/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include namespace Aws { namespace SecretsManager { /** * Amazon Web Services Secrets Manager

Amazon Web Services * Secrets Manager provides a service to enable you to store, manage, and retrieve, * secrets.

This guide provides descriptions of the Secrets Manager API. For * more information about using this service, see the Amazon * Web Services Secrets Manager User Guide.

API Version

*

This version of the Secrets Manager API Reference documents the Secrets * Manager API version 2017-10-17.

For a list of endpoints, see Amazon * Web Services Secrets Manager endpoints.

Support and Feedback for * Amazon Web Services Secrets Manager

We welcome your feedback. Send * your comments to awssecretsmanager-feedback@amazon.com, * or post your feedback and questions in the Amazon Web Services * Secrets Manager Discussion Forum. For more information about the Amazon Web * Services Discussion Forums, see Forums Help.

* Logging API Requests

Amazon Web Services Secrets Manager supports * Amazon Web Services CloudTrail, a service that records Amazon Web Services API * calls for your Amazon Web Services account and delivers log files to an Amazon * S3 bucket. By using information that's collected by Amazon Web Services * CloudTrail, you can determine the requests successfully made to Secrets Manager, * who made the request, when it was made, and so on. For more about Amazon Web * Services Secrets Manager and support for Amazon Web Services CloudTrail, see Logging * Amazon Web Services Secrets Manager Events with Amazon Web Services * CloudTrail in the Amazon Web Services Secrets Manager User Guide. To * learn more about CloudTrail, including enabling it and find your log files, see * the Amazon * Web Services CloudTrail User Guide.

*/ class AWS_SECRETSMANAGER_API SecretsManagerClient : public Aws::Client::AWSJsonClient, public Aws::Client::ClientWithAsyncTemplateMethods { public: typedef Aws::Client::AWSJsonClient BASECLASS; static const char* SERVICE_NAME; static const char* ALLOCATION_TAG; typedef SecretsManagerClientConfiguration ClientConfigurationType; typedef SecretsManagerEndpointProvider EndpointProviderType; /** * Initializes client to use DefaultCredentialProviderChain, with default http client factory, and optional client config. If client config * is not specified, it will be initialized to default values. */ SecretsManagerClient(const Aws::SecretsManager::SecretsManagerClientConfiguration& clientConfiguration = Aws::SecretsManager::SecretsManagerClientConfiguration(), std::shared_ptr endpointProvider = Aws::MakeShared(ALLOCATION_TAG)); /** * Initializes client to use SimpleAWSCredentialsProvider, with default http client factory, and optional client config. If client config * is not specified, it will be initialized to default values. */ SecretsManagerClient(const Aws::Auth::AWSCredentials& credentials, std::shared_ptr endpointProvider = Aws::MakeShared(ALLOCATION_TAG), const Aws::SecretsManager::SecretsManagerClientConfiguration& clientConfiguration = Aws::SecretsManager::SecretsManagerClientConfiguration()); /** * Initializes client to use specified credentials provider with specified client config. If http client factory is not supplied, * the default http client factory will be used */ SecretsManagerClient(const std::shared_ptr& credentialsProvider, std::shared_ptr endpointProvider = Aws::MakeShared(ALLOCATION_TAG), const Aws::SecretsManager::SecretsManagerClientConfiguration& clientConfiguration = Aws::SecretsManager::SecretsManagerClientConfiguration()); /* Legacy constructors due deprecation */ /** * Initializes client to use DefaultCredentialProviderChain, with default http client factory, and optional client config. If client config * is not specified, it will be initialized to default values. */ SecretsManagerClient(const Aws::Client::ClientConfiguration& clientConfiguration); /** * Initializes client to use SimpleAWSCredentialsProvider, with default http client factory, and optional client config. If client config * is not specified, it will be initialized to default values. */ SecretsManagerClient(const Aws::Auth::AWSCredentials& credentials, const Aws::Client::ClientConfiguration& clientConfiguration); /** * Initializes client to use specified credentials provider with specified client config. If http client factory is not supplied, * the default http client factory will be used */ SecretsManagerClient(const std::shared_ptr& credentialsProvider, const Aws::Client::ClientConfiguration& clientConfiguration); /* End of legacy constructors due deprecation */ virtual ~SecretsManagerClient(); /** *

Turns off automatic rotation, and if a rotation is currently in progress, * cancels the rotation.

