secretsmanager

package
v1.44.287 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2023 License: Apache-2.0 Imports: 10 Imported by: 786

Documentation

Overview

Package secretsmanager provides the client and types for making API requests to AWS Secrets Manager.

Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.

This guide provides descriptions of the Secrets Manager API. For more information about using this service, see the Amazon Web Services Secrets Manager User Guide (https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html).

API Version

This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.

For a list of endpoints, see Amazon Web Services Secrets Manager endpoints (https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints).

Support and Feedback for Amazon Web Services Secrets Manager

We welcome your feedback. Send your comments to awssecretsmanager-feedback@amazon.com (mailto:awssecretsmanager-feedback@amazon.com), or post your feedback and questions in the Amazon Web Services Secrets Manager Discussion Forum (http://forums.aws.amazon.com/forum.jspa?forumID=296). For more information about the Amazon Web Services Discussion Forums, see Forums Help (http://forums.aws.amazon.com/help.jspa).

Logging API Requests

Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information that's collected by Amazon Web Services CloudTrail, you can determine the requests successfully made to Secrets Manager, who made the request, when it was made, and so on. For more about Amazon Web Services Secrets Manager and support for Amazon Web Services CloudTrail, see Logging Amazon Web Services Secrets Manager Events with Amazon Web Services CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail) in the Amazon Web Services Secrets Manager User Guide. To learn more about CloudTrail, including enabling it and find your log files, see the Amazon Web Services CloudTrail User Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html).

See https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17 for more information on this service.

See secretsmanager package documentation for more information. https://docs.aws.amazon.com/sdk-for-go/api/service/secretsmanager/

Using the Client

To contact AWS Secrets Manager with the SDK use the New function to create a new service client. With that client you can make API requests to the service. These clients are safe to use concurrently.

See the SDK's documentation for more information on how to use the SDK. https://docs.aws.amazon.com/sdk-for-go/api/

See aws.Config documentation for more information on configuring SDK clients. https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config

See the AWS Secrets Manager client SecretsManager for more information on creating client for this service. https://docs.aws.amazon.com/sdk-for-go/api/service/secretsmanager/#New

Index

Examples

Constants

View Source
const (
	// FilterNameStringTypeDescription is a FilterNameStringType enum value
	FilterNameStringTypeDescription = "description"

	// FilterNameStringTypeName is a FilterNameStringType enum value
	FilterNameStringTypeName = "name"

	// FilterNameStringTypeTagKey is a FilterNameStringType enum value
	FilterNameStringTypeTagKey = "tag-key"

	// FilterNameStringTypeTagValue is a FilterNameStringType enum value
	FilterNameStringTypeTagValue = "tag-value"

	// FilterNameStringTypePrimaryRegion is a FilterNameStringType enum value
	FilterNameStringTypePrimaryRegion = "primary-region"

	// FilterNameStringTypeOwningService is a FilterNameStringType enum value
	FilterNameStringTypeOwningService = "owning-service"

	// FilterNameStringTypeAll is a FilterNameStringType enum value
	FilterNameStringTypeAll = "all"
)
View Source
const (
	// SortOrderTypeAsc is a SortOrderType enum value
	SortOrderTypeAsc = "asc"

	// SortOrderTypeDesc is a SortOrderType enum value
	SortOrderTypeDesc = "desc"
)
View Source
const (
	// StatusTypeInSync is a StatusType enum value
	StatusTypeInSync = "InSync"

	// StatusTypeFailed is a StatusType enum value
	StatusTypeFailed = "Failed"

	// StatusTypeInProgress is a StatusType enum value
	StatusTypeInProgress = "InProgress"
)
View Source
const (

	// ErrCodeDecryptionFailure for service response error code
	// "DecryptionFailure".
	//
	// Secrets Manager can't decrypt the protected secret text using the provided
	// KMS key.
	ErrCodeDecryptionFailure = "DecryptionFailure"

	// ErrCodeEncryptionFailure for service response error code
	// "EncryptionFailure".
	//
	// Secrets Manager can't encrypt the protected secret text using the provided
	// KMS key. Check that the KMS key is available, enabled, and not in an invalid
	// state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).
	ErrCodeEncryptionFailure = "EncryptionFailure"

	// ErrCodeInternalServiceError for service response error code
	// "InternalServiceError".
	//
	// An error occurred on the server side.
	ErrCodeInternalServiceError = "InternalServiceError"

	// ErrCodeInvalidNextTokenException for service response error code
	// "InvalidNextTokenException".
	//
	// The NextToken value is invalid.
	ErrCodeInvalidNextTokenException = "InvalidNextTokenException"

	// ErrCodeInvalidParameterException for service response error code
	// "InvalidParameterException".
	//
	// The parameter name or value is invalid.
	ErrCodeInvalidParameterException = "InvalidParameterException"

	// ErrCodeInvalidRequestException for service response error code
	// "InvalidRequestException".
	//
	// A parameter value is not valid for the current state of the resource.
	//
	// Possible causes:
	//
	//    * The secret is scheduled for deletion.
	//
	//    * You tried to enable rotation on a secret that doesn't already have a
	//    Lambda function ARN configured and you didn't include such an ARN as a
	//    parameter in this call.
	//
	//    * The secret is managed by another service, and you must use that service
	//    to update it. For more information, see Secrets managed by other Amazon
	//    Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).
	ErrCodeInvalidRequestException = "InvalidRequestException"

	// ErrCodeLimitExceededException for service response error code
	// "LimitExceededException".
	//
	// The request failed because it would exceed one of the Secrets Manager quotas.
	ErrCodeLimitExceededException = "LimitExceededException"

	// ErrCodeMalformedPolicyDocumentException for service response error code
	// "MalformedPolicyDocumentException".
	//
	// The resource policy has syntax errors.
	ErrCodeMalformedPolicyDocumentException = "MalformedPolicyDocumentException"

	// ErrCodePreconditionNotMetException for service response error code
	// "PreconditionNotMetException".
	//
	// The request failed because you did not complete all the prerequisite steps.
	ErrCodePreconditionNotMetException = "PreconditionNotMetException"

	// ErrCodePublicPolicyException for service response error code
	// "PublicPolicyException".
	//
	// The BlockPublicPolicy parameter is set to true, and the resource policy did
	// not prevent broad access to the secret.
	ErrCodePublicPolicyException = "PublicPolicyException"

	// ErrCodeResourceExistsException for service response error code
	// "ResourceExistsException".
	//
	// A resource with the ID you requested already exists.
	ErrCodeResourceExistsException = "ResourceExistsException"

	// ErrCodeResourceNotFoundException for service response error code
	// "ResourceNotFoundException".
	//
	// Secrets Manager can't find the resource that you asked for.
	ErrCodeResourceNotFoundException = "ResourceNotFoundException"
)
View Source
const (
	ServiceName = "secretsmanager"  // Name of service.
	EndpointsID = ServiceName       // ID to lookup a service endpoint with.
	ServiceID   = "Secrets Manager" // ServiceID is a unique identifier of a specific service.
)

Service information constants

Variables

This section is empty.

Functions

func FilterNameStringType_Values added in v1.34.3

func FilterNameStringType_Values() []string

FilterNameStringType_Values returns all elements of the FilterNameStringType enum

func SortOrderType_Values added in v1.34.3

func SortOrderType_Values() []string

SortOrderType_Values returns all elements of the SortOrderType enum

func StatusType_Values added in v1.37.23

func StatusType_Values() []string

StatusType_Values returns all elements of the StatusType enum

Types

type CancelRotateSecretInput

type CancelRotateSecretInput struct {

	// The ARN or name of the secret.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (CancelRotateSecretInput) GoString

func (s CancelRotateSecretInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CancelRotateSecretInput) SetSecretId

SetSecretId sets the SecretId field's value.

func (CancelRotateSecretInput) String

func (s CancelRotateSecretInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CancelRotateSecretInput) Validate

func (s *CancelRotateSecretInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type CancelRotateSecretOutput

type CancelRotateSecretOutput struct {

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The name of the secret.
	Name *string `min:"1" type:"string"`

	// The unique identifier of the version of the secret created during the rotation.
	// This version might not be complete, and should be evaluated for possible
	// deletion. We recommend that you remove the VersionStage value AWSPENDING
	// from this version so that Secrets Manager can delete it. Failing to clean
	// up a cancelled rotation can block you from starting future rotations.
	VersionId *string `min:"32" type:"string"`
	// contains filtered or unexported fields
}

func (CancelRotateSecretOutput) GoString

func (s CancelRotateSecretOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CancelRotateSecretOutput) SetARN

SetARN sets the ARN field's value.

func (*CancelRotateSecretOutput) SetName

SetName sets the Name field's value.

func (*CancelRotateSecretOutput) SetVersionId

SetVersionId sets the VersionId field's value.

func (CancelRotateSecretOutput) String

func (s CancelRotateSecretOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type CreateSecretInput

type CreateSecretInput struct {

	// A list of Regions and KMS keys to replicate secrets.
	AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list"`

	// If you include SecretString or SecretBinary, then Secrets Manager creates
	// an initial version for the secret, and this parameter specifies the unique
	// identifier for the new version.
	//
	// If you use the Amazon Web Services CLI or one of the Amazon Web Services
	// SDKs to call this operation, then you can leave this parameter empty. The
	// CLI or SDK generates a random UUID for you and includes it as the value for
	// this parameter in the request. If you don't use the SDK and instead generate
	// a raw HTTP request to the Secrets Manager service endpoint, then you must
	// generate a ClientRequestToken yourself for the new version and include the
	// value in the request.
	//
	// This value helps ensure idempotency. Secrets Manager uses this value to prevent
	// the accidental creation of duplicate versions if there are failures and retries
	// during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value to ensure uniqueness of your versions within the specified secret.
	//
	//    * If the ClientRequestToken value isn't already associated with a version
	//    of the secret then a new version of the secret is created.
	//
	//    * If a version with this value already exists and the version SecretString
	//    and SecretBinary values are the same as those in the request, then the
	//    request is ignored.
	//
	//    * If a version with this value already exists and that version's SecretString
	//    and SecretBinary values are different from those in the request, then
	//    the request fails because you cannot modify an existing version. Instead,
	//    use PutSecretValue to create a new version.
	//
	// This value becomes the VersionId of the new version.
	ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`

	// The description of the secret.
	Description *string `type:"string"`

	// Specifies whether to overwrite a secret with the same name in the destination
	// Region. By default, secrets aren't overwritten.
	ForceOverwriteReplicaSecret *bool `type:"boolean"`

	// The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt
	// the secret value in the secret. An alias is always prefixed by alias/, for
	// example alias/aws/secretsmanager. For more information, see About aliases
	// (https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html).
	//
	// To use a KMS key in a different account, use the key ARN or the alias ARN.
	//
	// If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager.
	// If that key doesn't yet exist, then Secrets Manager creates it for you automatically
	// the first time it encrypts the secret value.
	//
	// If the secret is in a different Amazon Web Services account from the credentials
	// calling the API, then you can't use aws/secretsmanager to encrypt the secret,
	// and you must create and use a customer managed KMS key.
	KmsKeyId *string `type:"string"`

	// The name of the new secret.
	//
	// The secret name can contain ASCII letters, numbers, and the following characters:
	// /_+=.@-
	//
	// Do not end your secret name with a hyphen followed by six characters. If
	// you do so, you risk confusion and unexpected results when searching for a
	// secret by partial ARN. Secrets Manager automatically adds a hyphen and six
	// random characters after the secret name at the end of the ARN.
	//
	// Name is a required field
	Name *string `min:"1" type:"string" required:"true"`

	// The binary data to encrypt and store in the new version of the secret. We
	// recommend that you store your binary data in a file and then pass the contents
	// of the file as a parameter.
	//
	// Either SecretString or SecretBinary must have a value, but not both.
	//
	// This parameter is not available in the Secrets Manager console.
	//
	// SecretBinary is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateSecretInput's
	// String and GoString methods.
	//
	// SecretBinary is automatically base64 encoded/decoded by the SDK.
	SecretBinary []byte `min:"1" type:"blob" sensitive:"true"`

	// The text data to encrypt and store in this new version of the secret. We
	// recommend you use a JSON structure of key/value pairs for your secret value.
	//
	// Either SecretString or SecretBinary must have a value, but not both.
	//
	// If you create a secret by using the Secrets Manager console then Secrets
	// Manager puts the protected secret text in only the SecretString parameter.
	// The Secrets Manager console stores the information as a JSON structure of
	// key/value pairs that a Lambda rotation function can parse.
	//
	// SecretString is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by CreateSecretInput's
	// String and GoString methods.
	SecretString *string `min:"1" type:"string" sensitive:"true"`

	// A list of tags to attach to the secret. Each tag is a key and value pair
	// of strings in a JSON text string, for example:
	//
	// [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
	//
	// Secrets Manager tag key names are case sensitive. A tag with the key "ABC"
	// is a different tag from one with key "abc".
	//
	// If you check tags in permissions policies as part of your security strategy,
	// then adding or removing a tag can change permissions. If the completion of
	// this operation would result in you losing your permissions for this secret,
	// then Secrets Manager blocks the operation and returns an Access Denied error.
	// For more information, see Control access to secrets using tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac)
	// and Limit access to identities with tags that match secrets' tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2).
	//
	// For information about how to format a JSON parameter for the various command
	// line tool environments, see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json).
	// If your command-line tool or SDK requires quotation marks around the parameter,
	// you should use single quotes to avoid confusion with the double quotes required
	// in the JSON text.
	//
	// The following restrictions apply to tags:
	//
	//    * Maximum number of tags per secret: 50
	//
	//    * Maximum key length: 127 Unicode characters in UTF-8
	//
	//    * Maximum value length: 255 Unicode characters in UTF-8
	//
	//    * Tag keys and values are case sensitive.
	//
	//    * Do not use the aws: prefix in your tag names or values because Amazon
	//    Web Services reserves it for Amazon Web Services use. You can't edit or
	//    delete tag names or values with this prefix. Tags with this prefix do
	//    not count against your tags per secret limit.
	//
	//    * If you use your tagging schema across multiple services and resources,
	//    other services might have restrictions on allowed characters. Generally
	//    allowed characters: letters, spaces, and numbers representable in UTF-8,
	//    plus the following special characters: + - = . _ : / @.
	Tags []*Tag `type:"list"`
	// contains filtered or unexported fields
}

func (CreateSecretInput) GoString

func (s CreateSecretInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateSecretInput) SetAddReplicaRegions added in v1.37.23

func (s *CreateSecretInput) SetAddReplicaRegions(v []*ReplicaRegionType) *CreateSecretInput

SetAddReplicaRegions sets the AddReplicaRegions field's value.

func (*CreateSecretInput) SetClientRequestToken

func (s *CreateSecretInput) SetClientRequestToken(v string) *CreateSecretInput

SetClientRequestToken sets the ClientRequestToken field's value.

func (*CreateSecretInput) SetDescription

func (s *CreateSecretInput) SetDescription(v string) *CreateSecretInput

SetDescription sets the Description field's value.

func (*CreateSecretInput) SetForceOverwriteReplicaSecret added in v1.37.23

func (s *CreateSecretInput) SetForceOverwriteReplicaSecret(v bool) *CreateSecretInput

SetForceOverwriteReplicaSecret sets the ForceOverwriteReplicaSecret field's value.

func (*CreateSecretInput) SetKmsKeyId

func (s *CreateSecretInput) SetKmsKeyId(v string) *CreateSecretInput

SetKmsKeyId sets the KmsKeyId field's value.

func (*CreateSecretInput) SetName

SetName sets the Name field's value.

func (*CreateSecretInput) SetSecretBinary

func (s *CreateSecretInput) SetSecretBinary(v []byte) *CreateSecretInput

SetSecretBinary sets the SecretBinary field's value.

func (*CreateSecretInput) SetSecretString

func (s *CreateSecretInput) SetSecretString(v string) *CreateSecretInput

SetSecretString sets the SecretString field's value.

func (*CreateSecretInput) SetTags

func (s *CreateSecretInput) SetTags(v []*Tag) *CreateSecretInput

SetTags sets the Tags field's value.

func (CreateSecretInput) String

func (s CreateSecretInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateSecretInput) Validate

func (s *CreateSecretInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type CreateSecretOutput

type CreateSecretOutput struct {

	// The ARN of the new secret. The ARN includes the name of the secret followed
	// by six random characters. This ensures that if you create a new secret with
	// the same name as a deleted secret, then users with access to the old secret
	// don't get access to the new secret because the ARNs are different.
	ARN *string `min:"20" type:"string"`

	// The name of the new secret.
	Name *string `min:"1" type:"string"`

	// A list of the replicas of this secret and their status:
	//
	//    * Failed, which indicates that the replica was not created.
	//
	//    * InProgress, which indicates that Secrets Manager is in the process of
	//    creating the replica.
	//
	//    * InSync, which indicates that the replica was created.
	ReplicationStatus []*ReplicationStatusType `type:"list"`

	// The unique identifier associated with the version of the new secret.
	VersionId *string `min:"32" type:"string"`
	// contains filtered or unexported fields
}

func (CreateSecretOutput) GoString

func (s CreateSecretOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*CreateSecretOutput) SetARN

SetARN sets the ARN field's value.

func (*CreateSecretOutput) SetName

SetName sets the Name field's value.

func (*CreateSecretOutput) SetReplicationStatus added in v1.37.23

func (s *CreateSecretOutput) SetReplicationStatus(v []*ReplicationStatusType) *CreateSecretOutput

SetReplicationStatus sets the ReplicationStatus field's value.

func (*CreateSecretOutput) SetVersionId

func (s *CreateSecretOutput) SetVersionId(v string) *CreateSecretOutput

SetVersionId sets the VersionId field's value.

func (CreateSecretOutput) String

func (s CreateSecretOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type DecryptionFailure added in v1.28.0

type DecryptionFailure struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

Secrets Manager can't decrypt the protected secret text using the provided KMS key.

func (*DecryptionFailure) Code added in v1.28.0

func (s *DecryptionFailure) Code() string

Code returns the exception type name.

func (*DecryptionFailure) Error added in v1.28.0

func (s *DecryptionFailure) Error() string

func (DecryptionFailure) GoString added in v1.28.0

func (s DecryptionFailure) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DecryptionFailure) Message added in v1.28.0

func (s *DecryptionFailure) Message() string

Message returns the exception's message.

func (*DecryptionFailure) OrigErr added in v1.28.0

func (s *DecryptionFailure) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*DecryptionFailure) RequestID added in v1.28.0

func (s *DecryptionFailure) RequestID() string

RequestID returns the service's response RequestID for request.

func (*DecryptionFailure) StatusCode added in v1.28.0

func (s *DecryptionFailure) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (DecryptionFailure) String added in v1.28.0

func (s DecryptionFailure) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type DeleteResourcePolicyInput added in v1.14.14

type DeleteResourcePolicyInput struct {

	// The ARN or name of the secret to delete the attached resource-based policy
	// for.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (DeleteResourcePolicyInput) GoString added in v1.14.14

func (s DeleteResourcePolicyInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DeleteResourcePolicyInput) SetSecretId added in v1.14.14

SetSecretId sets the SecretId field's value.

func (DeleteResourcePolicyInput) String added in v1.14.14

func (s DeleteResourcePolicyInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DeleteResourcePolicyInput) Validate added in v1.14.14

func (s *DeleteResourcePolicyInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type DeleteResourcePolicyOutput added in v1.14.14

type DeleteResourcePolicyOutput struct {

	// The ARN of the secret that the resource-based policy was deleted for.
	ARN *string `min:"20" type:"string"`

	// The name of the secret that the resource-based policy was deleted for.
	Name *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

func (DeleteResourcePolicyOutput) GoString added in v1.14.14

func (s DeleteResourcePolicyOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DeleteResourcePolicyOutput) SetARN added in v1.14.14

SetARN sets the ARN field's value.

func (*DeleteResourcePolicyOutput) SetName added in v1.14.14

SetName sets the Name field's value.

