the Tags field's value. func (s *DescribeSecretOutput) SetTags(v []*Tag) *DescribeSecretOutput { s.Tags = v return s } // SetVersionIdsToStages sets the VersionIdsToStages field's value. func (s *DescribeSecretOutput) SetVersionIdsToStages(v map[string][]*string) *DescribeSecretOutput { s.VersionIdsToStages = v return s } // Secrets Manager can't encrypt the protected secret text using the provided // KMS key. Check that the KMS key is available, enabled, and not in an invalid // state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html). type EncryptionFailure struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s EncryptionFailure) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s EncryptionFailure) GoString() string { return s.String() } func newErrorEncryptionFailure(v protocol.ResponseMetadata) error { return &EncryptionFailure{ RespMetadata: v, } } // Code returns the exception type name. func (s *EncryptionFailure) Code() string { return "EncryptionFailure" } // Message returns the exception's message. func (s *EncryptionFailure) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *EncryptionFailure) OrigErr() error { return nil } func (s *EncryptionFailure) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *EncryptionFailure) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *EncryptionFailure) RequestID() string { return s.RespMetadata.RequestID } // Allows you to add filters when you use the search function in Secrets Manager. // For more information, see Find secrets in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html). type Filter struct { _ struct{} `type:"structure"` // The following are keys you can use: // // * description: Prefix match, not case-sensitive. // // * name: Prefix match, case-sensitive. // // * tag-key: Prefix match, case-sensitive. // // * tag-value: Prefix match, case-sensitive. // // * primary-region: Prefix match, case-sensitive. // // * owning-service: Prefix match, case-sensitive. // // * all: Breaks the filter value string into words and then searches all // attributes for matches. Not case-sensitive. Key *string `type:"string" enum:"FilterNameStringType"` // The keyword to filter for. // // You can prefix your search value with an exclamation mark (!) in order to // perform negation filters. Values []*string `min:"1" type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s Filter) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s Filter) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *Filter) Validate() error { invalidParams := request.ErrInvalidParams{Context: "Filter"} if s.Values != nil && len(s.Values) < 1 { invalidParams.Add(request.NewErrParamMinLen("Values", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKey sets the Key field's value. func (s *Filter) SetKey(v string) *Filter { s.Key = &v return s } // SetValues sets the Values field's value. func (s *Filter) SetValues(v []*string) *Filter { s.Values = v return s } type GetRandomPasswordInput struct { _ struct{} `type:"structure"` // A string of the characters that you don't want in the password. ExcludeCharacters *string `type:"string"` // Specifies whether to exclude lowercase letters from the password. If you // don't include this switch, the password can contain lowercase letters. ExcludeLowercase *bool `type:"boolean"` // Specifies whether to exclude numbers from the password. If you don't include // this switch, the password can contain numbers. ExcludeNumbers *bool `type:"boolean"` // Specifies whether to exclude the following punctuation characters from the // password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~. // If you don't include this switch, the password can contain punctuation. ExcludePunctuation *bool `type:"boolean"` // Specifies whether to exclude uppercase letters from the password. If you // don't include this switch, the password can contain uppercase letters. ExcludeUppercase *bool `type:"boolean"` // Specifies whether to include the space character. If you include this switch, // the password can contain space characters. IncludeSpace *bool `type:"boolean"` // The length of the password. If you don't include this parameter, the default // length is 32 characters. PasswordLength *int64 `min:"1" type:"long"` // Specifies whether to include at least one upper and lowercase letter, one // number, and one punctuation. If you don't include this switch, the password // contains at least one of every character type. RequireEachIncludedType *bool `type:"boolean"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetRandomPasswordInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetRandomPasswordInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *GetRandomPasswordInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GetRandomPasswordInput"} if s.PasswordLength != nil && *s.PasswordLength < 1 { invalidParams.Add(request.NewErrParamMinValue("PasswordLength", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetExcludeCharacters sets the ExcludeCharacters field's value. func (s *GetRandomPasswordInput) SetExcludeCharacters(v string) *GetRandomPasswordInput { s.ExcludeCharacters = &v return s } // SetExcludeLowercase sets the ExcludeLowercase field's value. func (s *GetRandomPasswordInput) SetExcludeLowercase(v bool) *GetRandomPasswordInput { s.ExcludeLowercase = &v return s } // SetExcludeNumbers sets the ExcludeNumbers field's value. func (s *GetRandomPasswordInput) SetExcludeNumbers(v bool) *GetRandomPasswordInput { s.ExcludeNumbers = &v return s } // SetExcludePunctuation sets the ExcludePunctuation field's value. func (s *GetRandomPasswordInput) SetExcludePunctuation(v bool) *GetRandomPasswordInput { s.ExcludePunctuation = &v return s } // SetExcludeUppercase sets the ExcludeUppercase field's value. func (s *GetRandomPasswordInput) SetExcludeUppercase(v bool) *GetRandomPasswordInput { s.ExcludeUppercase = &v return s } // SetIncludeSpace sets the IncludeSpace field's value. func (s *GetRandomPasswordInput) SetIncludeSpace(v bool) *GetRandomPasswordInput { s.IncludeSpace = &v return s } // SetPasswordLength sets the PasswordLength field's value. func (s *GetRandomPasswordInput) SetPasswordLength(v int64) *GetRandomPasswordInput { s.PasswordLength = &v return s } // SetRequireEachIncludedType sets the RequireEachIncludedType field's value. func (s *GetRandomPasswordInput) SetRequireEachIncludedType(v bool) *GetRandomPasswordInput { s.RequireEachIncludedType = &v return s } type GetRandomPasswordOutput struct { _ struct{} `type:"structure"` // A string with the password. // // RandomPassword is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetRandomPasswordOutput's // String and GoString methods. RandomPassword *string `type:"string" sensitive:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetRandomPasswordOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetRandomPasswordOutput) GoString() string { return s.String() } // SetRandomPassword sets the RandomPassword field's value. func (s *GetRandomPasswordOutput) SetRandomPassword(v string) *GetRandomPasswordOutput { s.RandomPassword = &v return s } type GetResourcePolicyInput struct { _ struct{} `type:"structure"` // The ARN or name of the secret to retrieve the attached resource-based policy // for. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetResourcePolicyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetResourcePolicyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *GetResourcePolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GetResourcePolicyInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetSecretId sets the SecretId field's value. func (s *GetResourcePolicyInput) SetSecretId(v string) *GetResourcePolicyInput { s.SecretId = &v return s } type GetResourcePolicyOutput struct { _ struct{} `type:"structure"` // The ARN of the secret that the resource-based policy was retrieved for. ARN *string `min:"20" type:"string"` // The name of the secret that the resource-based policy was retrieved for. Name *string `min:"1" type:"string"` // A JSON-formatted string that contains the permissions policy attached to // the secret. For more information about permissions policies, see Authentication // and access control for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). ResourcePolicy *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetResourcePolicyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetResourcePolicyOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *GetResourcePolicyOutput) SetARN(v string) *GetResourcePolicyOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *GetResourcePolicyOutput) SetName(v string) *GetResourcePolicyOutput { s.Name = &v return s } // SetResourcePolicy sets the ResourcePolicy field's value. func (s *GetResourcePolicyOutput) SetResourcePolicy(v string) *GetResourcePolicyOutput { s.ResourcePolicy = &v return s } type GetSecretValueInput struct { _ struct{} `type:"structure"` // The ARN or name of the secret to retrieve. To retrieve a secret from another // account, you must use an ARN. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` // The unique identifier of the version of the secret to retrieve. If you include // both this parameter and VersionStage, the two parameters must refer to the // same secret version. If you don't specify either a VersionStage or VersionId, // then Secrets Manager returns the AWSCURRENT version. // // This value is typically a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) // value with 32 hexadecimal digits. VersionId *string `min:"32" type:"string"` // The staging label of the version of the secret to retrieve. // // Secrets Manager uses staging labels to keep track of different versions during // the rotation process. If you include both this parameter and VersionId, the // two parameters must refer to the same secret version. If you don't specify // either a VersionStage or VersionId, Secrets Manager returns the AWSCURRENT // version. VersionStage *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetSecretValueInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetSecretValueInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *GetSecretValueInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GetSecretValueInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if s.VersionId != nil && len(*s.VersionId) < 32 { invalidParams.Add(request.NewErrParamMinLen("VersionId", 32)) } if s.VersionStage != nil && len(*s.VersionStage) < 1 { invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetSecretId sets the SecretId field's value. func (s *GetSecretValueInput) SetSecretId(v string) *GetSecretValueInput { s.SecretId = &v return s } // SetVersionId sets the VersionId field's value. func (s *GetSecretValueInput) SetVersionId(v string) *GetSecretValueInput { s.VersionId = &v return s } // SetVersionStage sets the VersionStage field's value. func (s *GetSecretValueInput) SetVersionStage(v string) *GetSecretValueInput { s.VersionStage = &v return s } type GetSecretValueOutput struct { _ struct{} `type:"structure"` // The ARN of the secret. ARN *string `min:"20" type:"string"` // The date and time that this version of the secret was created. If you don't // specify which version in VersionId or VersionStage, then Secrets Manager // uses the AWSCURRENT version. CreatedDate *time.Time `type:"timestamp"` // The friendly name of the secret. Name *string `min:"1" type:"string"` // The decrypted secret value, if the secret value was originally provided as // binary data in the form of a byte array. When you retrieve a SecretBinary // using the HTTP API, the Python SDK, or the Amazon Web Services CLI, the value // is Base64-encoded. Otherwise, it