If you cancel a rotation in progress, it can leave * the VersionStage labels in an unexpected state. You might need to * remove the staging label AWSPENDING from the partially created * version. You also need to determine whether to roll back to the previous version * of the secret by moving the staging label AWSCURRENT to the version * that has AWSPENDING. To determine which version has a specific * staging label, call ListSecretVersionIds. Then use * UpdateSecretVersionStage to change staging labels. For more information, * see How * rotation works.

To turn on automatic rotation again, call * RotateSecret.

Secrets Manager generates a CloudTrail log entry * when you call this action. Do not include sensitive information in request * parameters because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:CancelRotateSecret. For more information, see * * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::CancelRotateSecretOutcome CancelRotateSecret(const Model::CancelRotateSecretRequest& request) const; /** * A Callable wrapper for CancelRotateSecret that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::CancelRotateSecretOutcomeCallable CancelRotateSecretCallable(const CancelRotateSecretRequestT& request) const { return SubmitCallable(&SecretsManagerClient::CancelRotateSecret, request); } /** * An Async wrapper for CancelRotateSecret that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void CancelRotateSecretAsync(const CancelRotateSecretRequestT& request, const CancelRotateSecretResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::CancelRotateSecret, request, handler, context); } /** *

Creates a new secret. A secret can be a password, a set of credentials * such as a user name and password, an OAuth token, or other secret information * that you store in an encrypted form in Secrets Manager. The secret also includes * the connection information to access a database or other service, which Secrets * Manager doesn't encrypt. A secret in Secrets Manager consists of both the * protected secret data and the important information needed to manage the * secret.

For secrets that use managed rotation, you need to create * the secret through the managing service. For more information, see Secrets * Manager secrets managed by other Amazon Web Services services.

For * information about creating a secret in the console, see Create * a secret.

To create a secret, you can provide the secret value to be * encrypted in either the SecretString parameter or the * SecretBinary parameter, but not both. If you include * SecretString or SecretBinary then Secrets Manager * creates an initial secret version and automatically attaches the staging label * AWSCURRENT to it.

For database credentials you want to * rotate, for Secrets Manager to be able to rotate the secret, you must make sure * the JSON you store in the SecretString matches the JSON * structure of a database secret.

If you don't specify an KMS * encryption key, Secrets Manager uses the Amazon Web Services managed key * aws/secretsmanager. If this key doesn't already exist in your * account, then Secrets Manager creates it for you automatically. All users and * roles in the Amazon Web Services account automatically have access to use * aws/secretsmanager. Creating aws/secretsmanager can * result in a one-time significant delay in returning the result.

If the * secret is in a different Amazon Web Services account from the credentials * calling the API, then you can't use aws/secretsmanager to encrypt * the secret, and you must create and use a customer managed KMS key.

*

Secrets Manager generates a CloudTrail log entry when you call this action. * Do not include sensitive information in request parameters except * SecretBinary or SecretString because it might be * logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:CreateSecret. If you include tags in the * secret, you also need secretsmanager:TagResource. For more * information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

To encrypt the secret with a * KMS key other than aws/secretsmanager, you need * kms:GenerateDataKey and kms:Decrypt permission to the * key.

See Also:

AWS * API Reference

*/ virtual Model::CreateSecretOutcome CreateSecret(const Model::CreateSecretRequest& request) const; /** * A Callable wrapper for CreateSecret that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::CreateSecretOutcomeCallable CreateSecretCallable(const CreateSecretRequestT& request) const { return SubmitCallable(&SecretsManagerClient::CreateSecret, request); } /** * An Async wrapper for CreateSecret that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void CreateSecretAsync(const CreateSecretRequestT& request, const CreateSecretResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::CreateSecret, request, handler, context); } /** *

Deletes the resource-based permission policy attached to the secret. To * attach a policy to a secret, use PutResourcePolicy.