func (DeleteResourcePolicyOutput) String added in v1.14.14

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type DeleteSecretInput

type DeleteSecretInput struct {

	// Specifies whether to delete the secret without any recovery window. You can't
	// use both this parameter and RecoveryWindowInDays in the same call. If you
	// don't use either, then by default Secrets Manager uses a 30 day recovery
	// window.
	//
	// Secrets Manager performs the actual deletion with an asynchronous background
	// process, so there might be a short delay before the secret is permanently
	// deleted. If you delete a secret and then immediately create a secret with
	// the same name, use appropriate back off and retry logic.
	//
	// If you forcibly delete an already deleted or nonexistent secret, the operation
	// does not return ResourceNotFoundException.
	//
	// Use this parameter with caution. This parameter causes the operation to skip
	// the normal recovery window before the permanent deletion that Secrets Manager
	// would normally impose with the RecoveryWindowInDays parameter. If you delete
	// a secret with the ForceDeleteWithoutRecovery parameter, then you have no
	// opportunity to recover the secret. You lose the secret permanently.
	ForceDeleteWithoutRecovery *bool `type:"boolean"`

	// The number of days from 7 to 30 that Secrets Manager waits before permanently
	// deleting the secret. You can't use both this parameter and ForceDeleteWithoutRecovery
	// in the same call. If you don't use either, then by default Secrets Manager
	// uses a 30 day recovery window.
	RecoveryWindowInDays *int64 `type:"long"`

	// The ARN or name of the secret to delete.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (DeleteSecretInput) GoString

func (s DeleteSecretInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DeleteSecretInput) SetForceDeleteWithoutRecovery added in v1.15.8

func (s *DeleteSecretInput) SetForceDeleteWithoutRecovery(v bool) *DeleteSecretInput

SetForceDeleteWithoutRecovery sets the ForceDeleteWithoutRecovery field's value.

func (*DeleteSecretInput) SetRecoveryWindowInDays

func (s *DeleteSecretInput) SetRecoveryWindowInDays(v int64) *DeleteSecretInput

SetRecoveryWindowInDays sets the RecoveryWindowInDays field's value.

func (*DeleteSecretInput) SetSecretId

func (s *DeleteSecretInput) SetSecretId(v string) *DeleteSecretInput

SetSecretId sets the SecretId field's value.

func (DeleteSecretInput) String

func (s DeleteSecretInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DeleteSecretInput) Validate

func (s *DeleteSecretInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type DeleteSecretOutput

type DeleteSecretOutput struct {

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The date and time after which this secret Secrets Manager can permanently
	// delete this secret, and it can no longer be restored. This value is the date
	// and time of the delete request plus the number of days in RecoveryWindowInDays.
	DeletionDate *time.Time `type:"timestamp"`

	// The name of the secret.
	Name *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

func (DeleteSecretOutput) GoString

func (s DeleteSecretOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DeleteSecretOutput) SetARN

SetARN sets the ARN field's value.

func (*DeleteSecretOutput) SetDeletionDate

func (s *DeleteSecretOutput) SetDeletionDate(v time.Time) *DeleteSecretOutput

SetDeletionDate sets the DeletionDate field's value.

func (*DeleteSecretOutput) SetName

SetName sets the Name field's value.

func (DeleteSecretOutput) String

func (s DeleteSecretOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type DescribeSecretInput

type DescribeSecretInput struct {

	// The ARN or name of the secret.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (DescribeSecretInput) GoString

func (s DescribeSecretInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DescribeSecretInput) SetSecretId

func (s *DescribeSecretInput) SetSecretId(v string) *DescribeSecretInput

SetSecretId sets the SecretId field's value.

func (DescribeSecretInput) String

func (s DescribeSecretInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DescribeSecretInput) Validate

func (s *DescribeSecretInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type DescribeSecretOutput

type DescribeSecretOutput struct {

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The date the secret was created.
	CreatedDate *time.Time `type:"timestamp"`

	// The date the secret is scheduled for deletion. If it is not scheduled for
	// deletion, this field is omitted. When you delete a secret, Secrets Manager
	// requires a recovery window of at least 7 days before deleting the secret.
	// Some time after the deleted date, Secrets Manager deletes the secret, including
	// all of its versions.
	//
	// If a secret is scheduled for deletion, then its details, including the encrypted
	// secret value, is not accessible. To cancel a scheduled deletion and restore
	// access to the secret, use RestoreSecret.
	DeletedDate *time.Time `type:"timestamp"`

	// The description of the secret.
	Description *string `type:"string"`

	// The key ID or alias ARN of the KMS key that Secrets Manager uses to encrypt
	// the secret value. If the secret is encrypted with the Amazon Web Services
	// managed key aws/secretsmanager, this field is omitted. Secrets created using
	// the console use an KMS key ID.
	KmsKeyId *string `type:"string"`

	// The date that the secret was last accessed in the Region. This field is omitted
	// if the secret has never been retrieved in the Region.
	LastAccessedDate *time.Time `type:"timestamp"`

	// The last date and time that this secret was modified in any way.
	LastChangedDate *time.Time `type:"timestamp"`

	// The last date and time that Secrets Manager rotated the secret. If the secret
	// isn't configured for rotation, Secrets Manager returns null.
	LastRotatedDate *time.Time `type:"timestamp"`

	// The name of the secret.
	Name *string `min:"1" type:"string"`

	// The next rotation is scheduled to occur on or before this date. If the secret
	// isn't configured for rotation, Secrets Manager returns null.
	NextRotationDate *time.Time `type:"timestamp"`

	// The ID of the service that created this secret. For more information, see
	// Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).
	OwningService *string `min:"1" type:"string"`

	// The Region the secret is in. If a secret is replicated to other Regions,
	// the replicas are listed in ReplicationStatus.
	PrimaryRegion *string `min:"1" type:"string"`

	// A list of the replicas of this secret and their status:
	//
	//    * Failed, which indicates that the replica was not created.
	//
	//    * InProgress, which indicates that Secrets Manager is in the process of
	//    creating the replica.
	//
	//    * InSync, which indicates that the replica was created.
	ReplicationStatus []*ReplicationStatusType `type:"list"`

	// Specifies whether automatic rotation is turned on for this secret.
	//
	// To turn on rotation, use RotateSecret. To turn off rotation, use CancelRotateSecret.
	RotationEnabled *bool `type:"boolean"`

	// The ARN of the Lambda function that Secrets Manager invokes to rotate the
	// secret.
	RotationLambdaARN *string `type:"string"`

	// The rotation schedule and Lambda function for this secret. If the secret
	// previously had rotation turned on, but it is now turned off, this field shows
	// the previous rotation schedule and rotation function. If the secret never
	// had rotation turned on, this field is omitted.
	RotationRules *RotationRulesType `type:"structure"`

	// The list of tags attached to the secret. To add tags to a secret, use TagResource.
	// To remove tags, use UntagResource.
	Tags []*Tag `type:"list"`

	// A list of the versions of the secret that have staging labels attached. Versions
	// that don't have staging labels are considered deprecated and Secrets Manager
	// can delete them.
	//
	// Secrets Manager uses staging labels to indicate the status of a secret version
	// during rotation. The three staging labels for rotation are:
	//
	//    * AWSCURRENT, which indicates the current version of the secret.
	//
	//    * AWSPENDING, which indicates the version of the secret that contains
	//    new secret information that will become the next current version when
	//    rotation finishes. During rotation, Secrets Manager creates an AWSPENDING
	//    version ID before creating the new secret version. To check if a secret
	//    version exists, call GetSecretValue.
	//
	//    * AWSPREVIOUS, which indicates the previous current version of the secret.
	//    You can use this as the last known good version.
	//
	// For more information about rotation and staging labels, see How rotation
	// works (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html).
	VersionIdsToStages map[string][]*string `type:"map"`
	// contains filtered or unexported fields
}

func (DescribeSecretOutput) GoString

func (s DescribeSecretOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*DescribeSecretOutput) SetARN

SetARN sets the ARN field's value.

func (*DescribeSecretOutput) SetCreatedDate added in v1.33.5

func (s *DescribeSecretOutput) SetCreatedDate(v time.Time) *DescribeSecretOutput

SetCreatedDate sets the CreatedDate field's value.

func (*DescribeSecretOutput) SetDeletedDate

func (s *DescribeSecretOutput) SetDeletedDate(v time.Time) *DescribeSecretOutput

SetDeletedDate sets the DeletedDate field's value.

func (*DescribeSecretOutput) SetDescription

func (s *DescribeSecretOutput) SetDescription(v string) *DescribeSecretOutput

SetDescription sets the Description field's value.

func (*DescribeSecretOutput) SetKmsKeyId

SetKmsKeyId sets the KmsKeyId field's value.

func (*DescribeSecretOutput) SetLastAccessedDate

func (s *DescribeSecretOutput) SetLastAccessedDate(v time.Time) *DescribeSecretOutput

SetLastAccessedDate sets the LastAccessedDate field's value.

func (*DescribeSecretOutput) SetLastChangedDate

func (s *DescribeSecretOutput) SetLastChangedDate(v time.Time) *DescribeSecretOutput

SetLastChangedDate sets the LastChangedDate field's value.

func (*DescribeSecretOutput) SetLastRotatedDate

func (s *DescribeSecretOutput) SetLastRotatedDate(v time.Time) *DescribeSecretOutput

SetLastRotatedDate sets the LastRotatedDate field's value.

func (*DescribeSecretOutput) SetName

SetName sets the Name field's value.

func (*DescribeSecretOutput) SetNextRotationDate added in v1.44.170

func (s *DescribeSecretOutput) SetNextRotationDate(v time.Time) *DescribeSecretOutput

SetNextRotationDate sets the NextRotationDate field's value.

func (*DescribeSecretOutput) SetOwningService added in v1.21.3

func (s *DescribeSecretOutput) SetOwningService(v string) *DescribeSecretOutput

SetOwningService sets the OwningService field's value.

func (*DescribeSecretOutput) SetPrimaryRegion added in v1.37.23

func (s *DescribeSecretOutput) SetPrimaryRegion(v string) *DescribeSecretOutput

SetPrimaryRegion sets the PrimaryRegion field's value.

func (*DescribeSecretOutput) SetReplicationStatus added in v1.37.23

func (s *DescribeSecretOutput) SetReplicationStatus(v []*ReplicationStatusType) *DescribeSecretOutput

SetReplicationStatus sets the ReplicationStatus field's value.

func (*DescribeSecretOutput) SetRotationEnabled

func (s *DescribeSecretOutput) SetRotationEnabled(v bool) *DescribeSecretOutput

SetRotationEnabled sets the RotationEnabled field's value.

func (*DescribeSecretOutput) SetRotationLambdaARN

func (s *DescribeSecretOutput) SetRotationLambdaARN(v string) *DescribeSecretOutput

SetRotationLambdaARN sets the RotationLambdaARN field's value.

func (*DescribeSecretOutput) SetRotationRules

SetRotationRules sets the RotationRules field's value.

func (*DescribeSecretOutput) SetTags

func (s *DescribeSecretOutput) SetTags(v []*Tag) *DescribeSecretOutput

SetTags sets the Tags field's value.

func (*DescribeSecretOutput) SetVersionIdsToStages

func (s *DescribeSecretOutput) SetVersionIdsToStages(v map[string][]*string) *DescribeSecretOutput

SetVersionIdsToStages sets the VersionIdsToStages field's value.

func (DescribeSecretOutput) String

func (s DescribeSecretOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type EncryptionFailure added in v1.28.0

type EncryptionFailure struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the KMS key is available, enabled, and not in an invalid state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).

func (*EncryptionFailure) Code added in v1.28.0

func (s *EncryptionFailure) Code() string

Code returns the exception type name.

func (*EncryptionFailure) Error added in v1.28.0

func (s *EncryptionFailure) Error() string

func (EncryptionFailure) GoString added in v1.28.0

func (s EncryptionFailure) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*EncryptionFailure) Message added in v1.28.0

func (s *EncryptionFailure) Message() string

Message returns the exception's message.

func (*EncryptionFailure) OrigErr added in v1.28.0

func (s *EncryptionFailure) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*EncryptionFailure) RequestID added in v1.28.0

func (s *EncryptionFailure) RequestID() string

RequestID returns the service's response RequestID for request.

func (*EncryptionFailure) StatusCode added in v1.28.0

func (s *EncryptionFailure) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (EncryptionFailure) String added in v1.28.0

func (s EncryptionFailure) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type Filter added in v1.33.5

type Filter struct {

	// The following are keys you can use:
	//
	//    * description: Prefix match, not case-sensitive.
	//
	//    * name: Prefix match, case-sensitive.
	//
	//    * tag-key: Prefix match, case-sensitive.
	//
	//    * tag-value: Prefix match, case-sensitive.
	//
	//    * primary-region: Prefix match, case-sensitive.
	//
	//    * owning-service: Prefix match, case-sensitive.
	//
	//    * all: Breaks the filter value string into words and then searches all
	//    attributes for matches. Not case-sensitive.
	Key *string `type:"string" enum:"FilterNameStringType"`

	// The keyword to filter for.
	//
	// You can prefix your search value with an exclamation mark (!) in order to
	// perform negation filters.
	Values []*string `min:"1" type:"list"`
	// contains filtered or unexported fields
}

Allows you to add filters when you use the search function in Secrets Manager. For more information, see Find secrets in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html).

func (Filter) GoString added in v1.33.5

func (s Filter) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*Filter) SetKey added in v1.33.5

func (s *Filter) SetKey(v string) *Filter

SetKey sets the Key field's value.

func (*Filter) SetValues added in v1.33.5

func (s *Filter) SetValues(v []*string) *Filter

SetValues sets the Values field's value.

func (Filter) String added in v1.33.5

func (s Filter) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*Filter) Validate added in v1.33.5

func (s *Filter) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type GetRandomPasswordInput

type GetRandomPasswordInput struct {

	// A string of the characters that you don't want in the password.
	ExcludeCharacters *string `type:"string"`

	// Specifies whether to exclude lowercase letters from the password. If you
	// don't include this switch, the password can contain lowercase letters.
	ExcludeLowercase *bool `type:"boolean"`

	// Specifies whether to exclude numbers from the password. If you don't include
	// this switch, the password can contain numbers.
	ExcludeNumbers *bool `type:"boolean"`

	// Specifies whether to exclude the following punctuation characters from the
	// password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~.
	// If you don't include this switch, the password can contain punctuation.
	ExcludePunctuation *bool `type:"boolean"`

	// Specifies whether to exclude uppercase letters from the password. If you
	// don't include this switch, the password can contain uppercase letters.
	ExcludeUppercase *bool `type:"boolean"`

	// Specifies whether to include the space character. If you include this switch,
	// the password can contain space characters.
	IncludeSpace *bool `type:"boolean"`

	// The length of the password. If you don't include this parameter, the default
	// length is 32 characters.
	PasswordLength *int64 `min:"1" type:"long"`

	// Specifies whether to include at least one upper and lowercase letter, one
	// number, and one punctuation. If you don't include this switch, the password
	// contains at least one of every character type.
	RequireEachIncludedType *bool `type:"boolean"`
	// contains filtered or unexported fields
}

func (GetRandomPasswordInput) GoString

func (s GetRandomPasswordInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetRandomPasswordInput) SetExcludeCharacters

func (s *GetRandomPasswordInput) SetExcludeCharacters(v string) *GetRandomPasswordInput

SetExcludeCharacters sets the ExcludeCharacters field's value.

func (*GetRandomPasswordInput) SetExcludeLowercase

func (s *GetRandomPasswordInput) SetExcludeLowercase(v bool) *GetRandomPasswordInput

SetExcludeLowercase sets the ExcludeLowercase field's value.

func (*GetRandomPasswordInput) SetExcludeNumbers

func (s *GetRandomPasswordInput) SetExcludeNumbers(v bool) *GetRandomPasswordInput

SetExcludeNumbers sets the ExcludeNumbers field's value.

func (*GetRandomPasswordInput) SetExcludePunctuation

func (s *GetRandomPasswordInput) SetExcludePunctuation(v bool) *GetRandomPasswordInput

SetExcludePunctuation sets the ExcludePunctuation field's value.

func (*GetRandomPasswordInput) SetExcludeUppercase

func (s *GetRandomPasswordInput) SetExcludeUppercase(v bool) *GetRandomPasswordInput

SetExcludeUppercase sets the ExcludeUppercase field's value.

func (*GetRandomPasswordInput) SetIncludeSpace

func (s *GetRandomPasswordInput) SetIncludeSpace(v bool) *GetRandomPasswordInput

SetIncludeSpace sets the IncludeSpace field's value.

func (*GetRandomPasswordInput) SetPasswordLength

func (s *GetRandomPasswordInput) SetPasswordLength(v int64) *GetRandomPasswordInput

SetPasswordLength sets the PasswordLength field's value.

func (*GetRandomPasswordInput) SetRequireEachIncludedType

func (s *GetRandomPasswordInput) SetRequireEachIncludedType(v bool) *GetRandomPasswordInput

SetRequireEachIncludedType sets the RequireEachIncludedType field's value.

func (GetRandomPasswordInput) String

func (s GetRandomPasswordInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetRandomPasswordInput) Validate

func (s *GetRandomPasswordInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type GetRandomPasswordOutput

type GetRandomPasswordOutput struct {

	// A string with the password.
	//
	// RandomPassword is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetRandomPasswordOutput's
	// String and GoString methods.
	RandomPassword *string `type:"string" sensitive:"true"`
	// contains filtered or unexported fields
}

func (GetRandomPasswordOutput) GoString

func (s GetRandomPasswordOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetRandomPasswordOutput) SetRandomPassword

func (s *GetRandomPasswordOutput) SetRandomPassword(v string) *GetRandomPasswordOutput

SetRandomPassword sets the RandomPassword field's value.

func (GetRandomPasswordOutput) String

func (s GetRandomPasswordOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type GetResourcePolicyInput added in v1.14.14

type GetResourcePolicyInput struct {

	// The ARN or name of the secret to retrieve the attached resource-based policy
	// for.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (GetResourcePolicyInput) GoString added in v1.14.14

func (s GetResourcePolicyInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetResourcePolicyInput) SetSecretId added in v1.14.14

SetSecretId sets the SecretId field's value.

func (GetResourcePolicyInput) String added in v1.14.14

func (s GetResourcePolicyInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetResourcePolicyInput) Validate added in v1.14.14

func (s *GetResourcePolicyInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type GetResourcePolicyOutput added in v1.14.14

type GetResourcePolicyOutput struct {

	// The ARN of the secret that the resource-based policy was retrieved for.
	ARN *string `min:"20" type:"string"`

	// The name of the secret that the resource-based policy was retrieved for.
	Name *string `min:"1" type:"string"`

	// A JSON-formatted string that contains the permissions policy attached to
	// the secret. For more information about permissions policies, see Authentication
	// and access control for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).
	ResourcePolicy *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

func (GetResourcePolicyOutput) GoString added in v1.14.14

func (s GetResourcePolicyOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetResourcePolicyOutput) SetARN added in v1.14.14

SetARN sets the ARN field's value.

func (*GetResourcePolicyOutput) SetName added in v1.14.14

SetName sets the Name field's value.

func (*GetResourcePolicyOutput) SetResourcePolicy added in v1.14.14

func (s *GetResourcePolicyOutput) SetResourcePolicy(v string) *GetResourcePolicyOutput

SetResourcePolicy sets the ResourcePolicy field's value.

func (GetResourcePolicyOutput) String added in v1.14.14

func (s GetResourcePolicyOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type GetSecretValueInput

type GetSecretValueInput struct {

	// The ARN or name of the secret to retrieve.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// The unique identifier of the version of the secret to retrieve. If you include
	// both this parameter and VersionStage, the two parameters must refer to the
	// same secret version. If you don't specify either a VersionStage or VersionId,
	// then Secrets Manager returns the AWSCURRENT version.
	//
	// This value is typically a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value with 32 hexadecimal digits.
	VersionId *string `min:"32" type:"string"`