is not encoded. // // If the secret was created by using the Secrets Manager console, or if the // secret value was originally provided as a string, then this field is omitted. // The secret value appears in SecretString instead. // // Sensitive: This field contains sensitive information, so the service does // not include it in CloudTrail log entries. If you create your own log entries, // you must also avoid logging the information in this field. // // SecretBinary is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetSecretValueOutput's // String and GoString methods. // // SecretBinary is automatically base64 encoded/decoded by the SDK. SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` // The decrypted secret value, if the secret value was originally provided as // a string or through the Secrets Manager console. // // If this secret was created by using the console, then Secrets Manager stores // the information as a JSON structure of key/value pairs. // // Sensitive: This field contains sensitive information, so the service does // not include it in CloudTrail log entries. If you create your own log entries, // you must also avoid logging the information in this field. // // SecretString is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetSecretValueOutput's // String and GoString methods. SecretString *string `min:"1" type:"string" sensitive:"true"` // The unique identifier of this version of the secret. VersionId *string `min:"32" type:"string"` // A list of all of the staging labels currently attached to this version of // the secret. VersionStages []*string `min:"1" type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetSecretValueOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s GetSecretValueOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *GetSecretValueOutput) SetARN(v string) *GetSecretValueOutput { s.ARN = &v return s } // SetCreatedDate sets the CreatedDate field's value. func (s *GetSecretValueOutput) SetCreatedDate(v time.Time) *GetSecretValueOutput { s.CreatedDate = &v return s } // SetName sets the Name field's value. func (s *GetSecretValueOutput) SetName(v string) *GetSecretValueOutput { s.Name = &v return s } // SetSecretBinary sets the SecretBinary field's value. func (s *GetSecretValueOutput) SetSecretBinary(v []byte) *GetSecretValueOutput { s.SecretBinary = v return s } // SetSecretString sets the SecretString field's value. func (s *GetSecretValueOutput) SetSecretString(v string) *GetSecretValueOutput { s.SecretString = &v return s } // SetVersionId sets the VersionId field's value. func (s *GetSecretValueOutput) SetVersionId(v string) *GetSecretValueOutput { s.VersionId = &v return s } // SetVersionStages sets the VersionStages field's value. func (s *GetSecretValueOutput) SetVersionStages(v []*string) *GetSecretValueOutput { s.VersionStages = v return s } // An error occurred on the server side. type InternalServiceError struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s InternalServiceError) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s InternalServiceError) GoString() string { return s.String() } func newErrorInternalServiceError(v protocol.ResponseMetadata) error { return &InternalServiceError{ RespMetadata: v, } } // Code returns the exception type name. func (s *InternalServiceError) Code() string { return "InternalServiceError" } // Message returns the exception's message. func (s *InternalServiceError) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *InternalServiceError) OrigErr() error { return nil } func (s *InternalServiceError) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *InternalServiceError) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *InternalServiceError) RequestID() string { return s.RespMetadata.RequestID } // The NextToken value is invalid. type InvalidNextTokenException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s InvalidNextTokenException) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s InvalidNextTokenException) GoString() string { return s.String() } func newErrorInvalidNextTokenException(v protocol.ResponseMetadata) error { return &InvalidNextTokenException{ RespMetadata: v, } } // Code returns the exception type name. func (s *InvalidNextTokenException) Code() string { return "InvalidNextTokenException" } // Message returns the exception's message. func (s *InvalidNextTokenException) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *InvalidNextTokenException) OrigErr() error { return nil } func (s *InvalidNextTokenException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *InvalidNextTokenException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *InvalidNextTokenException) RequestID() string { return s.RespMetadata.RequestID } // The parameter name or value is invalid. type InvalidParameterException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s InvalidParameterException) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s InvalidParameterException) GoString() string { return s.String() } func newErrorInvalidParameterException(v protocol.ResponseMetadata) error { return &InvalidParameterException{ RespMetadata: v, } } // Code returns the exception type name. func (s *InvalidParameterException) Code() string { return "InvalidParameterException" } // Message returns the exception's message. func (s *InvalidParameterException) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *InvalidParameterException) OrigErr() error { return nil } func (s *InvalidParameterException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *InvalidParameterException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *InvalidParameterException) RequestID() string { return s.RespMetadata.RequestID } // A parameter value is not valid for the current state of the resource. // // Possible causes: // // - The secret is scheduled for deletion. // // - You tried to enable rotation on a secret that doesn't already have a // Lambda function ARN configured and you didn't include such an ARN as a // parameter in this call. // // - The secret is managed by another service, and you must use that service // to update it. For more information, see Secrets managed by other Amazon // Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html). type InvalidRequestException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s InvalidRequestException) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s InvalidRequestException) GoString() string { return s.String() } func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { return &InvalidRequestException{ RespMetadata: v, } } // Code returns the exception type name. func (s *InvalidRequestException) Code() string { return "InvalidRequestException" } // Message returns the exception's message. func (s *InvalidRequestException) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *InvalidRequestException) OrigErr() error { return nil } func (s *InvalidRequestException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *InvalidRequestException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *InvalidRequestException) RequestID() string { return s.RespMetadata.RequestID } // The request failed because it would exceed one of the Secrets Manager quotas. type LimitExceededException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s LimitExceededException) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s LimitExceededException) GoString() string { return s.String() } func newErrorLimitExceededException(v protocol.ResponseMetadata) error { return &LimitExceededException{ RespMetadata: v, } } // Code returns the exception type name. func (s *LimitExceededException) Code() string { return "LimitExceededException" } // Message returns the exception's message. func (s *LimitExceededException) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *LimitExceededException) OrigErr() error { return nil } func (s *LimitExceededException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *LimitExceededException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *LimitExceededException) RequestID() string { return s.RespMetadata.RequestID } type ListSecretVersionIdsInput struct { _ struct{} `type:"structure"` // Specifies whether to include versions of secrets that don't have any staging // labels attached to them. Versions without staging labels are considered deprecated // and are subject to deletion by Secrets Manager. By default, versions without // staging labels aren't included. IncludeDeprecated *bool `type:"boolean"` // The number of results to include in the response. // // If there are more results available, in the response, Secrets Manager includes // NextToken. To get the next results, call ListSecretVersionIds again with // the value from NextToken. MaxResults *int64 `min:"1" type:"integer"` // A token that indicates where the output should continue from, if a previous // call did not show all results. To get the next results, call ListSecretVersionIds // again with this value. NextToken *string `min:"1" type:"string"` // The ARN or name of the secret whose versions you want to list. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ListSecretVersionIdsInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ListSecretVersionIdsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ListSecretVersionIdsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListSecretVersionIdsInput"} if s.MaxResults != nil && *s.MaxResults < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) } if s.NextToken != nil && len(*s.NextToken) < 1 { invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetIncludeDeprecated sets the IncludeDeprecated field's value. func (s *ListSecretVersionIdsInput) SetIncludeDeprecated(v bool) *ListSecretVersionIdsInput { s.IncludeDeprecated = &v return s } // SetMaxResults sets the MaxResults field's value. func (s *ListSecretVersionIdsInput) SetMaxResults(v int64) *ListSecretVersionIdsInput { s.MaxResults = &v return s } // SetNextToken sets the NextToken field's value. func (s *ListSecretVersionIdsInput) SetNextToken(v string) *ListSecretVersionIdsInput { s.NextToken = &v return s } // SetSecretId sets the SecretId field's value. func (s *ListSecretVersionIdsInput) SetSecretId(v string) *ListSecretVersionIdsInput { s.SecretId = &v return s } type ListSecretVersionIdsOutput struct { _ struct{} `type:"structure"` // The ARN of the secret. ARN *string `min:"20" type:"string"` // The name of the secret. Name *string `min:"1" type:"string"` // Secrets Manager includes this value if there's more output available than // what is included in the current response. This can occur even when the response // includes no values at all, such as when you ask for a filtered view of a // long list. To get the next results, call ListSecretVersionIds again with // this value. NextToken *string `min:"1" type:"string"` // A list of the versions of the secret. Versions []*SecretVersionsListEntry `type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ListSecretVersionIdsOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ListSecretVersionIdsOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *ListSecretVersionIdsOutput) SetARN(v string) *ListSecretVersionIdsOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *ListSecretVersionIdsOutput) SetName(v string) *ListSecretVersionIdsOutput { s.Name = &v return s } // SetNextToken sets the NextToken field's value. func (s *ListSecretVersionIdsOutput) SetNextToken(v string) *ListSecretVersionIdsOutput { s.NextToken = &v return s } // SetVersions sets the Versions field's value. func (s *ListSecretVersionIdsOutput) SetVersions(v []*SecretVersionsListEntry) *ListSecretVersionIdsOutput { s.Versions = v return s } type ListSecretsInput struct { _ struct{} `type:"structure"` // The filters to apply to the list of secrets. Filters []*Filter `type:"list"` // Specifies whether to include secrets scheduled for deletion. By default, // secrets scheduled for deletion aren't included. IncludePlannedDeletion *bool `type:"boolean"` // The number of results to include in the response. // // If there are more results available, in the response, Secrets Manager includes // NextToken. To get the next results, call ListSecrets again with the value // from NextToken. MaxResults *int64 `min:"1" type:"integer"` // A token that indicates where the output should continue from, if a previous // call did not show all results. To get the next results, call ListSecrets // again with this value. NextToken *string `min:"1" type:"string"` // Secrets are listed by CreatedDate. SortOrder *string `type:"string" enum:"SortOrderType"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ListSecretsInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ListSecretsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ListSecretsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListSecretsInput"} if s.MaxResults != nil && *s.MaxResults < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) } if s.NextToken != nil && len(*s.NextToken) < 1 { invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) } if s.Filters != nil { for i, v := range s.Filters { if v == nil { continue } if err := v.Validate(); err != nil { invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filters", i), err.