Secrets * Manager generates a CloudTrail log entry when you call this action. Do not * include sensitive information in request parameters because it might be logged. * For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:DeleteResourcePolicy. For more information, see * * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::DeleteResourcePolicyOutcome DeleteResourcePolicy(const Model::DeleteResourcePolicyRequest& request) const; /** * A Callable wrapper for DeleteResourcePolicy that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::DeleteResourcePolicyOutcomeCallable DeleteResourcePolicyCallable(const DeleteResourcePolicyRequestT& request) const { return SubmitCallable(&SecretsManagerClient::DeleteResourcePolicy, request); } /** * An Async wrapper for DeleteResourcePolicy that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void DeleteResourcePolicyAsync(const DeleteResourcePolicyRequestT& request, const DeleteResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::DeleteResourcePolicy, request, handler, context); } /** *

Deletes a secret and all of its versions. You can specify a recovery window * during which you can restore the secret. The minimum recovery window is 7 days. * The default recovery window is 30 days. Secrets Manager attaches a * DeletionDate stamp to the secret that specifies the end of the * recovery window. At the end of the recovery window, Secrets Manager deletes the * secret permanently.

You can't delete a primary secret that is replicated * to other Regions. You must first delete the replicas using * RemoveRegionsFromReplication, and then delete the primary secret. When * you delete a replica, it is deleted immediately.

You can't directly * delete a version of a secret. Instead, you remove all staging labels from the * version using UpdateSecretVersionStage. This marks the version as * deprecated, and then Secrets Manager can automatically delete the version in the * background.

To determine whether an application still uses a secret, you * can create an Amazon CloudWatch alarm to alert you to any attempts to access a * secret during the recovery window. For more information, see * Monitor secrets scheduled for deletion.

Secrets Manager performs the * permanent secret deletion at the end of the waiting period as a background task * with low priority. There is no guarantee of a specific time after the recovery * window for the permanent delete to occur.

At any time before recovery * window ends, you can use RestoreSecret to remove the * DeletionDate and cancel the deletion of the secret.

When a * secret is scheduled for deletion, you cannot retrieve the secret value. You must * first cancel the deletion with RestoreSecret and then you can retrieve * the secret.

Secrets Manager generates a CloudTrail log entry when you * call this action. Do not include sensitive information in request parameters * because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:DeleteSecret. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::DeleteSecretOutcome DeleteSecret(const Model::DeleteSecretRequest& request) const; /** * A Callable wrapper for DeleteSecret that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::DeleteSecretOutcomeCallable DeleteSecretCallable(const DeleteSecretRequestT& request) const { return SubmitCallable(&SecretsManagerClient::DeleteSecret, request); } /** * An Async wrapper for DeleteSecret that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void DeleteSecretAsync(const DeleteSecretRequestT& request, const DeleteSecretResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::DeleteSecret, request, handler, context); } /** *

Retrieves the details of a secret. It does not include the encrypted secret * value. Secrets Manager only returns fields that have a value in the response. *

Secrets Manager generates a CloudTrail log entry when you call this * action. Do not include sensitive information in request parameters because it * might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:DescribeSecret. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::DescribeSecretOutcome DescribeSecret(const Model::DescribeSecretRequest& request) const; /** * A Callable wrapper for DescribeSecret that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::DescribeSecretOutcomeCallable DescribeSecretCallable(const DescribeSecretRequestT& request) const { return SubmitCallable(&SecretsManagerClient::DescribeSecret, request); } /** * An Async wrapper for DescribeSecret that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void DescribeSecretAsync(const DescribeSecretRequestT& request, const DescribeSecretResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::DescribeSecret, request, handler, context); } /** *

Generates a random password. We recommend that you specify the maximum length * and include every character type that the system you are generating a password * for can support.

Secrets Manager generates a CloudTrail log entry when * you call this action. Do not include sensitive information in request parameters * because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:GetRandomPassword. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::GetRandomPasswordOutcome GetRandomPassword(const Model::GetRandomPasswordRequest& request) const; /** * A Callable wrapper for GetRandomPassword that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::GetRandomPasswordOutcomeCallable GetRandomPasswordCallable(const GetRandomPasswordRequestT& request) const { return SubmitCallable(&SecretsManagerClient::GetRandomPassword, request); } /** * An Async wrapper for GetRandomPassword that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void GetRandomPasswordAsync(const GetRandomPasswordRequestT& request, const GetRandomPasswordResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::GetRandomPassword, request, handler, context); } /** *

Retrieves the JSON text of the resource-based policy document attached to the * secret. For more information about permissions policies attached to a secret, * see Permissions * policies attached to a secret.