	// The staging label of the version of the secret to retrieve.
	//
	// Secrets Manager uses staging labels to keep track of different versions during
	// the rotation process. If you include both this parameter and VersionId, the
	// two parameters must refer to the same secret version. If you don't specify
	// either a VersionStage or VersionId, Secrets Manager returns the AWSCURRENT
	// version.
	VersionStage *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

func (GetSecretValueInput) GoString

func (s GetSecretValueInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetSecretValueInput) SetSecretId

func (s *GetSecretValueInput) SetSecretId(v string) *GetSecretValueInput

SetSecretId sets the SecretId field's value.

func (*GetSecretValueInput) SetVersionId

func (s *GetSecretValueInput) SetVersionId(v string) *GetSecretValueInput

SetVersionId sets the VersionId field's value.

func (*GetSecretValueInput) SetVersionStage

func (s *GetSecretValueInput) SetVersionStage(v string) *GetSecretValueInput

SetVersionStage sets the VersionStage field's value.

func (GetSecretValueInput) String

func (s GetSecretValueInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetSecretValueInput) Validate

func (s *GetSecretValueInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type GetSecretValueOutput

type GetSecretValueOutput struct {

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The date and time that this version of the secret was created. If you don't
	// specify which version in VersionId or VersionStage, then Secrets Manager
	// uses the AWSCURRENT version.
	CreatedDate *time.Time `type:"timestamp"`

	// The friendly name of the secret.
	Name *string `min:"1" type:"string"`

	// The decrypted secret value, if the secret value was originally provided as
	// binary data in the form of a byte array. The response parameter represents
	// the binary data as a base64-encoded (https://tools.ietf.org/html/rfc4648#section-4)
	// string.
	//
	// If the secret was created by using the Secrets Manager console, or if the
	// secret value was originally provided as a string, then this field is omitted.
	// The secret value appears in SecretString instead.
	//
	// SecretBinary is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetSecretValueOutput's
	// String and GoString methods.
	//
	// SecretBinary is automatically base64 encoded/decoded by the SDK.
	SecretBinary []byte `min:"1" type:"blob" sensitive:"true"`

	// The decrypted secret value, if the secret value was originally provided as
	// a string or through the Secrets Manager console.
	//
	// If this secret was created by using the console, then Secrets Manager stores
	// the information as a JSON structure of key/value pairs.
	//
	// SecretString is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by GetSecretValueOutput's
	// String and GoString methods.
	SecretString *string `min:"1" type:"string" sensitive:"true"`

	// The unique identifier of this version of the secret.
	VersionId *string `min:"32" type:"string"`

	// A list of all of the staging labels currently attached to this version of
	// the secret.
	VersionStages []*string `min:"1" type:"list"`
	// contains filtered or unexported fields
}

func (GetSecretValueOutput) GoString

func (s GetSecretValueOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*GetSecretValueOutput) SetARN

SetARN sets the ARN field's value.

func (*GetSecretValueOutput) SetCreatedDate

func (s *GetSecretValueOutput) SetCreatedDate(v time.Time) *GetSecretValueOutput

SetCreatedDate sets the CreatedDate field's value.

func (*GetSecretValueOutput) SetName

SetName sets the Name field's value.

func (*GetSecretValueOutput) SetSecretBinary

func (s *GetSecretValueOutput) SetSecretBinary(v []byte) *GetSecretValueOutput

SetSecretBinary sets the SecretBinary field's value.

func (*GetSecretValueOutput) SetSecretString

func (s *GetSecretValueOutput) SetSecretString(v string) *GetSecretValueOutput

SetSecretString sets the SecretString field's value.

func (*GetSecretValueOutput) SetVersionId

func (s *GetSecretValueOutput) SetVersionId(v string) *GetSecretValueOutput

SetVersionId sets the VersionId field's value.

func (*GetSecretValueOutput) SetVersionStages

func (s *GetSecretValueOutput) SetVersionStages(v []*string) *GetSecretValueOutput

SetVersionStages sets the VersionStages field's value.

func (GetSecretValueOutput) String

func (s GetSecretValueOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InternalServiceError added in v1.28.0

type InternalServiceError struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

An error occurred on the server side.

func (*InternalServiceError) Code added in v1.28.0

func (s *InternalServiceError) Code() string

Code returns the exception type name.

func (*InternalServiceError) Error added in v1.28.0

func (s *InternalServiceError) Error() string

func (InternalServiceError) GoString added in v1.28.0

func (s InternalServiceError) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InternalServiceError) Message added in v1.28.0

func (s *InternalServiceError) Message() string

Message returns the exception's message.

func (*InternalServiceError) OrigErr added in v1.28.0

func (s *InternalServiceError) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InternalServiceError) RequestID added in v1.28.0

func (s *InternalServiceError) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InternalServiceError) StatusCode added in v1.28.0

func (s *InternalServiceError) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InternalServiceError) String added in v1.28.0

func (s InternalServiceError) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidNextTokenException added in v1.28.0

type InvalidNextTokenException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

The NextToken value is invalid.

func (*InvalidNextTokenException) Code added in v1.28.0

Code returns the exception type name.

func (*InvalidNextTokenException) Error added in v1.28.0

func (s *InvalidNextTokenException) Error() string

func (InvalidNextTokenException) GoString added in v1.28.0

func (s InvalidNextTokenException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidNextTokenException) Message added in v1.28.0

func (s *InvalidNextTokenException) Message() string

Message returns the exception's message.

func (*InvalidNextTokenException) OrigErr added in v1.28.0

func (s *InvalidNextTokenException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidNextTokenException) RequestID added in v1.28.0

func (s *InvalidNextTokenException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidNextTokenException) StatusCode added in v1.28.0

func (s *InvalidNextTokenException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidNextTokenException) String added in v1.28.0

func (s InvalidNextTokenException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidParameterException added in v1.28.0

type InvalidParameterException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

The parameter name or value is invalid.

func (*InvalidParameterException) Code added in v1.28.0

Code returns the exception type name.

func (*InvalidParameterException) Error added in v1.28.0

func (s *InvalidParameterException) Error() string

func (InvalidParameterException) GoString added in v1.28.0

func (s InvalidParameterException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidParameterException) Message added in v1.28.0

func (s *InvalidParameterException) Message() string

Message returns the exception's message.

func (*InvalidParameterException) OrigErr added in v1.28.0

func (s *InvalidParameterException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidParameterException) RequestID added in v1.28.0

func (s *InvalidParameterException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidParameterException) StatusCode added in v1.28.0

func (s *InvalidParameterException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidParameterException) String added in v1.28.0

func (s InvalidParameterException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type InvalidRequestException added in v1.28.0

type InvalidRequestException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

A parameter value is not valid for the current state of the resource.

Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

func (*InvalidRequestException) Code added in v1.28.0

func (s *InvalidRequestException) Code() string

Code returns the exception type name.

func (*InvalidRequestException) Error added in v1.28.0

func (s *InvalidRequestException) Error() string

func (InvalidRequestException) GoString added in v1.28.0

func (s InvalidRequestException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*InvalidRequestException) Message added in v1.28.0

func (s *InvalidRequestException) Message() string

Message returns the exception's message.

func (*InvalidRequestException) OrigErr added in v1.28.0

func (s *InvalidRequestException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*InvalidRequestException) RequestID added in v1.28.0

func (s *InvalidRequestException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*InvalidRequestException) StatusCode added in v1.28.0

func (s *InvalidRequestException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (InvalidRequestException) String added in v1.28.0

func (s InvalidRequestException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type LimitExceededException added in v1.28.0

type LimitExceededException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

The request failed because it would exceed one of the Secrets Manager quotas.

func (*LimitExceededException) Code added in v1.28.0

func (s *LimitExceededException) Code() string

Code returns the exception type name.

func (*LimitExceededException) Error added in v1.28.0

func (s *LimitExceededException) Error() string

func (LimitExceededException) GoString added in v1.28.0

func (s LimitExceededException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*LimitExceededException) Message added in v1.28.0

func (s *LimitExceededException) Message() string

Message returns the exception's message.

func (*LimitExceededException) OrigErr added in v1.28.0

func (s *LimitExceededException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*LimitExceededException) RequestID added in v1.28.0

func (s *LimitExceededException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*LimitExceededException) StatusCode added in v1.28.0

func (s *LimitExceededException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (LimitExceededException) String added in v1.28.0

func (s LimitExceededException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ListSecretVersionIdsInput

type ListSecretVersionIdsInput struct {

	// Specifies whether to include versions of secrets that don't have any staging
	// labels attached to them. Versions without staging labels are considered deprecated
	// and are subject to deletion by Secrets Manager. By default, versions without
	// staging labels aren't included.
	IncludeDeprecated *bool `type:"boolean"`

	// The number of results to include in the response.
	//
	// If there are more results available, in the response, Secrets Manager includes
	// NextToken. To get the next results, call ListSecretVersionIds again with
	// the value from NextToken.
	MaxResults *int64 `min:"1" type:"integer"`

	// A token that indicates where the output should continue from, if a previous
	// call did not show all results. To get the next results, call ListSecretVersionIds
	// again with this value.
	NextToken *string `min:"1" type:"string"`

	// The ARN or name of the secret whose versions you want to list.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (ListSecretVersionIdsInput) GoString

func (s ListSecretVersionIdsInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListSecretVersionIdsInput) SetIncludeDeprecated

func (s *ListSecretVersionIdsInput) SetIncludeDeprecated(v bool) *ListSecretVersionIdsInput

SetIncludeDeprecated sets the IncludeDeprecated field's value.

func (*ListSecretVersionIdsInput) SetMaxResults

SetMaxResults sets the MaxResults field's value.

func (*ListSecretVersionIdsInput) SetNextToken

SetNextToken sets the NextToken field's value.

func (*ListSecretVersionIdsInput) SetSecretId

SetSecretId sets the SecretId field's value.

func (ListSecretVersionIdsInput) String

func (s ListSecretVersionIdsInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListSecretVersionIdsInput) Validate

func (s *ListSecretVersionIdsInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type ListSecretVersionIdsOutput

type ListSecretVersionIdsOutput struct {

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The name of the secret.
	Name *string `min:"1" type:"string"`

	// Secrets Manager includes this value if there's more output available than
	// what is included in the current response. This can occur even when the response
	// includes no values at all, such as when you ask for a filtered view of a
	// long list. To get the next results, call ListSecretVersionIds again with
	// this value.
	NextToken *string `min:"1" type:"string"`

	// A list of the versions of the secret.
	Versions []*SecretVersionsListEntry `type:"list"`
	// contains filtered or unexported fields
}

func (ListSecretVersionIdsOutput) GoString

func (s ListSecretVersionIdsOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListSecretVersionIdsOutput) SetARN

SetARN sets the ARN field's value.

func (*ListSecretVersionIdsOutput) SetName

SetName sets the Name field's value.

func (*ListSecretVersionIdsOutput) SetNextToken

SetNextToken sets the NextToken field's value.

func (*ListSecretVersionIdsOutput) SetVersions

SetVersions sets the Versions field's value.

func (ListSecretVersionIdsOutput) String

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ListSecretsInput

type ListSecretsInput struct {

	// The filters to apply to the list of secrets.
	Filters []*Filter `type:"list"`

	// Specifies whether to include secrets scheduled for deletion. By default,
	// secrets scheduled for deletion aren't included.
	IncludePlannedDeletion *bool `type:"boolean"`

	// The number of results to include in the response.
	//
	// If there are more results available, in the response, Secrets Manager includes
	// NextToken. To get the next results, call ListSecrets again with the value
	// from NextToken.
	MaxResults *int64 `min:"1" type:"integer"`

	// A token that indicates where the output should continue from, if a previous
	// call did not show all results. To get the next results, call ListSecrets
	// again with this value.
	NextToken *string `min:"1" type:"string"`

	// Secrets are listed by CreatedDate.
	SortOrder *string `type:"string" enum:"SortOrderType"`
	// contains filtered or unexported fields
}

func (ListSecretsInput) GoString

func (s ListSecretsInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListSecretsInput) SetFilters added in v1.33.5

func (s *ListSecretsInput) SetFilters(v []*Filter) *ListSecretsInput

SetFilters sets the Filters field's value.

func (*ListSecretsInput) SetIncludePlannedDeletion added in v1.44.170

func (s *ListSecretsInput) SetIncludePlannedDeletion(v bool) *ListSecretsInput

SetIncludePlannedDeletion sets the IncludePlannedDeletion field's value.

func (*ListSecretsInput) SetMaxResults

func (s *ListSecretsInput) SetMaxResults(v int64) *ListSecretsInput

SetMaxResults sets the MaxResults field's value.

func (*ListSecretsInput) SetNextToken

func (s *ListSecretsInput) SetNextToken(v string) *ListSecretsInput

SetNextToken sets the NextToken field's value.

func (*ListSecretsInput) SetSortOrder added in v1.33.5

func (s *ListSecretsInput) SetSortOrder(v string) *ListSecretsInput

SetSortOrder sets the SortOrder field's value.

func (ListSecretsInput) String

func (s ListSecretsInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListSecretsInput) Validate

func (s *ListSecretsInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type ListSecretsOutput

type ListSecretsOutput struct {

	// Secrets Manager includes this value if there's more output available than
	// what is included in the current response. This can occur even when the response
	// includes no values at all, such as when you ask for a filtered view of a
	// long list. To get the next results, call ListSecrets again with this value.
	NextToken *string `min:"1" type:"string"`

	// A list of the secrets in the account.
	SecretList []*SecretListEntry `type:"list"`
	// contains filtered or unexported fields
}

func (ListSecretsOutput) GoString

func (s ListSecretsOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ListSecretsOutput) SetNextToken

func (s *ListSecretsOutput) SetNextToken(v string) *ListSecretsOutput

SetNextToken sets the NextToken field's value.

func (*ListSecretsOutput) SetSecretList

func (s *ListSecretsOutput) SetSecretList(v []*SecretListEntry) *ListSecretsOutput

SetSecretList sets the SecretList field's value.

func (ListSecretsOutput) String

func (s ListSecretsOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type MalformedPolicyDocumentException added in v1.28.0

type MalformedPolicyDocumentException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

The resource policy has syntax errors.

func (*MalformedPolicyDocumentException) Code added in v1.28.0

Code returns the exception type name.

func (*MalformedPolicyDocumentException) Error added in v1.28.0

func (MalformedPolicyDocumentException) GoString added in v1.28.0

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*MalformedPolicyDocumentException) Message added in v1.28.0

Message returns the exception's message.

func (*MalformedPolicyDocumentException) OrigErr added in v1.28.0

OrigErr always returns nil, satisfies awserr.Error interface.

func (*MalformedPolicyDocumentException) RequestID added in v1.28.0

RequestID returns the service's response RequestID for request.

func (*MalformedPolicyDocumentException) StatusCode added in v1.28.0

func (s *MalformedPolicyDocumentException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (MalformedPolicyDocumentException) String added in v1.28.0

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type PreconditionNotMetException added in v1.28.0

type PreconditionNotMetException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

The request failed because you did not complete all the prerequisite steps.

func (*PreconditionNotMetException) Code added in v1.28.0

Code returns the exception type name.

func (*PreconditionNotMetException) Error added in v1.28.0

func (PreconditionNotMetException) GoString added in v1.28.0

func (s PreconditionNotMetException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*PreconditionNotMetException) Message added in v1.28.0

func (s *PreconditionNotMetException) Message() string

Message returns the exception's message.

func (*PreconditionNotMetException) OrigErr added in v1.28.0

func (s *PreconditionNotMetException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*PreconditionNotMetException) RequestID added in v1.28.0

func (s *PreconditionNotMetException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*PreconditionNotMetException) StatusCode added in v1.28.0

func (s *PreconditionNotMetException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (PreconditionNotMetException) String added in v1.28.0

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type PublicPolicyException added in v1.33.5

type PublicPolicyException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

The BlockPublicPolicy parameter is set to true, and the resource policy did not prevent broad access to the secret.

func (*PublicPolicyException) Code added in v1.33.5

func (s *PublicPolicyException) Code() string

Code returns the exception type name.

func (*PublicPolicyException) Error added in v1.33.5

func (s *PublicPolicyException) Error() string

func (PublicPolicyException) GoString added in v1.33.5

func (s PublicPolicyException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*PublicPolicyException) Message added in v1.33.5

func (s *PublicPolicyException) Message() string

Message returns the exception's message.

func (*PublicPolicyException) OrigErr added in v1.33.5

func (s *PublicPolicyException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*PublicPolicyException) RequestID added in v1.33.5

func (s *PublicPolicyException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*PublicPolicyException) StatusCode added in v1.33.5

func (s *PublicPolicyException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (PublicPolicyException) String added in v1.33.5

func (s PublicPolicyException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type PutResourcePolicyInput added in v1.14.14

type PutResourcePolicyInput struct {

	// Specifies whether to block resource-based policies that allow broad access
	// to the secret, for example those that use a wildcard for the principal. By
	// default, public policies aren't blocked.
	BlockPublicPolicy *bool `type:"boolean"`

	// A JSON-formatted string for an Amazon Web Services resource-based policy.
	// For example policies, see Permissions policy examples (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html).
	//
	// ResourcePolicy is a required field
	ResourcePolicy *string `min:"1" type:"string" required:"true"`

	// The ARN or name of the secret to attach the resource-based policy.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (PutResourcePolicyInput) GoString added in v1.14.14

func (s PutResourcePolicyInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*PutResourcePolicyInput) SetBlockPublicPolicy added in v1.33.5

func (s *PutResourcePolicyInput) SetBlockPublicPolicy(v bool) *PutResourcePolicyInput

SetBlockPublicPolicy sets the BlockPublicPolicy field's value.

func (*PutResourcePolicyInput) SetResourcePolicy added in v1.14.14

func (s *PutResourcePolicyInput) SetResourcePolicy(v string) *PutResourcePolicyInput

SetResourcePolicy sets the ResourcePolicy field's value.

func (*PutResourcePolicyInput) SetSecretId added in v1.14.14

SetSecretId sets the SecretId field's value.

func (PutResourcePolicyInput) String added in v1.14.14

func (s PutResourcePolicyInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*PutResourcePolicyInput) Validate added in v1.14.14

func (s *PutResourcePolicyInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type PutResourcePolicyOutput added in v1.14.14

type PutResourcePolicyOutput struct {

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The name of the secret.
	Name *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

func (PutResourcePolicyOutput) GoString added in v1.14.14

func (s PutResourcePolicyOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*PutResourcePolicyOutput) SetARN added in v1.14.14

SetARN sets the ARN field's value.

func (*PutResourcePolicyOutput) SetName added in v1.14.14

SetName sets the Name field's value.

func (PutResourcePolicyOutput) String added in v1.14.14

func (s PutResourcePolicyOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type PutSecretValueInput

type PutSecretValueInput struct {

	// A unique identifier for the new version of the secret.
	//
	// If you use the Amazon Web Services CLI or one of the Amazon Web Services
	// SDKs to call this operation, then you can leave this parameter empty because
	// they generate a random UUID for you. If you don't use the SDK and instead
	// generate a raw HTTP request to the Secrets Manager service endpoint, then
	// you must generate a ClientRequestToken yourself for new versions and include
	// that value in the request.
	//
	// This value helps ensure idempotency. Secrets Manager uses this value to prevent
	// the accidental creation of duplicate versions if there are failures and retries
	// during the Lambda rotation function processing. We recommend that you generate
	// a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value
	// to ensure uniqueness within the specified secret.
	//
	//    * If the ClientRequestToken value isn't already associated with a version
	//    of the secret then a new version of the secret is created.
	//
	//    * If a version with this value already exists and that version's SecretString
	//    or SecretBinary values are the same as those in the request then the request
	//    is ignored. The operation is idempotent.
	//
	//    * If a version with this value already exists and the version of the SecretString
	//    and SecretBinary values are different from those in the request, then
	//    the request fails because you can't modify a secret version. You can only
	//    create new versions to store new secret values.
	//
	// This value becomes the VersionId of the new version.
	ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`