(request.ErrInvalidParams)) } } } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetFilters sets the Filters field's value. func (s *ListSecretsInput) SetFilters(v []*Filter) *ListSecretsInput { s.Filters = v return s } // SetIncludePlannedDeletion sets the IncludePlannedDeletion field's value. func (s *ListSecretsInput) SetIncludePlannedDeletion(v bool) *ListSecretsInput { s.IncludePlannedDeletion = &v return s } // SetMaxResults sets the MaxResults field's value. func (s *ListSecretsInput) SetMaxResults(v int64) *ListSecretsInput { s.MaxResults = &v return s } // SetNextToken sets the NextToken field's value. func (s *ListSecretsInput) SetNextToken(v string) *ListSecretsInput { s.NextToken = &v return s } // SetSortOrder sets the SortOrder field's value. func (s *ListSecretsInput) SetSortOrder(v string) *ListSecretsInput { s.SortOrder = &v return s } type ListSecretsOutput struct { _ struct{} `type:"structure"` // Secrets Manager includes this value if there's more output available than // what is included in the current response. This can occur even when the response // includes no values at all, such as when you ask for a filtered view of a // long list. To get the next results, call ListSecrets again with this value. NextToken *string `min:"1" type:"string"` // A list of the secrets in the account. SecretList []*SecretListEntry `type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ListSecretsOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ListSecretsOutput) GoString() string { return s.String() } // SetNextToken sets the NextToken field's value. func (s *ListSecretsOutput) SetNextToken(v string) *ListSecretsOutput { s.NextToken = &v return s } // SetSecretList sets the SecretList field's value. func (s *ListSecretsOutput) SetSecretList(v []*SecretListEntry) *ListSecretsOutput { s.SecretList = v return s } // The resource policy has syntax errors. type MalformedPolicyDocumentException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s MalformedPolicyDocumentException) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s MalformedPolicyDocumentException) GoString() string { return s.String() } func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error { return &MalformedPolicyDocumentException{ RespMetadata: v, } } // Code returns the exception type name. func (s *MalformedPolicyDocumentException) Code() string { return "MalformedPolicyDocumentException" } // Message returns the exception's message. func (s *MalformedPolicyDocumentException) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *MalformedPolicyDocumentException) OrigErr() error { return nil } func (s *MalformedPolicyDocumentException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *MalformedPolicyDocumentException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *MalformedPolicyDocumentException) RequestID() string { return s.RespMetadata.RequestID } // The request failed because you did not complete all the prerequisite steps. type PreconditionNotMetException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PreconditionNotMetException) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PreconditionNotMetException) GoString() string { return s.String() } func newErrorPreconditionNotMetException(v protocol.ResponseMetadata) error { return &PreconditionNotMetException{ RespMetadata: v, } } // Code returns the exception type name. func (s *PreconditionNotMetException) Code() string { return "PreconditionNotMetException" } // Message returns the exception's message. func (s *PreconditionNotMetException) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *PreconditionNotMetException) OrigErr() error { return nil } func (s *PreconditionNotMetException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *PreconditionNotMetException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *PreconditionNotMetException) RequestID() string { return s.RespMetadata.RequestID } // The BlockPublicPolicy parameter is set to true, and the resource policy did // not prevent broad access to the secret. type PublicPolicyException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PublicPolicyException) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PublicPolicyException) GoString() string { return s.String() } func newErrorPublicPolicyException(v protocol.ResponseMetadata) error { return &PublicPolicyException{ RespMetadata: v, } } // Code returns the exception type name. func (s *PublicPolicyException) Code() string { return "PublicPolicyException" } // Message returns the exception's message. func (s *PublicPolicyException) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *PublicPolicyException) OrigErr() error { return nil } func (s *PublicPolicyException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *PublicPolicyException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *PublicPolicyException) RequestID() string { return s.RespMetadata.RequestID } type PutResourcePolicyInput struct { _ struct{} `type:"structure"` // Specifies whether to block resource-based policies that allow broad access // to the secret, for example those that use a wildcard for the principal. By // default, public policies aren't blocked. // // Resource policy validation and the BlockPublicPolicy parameter help protect // your resources by preventing public access from being granted through the // resource policies that are directly attached to your secrets. In addition // to using these features, carefully inspect the following policies to confirm // that they do not grant public access: // // * Identity-based policies attached to associated Amazon Web Services principals // (for example, IAM roles) // // * Resource-based policies attached to associated Amazon Web Services resources // (for example, Key Management Service (KMS) keys) // // To review permissions to your secrets, see Determine who has permissions // to your secrets (https://docs.aws.amazon.com/secretsmanager/latest/userguide/determine-acccess_examine-iam-policies.html). BlockPublicPolicy *bool `type:"boolean"` // A JSON-formatted string for an Amazon Web Services resource-based policy. // For example policies, see Permissions policy examples (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html). // // ResourcePolicy is a required field ResourcePolicy *string `min:"1" type:"string" required:"true"` // The ARN or name of the secret to attach the resource-based policy. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PutResourcePolicyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PutResourcePolicyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *PutResourcePolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"} if s.ResourcePolicy == nil { invalidParams.Add(request.NewErrParamRequired("ResourcePolicy")) } if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 { invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1)) } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetBlockPublicPolicy sets the BlockPublicPolicy field's value. func (s *PutResourcePolicyInput) SetBlockPublicPolicy(v bool) *PutResourcePolicyInput { s.BlockPublicPolicy = &v return s } // SetResourcePolicy sets the ResourcePolicy field's value. func (s *PutResourcePolicyInput) SetResourcePolicy(v string) *PutResourcePolicyInput { s.ResourcePolicy = &v return s } // SetSecretId sets the SecretId field's value. func (s *PutResourcePolicyInput) SetSecretId(v string) *PutResourcePolicyInput { s.SecretId = &v return s } type PutResourcePolicyOutput struct { _ struct{} `type:"structure"` // The ARN of the secret. ARN *string `min:"20" type:"string"` // The name of the secret. Name *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PutResourcePolicyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PutResourcePolicyOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *PutResourcePolicyOutput) SetARN(v string) *PutResourcePolicyOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *PutResourcePolicyOutput) SetName(v string) *PutResourcePolicyOutput { s.Name = &v return s } type PutSecretValueInput struct { _ struct{} `type:"structure"` // A unique identifier for the new version of the secret. // // If you use the Amazon Web Services CLI or one of the Amazon Web Services // SDKs to call this operation, then you can leave this parameter empty. The // CLI or SDK generates a random UUID for you and includes it as the value for // this parameter in the request. // // If you generate a raw HTTP request to the Secrets Manager service endpoint, // then you must generate a ClientRequestToken and include it in the request. // // This value helps ensure idempotency. Secrets Manager uses this value to prevent // the accidental creation of duplicate versions if there are failures and retries // during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) // value to ensure uniqueness of your versions within the specified secret. // // * If the ClientRequestToken value isn't already associated with a version // of the secret then a new version of the secret is created. // // * If a version with this value already exists and that version's SecretString // or SecretBinary values are the same as those in the request then the request // is ignored. The operation is idempotent. // // * If a version with this value already exists and the version of the SecretString // and SecretBinary values are different from those in the request, then // the request fails because you can't modify a secret version. You can only // create new versions to store new secret values. // // This value becomes the VersionId of the new version. ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` // A unique identifier that indicates the source of the request. For cross-account // rotation (when you rotate a secret in one account by using a Lambda rotation // function in another account) and the Lambda rotation function assumes an // IAM role to call Secrets Manager, Secrets Manager validates the identity // with the rotation token. For more information, see How rotation works (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html). // // Sensitive: This field contains sensitive information, so the service does // not include it in CloudTrail log entries. If you create your own log entries, // you must also avoid logging the information in this field. // // RotationToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutSecretValueInput's // String and GoString methods. RotationToken *string `min:"36" type:"string" sensitive:"true"` // The binary data to encrypt and store in the new version of the secret. To // use this parameter in the command-line tools, we recommend that you store // your binary data in a file and then pass the contents of the file as a parameter. // // You must include SecretBinary or SecretString, but not both. // // You can't access this value from the Secrets Manager console. // // Sensitive: This field contains sensitive information, so the service does // not include it in CloudTrail log entries. If you create your own log entries, // you must also avoid logging the information in this field. // // SecretBinary is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutSecretValueInput's // String and GoString methods. // // SecretBinary is automatically base64 encoded/decoded by the SDK. SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` // The ARN or name of the secret to add a new version to. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // If the secret doesn't already exist, use CreateSecret instead. // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` // The text to encrypt and store in the new version of the secret. // // You must include SecretBinary or SecretString, but not both. // // We recommend you create the secret string as JSON key/value pairs, as shown // in the example. // // Sensitive: This field contains sensitive information, so the service does // not include it in CloudTrail log entries. If you create your own log entries, // you must also avoid logging the information in this field. // // SecretString is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by PutSecretValueInput's // String and GoString methods. SecretString *string `min:"1" type:"string" sensitive:"true"` // A list of staging labels to attach to this version of the secret. Secrets // Manager uses staging labels to track versions of a secret through the rotation // process. // // If you specify a staging label that's already associated with a different // version of the same secret, then Secrets Manager removes the label from the // other version and attaches it to this version. If you specify AWSCURRENT, // and it is already attached to another version, then Secrets Manager also // moves the staging label AWSPREVIOUS to the version that AWSCURRENT was removed // from. // // If you don't include VersionStages, then Secrets Manager automatically moves // the staging label AWSCURRENT to this version. VersionStages []*string `min:"1" type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PutSecretValueInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PutSecretValueInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *PutSecretValueInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "PutSecretValueInput"} if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) } if s.RotationToken != nil && len(*s.RotationToken) < 36 { invalidParams.Add(request.NewErrParamMinLen("RotationToken", 36)) } if s.SecretBinary != nil && len(s.SecretBinary) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretBinary", 1)) } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if s.SecretString != nil && len(*s.SecretString) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretString", 1)) } if s.VersionStages != nil && len(s.VersionStages) < 1 { invalidParams.Add(request.NewErrParamMinLen("VersionStages", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetClientRequestToken sets the ClientRequestToken field's value. func (s *PutSecretValueInput) SetClientRequestToken(v string) *PutSecretValueInput { s.ClientRequestToken = &v return s } // SetRotationToken sets the RotationToken field's value. func (s *PutSecretValueInput) SetRotationToken(v string) *PutSecretValueInput { s.RotationToken = &v return s } // SetSecretBinary sets the SecretBinary field's value. func (s *PutSecretValueInput) SetSecretBinary(v []byte) *PutSecretValueInput { s.SecretBinary = v return s } // SetSecretId sets the SecretId field's value. func (s *PutSecretValueInput) SetSecretId(v string) *PutSecretValueInput { s.SecretId = &v return s } // SetSecretString sets the SecretString field's value. func (s *PutSecretValueInput) SetSecretString(v string) *PutSecretValueInput { s.SecretString = &v return s } // SetVersionStages sets the VersionStages field's value. func (s *PutSecretValueInput) SetVersionStages(v []*string) *PutSecretValueInput { s.VersionStages = v return s } type PutSecretValueOutput struct { _ struct{} `type:"structure"` // The ARN of the secret. ARN *string `min:"20" type:"string"` // The name of the secret. Name *string `min:"1" type:"string"` // The unique identifier of the version of the secret. VersionId *string `min:"32" type:"string"` // The list of staging labels that are currently attached to this version of // the secret. Secrets Manager uses staging labels to track a version as it // progresses through the secret rotation process. VersionStages []*string `min:"1" type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PutSecretValueOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s PutSecretValueOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *PutSecretValueOutput) SetARN(v string) *PutSecretValueOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *PutSecretValueOutput) SetName(v string) *PutSecretValueOutput { s.Name = &v return s } // SetVersionId sets the VersionId field's value. func (s *PutSecretValueOutput) SetVersionId(v string) *PutSecretValueOutput { s.VersionId = &v return s } // SetVersionStages sets the VersionStages field's value. func (s *PutSecretValueOutput) SetVersionStages(v []*string) *PutSecretValueOutput { s.VersionStages = v return s } type RemoveRegionsFromReplicationInput struct { _ struct{} `type:"structure"` // The Regions of the replicas to remove. // // RemoveReplicaRegions is a required field RemoveReplicaRegions []*string `min:"1" type:"list" required:"true"` // The ARN or name of the secret. // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RemoveRegionsFromReplicationInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RemoveRegionsFromReplicationInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *RemoveRegionsFromReplicationInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "RemoveRegionsFromReplicationInput"} if s.RemoveReplicaRegions == nil { invalidParams.Add(request.NewErrParamRequired("RemoveReplicaRegions")) } if s.RemoveReplicaRegions != nil && len(s.RemoveReplicaRegions) < 1 { invalidParams.Add(request.NewErrParamMinLen("RemoveReplicaRegions", 1)) } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetRemoveReplicaRegions sets the RemoveReplicaRegions field's value. func (s *RemoveRegionsFromReplicationInput) SetRemoveReplicaRegions(v []*string) *RemoveRegionsFromReplicationInput { s.RemoveReplicaRegions = v return s } // SetSecretId sets the SecretId field's value. func (s *RemoveRegionsFromReplicationInput) SetSecretId(v string) *RemoveRegionsFromReplicationInput { s.SecretId = &v return s } type RemoveRegionsFromReplicationOutput struct { _ struct{} `type:"structure"` // The ARN of the primary secret. ARN *string `min:"20" type:"string"` // The status of replicas for this secret after you remove Regions. ReplicationStatus []*ReplicationStatusType `type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RemoveRegionsFromReplicationOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RemoveRegionsFromReplicationOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *RemoveRegionsFromReplicationOutput) SetARN(v string) *RemoveRegionsFromReplicationOutput { s.ARN = &v return s } // SetReplicationStatus sets the ReplicationStatus field's value. func (s *RemoveRegionsFromReplicationOutput) SetReplicationStatus(v []*ReplicationStatusType) *RemoveRegionsFromReplicationOutput { s.ReplicationStatus = v return s } // A custom type that specifies a Region and the KmsKeyId for a replica secret. type ReplicaRegionType struct { _ struct{} `type:"structure"` // The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't // include this field, Secrets Manager uses aws/secretsmanager. KmsKeyId *string `type:"string"` // A Region code. For a list of Region codes, see Name and code of Regions (https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Region *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ReplicaRegionType) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ReplicaRegionType) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ReplicaRegionType) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ReplicaRegionType"} if s.Region != nil && len(*s.Region) < 1 { invalidParams.Add(request.NewErrParamMinLen("Region", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKmsKeyId sets the KmsKeyId field's value. func (s *ReplicaRegionType) SetKmsKeyId(v string) *ReplicaRegionType { s.KmsKeyId = &v return s } // SetRegion sets the Region field's value. func (s *ReplicaRegionType) SetRegion(v string) *ReplicaRegionType { s.Region = &v return s } type ReplicateSecretToRegionsInput struct { _ struct{} `type:"structure"` // A list of Regions in which to replicate the secret. // // AddReplicaRegions is a required field AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list" required:"true"` // Specifies whether to overwrite a secret with the same name in the destination // Region. By default, secrets aren't overwritten. ForceOverwriteReplicaSecret *bool `type:"boolean"` // The ARN or name of the secret to replicate. // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ReplicateSecretToRegionsInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ReplicateSecretToRegionsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ReplicateSecretToRegionsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ReplicateSecretToRegionsInput"} if s.AddReplicaRegions == nil { invalidParams.Add(request.NewErrParamRequired("AddReplicaRegions")) } if s.AddReplicaRegions != nil && len(s.AddReplicaRegions) < 1 { invalidParams.Add(request.NewErrParamMinLen("AddReplicaRegions", 1)) } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if s.AddReplicaRegions != nil { for i, v := range s.AddReplicaRegions { if v == nil { continue } if err := v.Validate(); err != nil { invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AddReplicaRegions", i), err.