Secrets Manager generates a CloudTrail * log entry when you call this action. Do not include sensitive information in * request parameters because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:GetResourcePolicy. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::GetResourcePolicyOutcome GetResourcePolicy(const Model::GetResourcePolicyRequest& request) const; /** * A Callable wrapper for GetResourcePolicy that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::GetResourcePolicyOutcomeCallable GetResourcePolicyCallable(const GetResourcePolicyRequestT& request) const { return SubmitCallable(&SecretsManagerClient::GetResourcePolicy, request); } /** * An Async wrapper for GetResourcePolicy that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void GetResourcePolicyAsync(const GetResourcePolicyRequestT& request, const GetResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::GetResourcePolicy, request, handler, context); } /** *

Retrieves the contents of the encrypted fields SecretString or * SecretBinary from the specified version of a secret, whichever * contains content.

We recommend that you cache your secret values by using * client-side caching. Caching secrets improves speed and reduces your costs. For * more information, see Cache * secrets for your applications.

To retrieve the previous version of a * secret, use VersionStage and specify AWSPREVIOUS. To revert to the * previous version of a secret, call UpdateSecretVersionStage.

*

Secrets Manager generates a CloudTrail log entry when you call this action. * Do not include sensitive information in request parameters because it might be * logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:GetSecretValue. If the secret is encrypted * using a customer-managed key instead of the Amazon Web Services managed key * aws/secretsmanager, then you also need kms:Decrypt * permissions for that key. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::GetSecretValueOutcome GetSecretValue(const Model::GetSecretValueRequest& request) const; /** * A Callable wrapper for GetSecretValue that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::GetSecretValueOutcomeCallable GetSecretValueCallable(const GetSecretValueRequestT& request) const { return SubmitCallable(&SecretsManagerClient::GetSecretValue, request); } /** * An Async wrapper for GetSecretValue that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void GetSecretValueAsync(const GetSecretValueRequestT& request, const GetSecretValueResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::GetSecretValue, request, handler, context); } /** *

Lists the versions of a secret. Secrets Manager uses staging labels to * indicate the different versions of a secret. For more information, see * Secrets Manager concepts: Versions.

To list the secrets in the * account, use ListSecrets.

Secrets Manager generates a CloudTrail * log entry when you call this action. Do not include sensitive information in * request parameters because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:ListSecretVersionIds. For more information, see * * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::ListSecretVersionIdsOutcome ListSecretVersionIds(const Model::ListSecretVersionIdsRequest& request) const; /** * A Callable wrapper for ListSecretVersionIds that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::ListSecretVersionIdsOutcomeCallable ListSecretVersionIdsCallable(const ListSecretVersionIdsRequestT& request) const { return SubmitCallable(&SecretsManagerClient::ListSecretVersionIds, request); } /** * An Async wrapper for ListSecretVersionIds that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void ListSecretVersionIdsAsync(const ListSecretVersionIdsRequestT& request, const ListSecretVersionIdsResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::ListSecretVersionIds, request, handler, context); } /** *

Lists the secrets that are stored by Secrets Manager in the Amazon Web * Services account, not including secrets that are marked for deletion. To see * secrets marked for deletion, use the Secrets Manager console.

ListSecrets * is eventually consistent, however it might not reflect changes from the last * five minutes. To get the latest information for a specific secret, use * DescribeSecret.

To list the versions of a secret, use * ListSecretVersionIds.

To get the secret value from * SecretString or SecretBinary, call * GetSecretValue.

For information about finding secrets in the * console, see Find * secrets in Secrets Manager.

Secrets Manager generates a CloudTrail * log entry when you call this action. Do not include sensitive information in * request parameters because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:ListSecrets. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::ListSecretsOutcome ListSecrets(const Model::ListSecretsRequest& request) const; /** * A Callable wrapper for ListSecrets that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::ListSecretsOutcomeCallable ListSecretsCallable(const ListSecretsRequestT& request) const { return SubmitCallable(&SecretsManagerClient::ListSecrets, request); } /** * An Async wrapper for ListSecrets that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void ListSecretsAsync(const ListSecretsRequestT& request, const ListSecretsResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::ListSecrets, request, handler, context); } /** *

Attaches a resource-based permission policy to a secret. A resource-based * policy is optional. For more information, see Authentication * and access control for Secrets Manager

For information about * attaching a policy in the console, see Attach * a permissions policy to a secret.