	// The binary data to encrypt and store in the new version of the secret. To
	// use this parameter in the command-line tools, we recommend that you store
	// your binary data in a file and then pass the contents of the file as a parameter.
	//
	// You must include SecretBinary or SecretString, but not both.
	//
	// You can't access this value from the Secrets Manager console.
	//
	// SecretBinary is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by PutSecretValueInput's
	// String and GoString methods.
	//
	// SecretBinary is automatically base64 encoded/decoded by the SDK.
	SecretBinary []byte `min:"1" type:"blob" sensitive:"true"`

	// The ARN or name of the secret to add a new version to.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// If the secret doesn't already exist, use CreateSecret instead.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// The text to encrypt and store in the new version of the secret.
	//
	// You must include SecretBinary or SecretString, but not both.
	//
	// We recommend you create the secret string as JSON key/value pairs, as shown
	// in the example.
	//
	// SecretString is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by PutSecretValueInput's
	// String and GoString methods.
	SecretString *string `min:"1" type:"string" sensitive:"true"`

	// A list of staging labels to attach to this version of the secret. Secrets
	// Manager uses staging labels to track versions of a secret through the rotation
	// process.
	//
	// If you specify a staging label that's already associated with a different
	// version of the same secret, then Secrets Manager removes the label from the
	// other version and attaches it to this version. If you specify AWSCURRENT,
	// and it is already attached to another version, then Secrets Manager also
	// moves the staging label AWSPREVIOUS to the version that AWSCURRENT was removed
	// from.
	//
	// If you don't include VersionStages, then Secrets Manager automatically moves
	// the staging label AWSCURRENT to this version.
	VersionStages []*string `min:"1" type:"list"`
	// contains filtered or unexported fields
}

func (PutSecretValueInput) GoString

func (s PutSecretValueInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*PutSecretValueInput) SetClientRequestToken

func (s *PutSecretValueInput) SetClientRequestToken(v string) *PutSecretValueInput

SetClientRequestToken sets the ClientRequestToken field's value.

func (*PutSecretValueInput) SetSecretBinary

func (s *PutSecretValueInput) SetSecretBinary(v []byte) *PutSecretValueInput

SetSecretBinary sets the SecretBinary field's value.

func (*PutSecretValueInput) SetSecretId

func (s *PutSecretValueInput) SetSecretId(v string) *PutSecretValueInput

SetSecretId sets the SecretId field's value.

func (*PutSecretValueInput) SetSecretString

func (s *PutSecretValueInput) SetSecretString(v string) *PutSecretValueInput

SetSecretString sets the SecretString field's value.

func (*PutSecretValueInput) SetVersionStages

func (s *PutSecretValueInput) SetVersionStages(v []*string) *PutSecretValueInput

SetVersionStages sets the VersionStages field's value.

func (PutSecretValueInput) String

func (s PutSecretValueInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*PutSecretValueInput) Validate

func (s *PutSecretValueInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type PutSecretValueOutput

type PutSecretValueOutput struct {

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The name of the secret.
	Name *string `min:"1" type:"string"`

	// The unique identifier of the version of the secret.
	VersionId *string `min:"32" type:"string"`

	// The list of staging labels that are currently attached to this version of
	// the secret. Secrets Manager uses staging labels to track a version as it
	// progresses through the secret rotation process.
	VersionStages []*string `min:"1" type:"list"`
	// contains filtered or unexported fields
}

func (PutSecretValueOutput) GoString

func (s PutSecretValueOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*PutSecretValueOutput) SetARN

SetARN sets the ARN field's value.

func (*PutSecretValueOutput) SetName

SetName sets the Name field's value.

func (*PutSecretValueOutput) SetVersionId

func (s *PutSecretValueOutput) SetVersionId(v string) *PutSecretValueOutput

SetVersionId sets the VersionId field's value.

func (*PutSecretValueOutput) SetVersionStages

func (s *PutSecretValueOutput) SetVersionStages(v []*string) *PutSecretValueOutput

SetVersionStages sets the VersionStages field's value.

func (PutSecretValueOutput) String

func (s PutSecretValueOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type RemoveRegionsFromReplicationInput added in v1.37.23

type RemoveRegionsFromReplicationInput struct {

	// The Regions of the replicas to remove.
	//
	// RemoveReplicaRegions is a required field
	RemoveReplicaRegions []*string `min:"1" type:"list" required:"true"`

	// The ARN or name of the secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (RemoveRegionsFromReplicationInput) GoString added in v1.37.23

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RemoveRegionsFromReplicationInput) SetRemoveReplicaRegions added in v1.37.23

SetRemoveReplicaRegions sets the RemoveReplicaRegions field's value.

func (*RemoveRegionsFromReplicationInput) SetSecretId added in v1.37.23

SetSecretId sets the SecretId field's value.

func (RemoveRegionsFromReplicationInput) String added in v1.37.23

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RemoveRegionsFromReplicationInput) Validate added in v1.37.23

Validate inspects the fields of the type to determine if they are valid.

type RemoveRegionsFromReplicationOutput added in v1.37.23

type RemoveRegionsFromReplicationOutput struct {

	// The ARN of the primary secret.
	ARN *string `min:"20" type:"string"`

	// The status of replicas for this secret after you remove Regions.
	ReplicationStatus []*ReplicationStatusType `type:"list"`
	// contains filtered or unexported fields
}

func (RemoveRegionsFromReplicationOutput) GoString added in v1.37.23

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RemoveRegionsFromReplicationOutput) SetARN added in v1.37.23

SetARN sets the ARN field's value.

func (*RemoveRegionsFromReplicationOutput) SetReplicationStatus added in v1.37.23

SetReplicationStatus sets the ReplicationStatus field's value.

func (RemoveRegionsFromReplicationOutput) String added in v1.37.23

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ReplicaRegionType added in v1.37.23

type ReplicaRegionType struct {

	// The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't
	// include this field, Secrets Manager uses aws/secretsmanager.
	KmsKeyId *string `type:"string"`

	// A Region code. For a list of Region codes, see Name and code of Regions (https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints).
	Region *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

A custom type that specifies a Region and the KmsKeyId for a replica secret.

func (ReplicaRegionType) GoString added in v1.37.23

func (s ReplicaRegionType) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ReplicaRegionType) SetKmsKeyId added in v1.37.23

func (s *ReplicaRegionType) SetKmsKeyId(v string) *ReplicaRegionType

SetKmsKeyId sets the KmsKeyId field's value.

func (*ReplicaRegionType) SetRegion added in v1.37.23

func (s *ReplicaRegionType) SetRegion(v string) *ReplicaRegionType

SetRegion sets the Region field's value.

func (ReplicaRegionType) String added in v1.37.23

func (s ReplicaRegionType) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ReplicaRegionType) Validate added in v1.37.23

func (s *ReplicaRegionType) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type ReplicateSecretToRegionsInput added in v1.37.23

type ReplicateSecretToRegionsInput struct {

	// A list of Regions in which to replicate the secret.
	//
	// AddReplicaRegions is a required field
	AddReplicaRegions []*ReplicaRegionType `min:"1" type:"list" required:"true"`

	// Specifies whether to overwrite a secret with the same name in the destination
	// Region. By default, secrets aren't overwritten.
	ForceOverwriteReplicaSecret *bool `type:"boolean"`

	// The ARN or name of the secret to replicate.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (ReplicateSecretToRegionsInput) GoString added in v1.37.23

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ReplicateSecretToRegionsInput) SetAddReplicaRegions added in v1.37.23

SetAddReplicaRegions sets the AddReplicaRegions field's value.

func (*ReplicateSecretToRegionsInput) SetForceOverwriteReplicaSecret added in v1.37.23

func (s *ReplicateSecretToRegionsInput) SetForceOverwriteReplicaSecret(v bool) *ReplicateSecretToRegionsInput

SetForceOverwriteReplicaSecret sets the ForceOverwriteReplicaSecret field's value.

func (*ReplicateSecretToRegionsInput) SetSecretId added in v1.37.23

SetSecretId sets the SecretId field's value.

func (ReplicateSecretToRegionsInput) String added in v1.37.23

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ReplicateSecretToRegionsInput) Validate added in v1.37.23

func (s *ReplicateSecretToRegionsInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type ReplicateSecretToRegionsOutput added in v1.37.23

type ReplicateSecretToRegionsOutput struct {

	// The ARN of the primary secret.
	ARN *string `min:"20" type:"string"`

	// The status of replication.
	ReplicationStatus []*ReplicationStatusType `type:"list"`
	// contains filtered or unexported fields
}

func (ReplicateSecretToRegionsOutput) GoString added in v1.37.23

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ReplicateSecretToRegionsOutput) SetARN added in v1.37.23

SetARN sets the ARN field's value.

func (*ReplicateSecretToRegionsOutput) SetReplicationStatus added in v1.37.23

SetReplicationStatus sets the ReplicationStatus field's value.

func (ReplicateSecretToRegionsOutput) String added in v1.37.23

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ReplicationStatusType added in v1.37.23

type ReplicationStatusType struct {

	// Can be an ARN, Key ID, or Alias.
	KmsKeyId *string `type:"string"`

	// The date that the secret was last accessed in the Region. This field is omitted
	// if the secret has never been retrieved in the Region.
	LastAccessedDate *time.Time `type:"timestamp"`

	// The Region where replication occurs.
	Region *string `min:"1" type:"string"`

	// The status can be InProgress, Failed, or InSync.
	Status *string `type:"string" enum:"StatusType"`

	// Status message such as "Secret with this name already exists in this region".
	StatusMessage *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

A replication object consisting of a RegionReplicationStatus object and includes a Region, KMSKeyId, status, and status message.

func (ReplicationStatusType) GoString added in v1.37.23

func (s ReplicationStatusType) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ReplicationStatusType) SetKmsKeyId added in v1.37.23

SetKmsKeyId sets the KmsKeyId field's value.

func (*ReplicationStatusType) SetLastAccessedDate added in v1.37.23

func (s *ReplicationStatusType) SetLastAccessedDate(v time.Time) *ReplicationStatusType

SetLastAccessedDate sets the LastAccessedDate field's value.

func (*ReplicationStatusType) SetRegion added in v1.37.23

SetRegion sets the Region field's value.

func (*ReplicationStatusType) SetStatus added in v1.37.23

SetStatus sets the Status field's value.

func (*ReplicationStatusType) SetStatusMessage added in v1.37.23

func (s *ReplicationStatusType) SetStatusMessage(v string) *ReplicationStatusType

SetStatusMessage sets the StatusMessage field's value.

func (ReplicationStatusType) String added in v1.37.23

func (s ReplicationStatusType) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ResourceExistsException added in v1.28.0

type ResourceExistsException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

A resource with the ID you requested already exists.

func (*ResourceExistsException) Code added in v1.28.0

func (s *ResourceExistsException) Code() string

Code returns the exception type name.

func (*ResourceExistsException) Error added in v1.28.0

func (s *ResourceExistsException) Error() string

func (ResourceExistsException) GoString added in v1.28.0

func (s ResourceExistsException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ResourceExistsException) Message added in v1.28.0

func (s *ResourceExistsException) Message() string

Message returns the exception's message.

func (*ResourceExistsException) OrigErr added in v1.28.0

func (s *ResourceExistsException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*ResourceExistsException) RequestID added in v1.28.0

func (s *ResourceExistsException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*ResourceExistsException) StatusCode added in v1.28.0

func (s *ResourceExistsException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (ResourceExistsException) String added in v1.28.0

func (s ResourceExistsException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ResourceNotFoundException added in v1.28.0

type ResourceNotFoundException struct {
	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`

	Message_ *string `locationName:"Message" type:"string"`
	// contains filtered or unexported fields
}

Secrets Manager can't find the resource that you asked for.

func (*ResourceNotFoundException) Code added in v1.28.0

Code returns the exception type name.

func (*ResourceNotFoundException) Error added in v1.28.0

func (s *ResourceNotFoundException) Error() string

func (ResourceNotFoundException) GoString added in v1.28.0

func (s ResourceNotFoundException) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ResourceNotFoundException) Message added in v1.28.0

func (s *ResourceNotFoundException) Message() string

Message returns the exception's message.

func (*ResourceNotFoundException) OrigErr added in v1.28.0

func (s *ResourceNotFoundException) OrigErr() error

OrigErr always returns nil, satisfies awserr.Error interface.

func (*ResourceNotFoundException) RequestID added in v1.28.0

func (s *ResourceNotFoundException) RequestID() string

RequestID returns the service's response RequestID for request.

func (*ResourceNotFoundException) StatusCode added in v1.28.0

func (s *ResourceNotFoundException) StatusCode() int

Status code returns the HTTP status code for the request's response error.

func (ResourceNotFoundException) String added in v1.28.0

func (s ResourceNotFoundException) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type RestoreSecretInput

type RestoreSecretInput struct {

	// The ARN or name of the secret to restore.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (RestoreSecretInput) GoString

func (s RestoreSecretInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RestoreSecretInput) SetSecretId

func (s *RestoreSecretInput) SetSecretId(v string) *RestoreSecretInput

SetSecretId sets the SecretId field's value.

func (RestoreSecretInput) String

func (s RestoreSecretInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RestoreSecretInput) Validate

func (s *RestoreSecretInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type RestoreSecretOutput

type RestoreSecretOutput struct {

	// The ARN of the secret that was restored.
	ARN *string `min:"20" type:"string"`

	// The name of the secret that was restored.
	Name *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

func (RestoreSecretOutput) GoString

func (s RestoreSecretOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RestoreSecretOutput) SetARN

SetARN sets the ARN field's value.

func (*RestoreSecretOutput) SetName

SetName sets the Name field's value.

func (RestoreSecretOutput) String

func (s RestoreSecretOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type RotateSecretInput

type RotateSecretInput struct {

	// A unique identifier for the new version of the secret that helps ensure idempotency.
	// Secrets Manager uses this value to prevent the accidental creation of duplicate
	// versions if there are failures and retries during rotation. This value becomes
	// the VersionId of the new version.
	//
	// If you use the Amazon Web Services CLI or one of the Amazon Web Services
	// SDK to call this operation, then you can leave this parameter empty. The
	// CLI or SDK generates a random UUID for you and includes that in the request
	// for this parameter. If you don't use the SDK and instead generate a raw HTTP
	// request to the Secrets Manager service endpoint, then you must generate a
	// ClientRequestToken yourself for new versions and include that value in the
	// request.
	//
	// You only need to specify this value if you implement your own retry logic
	// and you want to ensure that Secrets Manager doesn't attempt to create a secret
	// version twice. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value to ensure uniqueness within the specified secret.
	ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`

	// Specifies whether to rotate the secret immediately or wait until the next
	// scheduled rotation window. The rotation schedule is defined in RotateSecretRequest$RotationRules.
	//
	// For secrets that use a Lambda rotation function to rotate, if you don't immediately
	// rotate the secret, Secrets Manager tests the rotation configuration by running
	// the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html)
	// of the Lambda rotation function. The test creates an AWSPENDING version of
	// the secret and then removes it.
	//
	// By default, Secrets Manager rotates the secret immediately.
	RotateImmediately *bool `type:"boolean"`

	// For secrets that use a Lambda rotation function to rotate, the ARN of the
	// Lambda rotation function.
	//
	// For secrets that use managed rotation, omit this field. For more information,
	// see Managed rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html)
	// in the Secrets Manager User Guide.
	RotationLambdaARN *string `type:"string"`

	// A structure that defines the rotation configuration for this secret.
	RotationRules *RotationRulesType `type:"structure"`

	// The ARN or name of the secret to rotate.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (RotateSecretInput) GoString

func (s RotateSecretInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RotateSecretInput) SetClientRequestToken

func (s *RotateSecretInput) SetClientRequestToken(v string) *RotateSecretInput

SetClientRequestToken sets the ClientRequestToken field's value.

func (*RotateSecretInput) SetRotateImmediately added in v1.42.44

func (s *RotateSecretInput) SetRotateImmediately(v bool) *RotateSecretInput

SetRotateImmediately sets the RotateImmediately field's value.

func (*RotateSecretInput) SetRotationLambdaARN

func (s *RotateSecretInput) SetRotationLambdaARN(v string) *RotateSecretInput

SetRotationLambdaARN sets the RotationLambdaARN field's value.

func (*RotateSecretInput) SetRotationRules

func (s *RotateSecretInput) SetRotationRules(v *RotationRulesType) *RotateSecretInput

SetRotationRules sets the RotationRules field's value.

func (*RotateSecretInput) SetSecretId

func (s *RotateSecretInput) SetSecretId(v string) *RotateSecretInput

SetSecretId sets the SecretId field's value.

func (RotateSecretInput) String

func (s RotateSecretInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RotateSecretInput) Validate

func (s *RotateSecretInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type RotateSecretOutput

type RotateSecretOutput struct {

	// The ARN of the secret.
	ARN *string `min:"20" type:"string"`

	// The name of the secret.
	Name *string `min:"1" type:"string"`

	// The ID of the new version of the secret.
	VersionId *string `min:"32" type:"string"`
	// contains filtered or unexported fields
}

func (RotateSecretOutput) GoString

func (s RotateSecretOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RotateSecretOutput) SetARN

SetARN sets the ARN field's value.

func (*RotateSecretOutput) SetName

SetName sets the Name field's value.

func (*RotateSecretOutput) SetVersionId

func (s *RotateSecretOutput) SetVersionId(v string) *RotateSecretOutput

SetVersionId sets the VersionId field's value.

func (RotateSecretOutput) String

func (s RotateSecretOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type RotationRulesType

type RotationRulesType struct {

	// The number of days between rotations of the secret. You can use this value
	// to check that your secret meets your compliance guidelines for how often
	// secrets must be rotated. If you use this field to set the rotation schedule,
	// Secrets Manager calculates the next rotation date based on the previous rotation.
	// Manually updating the secret value by calling PutSecretValue or UpdateSecret
	// is considered a valid rotation.
	//
	// In DescribeSecret and ListSecrets, this value is calculated from the rotation
	// schedule after every successful rotation. In RotateSecret, you can set the
	// rotation schedule in RotationRules with AutomaticallyAfterDays or ScheduleExpression,
	// but not both. To set a rotation schedule in hours, use ScheduleExpression.
	AutomaticallyAfterDays *int64 `min:"1" type:"long"`

	// The length of the rotation window in hours, for example 3h for a three hour
	// window. Secrets Manager rotates your secret at any time during this window.
	// The window must not extend into the next rotation window or the next UTC
	// day. The window starts according to the ScheduleExpression. If you don't
	// specify a Duration, for a ScheduleExpression in hours, the window automatically
	// closes after one hour. For a ScheduleExpression in days, the window automatically
	// closes at the end of the UTC day. For more information, including examples,
	// see Schedule expressions in Secrets Manager rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html)
	// in the Secrets Manager Users Guide.
	Duration *string `min:"2" type:"string"`

	// A cron() or rate() expression that defines the schedule for rotating your
	// secret. Secrets Manager rotation schedules use UTC time zone. Secrets Manager
	// rotates your secret any time during a rotation window.
	//
	// Secrets Manager rate() expressions represent the interval in hours or days
	// that you want to rotate your secret, for example rate(12 hours) or rate(10
	// days). You can rotate a secret as often as every four hours. If you use a
	// rate() expression, the rotation window starts at midnight. For a rate in
	// hours, the default rotation window closes after one hour. For a rate in days,
	// the default rotation window closes at the end of the day. You can set the
	// Duration to change the rotation window. The rotation window must not extend
	// into the next UTC day or into the next rotation window.
	//
	// You can use a cron() expression to create a rotation schedule that is more
	// detailed than a rotation interval. For more information, including examples,
	// see Schedule expressions in Secrets Manager rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html)
	// in the Secrets Manager Users Guide. For a cron expression that represents
	// a schedule in hours, the default rotation window closes after one hour. For
	// a cron expression that represents a schedule in days, the default rotation
	// window closes at the end of the day. You can set the Duration to change the
	// rotation window. The rotation window must not extend into the next UTC day
	// or into the next rotation window.
	ScheduleExpression *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