(request.ErrInvalidParams)) } } } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetAddReplicaRegions sets the AddReplicaRegions field's value. func (s *ReplicateSecretToRegionsInput) SetAddReplicaRegions(v []*ReplicaRegionType) *ReplicateSecretToRegionsInput { s.AddReplicaRegions = v return s } // SetForceOverwriteReplicaSecret sets the ForceOverwriteReplicaSecret field's value. func (s *ReplicateSecretToRegionsInput) SetForceOverwriteReplicaSecret(v bool) *ReplicateSecretToRegionsInput { s.ForceOverwriteReplicaSecret = &v return s } // SetSecretId sets the SecretId field's value. func (s *ReplicateSecretToRegionsInput) SetSecretId(v string) *ReplicateSecretToRegionsInput { s.SecretId = &v return s } type ReplicateSecretToRegionsOutput struct { _ struct{} `type:"structure"` // The ARN of the primary secret. ARN *string `min:"20" type:"string"` // The status of replication. ReplicationStatus []*ReplicationStatusType `type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ReplicateSecretToRegionsOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ReplicateSecretToRegionsOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *ReplicateSecretToRegionsOutput) SetARN(v string) *ReplicateSecretToRegionsOutput { s.ARN = &v return s } // SetReplicationStatus sets the ReplicationStatus field's value. func (s *ReplicateSecretToRegionsOutput) SetReplicationStatus(v []*ReplicationStatusType) *ReplicateSecretToRegionsOutput { s.ReplicationStatus = v return s } // A replication object consisting of a RegionReplicationStatus object and includes // a Region, KMSKeyId, status, and status message. type ReplicationStatusType struct { _ struct{} `type:"structure"` // Can be an ARN, Key ID, or Alias. KmsKeyId *string `type:"string"` // The date that the secret was last accessed in the Region. This field is omitted // if the secret has never been retrieved in the Region. LastAccessedDate *time.Time `type:"timestamp"` // The Region where replication occurs. Region *string `min:"1" type:"string"` // The status can be InProgress, Failed, or InSync. Status *string `type:"string" enum:"StatusType"` // Status message such as "Secret with this name already exists in this region". StatusMessage *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ReplicationStatusType) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ReplicationStatusType) GoString() string { return s.String() } // SetKmsKeyId sets the KmsKeyId field's value. func (s *ReplicationStatusType) SetKmsKeyId(v string) *ReplicationStatusType { s.KmsKeyId = &v return s } // SetLastAccessedDate sets the LastAccessedDate field's value. func (s *ReplicationStatusType) SetLastAccessedDate(v time.Time) *ReplicationStatusType { s.LastAccessedDate = &v return s } // SetRegion sets the Region field's value. func (s *ReplicationStatusType) SetRegion(v string) *ReplicationStatusType { s.Region = &v return s } // SetStatus sets the Status field's value. func (s *ReplicationStatusType) SetStatus(v string) *ReplicationStatusType { s.Status = &v return s } // SetStatusMessage sets the StatusMessage field's value. func (s *ReplicationStatusType) SetStatusMessage(v string) *ReplicationStatusType { s.StatusMessage = &v return s } // A resource with the ID you requested already exists. type ResourceExistsException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ResourceExistsException) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ResourceExistsException) GoString() string { return s.String() } func newErrorResourceExistsException(v protocol.ResponseMetadata) error { return &ResourceExistsException{ RespMetadata: v, } } // Code returns the exception type name. func (s *ResourceExistsException) Code() string { return "ResourceExistsException" } // Message returns the exception's message. func (s *ResourceExistsException) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *ResourceExistsException) OrigErr() error { return nil } func (s *ResourceExistsException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *ResourceExistsException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *ResourceExistsException) RequestID() string { return s.RespMetadata.RequestID } // Secrets Manager can't find the resource that you asked for. type ResourceNotFoundException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"Message" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ResourceNotFoundException) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ResourceNotFoundException) GoString() string { return s.String() } func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { return &ResourceNotFoundException{ RespMetadata: v, } } // Code returns the exception type name. func (s *ResourceNotFoundException) Code() string { return "ResourceNotFoundException" } // Message returns the exception's message. func (s *ResourceNotFoundException) Message() string { if s.Message_ != nil { return *s.Message_ } return "" } // OrigErr always returns nil, satisfies awserr.Error interface. func (s *ResourceNotFoundException) OrigErr() error { return nil } func (s *ResourceNotFoundException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. func (s *ResourceNotFoundException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. func (s *ResourceNotFoundException) RequestID() string { return s.RespMetadata.RequestID } type RestoreSecretInput struct { _ struct{} `type:"structure"` // The ARN or name of the secret to restore. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RestoreSecretInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RestoreSecretInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *RestoreSecretInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "RestoreSecretInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetSecretId sets the SecretId field's value. func (s *RestoreSecretInput) SetSecretId(v string) *RestoreSecretInput { s.SecretId = &v return s } type RestoreSecretOutput struct { _ struct{} `type:"structure"` // The ARN of the secret that was restored. ARN *string `min:"20" type:"string"` // The name of the secret that was restored. Name *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RestoreSecretOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RestoreSecretOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *RestoreSecretOutput) SetARN(v string) *RestoreSecretOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *RestoreSecretOutput) SetName(v string) *RestoreSecretOutput { s.Name = &v return s } type RotateSecretInput struct { _ struct{} `type:"structure"` // A unique identifier for the new version of the secret. You only need to specify // this value if you implement your own retry logic and you want to ensure that // Secrets Manager doesn't attempt to create a secret version twice. // // If you use the Amazon Web Services CLI or one of the Amazon Web Services // SDKs to call this operation, then you can leave this parameter empty. The // CLI or SDK generates a random UUID for you and includes it as the value for // this parameter in the request. // // If you generate a raw HTTP request to the Secrets Manager service endpoint, // then you must generate a ClientRequestToken and include it in the request. // // This value helps ensure idempotency. Secrets Manager uses this value to prevent // the accidental creation of duplicate versions if there are failures and retries // during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) // value to ensure uniqueness of your versions within the specified secret. ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` // Specifies whether to rotate the secret immediately or wait until the next // scheduled rotation window. The rotation schedule is defined in RotateSecretRequest$RotationRules. // // For secrets that use a Lambda rotation function to rotate, if you don't immediately // rotate the secret, Secrets Manager tests the rotation configuration by running // the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_lambda-functions.html#rotate-secrets_lambda-functions-code) // of the Lambda rotation function. The test creates an AWSPENDING version of // the secret and then removes it. // // By default, Secrets Manager rotates the secret immediately. RotateImmediately *bool `type:"boolean"` // For secrets that use a Lambda rotation function to rotate, the ARN of the // Lambda rotation function. // // For secrets that use managed rotation, omit this field. For more information, // see Managed rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html) // in the Secrets Manager User Guide. RotationLambdaARN *string `type:"string"` // A structure that defines the rotation configuration for this secret. RotationRules *RotationRulesType `type:"structure"` // The ARN or name of the secret to rotate. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RotateSecretInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RotateSecretInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *RotateSecretInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "RotateSecretInput"} if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if s.RotationRules != nil { if err := s.RotationRules.Validate(); err != nil { invalidParams.AddNested("RotationRules", err.(request.ErrInvalidParams)) } } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetClientRequestToken sets the ClientRequestToken field's value. func (s *RotateSecretInput) SetClientRequestToken(v string) *RotateSecretInput { s.ClientRequestToken = &v return s } // SetRotateImmediately sets the RotateImmediately field's value. func (s *RotateSecretInput) SetRotateImmediately(v bool) *RotateSecretInput { s.RotateImmediately = &v return s } // SetRotationLambdaARN sets the RotationLambdaARN field's value. func (s *RotateSecretInput) SetRotationLambdaARN(v string) *RotateSecretInput { s.RotationLambdaARN = &v return s } // SetRotationRules sets the RotationRules field's value. func (s *RotateSecretInput) SetRotationRules(v *RotationRulesType) *RotateSecretInput { s.RotationRules = v return s } // SetSecretId sets the SecretId field's value. func (s *RotateSecretInput) SetSecretId(v string) *RotateSecretInput { s.SecretId = &v return s } type RotateSecretOutput struct { _ struct{} `type:"structure"` // The ARN of the secret. ARN *string `min:"20" type:"string"` // The name of the secret. Name *string `min:"1" type:"string"` // The ID of the new version of the secret. VersionId *string `min:"32" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RotateSecretOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RotateSecretOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *RotateSecretOutput) SetARN(v string) *RotateSecretOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *RotateSecretOutput) SetName(v string) *RotateSecretOutput { s.Name = &v return s } // SetVersionId sets the VersionId field's value. func (s *RotateSecretOutput) SetVersionId(v string) *RotateSecretOutput { s.VersionId = &v return s } // A structure that defines the rotation configuration for the secret. type RotationRulesType struct { _ struct{} `type:"structure"` // The number of days between rotations of the secret. You can use this value // to check that your secret meets your compliance guidelines for how often // secrets must be rotated. If you use this field to set the rotation schedule, // Secrets Manager calculates the next rotation date based on the previous rotation. // Manually updating the secret value by calling PutSecretValue or UpdateSecret // is considered a valid rotation. // // In DescribeSecret and ListSecrets, this value is calculated from the rotation // schedule after every successful rotation. In RotateSecret, you can set the // rotation schedule in RotationRules with AutomaticallyAfterDays or ScheduleExpression, // but not both. To set a rotation schedule in hours, use ScheduleExpression. AutomaticallyAfterDays *int64 `min:"1" type:"long"` // The length of the rotation window in hours, for example 3h for a three hour // window. Secrets Manager rotates your secret at any time during this window. // The window must not extend into the next rotation window or the next UTC // day. The window starts according to the ScheduleExpression. If you don't // specify a Duration, for a ScheduleExpression in hours, the window automatically // closes after one hour. For a ScheduleExpression in days, the window automatically // closes at the end of the UTC day. For more information, including examples, // see Schedule expressions in Secrets Manager rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html) // in the Secrets Manager Users Guide. Duration *string `min:"2" type:"string"` // A cron() or rate() expression