Secrets Manager generates a * CloudTrail log entry when you call this action. Do not include sensitive * information in request parameters because it might be logged. For more * information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:PutResourcePolicy. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::PutResourcePolicyOutcome PutResourcePolicy(const Model::PutResourcePolicyRequest& request) const; /** * A Callable wrapper for PutResourcePolicy that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::PutResourcePolicyOutcomeCallable PutResourcePolicyCallable(const PutResourcePolicyRequestT& request) const { return SubmitCallable(&SecretsManagerClient::PutResourcePolicy, request); } /** * An Async wrapper for PutResourcePolicy that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void PutResourcePolicyAsync(const PutResourcePolicyRequestT& request, const PutResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::PutResourcePolicy, request, handler, context); } /** *

Creates a new version with a new encrypted secret value and attaches it to * the secret. The version can contain a new SecretString value or a * new SecretBinary value.

We recommend you avoid calling * PutSecretValue at a sustained rate of more than once every 10 * minutes. When you update the secret value, Secrets Manager creates a new version * of the secret. Secrets Manager removes outdated versions when there are more * than 100, but it does not remove versions created less than 24 hours ago. If you * call PutSecretValue more than once every 10 minutes, you create * more versions than Secrets Manager removes, and you will reach the quota for * secret versions.

You can specify the staging labels to attach to the new * version in VersionStages. If you don't include * VersionStages, then Secrets Manager automatically moves the staging * label AWSCURRENT to this version. If this operation creates the * first version for the secret, then Secrets Manager automatically attaches the * staging label AWSCURRENT to it. If this operation moves the staging * label AWSCURRENT from another version to this version, then Secrets * Manager also automatically moves the staging label AWSPREVIOUS to * the version that AWSCURRENT was removed from.

This operation * is idempotent. If you call this operation with a ClientRequestToken * that matches an existing version's VersionId, and you specify the same secret * data, the operation succeeds but does nothing. However, if the secret data is * different, then the operation fails because you can't modify an existing * version; you can only create new ones.

Secrets Manager generates a * CloudTrail log entry when you call this action. Do not include sensitive * information in request parameters except SecretBinary or * SecretString because it might be logged. For more information, see * Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:PutSecretValue. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::PutSecretValueOutcome PutSecretValue(const Model::PutSecretValueRequest& request) const; /** * A Callable wrapper for PutSecretValue that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::PutSecretValueOutcomeCallable PutSecretValueCallable(const PutSecretValueRequestT& request) const { return SubmitCallable(&SecretsManagerClient::PutSecretValue, request); } /** * An Async wrapper for PutSecretValue that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void PutSecretValueAsync(const PutSecretValueRequestT& request, const PutSecretValueResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::PutSecretValue, request, handler, context); } /** *

For a secret that is replicated to other Regions, deletes the secret replicas * from the Regions you specify.

Secrets Manager generates a CloudTrail log * entry when you call this action. Do not include sensitive information in request * parameters because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:RemoveRegionsFromReplication. For more * information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::RemoveRegionsFromReplicationOutcome RemoveRegionsFromReplication(const Model::RemoveRegionsFromReplicationRequest& request) const; /** * A Callable wrapper for RemoveRegionsFromReplication that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::RemoveRegionsFromReplicationOutcomeCallable RemoveRegionsFromReplicationCallable(const RemoveRegionsFromReplicationRequestT& request) const { return SubmitCallable(&SecretsManagerClient::RemoveRegionsFromReplication, request); } /** * An Async wrapper for RemoveRegionsFromReplication that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void RemoveRegionsFromReplicationAsync(const RemoveRegionsFromReplicationRequestT& request, const RemoveRegionsFromReplicationResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::RemoveRegionsFromReplication, request, handler, context); } /** *

Replicates the secret to a new Regions. See Multi-Region * secrets.