A structure that defines the rotation configuration for the secret.

func (RotationRulesType) GoString

func (s RotationRulesType) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RotationRulesType) SetAutomaticallyAfterDays

func (s *RotationRulesType) SetAutomaticallyAfterDays(v int64) *RotationRulesType

SetAutomaticallyAfterDays sets the AutomaticallyAfterDays field's value.

func (*RotationRulesType) SetDuration added in v1.42.44

func (s *RotationRulesType) SetDuration(v string) *RotationRulesType

SetDuration sets the Duration field's value.

func (*RotationRulesType) SetScheduleExpression added in v1.42.44

func (s *RotationRulesType) SetScheduleExpression(v string) *RotationRulesType

SetScheduleExpression sets the ScheduleExpression field's value.

func (RotationRulesType) String

func (s RotationRulesType) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*RotationRulesType) Validate

func (s *RotationRulesType) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type SecretListEntry

type SecretListEntry struct {

	// The Amazon Resource Name (ARN) of the secret.
	ARN *string `min:"20" type:"string"`

	// The date and time when a secret was created.
	CreatedDate *time.Time `type:"timestamp"`

	// The date and time the deletion of the secret occurred. Not present on active
	// secrets. The secret can be recovered until the number of days in the recovery
	// window has passed, as specified in the RecoveryWindowInDays parameter of
	// the DeleteSecret (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html)
	// operation.
	DeletedDate *time.Time `type:"timestamp"`

	// The user-provided description of the secret.
	Description *string `type:"string"`

	// The ARN of the KMS key that Secrets Manager uses to encrypt the secret value.
	// If the secret is encrypted with the Amazon Web Services managed key aws/secretsmanager,
	// this field is omitted.
	KmsKeyId *string `type:"string"`

	// The date that the secret was last accessed in the Region. This field is omitted
	// if the secret has never been retrieved in the Region.
	LastAccessedDate *time.Time `type:"timestamp"`

	// The last date and time that this secret was modified in any way.
	LastChangedDate *time.Time `type:"timestamp"`

	// The most recent date and time that the Secrets Manager rotation process was
	// successfully completed. This value is null if the secret hasn't ever rotated.
	LastRotatedDate *time.Time `type:"timestamp"`

	// The friendly name of the secret. You can use forward slashes in the name
	// to represent a path hierarchy. For example, /prod/databases/dbserver1 could
	// represent the secret for a server named dbserver1 in the folder databases
	// in the folder prod.
	Name *string `min:"1" type:"string"`

	// The next rotation is scheduled to occur on or before this date. If the secret
	// isn't configured for rotation, Secrets Manager returns null.
	NextRotationDate *time.Time `type:"timestamp"`

	// Returns the name of the service that created the secret.
	OwningService *string `min:"1" type:"string"`

	// The Region where Secrets Manager originated the secret.
	PrimaryRegion *string `min:"1" type:"string"`

	// Indicates whether automatic, scheduled rotation is enabled for this secret.
	RotationEnabled *bool `type:"boolean"`

	// The ARN of an Amazon Web Services Lambda function invoked by Secrets Manager
	// to rotate and expire the secret either automatically per the schedule or
	// manually by a call to RotateSecret (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html).
	RotationLambdaARN *string `type:"string"`

	// A structure that defines the rotation configuration for the secret.
	RotationRules *RotationRulesType `type:"structure"`

	// A list of all of the currently assigned SecretVersionStage staging labels
	// and the SecretVersionId attached to each one. Staging labels are used to
	// keep track of the different versions during the rotation process.
	//
	// A version that does not have any SecretVersionStage is considered deprecated
	// and subject to deletion. Such versions are not included in this list.
	SecretVersionsToStages map[string][]*string `type:"map"`

	// The list of user-defined tags associated with the secret. To add tags to
	// a secret, use TagResource (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html).
	// To remove tags, use UntagResource (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html).
	Tags []*Tag `type:"list"`
	// contains filtered or unexported fields
}

A structure that contains the details about a secret. It does not include the encrypted SecretString and SecretBinary values. To get those values, use GetSecretValue (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html) .

func (SecretListEntry) GoString

func (s SecretListEntry) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*SecretListEntry) SetARN

func (s *SecretListEntry) SetARN(v string) *SecretListEntry

SetARN sets the ARN field's value.

func (*SecretListEntry) SetCreatedDate added in v1.33.5

func (s *SecretListEntry) SetCreatedDate(v time.Time) *SecretListEntry

SetCreatedDate sets the CreatedDate field's value.

func (*SecretListEntry) SetDeletedDate

func (s *SecretListEntry) SetDeletedDate(v time.Time) *SecretListEntry

SetDeletedDate sets the DeletedDate field's value.

func (*SecretListEntry) SetDescription

func (s *SecretListEntry) SetDescription(v string) *SecretListEntry

SetDescription sets the Description field's value.

func (*SecretListEntry) SetKmsKeyId

func (s *SecretListEntry) SetKmsKeyId(v string) *SecretListEntry

SetKmsKeyId sets the KmsKeyId field's value.

func (*SecretListEntry) SetLastAccessedDate

func (s *SecretListEntry) SetLastAccessedDate(v time.Time) *SecretListEntry

SetLastAccessedDate sets the LastAccessedDate field's value.

func (*SecretListEntry) SetLastChangedDate

func (s *SecretListEntry) SetLastChangedDate(v time.Time) *SecretListEntry

SetLastChangedDate sets the LastChangedDate field's value.

func (*SecretListEntry) SetLastRotatedDate

func (s *SecretListEntry) SetLastRotatedDate(v time.Time) *SecretListEntry

SetLastRotatedDate sets the LastRotatedDate field's value.

func (*SecretListEntry) SetName

func (s *SecretListEntry) SetName(v string) *SecretListEntry

SetName sets the Name field's value.

func (*SecretListEntry) SetNextRotationDate added in v1.44.170

func (s *SecretListEntry) SetNextRotationDate(v time.Time) *SecretListEntry

SetNextRotationDate sets the NextRotationDate field's value.

func (*SecretListEntry) SetOwningService added in v1.21.3

func (s *SecretListEntry) SetOwningService(v string) *SecretListEntry

SetOwningService sets the OwningService field's value.

func (*SecretListEntry) SetPrimaryRegion added in v1.37.23

func (s *SecretListEntry) SetPrimaryRegion(v string) *SecretListEntry

SetPrimaryRegion sets the PrimaryRegion field's value.

func (*SecretListEntry) SetRotationEnabled

func (s *SecretListEntry) SetRotationEnabled(v bool) *SecretListEntry

SetRotationEnabled sets the RotationEnabled field's value.

func (*SecretListEntry) SetRotationLambdaARN

func (s *SecretListEntry) SetRotationLambdaARN(v string) *SecretListEntry

SetRotationLambdaARN sets the RotationLambdaARN field's value.

func (*SecretListEntry) SetRotationRules

func (s *SecretListEntry) SetRotationRules(v *RotationRulesType) *SecretListEntry

SetRotationRules sets the RotationRules field's value.

func (*SecretListEntry) SetSecretVersionsToStages

func (s *SecretListEntry) SetSecretVersionsToStages(v map[string][]*string) *SecretListEntry

SetSecretVersionsToStages sets the SecretVersionsToStages field's value.

func (*SecretListEntry) SetTags

func (s *SecretListEntry) SetTags(v []*Tag) *SecretListEntry

SetTags sets the Tags field's value.

func (SecretListEntry) String

func (s SecretListEntry) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type SecretVersionsListEntry

type SecretVersionsListEntry struct {

	// The date and time this version of the secret was created.
	CreatedDate *time.Time `type:"timestamp"`

	// The KMS keys used to encrypt the secret version.
	KmsKeyIds []*string `type:"list"`

	// The date that this version of the secret was last accessed. Note that the
	// resolution of this field is at the date level and does not include the time.
	LastAccessedDate *time.Time `type:"timestamp"`

	// The unique version identifier of this version of the secret.
	VersionId *string `min:"32" type:"string"`

	// An array of staging labels that are currently associated with this version
	// of the secret.
	VersionStages []*string `min:"1" type:"list"`
	// contains filtered or unexported fields
}

A structure that contains information about one version of a secret.

func (SecretVersionsListEntry) GoString

func (s SecretVersionsListEntry) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*SecretVersionsListEntry) SetCreatedDate

SetCreatedDate sets the CreatedDate field's value.

func (*SecretVersionsListEntry) SetKmsKeyIds added in v1.40.12

SetKmsKeyIds sets the KmsKeyIds field's value.

func (*SecretVersionsListEntry) SetLastAccessedDate

func (s *SecretVersionsListEntry) SetLastAccessedDate(v time.Time) *SecretVersionsListEntry

SetLastAccessedDate sets the LastAccessedDate field's value.

func (*SecretVersionsListEntry) SetVersionId

SetVersionId sets the VersionId field's value.

func (*SecretVersionsListEntry) SetVersionStages

func (s *SecretVersionsListEntry) SetVersionStages(v []*string) *SecretVersionsListEntry

SetVersionStages sets the VersionStages field's value.

func (SecretVersionsListEntry) String

func (s SecretVersionsListEntry) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type SecretsManager

type SecretsManager struct {
	*client.Client
}

SecretsManager provides the API operation methods for making requests to AWS Secrets Manager. See this package's package overview docs for details on the service.

SecretsManager methods are safe to use concurrently. It is not safe to modify mutate any of the struct's properties though.

func New

func New(p client.ConfigProvider, cfgs ...*aws.Config) *SecretsManager

New creates a new instance of the SecretsManager client with a session. If additional configuration is needed for the client instance use the optional aws.Config parameter to add your extra config.

Example:

mySession := session.Must(session.NewSession())

// Create a SecretsManager client from just a session.
svc := secretsmanager.New(mySession)

// Create a SecretsManager client with additional configuration
svc := secretsmanager.New(mySession, aws.NewConfig().WithRegion("us-west-2"))

func (*SecretsManager) CancelRotateSecret

func (c *SecretsManager) CancelRotateSecret(input *CancelRotateSecretInput) (*CancelRotateSecretOutput, error)

CancelRotateSecret API operation for AWS Secrets Manager.

Turns off automatic rotation, and if a rotation is currently in progress, cancels the rotation.

If you cancel a rotation in progress, it can leave the VersionStage labels in an unexpected state. You might need to remove the staging label AWSPENDING from the partially created version. You also need to determine whether to roll back to the previous version of the secret by moving the staging label AWSCURRENT to the version that has AWSPENDING. To determine which version has a specific staging label, call ListSecretVersionIds. Then use UpdateSecretVersionStage to change staging labels. For more information, see How rotation works (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html).

To turn on automatic rotation again, call RotateSecret.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:CancelRotateSecret. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation CancelRotateSecret for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidParameterException The parameter name or value is invalid.

  • InternalServiceError An error occurred on the server side.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret

Example (Shared00)

To cancel scheduled rotation for a secret The following example shows how to cancel rotation for a secret. The operation sets the RotationEnabled field to false and cancels all scheduled rotations. To resume scheduled rotations, you must re-enable rotation by calling the rotate-secret operation.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.CancelRotateSecretInput{
		SecretId: aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.CancelRotateSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) CancelRotateSecretRequest

func (c *SecretsManager) CancelRotateSecretRequest(input *CancelRotateSecretInput) (req *request.Request, output *CancelRotateSecretOutput)

CancelRotateSecretRequest generates a "aws/request.Request" representing the client's request for the CancelRotateSecret operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See CancelRotateSecret for more information on using the CancelRotateSecret API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the CancelRotateSecretRequest method.
req, resp := client.CancelRotateSecretRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CancelRotateSecret

func (*SecretsManager) CancelRotateSecretWithContext

func (c *SecretsManager) CancelRotateSecretWithContext(ctx aws.Context, input *CancelRotateSecretInput, opts ...request.Option) (*CancelRotateSecretOutput, error)

CancelRotateSecretWithContext is the same as CancelRotateSecret with the addition of the ability to pass a context and additional request options.

See CancelRotateSecret for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) CreateSecret

func (c *SecretsManager) CreateSecret(input *CreateSecretInput) (*CreateSecretOutput, error)

CreateSecret API operation for AWS Secrets Manager.

Creates a new secret. A secret can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager. The secret also includes the connection information to access a database or other service, which Secrets Manager doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the important information needed to manage the secret.

For secrets that use managed rotation, you need to create the secret through the managing service. For more information, see Secrets Manager secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

For information about creating a secret in the console, see Create a secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html).

To create a secret, you can provide the secret value to be encrypted in either the SecretString parameter or the SecretBinary parameter, but not both. If you include SecretString or SecretBinary then Secrets Manager creates an initial secret version and automatically attaches the staging label AWSCURRENT to it.

For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must make sure the JSON you store in the SecretString matches the JSON structure of a database secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html).

If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key aws/secretsmanager. If this key doesn't already exist in your account, then Secrets Manager creates it for you automatically. All users and roles in the Amazon Web Services account automatically have access to use aws/secretsmanager. Creating aws/secretsmanager can result in a one-time significant delay in returning the result.

If the secret is in a different Amazon Web Services account from the credentials calling the API, then you can't use aws/secretsmanager to encrypt the secret, and you must create and use a customer managed KMS key.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except SecretBinary or SecretString because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:CreateSecret. If you include tags in the secret, you also need secretsmanager:TagResource. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

To encrypt the secret with a KMS key other than aws/secretsmanager, you need kms:GenerateDataKey and kms:Decrypt permission to the key.

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation CreateSecret for usage and error information.

Returned Error Types:

  • InvalidParameterException The parameter name or value is invalid.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • LimitExceededException The request failed because it would exceed one of the Secrets Manager quotas.

  • EncryptionFailure Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the KMS key is available, enabled, and not in an invalid state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).

  • ResourceExistsException A resource with the ID you requested already exists.

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • MalformedPolicyDocumentException The resource policy has syntax errors.

  • InternalServiceError An error occurred on the server side.

  • PreconditionNotMetException The request failed because you did not complete all the prerequisite steps.

  • DecryptionFailure Secrets Manager can't decrypt the protected secret text using the provided KMS key.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret

Example (Shared00)

To create a basic secret The following example shows how to create a secret. The credentials stored in the encrypted secret value are retrieved from a file on disk named mycreds.json.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.CreateSecretInput{
		ClientRequestToken: aws.String("EXAMPLE1-90ab-cdef-fedc-ba987SECRET1"),
		Description:        aws.String("My test database secret created with the CLI"),
		Name:               aws.String("MyTestDatabaseSecret"),
		SecretString:       aws.String("{\"username\":\"david\",\"password\":\"EXAMPLE-PASSWORD\"}"),
	}

	result, err := svc.CreateSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeLimitExceededException:
				fmt.Println(secretsmanager.ErrCodeLimitExceededException, aerr.Error())
			case secretsmanager.ErrCodeEncryptionFailure:
				fmt.Println(secretsmanager.ErrCodeEncryptionFailure, aerr.Error())
			case secretsmanager.ErrCodeResourceExistsException:
				fmt.Println(secretsmanager.ErrCodeResourceExistsException, aerr.Error())
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeMalformedPolicyDocumentException:
				fmt.Println(secretsmanager.ErrCodeMalformedPolicyDocumentException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodePreconditionNotMetException:
				fmt.Println(secretsmanager.ErrCodePreconditionNotMetException, aerr.Error())
			case secretsmanager.ErrCodeDecryptionFailure:
				fmt.Println(secretsmanager.ErrCodeDecryptionFailure, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) CreateSecretRequest

func (c *SecretsManager) CreateSecretRequest(input *CreateSecretInput) (req *request.Request, output *CreateSecretOutput)

CreateSecretRequest generates a "aws/request.Request" representing the client's request for the CreateSecret operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See CreateSecret for more information on using the CreateSecret API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the CreateSecretRequest method.
req, resp := client.CreateSecretRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret

func (*SecretsManager) CreateSecretWithContext

func (c *SecretsManager) CreateSecretWithContext(ctx aws.Context, input *CreateSecretInput, opts ...request.Option) (*CreateSecretOutput, error)

CreateSecretWithContext is the same as CreateSecret with the addition of the ability to pass a context and additional request options.

See CreateSecret for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) DeleteResourcePolicy added in v1.14.14

func (c *SecretsManager) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error)

DeleteResourcePolicy API operation for AWS Secrets Manager.

Deletes the resource-based permission policy attached to the secret. To attach a policy to a secret, use PutResourcePolicy.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:DeleteResourcePolicy. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation DeleteResourcePolicy for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InternalServiceError An error occurred on the server side.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InvalidParameterException The parameter name or value is invalid.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy

Example (Shared00)

To delete the resource-based policy attached to a secret The following example shows how to delete the resource-based policy that is attached to a secret.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.DeleteResourcePolicyInput{
		SecretId: aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.DeleteResourcePolicy(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) DeleteResourcePolicyRequest added in v1.14.14

func (c *SecretsManager) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput)

DeleteResourcePolicyRequest generates a "aws/request.Request" representing the client's request for the DeleteResourcePolicy operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See DeleteResourcePolicy for more information on using the DeleteResourcePolicy API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the DeleteResourcePolicyRequest method.
req, resp := client.DeleteResourcePolicyRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteResourcePolicy

func (*SecretsManager) DeleteResourcePolicyWithContext added in v1.14.14

func (c *SecretsManager) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error)

DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of the ability to pass a context and additional request options.

See DeleteResourcePolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) DeleteSecret

func (c *SecretsManager) DeleteSecret(input *DeleteSecretInput) (*DeleteSecretOutput, error)

DeleteSecret API operation for AWS Secrets Manager.

Deletes a secret and all of its versions. You can specify a recovery window during which you can restore the secret. The minimum recovery window is 7 days. The default recovery window is 30 days. Secrets Manager attaches a DeletionDate stamp to the secret that specifies the end of the recovery window. At the end of the recovery window, Secrets Manager deletes the secret permanently.

You can't delete a primary secret that is replicated to other Regions. You must first delete the replicas using RemoveRegionsFromReplication, and then delete the primary secret. When you delete a replica, it is deleted immediately.

You can't directly delete a version of a secret. Instead, you remove all staging labels from the version using UpdateSecretVersionStage. This marks the version as deprecated, and then Secrets Manager can automatically delete the version in the background.

To determine whether an application still uses a secret, you can create an Amazon CloudWatch alarm to alert you to any attempts to access a secret during the recovery window. For more information, see Monitor secrets scheduled for deletion (https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html).

Secrets Manager performs the permanent secret deletion at the end of the waiting period as a background task with low priority. There is no guarantee of a specific time after the recovery window for the permanent delete to occur.

At any time before recovery window ends, you can use RestoreSecret to remove the DeletionDate and cancel the deletion of the secret.

When a secret is scheduled for deletion, you cannot retrieve the secret value. You must first cancel the deletion with RestoreSecret and then you can retrieve the secret.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:DeleteSecret. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation DeleteSecret for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidParameterException The parameter name or value is invalid.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret

Example (Shared00)

To delete a secret The following example shows how to delete a secret. The secret stays in your account in a deprecated and inaccessible state until the recovery window ends. After the date and time in the DeletionDate response field has passed, you can no longer recover this secret with restore-secret.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.DeleteSecretInput{
		RecoveryWindowInDays: aws.Int64(7),
		SecretId:             aws.String("MyTestDatabaseSecret1"),
	}

	result, err := svc.DeleteSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) DeleteSecretRequest

func (c *SecretsManager) DeleteSecretRequest(input *DeleteSecretInput) (req *request.Request, output *DeleteSecretOutput)

DeleteSecretRequest generates a "aws/request.Request" representing the client's request for the DeleteSecret operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See DeleteSecret for more information on using the DeleteSecret API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the DeleteSecretRequest method.
req, resp := client.DeleteSecretRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecret

func (*SecretsManager) DeleteSecretWithContext

func (c *SecretsManager) DeleteSecretWithContext(ctx aws.Context, input *DeleteSecretInput, opts ...request.Option) (*DeleteSecretOutput, error)

DeleteSecretWithContext is the same as DeleteSecret with the addition of the ability to pass a context and additional request options.