that defines the schedule for rotating your // secret. Secrets Manager rotation schedules use UTC time zone. Secrets Manager // rotates your secret any time during a rotation window. // // Secrets Manager rate() expressions represent the interval in hours or days // that you want to rotate your secret, for example rate(12 hours) or rate(10 // days). You can rotate a secret as often as every four hours. If you use a // rate() expression, the rotation window starts at midnight. For a rate in // hours, the default rotation window closes after one hour. For a rate in days, // the default rotation window closes at the end of the day. You can set the // Duration to change the rotation window. The rotation window must not extend // into the next UTC day or into the next rotation window. // // You can use a cron() expression to create a rotation schedule that is more // detailed than a rotation interval. For more information, including examples, // see Schedule expressions in Secrets Manager rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html) // in the Secrets Manager Users Guide. For a cron expression that represents // a schedule in hours, the default rotation window closes after one hour. For // a cron expression that represents a schedule in days, the default rotation // window closes at the end of the day. You can set the Duration to change the // rotation window. The rotation window must not extend into the next UTC day // or into the next rotation window. ScheduleExpression *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RotationRulesType) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s RotationRulesType) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *RotationRulesType) Validate() error { invalidParams := request.ErrInvalidParams{Context: "RotationRulesType"} if s.AutomaticallyAfterDays != nil && *s.AutomaticallyAfterDays < 1 { invalidParams.Add(request.NewErrParamMinValue("AutomaticallyAfterDays", 1)) } if s.Duration != nil && len(*s.Duration) < 2 { invalidParams.Add(request.NewErrParamMinLen("Duration", 2)) } if s.ScheduleExpression != nil && len(*s.ScheduleExpression) < 1 { invalidParams.Add(request.NewErrParamMinLen("ScheduleExpression", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetAutomaticallyAfterDays sets the AutomaticallyAfterDays field's value. func (s *RotationRulesType) SetAutomaticallyAfterDays(v int64) *RotationRulesType { s.AutomaticallyAfterDays = &v return s } // SetDuration sets the Duration field's value. func (s *RotationRulesType) SetDuration(v string) *RotationRulesType { s.Duration = &v return s } // SetScheduleExpression sets the ScheduleExpression field's value. func (s *RotationRulesType) SetScheduleExpression(v string) *RotationRulesType { s.ScheduleExpression = &v return s } // A structure that contains the details about a secret. It does not include // the encrypted SecretString and SecretBinary values. To get those values, // use GetSecretValue (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html) . type SecretListEntry struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the secret. ARN *string `min:"20" type:"string"` // The date and time when a secret was created. CreatedDate *time.Time `type:"timestamp"` // The date and time the deletion of the secret occurred. Not present on active // secrets. The secret can be recovered until the number of days in the recovery // window has passed, as specified in the RecoveryWindowInDays parameter of // the DeleteSecret (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html) // operation. DeletedDate *time.Time `type:"timestamp"` // The user-provided description of the secret. Description *string `type:"string"` // The ARN of the KMS key that Secrets Manager uses to encrypt the secret value. // If the secret is encrypted with the Amazon Web Services managed key aws/secretsmanager, // this field is omitted. KmsKeyId *string `type:"string"` // The date that the secret was last accessed in the Region. This field is omitted // if the secret has never been retrieved in the Region. LastAccessedDate *time.Time `type:"timestamp"` // The last date and time that this secret was modified in any way. LastChangedDate *time.Time `type:"timestamp"` // The most recent date and time that the Secrets Manager rotation process was // successfully completed. This value is null if the secret hasn't ever rotated. LastRotatedDate *time.Time `type:"timestamp"` // The friendly name of the secret. Name *string `min:"1" type:"string"` // The next rotation is scheduled to occur on or before this date. If the secret // isn't configured for rotation or rotation has been disabled, Secrets Manager // returns null. NextRotationDate *time.Time `type:"timestamp"` // Returns the name of the service that created the secret. OwningService *string `min:"1" type:"string"` // The Region where Secrets Manager originated the secret. PrimaryRegion *string `min:"1" type:"string"` // Indicates whether automatic, scheduled rotation is enabled for this secret. RotationEnabled *bool `type:"boolean"` // The ARN of an Amazon Web Services Lambda function invoked by Secrets Manager // to rotate and expire the secret either automatically per the schedule or // manually by a call to RotateSecret (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html). RotationLambdaARN *string `type:"string"` // A structure that defines the rotation configuration for the secret. RotationRules *RotationRulesType `type:"structure"` // A list of all of the currently assigned SecretVersionStage staging labels // and the SecretVersionId attached to each one. Staging labels are used to // keep track of the different versions during the rotation process. // // A version that does not have any SecretVersionStage is considered deprecated // and subject to deletion. Such versions are not included in this list. SecretVersionsToStages map[string][]*string `type:"map"` // The list of user-defined tags associated with the secret. To add tags to // a secret, use TagResource (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html). // To remove tags, use UntagResource (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html). Tags []*Tag `type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s SecretListEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s SecretListEntry) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *SecretListEntry) SetARN(v string) *SecretListEntry { s.ARN = &v return s } // SetCreatedDate sets the CreatedDate field's value. func (s *SecretListEntry) SetCreatedDate(v time.Time) *SecretListEntry { s.CreatedDate = &v return s } // SetDeletedDate sets the DeletedDate field's value. func (s *SecretListEntry) SetDeletedDate(v time.Time) *SecretListEntry { s.DeletedDate = &v return s } // SetDescription sets the Description field's value. func (s *SecretListEntry) SetDescription(v string) *SecretListEntry { s.Description = &v return s } // SetKmsKeyId sets the KmsKeyId field's value. func (s *SecretListEntry) SetKmsKeyId(v string) *SecretListEntry { s.KmsKeyId = &v return s } // SetLastAccessedDate sets the LastAccessedDate field's value. func (s *SecretListEntry) SetLastAccessedDate(v time.Time) *SecretListEntry { s.LastAccessedDate = &v return s } // SetLastChangedDate sets the LastChangedDate field's value. func (s *SecretListEntry) SetLastChangedDate(v time.Time) *SecretListEntry { s.LastChangedDate = &v return s } // SetLastRotatedDate sets the LastRotatedDate field's value. func (s *SecretListEntry) SetLastRotatedDate(v time.Time) *SecretListEntry { s.LastRotatedDate = &v return s } // SetName sets the Name field's value. func (s *SecretListEntry) SetName(v string) *SecretListEntry { s.Name = &v return s } // SetNextRotationDate sets the NextRotationDate field's value. func (s *SecretListEntry) SetNextRotationDate(v time.Time) *SecretListEntry { s.NextRotationDate = &v return s } // SetOwningService sets the OwningService field's value. func (s *SecretListEntry) SetOwningService(v string) *SecretListEntry { s.OwningService = &v return s } // SetPrimaryRegion sets the PrimaryRegion field's value. func (s *SecretListEntry) SetPrimaryRegion(v string) *SecretListEntry { s.PrimaryRegion = &v return s } // SetRotationEnabled sets the RotationEnabled field's value. func (s *SecretListEntry) SetRotationEnabled(v bool) *SecretListEntry { s.RotationEnabled = &v return s } // SetRotationLambdaARN sets the RotationLambdaARN field's value. func (s *SecretListEntry) SetRotationLambdaARN(v string) *SecretListEntry { s.RotationLambdaARN = &v return s } // SetRotationRules sets the RotationRules field's value. func (s *SecretListEntry) SetRotationRules(v *RotationRulesType) *SecretListEntry { s.RotationRules = v return s } // SetSecretVersionsToStages sets the SecretVersionsToStages field's value. func (s *SecretListEntry) SetSecretVersionsToStages(v map[string][]*string) *SecretListEntry { s.SecretVersionsToStages = v return s } // SetTags sets the Tags field's value. func (s *SecretListEntry) SetTags(v []*Tag) *SecretListEntry { s.Tags = v return s } // A structure that contains the secret value and other details for a secret. type SecretValueEntry struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the secret. ARN *string `min:"20" type:"string"` // The date the secret was created. CreatedDate *time.Time `type:"timestamp"` // The friendly name of the secret. Name *string `min:"1" type:"string"` // The decrypted secret value, if the secret value was originally provided as // binary data in the form of a byte array. The parameter represents the binary // data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4) // string. // // SecretBinary is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by SecretValueEntry's // String and GoString methods. // // SecretBinary is automatically base64 encoded/decoded by the SDK. SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` // The decrypted secret value, if the secret value was originally provided as // a string or through the Secrets Manager console. // // SecretString is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by SecretValueEntry's // String and GoString methods. SecretString *string `min:"1" type:"string" sensitive:"true"` // The unique version identifier of this version of the secret. VersionId *string `min:"32" type:"string"` // A list of all of the staging labels currently attached to this version of // the secret. VersionStages []*string `min:"1" type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s SecretValueEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s SecretValueEntry) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *SecretValueEntry) SetARN(v string) *SecretValueEntry { s.ARN = &v return s } // SetCreatedDate sets the CreatedDate field's value. func (s *SecretValueEntry) SetCreatedDate(v time.Time) *SecretValueEntry { s.CreatedDate = &v return s } // SetName sets the Name field's value. func (s *SecretValueEntry) SetName(v string) *SecretValueEntry { s.Name = &v return s } // SetSecretBinary sets the SecretBinary field's value. func (s *SecretValueEntry) SetSecretBinary(v []byte) *SecretValueEntry { s.SecretBinary = v return s } // SetSecretString sets the SecretString field's value. func (s *SecretValueEntry) SetSecretString(v string) *SecretValueEntry { s.SecretString = &v return s } // SetVersionId sets the VersionId field's value. func (s *SecretValueEntry) SetVersionId(v string) *SecretValueEntry { s.VersionId = &v return s } // SetVersionStages sets the VersionStages field's value. func (s *SecretValueEntry) SetVersionStages(v []*string) *SecretValueEntry { s.VersionStages = v return s } // A structure that contains