Secrets Manager generates a CloudTrail log entry when you * call this action. Do not include sensitive information in request parameters * because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:ReplicateSecretToRegions. For more information, * see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::ReplicateSecretToRegionsOutcome ReplicateSecretToRegions(const Model::ReplicateSecretToRegionsRequest& request) const; /** * A Callable wrapper for ReplicateSecretToRegions that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::ReplicateSecretToRegionsOutcomeCallable ReplicateSecretToRegionsCallable(const ReplicateSecretToRegionsRequestT& request) const { return SubmitCallable(&SecretsManagerClient::ReplicateSecretToRegions, request); } /** * An Async wrapper for ReplicateSecretToRegions that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void ReplicateSecretToRegionsAsync(const ReplicateSecretToRegionsRequestT& request, const ReplicateSecretToRegionsResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::ReplicateSecretToRegions, request, handler, context); } /** *

Cancels the scheduled deletion of a secret by removing the * DeletedDate time stamp. You can access a secret again after it has * been restored.

Secrets Manager generates a CloudTrail log entry when you * call this action. Do not include sensitive information in request parameters * because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:RestoreSecret. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::RestoreSecretOutcome RestoreSecret(const Model::RestoreSecretRequest& request) const; /** * A Callable wrapper for RestoreSecret that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::RestoreSecretOutcomeCallable RestoreSecretCallable(const RestoreSecretRequestT& request) const { return SubmitCallable(&SecretsManagerClient::RestoreSecret, request); } /** * An Async wrapper for RestoreSecret that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void RestoreSecretAsync(const RestoreSecretRequestT& request, const RestoreSecretResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::RestoreSecret, request, handler, context); } /** *

Configures and starts the asynchronous process of rotating the secret. For * information about rotation, see Rotate * secrets in the Secrets Manager User Guide. If you include the * configuration parameters, the operation sets the values for the secret and then * immediately starts a rotation. If you don't include the configuration * parameters, the operation starts a rotation with the values already stored in * the secret.

When rotation is successful, the AWSPENDING * staging label might be attached to the same version as the * AWSCURRENT version, or it might not be attached to any version. If * the AWSPENDING staging label is present but not attached to the * same version as AWSCURRENT, then any later invocation of * RotateSecret assumes that a previous rotation request is still in * progress and returns an error. When rotation is unsuccessful, the * AWSPENDING staging label might be attached to an empty secret * version. For more information, see Troubleshoot * rotation in the Secrets Manager User Guide.

Secrets Manager * generates a CloudTrail log entry when you call this action. Do not include * sensitive information in request parameters because it might be logged. For more * information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:RotateSecret. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager. You also need * lambda:InvokeFunction permissions on the rotation function. For * more information, see * Permissions for rotation.

See Also:

AWS * API Reference

*/ virtual Model::RotateSecretOutcome RotateSecret(const Model::RotateSecretRequest& request) const; /** * A Callable wrapper for RotateSecret that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::RotateSecretOutcomeCallable RotateSecretCallable(const RotateSecretRequestT& request) const { return SubmitCallable(&SecretsManagerClient::RotateSecret, request); } /** * An Async wrapper for RotateSecret that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void RotateSecretAsync(const RotateSecretRequestT& request, const RotateSecretResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::RotateSecret, request, handler, context); } /** *

Removes the link between the replica secret and the primary secret and * promotes the replica to a primary secret in the replica Region.

You must * call this operation from the Region in which you want to promote the replica to * a primary secret.

Secrets Manager generates a CloudTrail log entry when * you call this action. Do not include sensitive information in request parameters * because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:StopReplicationToReplica. For more information, * see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::StopReplicationToReplicaOutcome StopReplicationToReplica(const Model::StopReplicationToReplicaRequest& request) const; /** * A Callable wrapper for StopReplicationToReplica that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::StopReplicationToReplicaOutcomeCallable StopReplicationToReplicaCallable(const StopReplicationToReplicaRequestT& request) const { return SubmitCallable(&SecretsManagerClient::StopReplicationToReplica, request); } /** * An Async wrapper for StopReplicationToReplica that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void StopReplicationToReplicaAsync(const StopReplicationToReplicaRequestT& request, const StopReplicationToReplicaResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::StopReplicationToReplica, request, handler, context); } /** *

Attaches tags to a secret. Tags consist of a key name and a value. Tags are * part of the secret's metadata. They are not associated with specific versions of * the secret. This operation appends tags to the existing list of tags.