See DeleteSecret for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) DescribeSecret

func (c *SecretsManager) DescribeSecret(input *DescribeSecretInput) (*DescribeSecretOutput, error)

DescribeSecret API operation for AWS Secrets Manager.

Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager only returns fields that have a value in the response.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:DescribeSecret. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation DescribeSecret for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InternalServiceError An error occurred on the server side.

  • InvalidParameterException The parameter name or value is invalid.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret

Example (Shared00)

To retrieve the details of a secret The following example shows how to get the details about a secret.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.DescribeSecretInput{
		SecretId: aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.DescribeSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) DescribeSecretRequest

func (c *SecretsManager) DescribeSecretRequest(input *DescribeSecretInput) (req *request.Request, output *DescribeSecretOutput)

DescribeSecretRequest generates a "aws/request.Request" representing the client's request for the DescribeSecret operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See DescribeSecret for more information on using the DescribeSecret API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the DescribeSecretRequest method.
req, resp := client.DescribeSecretRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret

func (*SecretsManager) DescribeSecretWithContext

func (c *SecretsManager) DescribeSecretWithContext(ctx aws.Context, input *DescribeSecretInput, opts ...request.Option) (*DescribeSecretOutput, error)

DescribeSecretWithContext is the same as DescribeSecret with the addition of the ability to pass a context and additional request options.

See DescribeSecret for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) GetRandomPassword

func (c *SecretsManager) GetRandomPassword(input *GetRandomPasswordInput) (*GetRandomPasswordOutput, error)

GetRandomPassword API operation for AWS Secrets Manager.

Generates a random password. We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:GetRandomPassword. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation GetRandomPassword for usage and error information.

Returned Error Types:

  • InvalidParameterException The parameter name or value is invalid.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword

Example (Shared00)

To generate a random password The following example shows how to request a randomly generated password. This example includes the optional flags to require spaces and at least one character of each included type. It specifies a length of 20 characters.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.GetRandomPasswordInput{
		IncludeSpace:            aws.Bool(true),
		PasswordLength:          aws.Int64(20),
		RequireEachIncludedType: aws.Bool(true),
	}

	result, err := svc.GetRandomPassword(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) GetRandomPasswordRequest

func (c *SecretsManager) GetRandomPasswordRequest(input *GetRandomPasswordInput) (req *request.Request, output *GetRandomPasswordOutput)

GetRandomPasswordRequest generates a "aws/request.Request" representing the client's request for the GetRandomPassword operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See GetRandomPassword for more information on using the GetRandomPassword API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the GetRandomPasswordRequest method.
req, resp := client.GetRandomPasswordRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetRandomPassword

func (*SecretsManager) GetRandomPasswordWithContext

func (c *SecretsManager) GetRandomPasswordWithContext(ctx aws.Context, input *GetRandomPasswordInput, opts ...request.Option) (*GetRandomPasswordOutput, error)

GetRandomPasswordWithContext is the same as GetRandomPassword with the addition of the ability to pass a context and additional request options.

See GetRandomPassword for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) GetResourcePolicy added in v1.14.14

func (c *SecretsManager) GetResourcePolicy(input *GetResourcePolicyInput) (*GetResourcePolicyOutput, error)

GetResourcePolicy API operation for AWS Secrets Manager.

Retrieves the JSON text of the resource-based policy document attached to the secret. For more information about permissions policies attached to a secret, see Permissions policies attached to a secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html).

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:GetResourcePolicy. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation GetResourcePolicy for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InternalServiceError An error occurred on the server side.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InvalidParameterException The parameter name or value is invalid.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy

Example (Shared00)

To retrieve the resource-based policy attached to a secret The following example shows how to retrieve the resource-based policy that is attached to a secret.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.GetResourcePolicyInput{
		SecretId: aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.GetResourcePolicy(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) GetResourcePolicyRequest added in v1.14.14

func (c *SecretsManager) GetResourcePolicyRequest(input *GetResourcePolicyInput) (req *request.Request, output *GetResourcePolicyOutput)

GetResourcePolicyRequest generates a "aws/request.Request" representing the client's request for the GetResourcePolicy operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See GetResourcePolicy for more information on using the GetResourcePolicy API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the GetResourcePolicyRequest method.
req, resp := client.GetResourcePolicyRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy

func (*SecretsManager) GetResourcePolicyWithContext added in v1.14.14

func (c *SecretsManager) GetResourcePolicyWithContext(ctx aws.Context, input *GetResourcePolicyInput, opts ...request.Option) (*GetResourcePolicyOutput, error)

GetResourcePolicyWithContext is the same as GetResourcePolicy with the addition of the ability to pass a context and additional request options.

See GetResourcePolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) GetSecretValue

func (c *SecretsManager) GetSecretValue(input *GetSecretValueInput) (*GetSecretValueOutput, error)

GetSecretValue API operation for AWS Secrets Manager.

Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content.

We recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and reduces your costs. For more information, see Cache secrets for your applications (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html).

To retrieve the previous version of a secret, use VersionStage and specify AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage (https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/update-secret-version-stage.html).

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:GetSecretValue. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key aws/secretsmanager, then you also need kms:Decrypt permissions for that key. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation GetSecretValue for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidParameterException The parameter name or value is invalid.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • DecryptionFailure Secrets Manager can't decrypt the protected secret text using the provided KMS key.

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue

Example (Shared00)

To retrieve the encrypted secret value of a secret The following example shows how to retrieve a secret string value.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.GetSecretValueInput{
		SecretId: aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.GetSecretValue(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeDecryptionFailure:
				fmt.Println(secretsmanager.ErrCodeDecryptionFailure, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) GetSecretValueRequest

func (c *SecretsManager) GetSecretValueRequest(input *GetSecretValueInput) (req *request.Request, output *GetSecretValueOutput)

GetSecretValueRequest generates a "aws/request.Request" representing the client's request for the GetSecretValue operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See GetSecretValue for more information on using the GetSecretValue API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the GetSecretValueRequest method.
req, resp := client.GetSecretValueRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetSecretValue

func (*SecretsManager) GetSecretValueWithContext

func (c *SecretsManager) GetSecretValueWithContext(ctx aws.Context, input *GetSecretValueInput, opts ...request.Option) (*GetSecretValueOutput, error)

GetSecretValueWithContext is the same as GetSecretValue with the addition of the ability to pass a context and additional request options.

See GetSecretValue for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) ListSecretVersionIds

func (c *SecretsManager) ListSecretVersionIds(input *ListSecretVersionIdsInput) (*ListSecretVersionIdsOutput, error)

ListSecretVersionIds API operation for AWS Secrets Manager.

Lists the versions of a secret. Secrets Manager uses staging labels to indicate the different versions of a secret. For more information, see Secrets Manager concepts: Versions (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version).

To list the secrets in the account, use ListSecrets.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:ListSecretVersionIds. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation ListSecretVersionIds for usage and error information.

Returned Error Types:

  • InvalidNextTokenException The NextToken value is invalid.

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InternalServiceError An error occurred on the server side.

  • InvalidParameterException The parameter name or value is invalid.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds

Example (Shared00)

To list all of the secret versions associated with a secret The following example shows how to retrieve a list of all of the versions of a secret, including those without any staging labels.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.ListSecretVersionIdsInput{
		IncludeDeprecated: aws.Bool(true),
		SecretId:          aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.ListSecretVersionIds(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeInvalidNextTokenException:
				fmt.Println(secretsmanager.ErrCodeInvalidNextTokenException, aerr.Error())
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) ListSecretVersionIdsPages

func (c *SecretsManager) ListSecretVersionIdsPages(input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool) error

ListSecretVersionIdsPages iterates over the pages of a ListSecretVersionIds operation, calling the "fn" function with the response data for each page. To stop iterating, return false from the fn function.

See ListSecretVersionIds method for more information on how to use this operation.

Note: This operation can generate multiple requests to a service.

// Example iterating over at most 3 pages of a ListSecretVersionIds operation.
pageNum := 0
err := client.ListSecretVersionIdsPages(params,
    func(page *secretsmanager.ListSecretVersionIdsOutput, lastPage bool) bool {
        pageNum++
        fmt.Println(page)
        return pageNum <= 3
    })

func (*SecretsManager) ListSecretVersionIdsPagesWithContext

func (c *SecretsManager) ListSecretVersionIdsPagesWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, fn func(*ListSecretVersionIdsOutput, bool) bool, opts ...request.Option) error

ListSecretVersionIdsPagesWithContext same as ListSecretVersionIdsPages except it takes a Context and allows setting request options on the pages.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) ListSecretVersionIdsRequest

func (c *SecretsManager) ListSecretVersionIdsRequest(input *ListSecretVersionIdsInput) (req *request.Request, output *ListSecretVersionIdsOutput)

ListSecretVersionIdsRequest generates a "aws/request.Request" representing the client's request for the ListSecretVersionIds operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See ListSecretVersionIds for more information on using the ListSecretVersionIds API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the ListSecretVersionIdsRequest method.
req, resp := client.ListSecretVersionIdsRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecretVersionIds

func (*SecretsManager) ListSecretVersionIdsWithContext

func (c *SecretsManager) ListSecretVersionIdsWithContext(ctx aws.Context, input *ListSecretVersionIdsInput, opts ...request.Option) (*ListSecretVersionIdsOutput, error)

ListSecretVersionIdsWithContext is the same as ListSecretVersionIds with the addition of the ability to pass a context and additional request options.

See ListSecretVersionIds for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) ListSecrets

func (c *SecretsManager) ListSecrets(input *ListSecretsInput) (*ListSecretsOutput, error)

ListSecrets API operation for AWS Secrets Manager.

Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console.

ListSecrets is eventually consistent, however it might not reflect changes from the last five minutes. To get the latest information for a specific secret, use DescribeSecret.

To list the versions of a secret, use ListSecretVersionIds.

To get the secret value from SecretString or SecretBinary, call GetSecretValue.

For information about finding secrets in the console, see Find secrets in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html).

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:ListSecrets. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation ListSecrets for usage and error information.

Returned Error Types:

  • InvalidParameterException The parameter name or value is invalid.

  • InvalidNextTokenException The NextToken value is invalid.

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets

Example (Shared00)

To list the secrets in your account The following example shows how to list all of the secrets in your account.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.ListSecretsInput{}

	result, err := svc.ListSecrets(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidNextTokenException:
				fmt.Println(secretsmanager.ErrCodeInvalidNextTokenException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) ListSecretsPages

func (c *SecretsManager) ListSecretsPages(input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool) error

ListSecretsPages iterates over the pages of a ListSecrets operation, calling the "fn" function with the response data for each page. To stop iterating, return false from the fn function.

See ListSecrets method for more information on how to use this operation.

Note: This operation can generate multiple requests to a service.

// Example iterating over at most 3 pages of a ListSecrets operation.
pageNum := 0
err := client.ListSecretsPages(params,
    func(page *secretsmanager.ListSecretsOutput, lastPage bool) bool {
        pageNum++
        fmt.Println(page)
        return pageNum <= 3
    })

func (*SecretsManager) ListSecretsPagesWithContext

func (c *SecretsManager) ListSecretsPagesWithContext(ctx aws.Context, input *ListSecretsInput, fn func(*ListSecretsOutput, bool) bool, opts ...request.Option) error

ListSecretsPagesWithContext same as ListSecretsPages except it takes a Context and allows setting request options on the pages.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) ListSecretsRequest

func (c *SecretsManager) ListSecretsRequest(input *ListSecretsInput) (req *request.Request, output *ListSecretsOutput)

ListSecretsRequest generates a "aws/request.Request" representing the client's request for the ListSecrets operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See ListSecrets for more information on using the ListSecrets API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the ListSecretsRequest method.
req, resp := client.ListSecretsRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets

func (*SecretsManager) ListSecretsWithContext

func (c *SecretsManager) ListSecretsWithContext(ctx aws.Context, input *ListSecretsInput, opts ...request.Option) (*ListSecretsOutput, error)

ListSecretsWithContext is the same as ListSecrets with the addition of the ability to pass a context and additional request options.

See ListSecrets for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) PutResourcePolicy added in v1.14.14

func (c *SecretsManager) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error)

PutResourcePolicy API operation for AWS Secrets Manager.

Attaches a resource-based permission policy to a secret. A resource-based policy is optional. For more information, see Authentication and access control for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html)

For information about attaching a policy in the console, see Attach a permissions policy to a secret (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html).

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:PutResourcePolicy. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation PutResourcePolicy for usage and error information.

Returned Error Types:

  • MalformedPolicyDocumentException The resource policy has syntax errors.

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidParameterException The parameter name or value is invalid.

  • InternalServiceError An error occurred on the server side.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • PublicPolicyException The BlockPublicPolicy parameter is set to true, and the resource policy did not prevent broad access to the secret.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy

Example (Shared00)

To add a resource-based policy to a secret The following example shows how to add a resource-based policy to a secret.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.PutResourcePolicyInput{
		ResourcePolicy: aws.String("{\n\"Version\":\"2012-10-17\",\n\"Statement\":[{\n\"Effect\":\"Allow\",\n\"Principal\":{\n\"AWS\":\"arn:aws:iam::123456789012:root\"\n},\n\"Action\":\"secretsmanager:GetSecretValue\",\n\"Resource\":\"*\"\n}]\n}"),
		SecretId:       aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.PutResourcePolicy(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeMalformedPolicyDocumentException:
				fmt.Println(secretsmanager.ErrCodeMalformedPolicyDocumentException, aerr.Error())
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodePublicPolicyException:
				fmt.Println(secretsmanager.ErrCodePublicPolicyException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) PutResourcePolicyRequest added in v1.14.14

func (c *SecretsManager) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput)

PutResourcePolicyRequest generates a "aws/request.Request" representing the client's request for the PutResourcePolicy operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See PutResourcePolicy for more information on using the PutResourcePolicy API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the PutResourcePolicyRequest method.
req, resp := client.PutResourcePolicyRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicy

func (*SecretsManager) PutResourcePolicyWithContext added in v1.14.14

func (c *SecretsManager) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error)

PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of the ability to pass a context and additional request options.

See PutResourcePolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) PutSecretValue

func (c *SecretsManager) PutSecretValue(input *PutSecretValueInput) (*PutSecretValueOutput, error)

PutSecretValue API operation for AWS Secrets Manager.

Creates a new version with a new encrypted secret value and attaches it to the secret. The version can contain a new SecretString value or a new SecretBinary value.

We recommend you avoid calling PutSecretValue at a sustained rate of more than once every 10 minutes. When you update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you call PutSecretValue more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions.

You can specify the staging labels to attach to the new version in VersionStages. If you don't include VersionStages, then Secrets Manager automatically moves the staging label AWSCURRENT to this version. If this operation creates the first version for the secret, then Secrets Manager automatically attaches the staging label AWSCURRENT to it. If this operation moves the staging label AWSCURRENT from another version to this version, then Secrets Manager also automatically moves the staging label AWSPREVIOUS to the version that AWSCURRENT was removed from.

This operation is idempotent. If you call this operation with a ClientRequestToken that matches an existing version's VersionId, and you specify the same secret data, the operation succeeds but does nothing. However, if the secret data is different, then the operation fails because you can't modify an existing version; you can only create new ones.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except SecretBinary or SecretString because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:PutSecretValue. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation PutSecretValue for usage and error information.

Returned Error Types:

  • InvalidParameterException The parameter name or value is invalid.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • LimitExceededException The request failed because it would exceed one of the Secrets Manager quotas.

  • EncryptionFailure Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the KMS key is available, enabled, and not in an invalid state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).

  • ResourceExistsException A resource with the ID you requested already exists.

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InternalServiceError An error occurred on the server side.

  • DecryptionFailure Secrets Manager can't decrypt the protected secret text using the provided KMS key.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue

Example (Shared00)

To store a secret value in a new version of a secret The following example shows how to create a new version of the secret. Alternatively, you can use the update-secret command.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.PutSecretValueInput{
		ClientRequestToken: aws.String("EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE"),
		SecretId:           aws.String("MyTestDatabaseSecret"),
		SecretString:       aws.String("{\"username\":\"david\",\"password\":\"EXAMPLE-PASSWORD\"}"),
	}

	result, err := svc.PutSecretValue(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeLimitExceededException:
				fmt.Println(secretsmanager.ErrCodeLimitExceededException, aerr.Error())
			case secretsmanager.ErrCodeEncryptionFailure:
				fmt.Println(secretsmanager.ErrCodeEncryptionFailure, aerr.Error())
			case secretsmanager.ErrCodeResourceExistsException:
				fmt.Println(secretsmanager.ErrCodeResourceExistsException, aerr.Error())
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeDecryptionFailure:
				fmt.Println(secretsmanager.ErrCodeDecryptionFailure, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) PutSecretValueRequest

func (c *SecretsManager) PutSecretValueRequest(input *PutSecretValueInput) (req *request.Request, output *PutSecretValueOutput)

PutSecretValueRequest generates a "aws/request.Request" representing the client's request for the PutSecretValue operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See PutSecretValue for more information on using the PutSecretValue API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the PutSecretValueRequest method.
req, resp := client.PutSecretValueRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutSecretValue

func (*SecretsManager) PutSecretValueWithContext

func (c *SecretsManager) PutSecretValueWithContext(ctx aws.Context, input *PutSecretValueInput, opts ...request.Option) (*PutSecretValueOutput, error)

PutSecretValueWithContext is the same as PutSecretValue with the addition of the ability to pass a context and additional request options.

See PutSecretValue for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) RemoveRegionsFromReplication added in v1.37.23

RemoveRegionsFromReplication API operation for AWS Secrets Manager.

For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:RemoveRegionsFromReplication. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation RemoveRegionsFromReplication for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InvalidParameterException The parameter name or value is invalid.

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication

func (*SecretsManager) RemoveRegionsFromReplicationRequest added in v1.37.23

func (c *SecretsManager) RemoveRegionsFromReplicationRequest(input *RemoveRegionsFromReplicationInput) (req *request.Request, output *RemoveRegionsFromReplicationOutput)

RemoveRegionsFromReplicationRequest generates a "aws/request.Request" representing the client's request for the RemoveRegionsFromReplication operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See RemoveRegionsFromReplication for more information on using the RemoveRegionsFromReplication API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the RemoveRegionsFromReplicationRequest method.
req, resp := client.RemoveRegionsFromReplicationRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication

func (*SecretsManager) RemoveRegionsFromReplicationWithContext added in v1.37.23

func (c *SecretsManager) RemoveRegionsFromReplicationWithContext(ctx aws.Context, input *RemoveRegionsFromReplicationInput, opts ...request.Option) (*RemoveRegionsFromReplicationOutput, error)

RemoveRegionsFromReplicationWithContext is the same as RemoveRegionsFromReplication with the addition of the ability to pass a context and additional request options.

See RemoveRegionsFromReplication for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) ReplicateSecretToRegions added in v1.37.23

func (c *SecretsManager) ReplicateSecretToRegions(input *ReplicateSecretToRegionsInput) (*ReplicateSecretToRegionsOutput, error)

ReplicateSecretToRegions API operation for AWS Secrets Manager.

Replicates the secret to a new Regions. See Multi-Region secrets (https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html).

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:ReplicateSecretToRegions. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation ReplicateSecretToRegions for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InvalidParameterException The parameter name or value is invalid.