information about one version of a secret. type SecretVersionsListEntry struct { _ struct{} `type:"structure"` // The date and time this version of the secret was created. CreatedDate *time.Time `type:"timestamp"` // The KMS keys used to encrypt the secret version. KmsKeyIds []*string `type:"list"` // The date that this version of the secret was last accessed. Note that the // resolution of this field is at the date level and does not include the time. LastAccessedDate *time.Time `type:"timestamp"` // The unique version identifier of this version of the secret. VersionId *string `min:"32" type:"string"` // An array of staging labels that are currently associated with this version // of the secret. VersionStages []*string `min:"1" type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s SecretVersionsListEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s SecretVersionsListEntry) GoString() string { return s.String() } // SetCreatedDate sets the CreatedDate field's value. func (s *SecretVersionsListEntry) SetCreatedDate(v time.Time) *SecretVersionsListEntry { s.CreatedDate = &v return s } // SetKmsKeyIds sets the KmsKeyIds field's value. func (s *SecretVersionsListEntry) SetKmsKeyIds(v []*string) *SecretVersionsListEntry { s.KmsKeyIds = v return s } // SetLastAccessedDate sets the LastAccessedDate field's value. func (s *SecretVersionsListEntry) SetLastAccessedDate(v time.Time) *SecretVersionsListEntry { s.LastAccessedDate = &v return s } // SetVersionId sets the VersionId field's value. func (s *SecretVersionsListEntry) SetVersionId(v string) *SecretVersionsListEntry { s.VersionId = &v return s } // SetVersionStages sets the VersionStages field's value. func (s *SecretVersionsListEntry) SetVersionStages(v []*string) *SecretVersionsListEntry { s.VersionStages = v return s } type StopReplicationToReplicaInput struct { _ struct{} `type:"structure"` // The ARN of the primary secret. // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s StopReplicationToReplicaInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s StopReplicationToReplicaInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *StopReplicationToReplicaInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "StopReplicationToReplicaInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetSecretId sets the SecretId field's value. func (s *StopReplicationToReplicaInput) SetSecretId(v string) *StopReplicationToReplicaInput { s.SecretId = &v return s } type StopReplicationToReplicaOutput struct { _ struct{} `type:"structure"` // The ARN of the promoted secret. The ARN is the same as the original primary // secret except the Region is changed. ARN *string `min:"20" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s StopReplicationToReplicaOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s StopReplicationToReplicaOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *StopReplicationToReplicaOutput) SetARN(v string) *StopReplicationToReplicaOutput { s.ARN = &v return s } // A structure that contains information about a tag. type Tag struct { _ struct{} `type:"structure"` // The key identifier, or name, of the tag. Key *string `min:"1" type:"string"` // The string value associated with the key of the tag. Value *string `type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s Tag) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s Tag) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *Tag) Validate() error { invalidParams := request.ErrInvalidParams{Context: "Tag"} if s.Key != nil && len(*s.Key) < 1 { invalidParams.Add(request.NewErrParamMinLen("Key", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKey sets the Key field's value. func (s *Tag) SetKey(v string) *Tag { s.Key = &v return s } // SetValue sets the Value field's value. func (s *Tag) SetValue(v string) *Tag { s.Value = &v return s } type TagResourceInput struct { _ struct{} `type:"structure"` // The identifier for the secret to attach tags to. You can specify either the // Amazon Resource Name (ARN) or the friendly name of the secret. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` // The tags to attach to the secret as a JSON text string argument. Each element // in the list consists of a Key and a Value. // // For storing multiple values, we recommend that you use a JSON text string // argument and specify key/value pairs. For more information, see Specifying // parameter values for the Amazon Web Services CLI (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html) // in the Amazon Web Services CLI User Guide. // // Tags is a required field Tags []*Tag `type:"list" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s TagResourceInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s TagResourceInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *TagResourceInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if s.Tags == nil { invalidParams.Add(request.NewErrParamRequired("Tags")) } if s.Tags != nil { for i, v := range s.Tags { if v == nil { continue } if err := v.Validate(); err != nil { invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) } } } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetSecretId sets the SecretId field's value. func (s *TagResourceInput) SetSecretId(v string) *TagResourceInput { s.SecretId = &v return s } // SetTags sets the Tags field's value. func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { s.Tags = v return s } type TagResourceOutput struct { _ struct{} `type:"structure"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s TagResourceOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s TagResourceOutput) GoString() string { return s.String() } type UntagResourceInput struct { _ struct{} `type:"structure"` // The ARN or name of the secret. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` // A list of tag key names to remove from the secret. You don't specify the // value. Both the key and its associated value are removed. // // This parameter requires a JSON text string argument. // // For storing multiple values, we recommend that you use a JSON text string // argument and specify key/value pairs. For more information, see Specifying // parameter values for the Amazon Web Services CLI (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html) // in the Amazon Web Services CLI User Guide. // // TagKeys is a required field TagKeys []*string `type:"list" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UntagResourceInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UntagResourceInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *UntagResourceInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if s.TagKeys == nil { invalidParams.Add(request.NewErrParamRequired("TagKeys")) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetSecretId sets the SecretId field's value. func (s *UntagResourceInput) SetSecretId(v string) *UntagResourceInput { s.SecretId = &v return s } // SetTagKeys sets the TagKeys field's value. func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { s.TagKeys = v return s } type UntagResourceOutput struct { _ struct{} `type:"structure"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UntagResourceOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UntagResourceOutput) GoString() string { return s.String() } type UpdateSecretInput struct { _ struct{} `type:"structure"` // If you include SecretString or SecretBinary, then Secrets Manager creates // a new version for the secret, and this parameter specifies the unique identifier // for the new version. // // If you use the Amazon Web Services CLI or one of the Amazon Web Services // SDKs to call this operation, then you can leave this parameter empty. The // CLI or SDK generates a random UUID for you and includes it as the value for // this parameter in the request. // // If you generate a raw HTTP request to the Secrets Manager service endpoint, // then you must generate a ClientRequestToken and include it in the request. // // This value helps ensure idempotency. Secrets Manager uses this value to prevent // the accidental creation of duplicate versions if there are failures and retries // during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) // value to ensure uniqueness of your versions within the specified secret. ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"` // The description of the secret. Description *string `type:"string"` // The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt // new secret versions as well as any existing versions with the staging labels // AWSCURRENT, AWSPENDING, or AWSPREVIOUS. If you don't have kms:Encrypt permission // to the new key, Secrets Manager does not re-ecrypt existing secret versions // with the new key. For more information about versions and staging labels, // see Concepts: Version (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version). // // A key alias is always prefixed by alias/, for example alias/aws/secretsmanager. // For more information, see About aliases (https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html). // // If you set this to an empty string, Secrets Manager uses the Amazon Web Services // managed key aws/secretsmanager. If this key doesn't already exist in your // account, then Secrets Manager creates it for you automatically. All users // and roles in the Amazon Web Services account automatically have access to // use aws/secretsmanager. Creating aws/secretsmanager can result in a one-time // significant delay in returning the result. // // You can only use the Amazon Web Services managed key aws/secretsmanager if // you call this operation using credentials from the same Amazon Web Services // account that owns the secret. If the secret is in a different account, then // you must use a customer managed key and provide the ARN of that KMS key in // this field. The user making the call must have permissions to both the secret // and the KMS key in their respective accounts. KmsKeyId *string `type:"string"` // The binary data to encrypt and store in the new version of the secret. We // recommend that you store your binary data in a file and then pass the contents // of the file as a parameter. // // Either SecretBinary or SecretString must have a value, but not both. // // You can't access this parameter in the Secrets Manager console. // // Sensitive: This field contains sensitive information, so the service does // not include it in CloudTrail log entries. If you create your own log entries, // you must also avoid logging the information in this field. // // SecretBinary is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateSecretInput's // String and GoString methods. // // SecretBinary is automatically base64 encoded/decoded by the SDK. SecretBinary []byte `min:"1" type:"blob" sensitive:"true"` // The ARN or name of the secret. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` // The text data to encrypt and store in the new version of the secret. We recommend // you use a JSON structure of key/value pairs for your secret value. // // Either SecretBinary or SecretString must have a value, but not both. // // Sensitive: This field contains sensitive information, so the service does // not include it in CloudTrail log entries. If you create your own log entries, // you must also avoid logging the information in this field. // // SecretString is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateSecretInput's // String and GoString methods. SecretString *string `min:"1" type:"string" sensitive:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UpdateSecretInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UpdateSecretInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *UpdateSecretInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "UpdateSecretInput"} if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 32 { invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 32)) } if s.SecretBinary != nil && len(s.SecretBinary) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretBinary", 1)) } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if s.SecretString != nil && len(*s.SecretString) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretString", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetClientRequestToken sets the ClientRequestToken field's value. func (s *UpdateSecretInput) SetClientRequestToken(v string) *UpdateSecretInput { s.ClientRequestToken = &v return s } // SetDescription sets the Description field's value. func (s *UpdateSecretInput) SetDescription(v string) *UpdateSecretInput { s.Description = &v return s } // SetKmsKeyId sets the KmsKeyId field's value. func (s *UpdateSecretInput) SetKmsKeyId(v string) *UpdateSecretInput { s.KmsKeyId = &v return s } // SetSecretBinary sets the SecretBinary field's value. func (s *UpdateSecretInput) SetSecretBinary(v []byte) *UpdateSecretInput { s.SecretBinary = v return s } // SetSecretId sets the SecretId field's value. func (s *UpdateSecretInput) SetSecretId(v string) *UpdateSecretInput { s.SecretId = &v return s } // SetSecretString sets the SecretString field's value. func (s *UpdateSecretInput) SetSecretString(v string) *UpdateSecretInput { s.SecretString = &v return s } type UpdateSecretOutput struct { _ struct{} `type:"structure"` // The ARN of the secret that was updated. ARN *string `min:"20" type:"string"` // The name of the secret that was updated. Name *string `min:"1" type:"string"` // If Secrets Manager created a new version of the secret during this operation, // then VersionId contains the unique identifier of the new version. VersionId *string `min:"32" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UpdateSecretOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UpdateSecretOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *UpdateSecretOutput) SetARN(v string) *UpdateSecretOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *UpdateSecretOutput) SetName(v string) *UpdateSecretOutput { s.Name = &v return s } // SetVersionId sets the VersionId field's value. func (s *UpdateSecretOutput) SetVersionId(v string) *UpdateSecretOutput { s.VersionId = &v return s } type UpdateSecretVersionStageInput struct { _ struct{} `type:"structure"` // The ID of the version to add the staging label to. To remove a label from // a version, then do not specify this parameter. // // If the staging label is already attached to a different version of the secret, // then you must also specify the RemoveFromVersionId parameter. MoveToVersionId *string `min:"32" type:"string"` // The ID of the version that the staging label is to be removed from. If the // staging label you are trying to attach to one version is already attached // to a different version, then you must include this parameter and specify // the version that the label is to be removed from. If the label is attached // and you either do not specify this parameter, or the version ID does not // match, then the operation fails. RemoveFromVersionId *string `min:"32" type:"string"` // The ARN or the name of the secret with the version and staging labelsto modify. // // For an ARN, we recommend that you specify a complete ARN rather than a partial // ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen). // // SecretId is a required field SecretId *string `min:"1" type:"string" required:"true"` // The staging label to add to this version. // // VersionStage is a required field VersionStage *string `min:"1" type:"string" required:"true"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UpdateSecretVersionStageInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UpdateSecretVersionStageInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *UpdateSecretVersionStageInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "UpdateSecretVersionStageInput"} if s.MoveToVersionId != nil && len(*s.MoveToVersionId) < 32 { invalidParams.Add(request.NewErrParamMinLen("MoveToVersionId", 32)) } if s.RemoveFromVersionId != nil && len(*s.RemoveFromVersionId) < 32 { invalidParams.Add(request.NewErrParamMinLen("RemoveFromVersionId", 32)) } if s.SecretId == nil { invalidParams.Add(request.NewErrParamRequired("SecretId")) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if s.VersionStage == nil { invalidParams.Add(request.NewErrParamRequired("VersionStage")) } if s.VersionStage != nil && len(*s.VersionStage) < 1 { invalidParams.Add(request.NewErrParamMinLen("VersionStage", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetMoveToVersionId sets the MoveToVersionId field's value. func (s *UpdateSecretVersionStageInput) SetMoveToVersionId(v string) *UpdateSecretVersionStageInput { s.MoveToVersionId = &v return s } // SetRemoveFromVersionId sets the RemoveFromVersionId field's value. func (s *UpdateSecretVersionStageInput) SetRemoveFromVersionId(v string) *UpdateSecretVersionStageInput { s.RemoveFromVersionId = &v return s } // SetSecretId sets the SecretId field's value. func (s *UpdateSecretVersionStageInput) SetSecretId(v string) *UpdateSecretVersionStageInput { s.SecretId = &v return s } // SetVersionStage sets the VersionStage field's value. func (s *UpdateSecretVersionStageInput) SetVersionStage(v string) *UpdateSecretVersionStageInput { s.VersionStage = &v return s } type UpdateSecretVersionStageOutput struct { _ struct{} `type:"structure"` // The ARN of the secret that was updated. ARN *string `min:"20" type:"string"` // The name of the secret that was updated. Name *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UpdateSecretVersionStageOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s UpdateSecretVersionStageOutput) GoString() string { return s.String() } // SetARN sets the ARN field's value. func (s *UpdateSecretVersionStageOutput) SetARN(v string) *UpdateSecretVersionStageOutput { s.ARN = &v return s } // SetName sets the Name field's value. func (s *UpdateSecretVersionStageOutput) SetName(v string) *UpdateSecretVersionStageOutput { s.Name = &v return s } type ValidateResourcePolicyInput struct { _ struct{} `type:"structure"` // A JSON-formatted string that contains an Amazon Web Services resource-based // policy. The policy in the string identifies who can access or manage this // secret and its versions. For example policies, see Permissions policy examples // (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html). // // ResourcePolicy is a required field ResourcePolicy *string `min:"1" type:"string" required:"true"` // The ARN or name of the secret with the resource-based policy you want to // validate. SecretId *string `min:"1" type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ValidateResourcePolicyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ValidateResourcePolicyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ValidateResourcePolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ValidateResourcePolicyInput"} if s.ResourcePolicy == nil { invalidParams.Add(request.NewErrParamRequired("ResourcePolicy")) } if s.ResourcePolicy != nil && len(*s.ResourcePolicy) < 1 { invalidParams.Add(request.NewErrParamMinLen("ResourcePolicy", 1)) } if s.SecretId != nil && len(*s.SecretId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SecretId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetResourcePolicy sets the ResourcePolicy field's value. func (s *ValidateResourcePolicyInput) SetResourcePolicy(v string) *ValidateResourcePolicyInput { s.ResourcePolicy = &v return s } // SetSecretId sets the SecretId field's value. func (s *ValidateResourcePolicyInput) SetSecretId(v string) *ValidateResourcePolicyInput { s.SecretId = &v return s } type ValidateResourcePolicyOutput struct { _ struct{} `type:"structure"` // True if your policy passes validation, otherwise false. PolicyValidationPassed *bool `type:"boolean"` // Validation errors if your policy didn't pass validation. ValidationErrors []*ValidationErrorsEntry `type:"list"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ValidateResourcePolicyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ValidateResourcePolicyOutput) GoString() string { return s.String() } // SetPolicyValidationPassed sets the PolicyValidationPassed field's value. func (s *ValidateResourcePolicyOutput) SetPolicyValidationPassed(v bool) *ValidateResourcePolicyOutput { s.PolicyValidationPassed = &v return s } // SetValidationErrors sets the ValidationErrors field's value. func (s *ValidateResourcePolicyOutput) SetValidationErrors(v []*ValidationErrorsEntry) *ValidateResourcePolicyOutput { s.ValidationErrors = v return s } // Displays errors that occurred during validation of the resource policy. type ValidationErrorsEntry struct { _ struct{} `type:"structure"` // Checks the name of the policy. CheckName *string `min:"1" type:"string"` // Displays error messages if validation encounters problems during validation // of the resource policy. ErrorMessage *string `type:"string"` } // String returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ValidationErrorsEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation. // // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". func (s ValidationErrorsEntry) GoString() string { return s.String() } // SetCheckName sets the CheckName field's value. func (s *ValidationErrorsEntry) SetCheckName(v string) *ValidationErrorsEntry { s.CheckName = &v return s } // SetErrorMessage sets the ErrorMessage field's value. func (s *ValidationErrorsEntry) SetErrorMessage(v string) *ValidationErrorsEntry { s.ErrorMessage = &v return s } const ( // FilterNameStringTypeDescription is a FilterNameStringType enum value FilterNameStringTypeDescription = "description" // FilterNameStringTypeName is a FilterNameStringType enum value FilterNameStringTypeName = "name" // FilterNameStringTypeTagKey is a FilterNameStringType enum value FilterNameStringTypeTagKey = "tag-key" // FilterNameStringTypeTagValue is a FilterNameStringType enum value FilterNameStringTypeTagValue = "tag-value" // FilterNameStringTypePrimaryRegion is a FilterNameStringType enum value FilterNameStringTypePrimaryRegion = "primary-region" // FilterNameStringTypeOwningService is a FilterNameStringType enum value FilterNameStringTypeOwningService = "owning-service" // FilterNameStringTypeAll is a FilterNameStringType enum value FilterNameStringTypeAll = "all" ) // FilterNameStringType_Values returns all elements of the FilterNameStringType enum func FilterNameStringType_Values() []string { return []string{ FilterNameStringTypeDescription, FilterNameStringTypeName, FilterNameStringTypeTagKey, FilterNameStringTypeTagValue, FilterNameStringTypePrimaryRegion, FilterNameStringTypeOwningService, FilterNameStringTypeAll, } } const ( // SortOrderTypeAsc is a SortOrderType enum value SortOrderTypeAsc = "asc" // SortOrderTypeDesc is a SortOrderType enum value SortOrderTypeDesc = "desc" ) // SortOrderType_Values returns all elements of the SortOrderType enum func SortOrderType_Values() []string { return []string{ SortOrderTypeAsc, SortOrderTypeDesc, } } const ( // StatusTypeInSync is a StatusType enum value StatusTypeInSync = "InSync" // StatusTypeFailed is a StatusType enum value StatusTypeFailed = "Failed" // StatusTypeInProgress is a StatusType enum value StatusTypeInProgress = "InProgress" ) // StatusType_Values returns all elements of the StatusType enum func StatusType_Values() []string { return []string{ StatusTypeInSync, StatusTypeFailed, StatusTypeInProgress, } }