The * following restrictions apply to tags:

  • Maximum number of tags * per secret: 50

  • Maximum key length: 127 Unicode characters in * UTF-8

  • Maximum value length: 255 Unicode characters in * UTF-8

  • Tag keys and values are case sensitive.

  • *

    Do not use the aws: prefix in your tag names or values because * Amazon Web Services reserves it for Amazon Web Services use. You can't edit or * delete tag names or values with this prefix. Tags with this prefix do not count * against your tags per secret limit.

  • If you use your tagging * schema across multiple services and resources, other services might have * restrictions on allowed characters. Generally allowed characters: letters, * spaces, and numbers representable in UTF-8, plus the following special * characters: + - = . _ : / @.

If you use tags as * part of your security strategy, then adding or removing a tag can change * permissions. If successfully completing this operation would result in you * losing your permissions for this secret, then the operation is blocked and * returns an Access Denied error.

Secrets Manager generates a * CloudTrail log entry when you call this action. Do not include sensitive * information in request parameters because it might be logged. For more * information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:TagResource. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::TagResourceOutcome TagResource(const Model::TagResourceRequest& request) const; /** * A Callable wrapper for TagResource that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::TagResourceOutcomeCallable TagResourceCallable(const TagResourceRequestT& request) const { return SubmitCallable(&SecretsManagerClient::TagResource, request); } /** * An Async wrapper for TagResource that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void TagResourceAsync(const TagResourceRequestT& request, const TagResourceResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::TagResource, request, handler, context); } /** *

Removes specific tags from a secret.

This operation is idempotent. If * a requested tag is not attached to the secret, no error is returned and the * secret metadata is unchanged.

If you use tags as part of your * security strategy, then removing a tag can change permissions. If successfully * completing this operation would result in you losing your permissions for this * secret, then the operation is blocked and returns an Access Denied error.

*

Secrets Manager generates a CloudTrail log entry when you call * this action. Do not include sensitive information in request parameters because * it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:UntagResource. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::UntagResourceOutcome UntagResource(const Model::UntagResourceRequest& request) const; /** * A Callable wrapper for UntagResource that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::UntagResourceOutcomeCallable UntagResourceCallable(const UntagResourceRequestT& request) const { return SubmitCallable(&SecretsManagerClient::UntagResource, request); } /** * An Async wrapper for UntagResource that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void UntagResourceAsync(const UntagResourceRequestT& request, const UntagResourceResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::UntagResource, request, handler, context); } /** *

Modifies the details of a secret, including metadata and the secret value. To * change the secret value, you can also use PutSecretValue.

To * change the rotation configuration of a secret, use RotateSecret * instead.

To change a secret so that it is managed by another service, you * need to recreate the secret in that service. See Secrets * Manager secrets managed by other Amazon Web Services services.

We * recommend you avoid calling UpdateSecret at a sustained rate of * more than once every 10 minutes. When you call UpdateSecret to * update the secret value, Secrets Manager creates a new version of the secret. * Secrets Manager removes outdated versions when there are more than 100, but it * does not remove versions created less than 24 hours ago. If you update the * secret value more than once every 10 minutes, you create more versions than * Secrets Manager removes, and you will reach the quota for secret versions.

*

If you include SecretString or SecretBinary to * create a new secret version, Secrets Manager automatically moves the staging * label AWSCURRENT to the new version. Then it attaches the label * AWSPREVIOUS to the version that AWSCURRENT was removed * from.

If you call this operation with a ClientRequestToken * that matches an existing version's VersionId, the operation results * in an error. You can't modify an existing version, you can only create a new * version. To remove a version, remove all staging labels from it. See * UpdateSecretVersionStage.

Secrets Manager generates a CloudTrail * log entry when you call this action. Do not include sensitive information in * request parameters except SecretBinary or SecretString * because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:UpdateSecret. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager. If you use a customer managed key, * you must also have kms:GenerateDataKey, kms:Encrypt, * and kms:Decrypt permissions on the key. If you change the KMS key * and you don't have kms:Encrypt permission to the new key, Secrets * Manager does not re-ecrypt existing secret versions with the new key. For more * information, see * Secret encryption and decryption.

See Also:

AWS * API Reference

*/ virtual Model::UpdateSecretOutcome UpdateSecret(const Model::UpdateSecretRequest& request) const; /** * A Callable wrapper for UpdateSecret that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::UpdateSecretOutcomeCallable UpdateSecretCallable(const UpdateSecretRequestT& request) const { return SubmitCallable(&SecretsManagerClient::UpdateSecret, request); } /** * An Async wrapper for UpdateSecret that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void UpdateSecretAsync(const UpdateSecretRequestT& request, const UpdateSecretResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::UpdateSecret, request, handler, context); } /** *

Modifies the staging labels attached to a version of a secret. Secrets * Manager uses staging labels to track a version as it progresses through the * secret rotation process. Each staging label can be attached to only one version * at a time. To add a staging label to a version when it is already attached to * another version, Secrets Manager first removes it from the other version first * and then attaches it to this one. For more information about versions and * staging labels, see Concepts: * Version.

The staging labels that you specify in the * VersionStage parameter are added to the existing list of staging * labels for the version.

You can move the AWSCURRENT staging * label to this version by including it in this call.

Whenever you * move AWSCURRENT, Secrets Manager automatically moves the label * AWSPREVIOUS to the version that AWSCURRENT was removed * from.

If this action results in the last label being removed from * a version, then the version is considered to be 'deprecated' and can be deleted * by Secrets Manager.

Secrets Manager generates a CloudTrail log entry when * you call this action. Do not include sensitive information in request parameters * because it might be logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:UpdateSecretVersionStage. For more information, * see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::UpdateSecretVersionStageOutcome UpdateSecretVersionStage(const Model::UpdateSecretVersionStageRequest& request) const; /** * A Callable wrapper for UpdateSecretVersionStage that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::UpdateSecretVersionStageOutcomeCallable UpdateSecretVersionStageCallable(const UpdateSecretVersionStageRequestT& request) const { return SubmitCallable(&SecretsManagerClient::UpdateSecretVersionStage, request); } /** * An Async wrapper for UpdateSecretVersionStage that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void UpdateSecretVersionStageAsync(const UpdateSecretVersionStageRequestT& request, const UpdateSecretVersionStageResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::UpdateSecretVersionStage, request, handler, context); } /** *

Validates that a resource policy does not grant a wide range of principals * access to your secret. A resource-based policy is optional for secrets.

*

The API performs three checks when validating the policy:

  • *

    Sends a call to Zelkova, * an automated reasoning engine, to ensure your resource policy does not allow * broad access to your secret, for example policies that use a wildcard for the * principal.

  • Checks for correct syntax in a policy.

    • *

  • Verifies the policy does not lock out a caller.

*

Secrets Manager generates a CloudTrail log entry when you call this action. * Do not include sensitive information in request parameters because it might be * logged. For more information, see Logging * Secrets Manager events with CloudTrail.

Required permissions: * secretsmanager:ValidateResourcePolicy and * secretsmanager:PutResourcePolicy. For more information, see * IAM policy actions for Secrets Manager and Authentication * and access control in Secrets Manager.

See Also:

AWS * API Reference

*/ virtual Model::ValidateResourcePolicyOutcome ValidateResourcePolicy(const Model::ValidateResourcePolicyRequest& request) const; /** * A Callable wrapper for ValidateResourcePolicy that returns a future to the operation so that it can be executed in parallel to other requests. */ template Model::ValidateResourcePolicyOutcomeCallable ValidateResourcePolicyCallable(const ValidateResourcePolicyRequestT& request) const { return SubmitCallable(&SecretsManagerClient::ValidateResourcePolicy, request); } /** * An Async wrapper for ValidateResourcePolicy that queues the request into a thread executor and triggers associated callback when operation has finished. */ template void ValidateResourcePolicyAsync(const ValidateResourcePolicyRequestT& request, const ValidateResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const { return SubmitAsync(&SecretsManagerClient::ValidateResourcePolicy, request, handler, context); } void OverrideEndpoint(const Aws::String& endpoint); std::shared_ptr& accessEndpointProvider(); private: friend class Aws::Client::ClientWithAsyncTemplateMethods; void init(const SecretsManagerClientConfiguration& clientConfiguration); SecretsManagerClientConfiguration m_clientConfiguration; std::shared_ptr m_executor; std::shared_ptr m_endpointProvider; }; } // namespace SecretsManager } // namespace Aws