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions

Example (Shared00)

Example The following example replicates a secret to eu-west-3. The replica is encrypted with the AWS managed key aws/secretsmanager.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.ReplicateSecretToRegionsInput{
		AddReplicaRegions: []*secretsmanager.ReplicaRegionType{
			{
				Region: aws.String("eu-west-3"),
			},
		},
		ForceOverwriteReplicaSecret: aws.Bool(true),
		SecretId:                    aws.String("MyTestSecret"),
	}

	result, err := svc.ReplicateSecretToRegions(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) ReplicateSecretToRegionsRequest added in v1.37.23

func (c *SecretsManager) ReplicateSecretToRegionsRequest(input *ReplicateSecretToRegionsInput) (req *request.Request, output *ReplicateSecretToRegionsOutput)

ReplicateSecretToRegionsRequest generates a "aws/request.Request" representing the client's request for the ReplicateSecretToRegions operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See ReplicateSecretToRegions for more information on using the ReplicateSecretToRegions API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the ReplicateSecretToRegionsRequest method.
req, resp := client.ReplicateSecretToRegionsRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions

func (*SecretsManager) ReplicateSecretToRegionsWithContext added in v1.37.23

func (c *SecretsManager) ReplicateSecretToRegionsWithContext(ctx aws.Context, input *ReplicateSecretToRegionsInput, opts ...request.Option) (*ReplicateSecretToRegionsOutput, error)

ReplicateSecretToRegionsWithContext is the same as ReplicateSecretToRegions with the addition of the ability to pass a context and additional request options.

See ReplicateSecretToRegions for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) RestoreSecret

func (c *SecretsManager) RestoreSecret(input *RestoreSecretInput) (*RestoreSecretOutput, error)

RestoreSecret API operation for AWS Secrets Manager.

Cancels the scheduled deletion of a secret by removing the DeletedDate time stamp. You can access a secret again after it has been restored.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:RestoreSecret. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation RestoreSecret for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidParameterException The parameter name or value is invalid.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret

Example (Shared00)

To restore a previously deleted secret The following example shows how to restore a secret that you previously scheduled for deletion.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.RestoreSecretInput{
		SecretId: aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.RestoreSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) RestoreSecretRequest

func (c *SecretsManager) RestoreSecretRequest(input *RestoreSecretInput) (req *request.Request, output *RestoreSecretOutput)

RestoreSecretRequest generates a "aws/request.Request" representing the client's request for the RestoreSecret operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See RestoreSecret for more information on using the RestoreSecret API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the RestoreSecretRequest method.
req, resp := client.RestoreSecretRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RestoreSecret

func (*SecretsManager) RestoreSecretWithContext

func (c *SecretsManager) RestoreSecretWithContext(ctx aws.Context, input *RestoreSecretInput, opts ...request.Option) (*RestoreSecretOutput, error)

RestoreSecretWithContext is the same as RestoreSecret with the addition of the ability to pass a context and additional request options.

See RestoreSecret for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) RotateSecret

func (c *SecretsManager) RotateSecret(input *RotateSecretInput) (*RotateSecretOutput, error)

RotateSecret API operation for AWS Secrets Manager.

Configures and starts the asynchronous process of rotating the secret. For information about rotation, see Rotate secrets (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) in the Secrets Manager User Guide. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret.

When rotation is successful, the AWSPENDING staging label might be attached to the same version as the AWSCURRENT version, or it might not be attached to any version. If the AWSPENDING staging label is present but not attached to the same version as AWSCURRENT, then any later invocation of RotateSecret assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the AWSPENDING staging label might be attached to an empty secret version. For more information, see Troubleshoot rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html) in the Secrets Manager User Guide.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:RotateSecret. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). You also need lambda:InvokeFunction permissions on the rotation function. For more information, see Permissions for rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation RotateSecret for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidParameterException The parameter name or value is invalid.

  • InternalServiceError An error occurred on the server side.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret

Example (Shared00)

To configure rotation for a secret The following example configures rotation for a secret using a cron expression. The first rotation happens immediately after the changes are stored in the secret. The rotation schedule is the first and 15th day of every month. The rotation window begins at 4:00 PM UTC and ends at 6:00 PM.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.RotateSecretInput{
		RotationLambdaARN: aws.String("arn:aws:lambda:us-west-2:123456789012:function:MyTestDatabaseRotationLambda"),
		RotationRules: &secretsmanager.RotationRulesType{
			Duration:           aws.String("2h"),
			ScheduleExpression: aws.String("cron(0 16 1,15 * ? *)"),
		},
		SecretId: aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.RotateSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

Example (Shared01)

To request an immediate rotation for a secret The following example requests an immediate invocation of the secret's Lambda rotation function. It assumes that the specified secret already has rotation configured. The rotation function runs asynchronously in the background.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.RotateSecretInput{
		SecretId: aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.RotateSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) RotateSecretRequest

func (c *SecretsManager) RotateSecretRequest(input *RotateSecretInput) (req *request.Request, output *RotateSecretOutput)

RotateSecretRequest generates a "aws/request.Request" representing the client's request for the RotateSecret operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See RotateSecret for more information on using the RotateSecret API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the RotateSecretRequest method.
req, resp := client.RotateSecretRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecret

func (*SecretsManager) RotateSecretWithContext

func (c *SecretsManager) RotateSecretWithContext(ctx aws.Context, input *RotateSecretInput, opts ...request.Option) (*RotateSecretOutput, error)

RotateSecretWithContext is the same as RotateSecret with the addition of the ability to pass a context and additional request options.

See RotateSecret for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) StopReplicationToReplica added in v1.37.23

func (c *SecretsManager) StopReplicationToReplica(input *StopReplicationToReplicaInput) (*StopReplicationToReplicaOutput, error)

StopReplicationToReplica API operation for AWS Secrets Manager.

Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region.

You must call this operation from the Region in which you want to promote the replica to a primary secret.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:StopReplicationToReplica. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation StopReplicationToReplica for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InvalidParameterException The parameter name or value is invalid.

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica

func (*SecretsManager) StopReplicationToReplicaRequest added in v1.37.23

func (c *SecretsManager) StopReplicationToReplicaRequest(input *StopReplicationToReplicaInput) (req *request.Request, output *StopReplicationToReplicaOutput)

StopReplicationToReplicaRequest generates a "aws/request.Request" representing the client's request for the StopReplicationToReplica operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See StopReplicationToReplica for more information on using the StopReplicationToReplica API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the StopReplicationToReplicaRequest method.
req, resp := client.StopReplicationToReplicaRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica

func (*SecretsManager) StopReplicationToReplicaWithContext added in v1.37.23

func (c *SecretsManager) StopReplicationToReplicaWithContext(ctx aws.Context, input *StopReplicationToReplicaInput, opts ...request.Option) (*StopReplicationToReplicaOutput, error)

StopReplicationToReplicaWithContext is the same as StopReplicationToReplica with the addition of the ability to pass a context and additional request options.

See StopReplicationToReplica for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) TagResource

func (c *SecretsManager) TagResource(input *TagResourceInput) (*TagResourceOutput, error)

TagResource API operation for AWS Secrets Manager.

Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the secret's metadata. They are not associated with specific versions of the secret. This operation appends tags to the existing list of tags.

The following restrictions apply to tags:

  • Maximum number of tags per secret: 50

  • Maximum key length: 127 Unicode characters in UTF-8

  • Maximum value length: 255 Unicode characters in UTF-8

  • Tag keys and values are case sensitive.

  • Do not use the aws: prefix in your tag names or values because Amazon Web Services reserves it for Amazon Web Services use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.

  • If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.

If you use tags as part of your security strategy, then adding or removing a tag can change permissions. If successfully completing this operation would result in you losing your permissions for this secret, then the operation is blocked and returns an Access Denied error.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:TagResource. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation TagResource for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InvalidParameterException The parameter name or value is invalid.

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource

Example (Shared00)

To add tags to a secret The following example shows how to attach two tags each with a Key and Value to a secret. There is no output from this API. To see the result, use the DescribeSecret operation.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.TagResourceInput{
		SecretId: aws.String("MyExampleSecret"),
		Tags: []*secretsmanager.Tag{
			{
				Key:   aws.String("FirstTag"),
				Value: aws.String("SomeValue"),
			},
			{
				Key:   aws.String("SecondTag"),
				Value: aws.String("AnotherValue"),
			},
		},
	}

	result, err := svc.TagResource(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) TagResourceRequest

func (c *SecretsManager) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput)

TagResourceRequest generates a "aws/request.Request" representing the client's request for the TagResource operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See TagResource for more information on using the TagResource API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the TagResourceRequest method.
req, resp := client.TagResourceRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/TagResource

func (*SecretsManager) TagResourceWithContext

func (c *SecretsManager) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error)

TagResourceWithContext is the same as TagResource with the addition of the ability to pass a context and additional request options.

See TagResource for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) UntagResource

func (c *SecretsManager) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error)

UntagResource API operation for AWS Secrets Manager.

Removes specific tags from a secret.

This operation is idempotent. If a requested tag is not attached to the secret, no error is returned and the secret metadata is unchanged.

If you use tags as part of your security strategy, then removing a tag can change permissions. If successfully completing this operation would result in you losing your permissions for this secret, then the operation is blocked and returns an Access Denied error.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:UntagResource. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation UntagResource for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • InvalidParameterException The parameter name or value is invalid.

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource

Example (Shared00)

To remove tags from a secret The following example shows how to remove two tags from a secret's metadata. For each, both the tag and the associated value are removed. There is no output from this API. To see the result, use the DescribeSecret operation.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.UntagResourceInput{
		SecretId: aws.String("MyTestDatabaseSecret"),
		TagKeys: []*string{
			aws.String("FirstTag"),
			aws.String("SecondTag"),
		},
	}

	result, err := svc.UntagResource(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) UntagResourceRequest

func (c *SecretsManager) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput)

UntagResourceRequest generates a "aws/request.Request" representing the client's request for the UntagResource operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See UntagResource for more information on using the UntagResource API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the UntagResourceRequest method.
req, resp := client.UntagResourceRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UntagResource

func (*SecretsManager) UntagResourceWithContext

func (c *SecretsManager) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error)

UntagResourceWithContext is the same as UntagResource with the addition of the ability to pass a context and additional request options.

See UntagResource for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) UpdateSecret

func (c *SecretsManager) UpdateSecret(input *UpdateSecretInput) (*UpdateSecretOutput, error)

UpdateSecret API operation for AWS Secrets Manager.

Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use PutSecretValue.

To change the rotation configuration of a secret, use RotateSecret instead.

To change a secret so that it is managed by another service, you need to recreate the secret in that service. See Secrets Manager secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

We recommend you avoid calling UpdateSecret at a sustained rate of more than once every 10 minutes. When you call UpdateSecret to update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you update the secret value more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions.

If you include SecretString or SecretBinary to create a new secret version, Secrets Manager automatically moves the staging label AWSCURRENT to the new version. Then it attaches the label AWSPREVIOUS to the version that AWSCURRENT was removed from.

If you call this operation with a ClientRequestToken that matches an existing version's VersionId, the operation results in an error. You can't modify an existing version, you can only create a new version. To remove a version, remove all staging labels from it. See UpdateSecretVersionStage.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except SecretBinary or SecretString because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:UpdateSecret. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html). If you use a customer managed key, you must also have kms:GenerateDataKey and kms:Decrypt permissions on the key. For more information, see Secret encryption and decryption (https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation UpdateSecret for usage and error information.

Returned Error Types:

  • InvalidParameterException The parameter name or value is invalid.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • LimitExceededException The request failed because it would exceed one of the Secrets Manager quotas.

  • EncryptionFailure Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the KMS key is available, enabled, and not in an invalid state. For more information, see Key state: Effect on your KMS key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html).

  • ResourceExistsException A resource with the ID you requested already exists.

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • MalformedPolicyDocumentException The resource policy has syntax errors.

  • InternalServiceError An error occurred on the server side.

  • PreconditionNotMetException The request failed because you did not complete all the prerequisite steps.

  • DecryptionFailure Secrets Manager can't decrypt the protected secret text using the provided KMS key.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret

Example (Shared00)

To update the description of a secret The following example shows how to modify the description of a secret.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.UpdateSecretInput{
		ClientRequestToken: aws.String("EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE"),
		Description:        aws.String("This is a new description for the secret."),
		SecretId:           aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.UpdateSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeLimitExceededException:
				fmt.Println(secretsmanager.ErrCodeLimitExceededException, aerr.Error())
			case secretsmanager.ErrCodeEncryptionFailure:
				fmt.Println(secretsmanager.ErrCodeEncryptionFailure, aerr.Error())
			case secretsmanager.ErrCodeResourceExistsException:
				fmt.Println(secretsmanager.ErrCodeResourceExistsException, aerr.Error())
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeMalformedPolicyDocumentException:
				fmt.Println(secretsmanager.ErrCodeMalformedPolicyDocumentException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodePreconditionNotMetException:
				fmt.Println(secretsmanager.ErrCodePreconditionNotMetException, aerr.Error())
			case secretsmanager.ErrCodeDecryptionFailure:
				fmt.Println(secretsmanager.ErrCodeDecryptionFailure, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

Example (Shared01)

To update the KMS key associated with a secret This example shows how to update the KMS customer managed key (CMK) used to encrypt the secret value. The KMS CMK must be in the same region as the secret.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.UpdateSecretInput{
		KmsKeyId: aws.String("arn:aws:kms:us-west-2:123456789012:key/EXAMPLE2-90ab-cdef-fedc-ba987EXAMPLE"),
		SecretId: aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.UpdateSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeLimitExceededException:
				fmt.Println(secretsmanager.ErrCodeLimitExceededException, aerr.Error())
			case secretsmanager.ErrCodeEncryptionFailure:
				fmt.Println(secretsmanager.ErrCodeEncryptionFailure, aerr.Error())
			case secretsmanager.ErrCodeResourceExistsException:
				fmt.Println(secretsmanager.ErrCodeResourceExistsException, aerr.Error())
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeMalformedPolicyDocumentException:
				fmt.Println(secretsmanager.ErrCodeMalformedPolicyDocumentException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodePreconditionNotMetException:
				fmt.Println(secretsmanager.ErrCodePreconditionNotMetException, aerr.Error())
			case secretsmanager.ErrCodeDecryptionFailure:
				fmt.Println(secretsmanager.ErrCodeDecryptionFailure, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

Example (Shared02)

To create a new version of the encrypted secret value The following example shows how to create a new version of the secret by updating the SecretString field. Alternatively, you can use the put-secret-value operation.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.UpdateSecretInput{
		SecretId:     aws.String("MyTestDatabaseSecret"),
		SecretString: aws.String("{JSON STRING WITH CREDENTIALS}"),
	}

	result, err := svc.UpdateSecret(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeLimitExceededException:
				fmt.Println(secretsmanager.ErrCodeLimitExceededException, aerr.Error())
			case secretsmanager.ErrCodeEncryptionFailure:
				fmt.Println(secretsmanager.ErrCodeEncryptionFailure, aerr.Error())
			case secretsmanager.ErrCodeResourceExistsException:
				fmt.Println(secretsmanager.ErrCodeResourceExistsException, aerr.Error())
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeMalformedPolicyDocumentException:
				fmt.Println(secretsmanager.ErrCodeMalformedPolicyDocumentException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodePreconditionNotMetException:
				fmt.Println(secretsmanager.ErrCodePreconditionNotMetException, aerr.Error())
			case secretsmanager.ErrCodeDecryptionFailure:
				fmt.Println(secretsmanager.ErrCodeDecryptionFailure, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) UpdateSecretRequest

func (c *SecretsManager) UpdateSecretRequest(input *UpdateSecretInput) (req *request.Request, output *UpdateSecretOutput)

UpdateSecretRequest generates a "aws/request.Request" representing the client's request for the UpdateSecret operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See UpdateSecret for more information on using the UpdateSecret API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the UpdateSecretRequest method.
req, resp := client.UpdateSecretRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecret

func (*SecretsManager) UpdateSecretVersionStage

func (c *SecretsManager) UpdateSecretVersionStage(input *UpdateSecretVersionStageInput) (*UpdateSecretVersionStageOutput, error)

UpdateSecretVersionStage API operation for AWS Secrets Manager.

Modifies the staging labels attached to a version of a secret. Secrets Manager uses staging labels to track a version as it progresses through the secret rotation process. Each staging label can be attached to only one version at a time. To add a staging label to a version when it is already attached to another version, Secrets Manager first removes it from the other version first and then attaches it to this one. For more information about versions and staging labels, see Concepts: Version (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version).

The staging labels that you specify in the VersionStage parameter are added to the existing list of staging labels for the version.

You can move the AWSCURRENT staging label to this version by including it in this call.

Whenever you move AWSCURRENT, Secrets Manager automatically moves the label AWSPREVIOUS to the version that AWSCURRENT was removed from.

If this action results in the last label being removed from a version, then the version is considered to be 'deprecated' and can be deleted by Secrets Manager.

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:UpdateSecretVersionStage. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation UpdateSecretVersionStage for usage and error information.

Returned Error Types:

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidParameterException The parameter name or value is invalid.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

  • LimitExceededException The request failed because it would exceed one of the Secrets Manager quotas.

  • InternalServiceError An error occurred on the server side.

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage

Example (Shared00)

To add a staging label attached to a version of a secret The following example shows you how to add a staging label to a version of a secret. You can review the results by running the operation ListSecretVersionIds and viewing the VersionStages response field for the affected version.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.UpdateSecretVersionStageInput{
		MoveToVersionId: aws.String("EXAMPLE1-90ab-cdef-fedc-ba987SECRET1"),
		SecretId:        aws.String("MyTestDatabaseSecret"),
		VersionStage:    aws.String("STAGINGLABEL1"),
	}

	result, err := svc.UpdateSecretVersionStage(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeLimitExceededException:
				fmt.Println(secretsmanager.ErrCodeLimitExceededException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

Example (Shared01)

To delete a staging label attached to a version of a secret The following example shows you how to delete a staging label that is attached to a version of a secret. You can review the results by running the operation ListSecretVersionIds and viewing the VersionStages response field for the affected version.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.UpdateSecretVersionStageInput{
		RemoveFromVersionId: aws.String("EXAMPLE1-90ab-cdef-fedc-ba987SECRET1"),
		SecretId:            aws.String("MyTestDatabaseSecret"),
		VersionStage:        aws.String("STAGINGLABEL1"),
	}

	result, err := svc.UpdateSecretVersionStage(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeLimitExceededException:
				fmt.Println(secretsmanager.ErrCodeLimitExceededException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

Example (Shared02)

To move a staging label from one version of a secret to another The following example shows you how to move a staging label that is attached to one version of a secret to a different version. You can review the results by running the operation ListSecretVersionIds and viewing the VersionStages response field for the affected version.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.UpdateSecretVersionStageInput{
		MoveToVersionId:     aws.String("EXAMPLE2-90ab-cdef-fedc-ba987SECRET2"),
		RemoveFromVersionId: aws.String("EXAMPLE1-90ab-cdef-fedc-ba987SECRET1"),
		SecretId:            aws.String("MyTestDatabaseSecret"),
		VersionStage:        aws.String("AWSCURRENT"),
	}

	result, err := svc.UpdateSecretVersionStage(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			case secretsmanager.ErrCodeLimitExceededException:
				fmt.Println(secretsmanager.ErrCodeLimitExceededException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) UpdateSecretVersionStageRequest

func (c *SecretsManager) UpdateSecretVersionStageRequest(input *UpdateSecretVersionStageInput) (req *request.Request, output *UpdateSecretVersionStageOutput)

UpdateSecretVersionStageRequest generates a "aws/request.Request" representing the client's request for the UpdateSecretVersionStage operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See UpdateSecretVersionStage for more information on using the UpdateSecretVersionStage API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the UpdateSecretVersionStageRequest method.
req, resp := client.UpdateSecretVersionStageRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/UpdateSecretVersionStage

func (*SecretsManager) UpdateSecretVersionStageWithContext

func (c *SecretsManager) UpdateSecretVersionStageWithContext(ctx aws.Context, input *UpdateSecretVersionStageInput, opts ...request.Option) (*UpdateSecretVersionStageOutput, error)

UpdateSecretVersionStageWithContext is the same as UpdateSecretVersionStage with the addition of the ability to pass a context and additional request options.

See UpdateSecretVersionStage for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) UpdateSecretWithContext

func (c *SecretsManager) UpdateSecretWithContext(ctx aws.Context, input *UpdateSecretInput, opts ...request.Option) (*UpdateSecretOutput, error)

UpdateSecretWithContext is the same as UpdateSecret with the addition of the ability to pass a context and additional request options.

See UpdateSecret for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

func (*SecretsManager) ValidateResourcePolicy added in v1.33.5

func (c *SecretsManager) ValidateResourcePolicy(input *ValidateResourcePolicyInput) (*ValidateResourcePolicyOutput, error)

ValidateResourcePolicy API operation for AWS Secrets Manager.

Validates that a resource policy does not grant a wide range of principals access to your secret. A resource-based policy is optional for secrets.

The API performs three checks when validating the policy:

Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html).

Required permissions: secretsmanager:ValidateResourcePolicy and secretsmanager:PutResourcePolicy. For more information, see IAM policy actions for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions) and Authentication and access control in Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html).

Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.

See the AWS API reference guide for AWS Secrets Manager's API operation ValidateResourcePolicy for usage and error information.

Returned Error Types:

  • MalformedPolicyDocumentException The resource policy has syntax errors.

  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.

  • InvalidParameterException The parameter name or value is invalid.

  • InternalServiceError An error occurred on the server side.

  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    Possible causes:

  • The secret is scheduled for deletion.

  • You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call.

  • The secret is managed by another service, and you must use that service to update it. For more information, see Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html).

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy

Example (Shared00)

To validate a resource-based policy to a secret The following example shows how to validate a resource-based policy to a secret.

package main

import (
	"fmt"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/secretsmanager"
)

func main() {
	svc := secretsmanager.New(session.New())
	input := &secretsmanager.ValidateResourcePolicyInput{
		ResourcePolicy: aws.String("{\n\"Version\":\"2012-10-17\",\n\"Statement\":[{\n\"Effect\":\"Allow\",\n\"Principal\":{\n\"AWS\":\"arn:aws:iam::123456789012:root\"\n},\n\"Action\":\"secretsmanager:GetSecretValue\",\n\"Resource\":\"*\"\n}]\n}"),
		SecretId:       aws.String("MyTestDatabaseSecret"),
	}

	result, err := svc.ValidateResourcePolicy(input)
	if err != nil {
		if aerr, ok := err.(awserr.Error); ok {
			switch aerr.Code() {
			case secretsmanager.ErrCodeMalformedPolicyDocumentException:
				fmt.Println(secretsmanager.ErrCodeMalformedPolicyDocumentException, aerr.Error())
			case secretsmanager.ErrCodeResourceNotFoundException:
				fmt.Println(secretsmanager.ErrCodeResourceNotFoundException, aerr.Error())
			case secretsmanager.ErrCodeInvalidParameterException:
				fmt.Println(secretsmanager.ErrCodeInvalidParameterException, aerr.Error())
			case secretsmanager.ErrCodeInternalServiceError:
				fmt.Println(secretsmanager.ErrCodeInternalServiceError, aerr.Error())
			case secretsmanager.ErrCodeInvalidRequestException:
				fmt.Println(secretsmanager.ErrCodeInvalidRequestException, aerr.Error())
			default:
				fmt.Println(aerr.Error())
			}
		} else {
			// Print the error, cast err to awserr.Error to get the Code and
			// Message from an error.
			fmt.Println(err.Error())
		}
		return
	}

	fmt.Println(result)
}
Output:

func (*SecretsManager) ValidateResourcePolicyRequest added in v1.33.5

func (c *SecretsManager) ValidateResourcePolicyRequest(input *ValidateResourcePolicyInput) (req *request.Request, output *ValidateResourcePolicyOutput)

ValidateResourcePolicyRequest generates a "aws/request.Request" representing the client's request for the ValidateResourcePolicy operation. The "output" return value will be populated with the request's response once the request completes successfully.

Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.

See ValidateResourcePolicy for more information on using the ValidateResourcePolicy API call, and error handling.

This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.

// Example sending a request using the ValidateResourcePolicyRequest method.
req, resp := client.ValidateResourcePolicyRequest(params)

err := req.Send()
if err == nil { // resp is now filled
    fmt.Println(resp)
}

See also, https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicy

func (*SecretsManager) ValidateResourcePolicyWithContext added in v1.33.5

func (c *SecretsManager) ValidateResourcePolicyWithContext(ctx aws.Context, input *ValidateResourcePolicyInput, opts ...request.Option) (*ValidateResourcePolicyOutput, error)

ValidateResourcePolicyWithContext is the same as ValidateResourcePolicy with the addition of the ability to pass a context and additional request options.

See ValidateResourcePolicy for details on how to use this API operation.

The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.

type StopReplicationToReplicaInput added in v1.37.23

type StopReplicationToReplicaInput struct {

	// The ARN of the primary secret.
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (StopReplicationToReplicaInput) GoString added in v1.37.23

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*StopReplicationToReplicaInput) SetSecretId added in v1.37.23

SetSecretId sets the SecretId field's value.

func (StopReplicationToReplicaInput) String added in v1.37.23

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*StopReplicationToReplicaInput) Validate added in v1.37.23

func (s *StopReplicationToReplicaInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type StopReplicationToReplicaOutput added in v1.37.23

type StopReplicationToReplicaOutput struct {

	// The ARN of the promoted secret. The ARN is the same as the original primary
	// secret except the Region is changed.
	ARN *string `min:"20" type:"string"`
	// contains filtered or unexported fields
}

func (StopReplicationToReplicaOutput) GoString added in v1.37.23

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*StopReplicationToReplicaOutput) SetARN added in v1.37.23

SetARN sets the ARN field's value.

func (StopReplicationToReplicaOutput) String added in v1.37.23

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type Tag

type Tag struct {

	// The key identifier, or name, of the tag.
	Key *string `min:"1" type:"string"`

	// The string value associated with the key of the tag.
	Value *string `type:"string"`
	// contains filtered or unexported fields
}

A structure that contains information about a tag.

func (Tag) GoString

func (s Tag) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*Tag) SetKey

func (s *Tag) SetKey(v string) *Tag

SetKey sets the Key field's value.

func (*Tag) SetValue

func (s *Tag) SetValue(v string) *Tag

SetValue sets the Value field's value.

func (Tag) String

func (s Tag) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*Tag) Validate

func (s *Tag) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type TagResourceInput

type TagResourceInput struct {

	// The identifier for the secret to attach tags to. You can specify either the
	// Amazon Resource Name (ARN) or the friendly name of the secret.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// The tags to attach to the secret as a JSON text string argument. Each element
	// in the list consists of a Key and a Value.
	//
	// For storing multiple values, we recommend that you use a JSON text string
	// argument and specify key/value pairs. For more information, see Specifying
	// parameter values for the Amazon Web Services CLI (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html)
	// in the Amazon Web Services CLI User Guide.
	//
	// Tags is a required field
	Tags []*Tag `type:"list" required:"true"`
	// contains filtered or unexported fields
}

func (TagResourceInput) GoString

func (s TagResourceInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*TagResourceInput) SetSecretId

func (s *TagResourceInput) SetSecretId(v string) *TagResourceInput

SetSecretId sets the SecretId field's value.

func (*TagResourceInput) SetTags

func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput

SetTags sets the Tags field's value.

func (TagResourceInput) String

func (s TagResourceInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*TagResourceInput) Validate

func (s *TagResourceInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type TagResourceOutput

type TagResourceOutput struct {
	// contains filtered or unexported fields
}

func (TagResourceOutput) GoString

func (s TagResourceOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (TagResourceOutput) String

func (s TagResourceOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type UntagResourceInput

type UntagResourceInput struct {

	// The ARN or name of the secret.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// A list of tag key names to remove from the secret. You don't specify the
	// value. Both the key and its associated value are removed.
	//
	// This parameter requires a JSON text string argument.
	//
	// For storing multiple values, we recommend that you use a JSON text string
	// argument and specify key/value pairs. For more information, see Specifying
	// parameter values for the Amazon Web Services CLI (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html)
	// in the Amazon Web Services CLI User Guide.
	//
	// TagKeys is a required field
	TagKeys []*string `type:"list" required:"true"`
	// contains filtered or unexported fields
}

func (UntagResourceInput) GoString

func (s UntagResourceInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UntagResourceInput) SetSecretId

func (s *UntagResourceInput) SetSecretId(v string) *UntagResourceInput

SetSecretId sets the SecretId field's value.

func (*UntagResourceInput) SetTagKeys

func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput

SetTagKeys sets the TagKeys field's value.

func (UntagResourceInput) String

func (s UntagResourceInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UntagResourceInput) Validate

func (s *UntagResourceInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type UntagResourceOutput

type UntagResourceOutput struct {
	// contains filtered or unexported fields
}

func (UntagResourceOutput) GoString

func (s UntagResourceOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (UntagResourceOutput) String

func (s UntagResourceOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type UpdateSecretInput

type UpdateSecretInput struct {

	// If you include SecretString or SecretBinary, then Secrets Manager creates
	// a new version for the secret, and this parameter specifies the unique identifier
	// for the new version.
	//
	// If you use the Amazon Web Services CLI or one of the Amazon Web Services
	// SDKs to call this operation, then you can leave this parameter empty. The
	// CLI or SDK generates a random UUID for you and includes it as the value for
	// this parameter in the request. If you don't use the SDK and instead generate
	// a raw HTTP request to the Secrets Manager service endpoint, then you must
	// generate a ClientRequestToken yourself for the new version and include the
	// value in the request.
	//
	// This value becomes the VersionId of the new version.
	ClientRequestToken *string `min:"32" type:"string" idempotencyToken:"true"`

	// The description of the secret.
	Description *string `type:"string"`

	// The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt
	// new secret versions as well as any existing versions with the staging labels
	// AWSCURRENT, AWSPENDING, or AWSPREVIOUS. For more information about versions
	// and staging labels, see Concepts: Version (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version).
	//
	// A key alias is always prefixed by alias/, for example alias/aws/secretsmanager.
	// For more information, see About aliases (https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html).
	//
	// If you set this to an empty string, Secrets Manager uses the Amazon Web Services
	// managed key aws/secretsmanager. If this key doesn't already exist in your
	// account, then Secrets Manager creates it for you automatically. All users
	// and roles in the Amazon Web Services account automatically have access to
	// use aws/secretsmanager. Creating aws/secretsmanager can result in a one-time
	// significant delay in returning the result.
	//
	// You can only use the Amazon Web Services managed key aws/secretsmanager if
	// you call this operation using credentials from the same Amazon Web Services
	// account that owns the secret. If the secret is in a different account, then
	// you must use a customer managed key and provide the ARN of that KMS key in
	// this field. The user making the call must have permissions to both the secret
	// and the KMS key in their respective accounts.
	KmsKeyId *string `type:"string"`

	// The binary data to encrypt and store in the new version of the secret. We
	// recommend that you store your binary data in a file and then pass the contents
	// of the file as a parameter.
	//
	// Either SecretBinary or SecretString must have a value, but not both.
	//
	// You can't access this parameter in the Secrets Manager console.
	//
	// SecretBinary is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UpdateSecretInput's
	// String and GoString methods.
	//
	// SecretBinary is automatically base64 encoded/decoded by the SDK.
	SecretBinary []byte `min:"1" type:"blob" sensitive:"true"`

	// The ARN or name of the secret.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// The text data to encrypt and store in the new version of the secret. We recommend
	// you use a JSON structure of key/value pairs for your secret value.
	//
	// Either SecretBinary or SecretString must have a value, but not both.
	//
	// SecretString is a sensitive parameter and its value will be
	// replaced with "sensitive" in string returned by UpdateSecretInput's
	// String and GoString methods.
	SecretString *string `min:"1" type:"string" sensitive:"true"`
	// contains filtered or unexported fields
}

func (UpdateSecretInput) GoString

func (s UpdateSecretInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UpdateSecretInput) SetClientRequestToken

func (s *UpdateSecretInput) SetClientRequestToken(v string) *UpdateSecretInput

SetClientRequestToken sets the ClientRequestToken field's value.

func (*UpdateSecretInput) SetDescription

func (s *UpdateSecretInput) SetDescription(v string) *UpdateSecretInput

SetDescription sets the Description field's value.

func (*UpdateSecretInput) SetKmsKeyId

func (s *UpdateSecretInput) SetKmsKeyId(v string) *UpdateSecretInput

SetKmsKeyId sets the KmsKeyId field's value.

func (*UpdateSecretInput) SetSecretBinary

func (s *UpdateSecretInput) SetSecretBinary(v []byte) *UpdateSecretInput

SetSecretBinary sets the SecretBinary field's value.

func (*UpdateSecretInput) SetSecretId

func (s *UpdateSecretInput) SetSecretId(v string) *UpdateSecretInput

SetSecretId sets the SecretId field's value.

func (*UpdateSecretInput) SetSecretString

func (s *UpdateSecretInput) SetSecretString(v string) *UpdateSecretInput

SetSecretString sets the SecretString field's value.

func (UpdateSecretInput) String

func (s UpdateSecretInput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UpdateSecretInput) Validate

func (s *UpdateSecretInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type UpdateSecretOutput

type UpdateSecretOutput struct {

	// The ARN of the secret that was updated.
	ARN *string `min:"20" type:"string"`

	// The name of the secret that was updated.
	Name *string `min:"1" type:"string"`

	// If Secrets Manager created a new version of the secret during this operation,
	// then VersionId contains the unique identifier of the new version.
	VersionId *string `min:"32" type:"string"`
	// contains filtered or unexported fields
}

func (UpdateSecretOutput) GoString

func (s UpdateSecretOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UpdateSecretOutput) SetARN

SetARN sets the ARN field's value.

func (*UpdateSecretOutput) SetName

SetName sets the Name field's value.

func (*UpdateSecretOutput) SetVersionId

func (s *UpdateSecretOutput) SetVersionId(v string) *UpdateSecretOutput

SetVersionId sets the VersionId field's value.

func (UpdateSecretOutput) String

func (s UpdateSecretOutput) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type UpdateSecretVersionStageInput

type UpdateSecretVersionStageInput struct {

	// The ID of the version to add the staging label to. To remove a label from
	// a version, then do not specify this parameter.
	//
	// If the staging label is already attached to a different version of the secret,
	// then you must also specify the RemoveFromVersionId parameter.
	MoveToVersionId *string `min:"32" type:"string"`

	// The ID of the version that the staging label is to be removed from. If the
	// staging label you are trying to attach to one version is already attached
	// to a different version, then you must include this parameter and specify
	// the version that the label is to be removed from. If the label is attached
	// and you either do not specify this parameter, or the version ID does not
	// match, then the operation fails.
	RemoveFromVersionId *string `min:"32" type:"string"`

	// The ARN or the name of the secret with the version and staging labelsto modify.
	//
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen).
	//
	// SecretId is a required field
	SecretId *string `min:"1" type:"string" required:"true"`

	// The staging label to add to this version.
	//
	// VersionStage is a required field
	VersionStage *string `min:"1" type:"string" required:"true"`
	// contains filtered or unexported fields
}

func (UpdateSecretVersionStageInput) GoString

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UpdateSecretVersionStageInput) SetMoveToVersionId

SetMoveToVersionId sets the MoveToVersionId field's value.

func (*UpdateSecretVersionStageInput) SetRemoveFromVersionId

SetRemoveFromVersionId sets the RemoveFromVersionId field's value.

func (*UpdateSecretVersionStageInput) SetSecretId

SetSecretId sets the SecretId field's value.

func (*UpdateSecretVersionStageInput) SetVersionStage

SetVersionStage sets the VersionStage field's value.

func (UpdateSecretVersionStageInput) String

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UpdateSecretVersionStageInput) Validate

func (s *UpdateSecretVersionStageInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type UpdateSecretVersionStageOutput

type UpdateSecretVersionStageOutput struct {

	// The ARN of the secret that was updated.
	ARN *string `min:"20" type:"string"`

	// The name of the secret that was updated.
	Name *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

func (UpdateSecretVersionStageOutput) GoString

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*UpdateSecretVersionStageOutput) SetARN

SetARN sets the ARN field's value.

func (*UpdateSecretVersionStageOutput) SetName

SetName sets the Name field's value.

func (UpdateSecretVersionStageOutput) String

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ValidateResourcePolicyInput added in v1.33.5

type ValidateResourcePolicyInput struct {

	// A JSON-formatted string that contains an Amazon Web Services resource-based
	// policy. The policy in the string identifies who can access or manage this
	// secret and its versions. For example policies, see Permissions policy examples
	// (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html).
	//
	// ResourcePolicy is a required field
	ResourcePolicy *string `min:"1" type:"string" required:"true"`

	// This field is reserved for internal use.
	SecretId *string `min:"1" type:"string"`
	// contains filtered or unexported fields
}

func (ValidateResourcePolicyInput) GoString added in v1.33.5

func (s ValidateResourcePolicyInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ValidateResourcePolicyInput) SetResourcePolicy added in v1.33.5

SetResourcePolicy sets the ResourcePolicy field's value.

func (*ValidateResourcePolicyInput) SetSecretId added in v1.33.5

SetSecretId sets the SecretId field's value.

func (ValidateResourcePolicyInput) String added in v1.33.5

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ValidateResourcePolicyInput) Validate added in v1.33.5

func (s *ValidateResourcePolicyInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.

type ValidateResourcePolicyOutput added in v1.33.5

type ValidateResourcePolicyOutput struct {

	// True if your policy passes validation, otherwise false.
	PolicyValidationPassed *bool `type:"boolean"`

	// Validation errors if your policy didn't pass validation.
	ValidationErrors []*ValidationErrorsEntry `type:"list"`
	// contains filtered or unexported fields
}

func (ValidateResourcePolicyOutput) GoString added in v1.33.5

func (s ValidateResourcePolicyOutput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ValidateResourcePolicyOutput) SetPolicyValidationPassed added in v1.33.5

func (s *ValidateResourcePolicyOutput) SetPolicyValidationPassed(v bool) *ValidateResourcePolicyOutput

SetPolicyValidationPassed sets the PolicyValidationPassed field's value.

func (*ValidateResourcePolicyOutput) SetValidationErrors added in v1.33.5

SetValidationErrors sets the ValidationErrors field's value.

func (ValidateResourcePolicyOutput) String added in v1.33.5

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

type ValidationErrorsEntry added in v1.33.5

type ValidationErrorsEntry struct {

	// Checks the name of the policy.
	CheckName *string `min:"1" type:"string"`

	// Displays error messages if validation encounters problems during validation
	// of the resource policy.
	ErrorMessage *string `type:"string"`
	// contains filtered or unexported fields
}

Displays errors that occurred during validation of the resource policy.

func (ValidationErrorsEntry) GoString added in v1.33.5

func (s ValidationErrorsEntry) GoString() string

GoString returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

func (*ValidationErrorsEntry) SetCheckName added in v1.33.5

SetCheckName sets the CheckName field's value.

func (*ValidationErrorsEntry) SetErrorMessage added in v1.33.5

func (s *ValidationErrorsEntry) SetErrorMessage(v string) *ValidationErrorsEntry

SetErrorMessage sets the ErrorMessage field's value.

func (ValidationErrorsEntry) String added in v1.33.5

func (s ValidationErrorsEntry) String() string

String returns the string representation.

API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".

Directories

Path Synopsis
Package secretsmanageriface provides an interface to enable mocking the AWS Secrets Manager service client for testing your code.
Package secretsmanageriface provides an interface to enable mocking the AWS Secrets Manager service client for testing your code.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL