All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.services.secretsmanager.AWSSecretsManagerClient Maven / Gradle / Ivy

Go to download

The AWS Java SDK for AWS Secrets Manager module holds the client classes that are used for communicating with AWS Secrets Manager Service

There is a newer version: 1.12.780
Show newest version
/*
 * Copyright 2017-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */
package com.amazonaws.services.secretsmanager;

import org.w3c.dom.*;

import java.net.*;
import java.util.*;

import javax.annotation.Generated;

import org.apache.commons.logging.*;

import com.amazonaws.*;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.auth.*;

import com.amazonaws.handlers.*;
import com.amazonaws.http.*;
import com.amazonaws.internal.*;
import com.amazonaws.internal.auth.*;
import com.amazonaws.metrics.*;
import com.amazonaws.regions.*;
import com.amazonaws.transform.*;
import com.amazonaws.util.*;
import com.amazonaws.protocol.json.*;
import com.amazonaws.util.AWSRequestMetrics.Field;
import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.client.AwsSyncClientParams;
import com.amazonaws.client.builder.AdvancedConfig;

import com.amazonaws.services.secretsmanager.AWSSecretsManagerClientBuilder;

import com.amazonaws.AmazonServiceException;

import com.amazonaws.services.secretsmanager.model.*;
import com.amazonaws.services.secretsmanager.model.transform.*;

/**
 * Client for accessing AWS Secrets Manager. All service calls made using this client are blocking, and will not return
 * until the service call completes.
 * 

* Amazon Web Services Secrets Manager *

* Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets. *

*

* This guide provides descriptions of the Secrets Manager API. For more information about using this service, see the * Amazon Web Services Secrets * Manager User Guide. *

*

* API Version *

*

* This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17. *

*

* Support and Feedback for Amazon Web Services Secrets Manager *

*

* We welcome your feedback. Send your comments to [email protected], or post your feedback * and questions in the Amazon Web Services Secrets * Manager Discussion Forum. For more information about the Amazon Web Services Discussion Forums, see Forums Help. *

*

* Logging API Requests *

*

* Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service that records Amazon Web * Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using * information that's collected by Amazon Web Services CloudTrail, you can determine the requests successfully made to * Secrets Manager, who made the request, when it was made, and so on. For more about Amazon Web Services Secrets * Manager and support for Amazon Web Services CloudTrail, see Logging * Amazon Web Services Secrets Manager Events with Amazon Web Services CloudTrail in the Amazon Web Services * Secrets Manager User Guide. To learn more about CloudTrail, including enabling it and find your log files, see * the Amazon * Web Services CloudTrail User Guide. *

*/ @ThreadSafe @Generated("com.amazonaws:aws-java-sdk-code-generator") public class AWSSecretsManagerClient extends AmazonWebServiceClient implements AWSSecretsManager { /** Provider for AWS credentials. */ private final AWSCredentialsProvider awsCredentialsProvider; private static final Log log = LogFactory.getLog(AWSSecretsManager.class); /** Default signing name for the service. */ private static final String DEFAULT_SIGNING_NAME = "secretsmanager"; /** Client configuration factory providing ClientConfigurations tailored to this client */ protected static final ClientConfigurationFactory configFactory = new ClientConfigurationFactory(); private final AdvancedConfig advancedConfig; private static final com.amazonaws.protocol.json.SdkJsonProtocolFactory protocolFactory = new com.amazonaws.protocol.json.SdkJsonProtocolFactory( new JsonClientMetadata() .withProtocolVersion("1.1") .withSupportsCbor(false) .withSupportsIon(false) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("EncryptionFailure").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.EncryptionFailureExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("InvalidParameterException").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.InvalidParameterExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("PublicPolicyException").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.PublicPolicyExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("MalformedPolicyDocumentException").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.MalformedPolicyDocumentExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("DecryptionFailure").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.DecryptionFailureExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("InvalidRequestException").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.InvalidRequestExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ResourceNotFoundException").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.ResourceNotFoundExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("InternalServiceError").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.InternalServiceErrorExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("ResourceExistsException").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.ResourceExistsExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("InvalidNextTokenException").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.InvalidNextTokenExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("LimitExceededException").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.LimitExceededExceptionUnmarshaller.getInstance())) .addErrorMetadata( new JsonErrorShapeMetadata().withErrorCode("PreconditionNotMetException").withExceptionUnmarshaller( com.amazonaws.services.secretsmanager.model.transform.PreconditionNotMetExceptionUnmarshaller.getInstance())) .withBaseServiceExceptionClass(com.amazonaws.services.secretsmanager.model.AWSSecretsManagerException.class)); public static AWSSecretsManagerClientBuilder builder() { return AWSSecretsManagerClientBuilder.standard(); } /** * Constructs a new client to invoke service methods on AWS Secrets Manager using the specified parameters. * *

* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param clientParams * Object providing client parameters. */ AWSSecretsManagerClient(AwsSyncClientParams clientParams) { this(clientParams, false); } /** * Constructs a new client to invoke service methods on AWS Secrets Manager using the specified parameters. * *

* All service calls made using this new client object are blocking, and will not return until the service call * completes. * * @param clientParams * Object providing client parameters. */ AWSSecretsManagerClient(AwsSyncClientParams clientParams, boolean endpointDiscoveryEnabled) { super(clientParams); this.awsCredentialsProvider = clientParams.getCredentialsProvider(); this.advancedConfig = clientParams.getAdvancedConfig(); init(); } private void init() { setServiceNameIntern(DEFAULT_SIGNING_NAME); setEndpointPrefix(ENDPOINT_PREFIX); // calling this.setEndPoint(...) will also modify the signer accordingly setEndpoint("secretsmanager.us-east-1.amazonaws.com"); HandlerChainFactory chainFactory = new HandlerChainFactory(); requestHandler2s.addAll(chainFactory.newRequestHandlerChain("/com/amazonaws/services/secretsmanager/request.handlers")); requestHandler2s.addAll(chainFactory.newRequestHandler2Chain("/com/amazonaws/services/secretsmanager/request.handler2s")); requestHandler2s.addAll(chainFactory.getGlobalHandlers()); } /** *

* Turns off automatic rotation, and if a rotation is currently in progress, cancels the rotation. *

*

* If you cancel a rotation in progress, it can leave the VersionStage labels in an unexpected state. * You might need to remove the staging label AWSPENDING from the partially created version. You also * need to determine whether to roll back to the previous version of the secret by moving the staging label * AWSCURRENT to the version that has AWSPENDING. To determine which version has a * specific staging label, call ListSecretVersionIds. Then use UpdateSecretVersionStage to change * staging labels. For more information, see How rotation * works. *

*

* To turn on automatic rotation again, call RotateSecret. *

*

* Required permissions: secretsmanager:CancelRotateSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

* * @param cancelRotateSecretRequest * @return Result of the CancelRotateSecret operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

*

* Possible causes: *

*
    *
  • *

    * The secret is scheduled for deletion. *

    *
  • *
  • *

    * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

    *
  • * @sample AWSSecretsManager.CancelRotateSecret * @see AWS API Documentation */ @Override public CancelRotateSecretResult cancelRotateSecret(CancelRotateSecretRequest request) { request = beforeClientExecution(request); return executeCancelRotateSecret(request); } @SdkInternalApi final CancelRotateSecretResult executeCancelRotateSecret(CancelRotateSecretRequest cancelRotateSecretRequest) { ExecutionContext executionContext = createExecutionContext(cancelRotateSecretRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new CancelRotateSecretRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(cancelRotateSecretRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CancelRotateSecret"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CancelRotateSecretResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

    * Creates a new secret. A secret can be a password, a set of credentials such as a user name and password, * an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager. The secret * also includes the connection information to access a database or other service, which Secrets Manager doesn't * encrypt. A secret in Secrets Manager consists of both the protected secret data and the important information * needed to manage the secret. *

    *

    * For information about creating a secret in the console, see Create a * secret. *

    *

    * To create a secret, you can provide the secret value to be encrypted in either the SecretString * parameter or the SecretBinary parameter, but not both. If you include SecretString or * SecretBinary then Secrets Manager creates an initial secret version and automatically attaches the * staging label AWSCURRENT to it. *

    *

    * For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must make * sure the JSON you store in the SecretString matches the JSON * structure of a database secret. *

    *

    * If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key * aws/secretsmanager. If this key doesn't already exist in your account, then Secrets Manager creates * it for you automatically. All users and roles in the Amazon Web Services account automatically have access to use * aws/secretsmanager. Creating aws/secretsmanager can result in a one-time significant * delay in returning the result. *

    *

    * If the secret is in a different Amazon Web Services account from the credentials calling the API, then you can't * use aws/secretsmanager to encrypt the secret, and you must create and use a customer managed KMS * key. *

    *

    * Required permissions: secretsmanager:CreateSecret. If you include tags in the secret, you * also need secretsmanager:TagResource. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

    *

    * To encrypt the secret with a KMS key other than aws/secretsmanager, you need * kms:GenerateDataKey and kms:Decrypt permission to the key. *

    * * @param createSecretRequest * @return Result of the CreateSecret operation returned by the service. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

    *

    * Possible causes: *

    *
      *
    • *

      * The secret is scheduled for deletion. *

      *
    • *
    • *

      * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

      *
    • * @throws LimitExceededException * The request failed because it would exceed one of the Secrets Manager quotas. * @throws EncryptionFailureException * Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the KMS * key is available, enabled, and not in an invalid state. For more information, see Key state: Effect on your KMS * key. * @throws ResourceExistsException * A resource with the ID you requested already exists. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws MalformedPolicyDocumentException * The resource policy has syntax errors. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws PreconditionNotMetException * The request failed because you did not complete all the prerequisite steps. * @throws DecryptionFailureException * Secrets Manager can't decrypt the protected secret text using the provided KMS key. * @sample AWSSecretsManager.CreateSecret * @see AWS * API Documentation */ @Override public CreateSecretResult createSecret(CreateSecretRequest request) { request = beforeClientExecution(request); return executeCreateSecret(request); } @SdkInternalApi final CreateSecretResult executeCreateSecret(CreateSecretRequest createSecretRequest) { ExecutionContext executionContext = createExecutionContext(createSecretRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new CreateSecretRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(createSecretRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "CreateSecret"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new CreateSecretResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

      * Deletes the resource-based permission policy attached to the secret. To attach a policy to a secret, use * PutResourcePolicy. *

      *

      * Required permissions: secretsmanager:DeleteResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

      * * @param deleteResourcePolicyRequest * @return Result of the DeleteResourcePolicy operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

      *

      * Possible causes: *

      *
        *
      • *

        * The secret is scheduled for deletion. *

        *
      • *
      • *

        * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

        *
      • * @throws InvalidParameterException * The parameter name or value is invalid. * @sample AWSSecretsManager.DeleteResourcePolicy * @see AWS API Documentation */ @Override public DeleteResourcePolicyResult deleteResourcePolicy(DeleteResourcePolicyRequest request) { request = beforeClientExecution(request); return executeDeleteResourcePolicy(request); } @SdkInternalApi final DeleteResourcePolicyResult executeDeleteResourcePolicy(DeleteResourcePolicyRequest deleteResourcePolicyRequest) { ExecutionContext executionContext = createExecutionContext(deleteResourcePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new DeleteResourcePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deleteResourcePolicyRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteResourcePolicy"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeleteResourcePolicyResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

        * Deletes a secret and all of its versions. You can specify a recovery window during which you can restore the * secret. The minimum recovery window is 7 days. The default recovery window is 30 days. Secrets Manager attaches a * DeletionDate stamp to the secret that specifies the end of the recovery window. At the end of the * recovery window, Secrets Manager deletes the secret permanently. *

        *

        * You can't delete a primary secret that is replicated to other Regions. You must first delete the replicas using * RemoveRegionsFromReplication, and then delete the primary secret. When you delete a replica, it is deleted * immediately. *

        *

        * You can't directly delete a version of a secret. Instead, you remove all staging labels from the version using * UpdateSecretVersionStage. This marks the version as deprecated, and then Secrets Manager can automatically * delete the version in the background. *

        *

        * To determine whether an application still uses a secret, you can create an Amazon CloudWatch alarm to alert you * to any attempts to access a secret during the recovery window. For more information, see * Monitor secrets scheduled for deletion. *

        *

        * Secrets Manager performs the permanent secret deletion at the end of the waiting period as a background task with * low priority. There is no guarantee of a specific time after the recovery window for the permanent delete to * occur. *

        *

        * At any time before recovery window ends, you can use RestoreSecret to remove the DeletionDate * and cancel the deletion of the secret. *

        *

        * When a secret is scheduled for deletion, you cannot retrieve the secret value. You must first cancel the deletion * with RestoreSecret and then you can retrieve the secret. *

        *

        * Required permissions: secretsmanager:DeleteSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

        * * @param deleteSecretRequest * @return Result of the DeleteSecret operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

        *

        * Possible causes: *

        *
          *
        • *

          * The secret is scheduled for deletion. *

          *
        • *
        • *

          * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

          *
        • * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.DeleteSecret * @see AWS * API Documentation */ @Override public DeleteSecretResult deleteSecret(DeleteSecretRequest request) { request = beforeClientExecution(request); return executeDeleteSecret(request); } @SdkInternalApi final DeleteSecretResult executeDeleteSecret(DeleteSecretRequest deleteSecretRequest) { ExecutionContext executionContext = createExecutionContext(deleteSecretRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new DeleteSecretRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(deleteSecretRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DeleteSecret"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DeleteSecretResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

          * Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager only returns * fields that have a value in the response. *

          *

          * Required permissions: secretsmanager:DescribeSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

          * * @param describeSecretRequest * @return Result of the DescribeSecret operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws InvalidParameterException * The parameter name or value is invalid. * @sample AWSSecretsManager.DescribeSecret * @see AWS * API Documentation */ @Override public DescribeSecretResult describeSecret(DescribeSecretRequest request) { request = beforeClientExecution(request); return executeDescribeSecret(request); } @SdkInternalApi final DescribeSecretResult executeDescribeSecret(DescribeSecretRequest describeSecretRequest) { ExecutionContext executionContext = createExecutionContext(describeSecretRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new DescribeSecretRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(describeSecretRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "DescribeSecret"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new DescribeSecretResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

          * Generates a random password. We recommend that you specify the maximum length and include every character type * that the system you are generating a password for can support. *

          *

          * Required permissions: secretsmanager:GetRandomPassword. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

          * * @param getRandomPasswordRequest * @return Result of the GetRandomPassword operation returned by the service. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

          *

          * Possible causes: *

          *
            *
          • *

            * The secret is scheduled for deletion. *

            *
          • *
          • *

            * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

            *
          • * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.GetRandomPassword * @see AWS API Documentation */ @Override public GetRandomPasswordResult getRandomPassword(GetRandomPasswordRequest request) { request = beforeClientExecution(request); return executeGetRandomPassword(request); } @SdkInternalApi final GetRandomPasswordResult executeGetRandomPassword(GetRandomPasswordRequest getRandomPasswordRequest) { ExecutionContext executionContext = createExecutionContext(getRandomPasswordRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new GetRandomPasswordRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getRandomPasswordRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetRandomPassword"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetRandomPasswordResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

            * Retrieves the JSON text of the resource-based policy document attached to the secret. For more information about * permissions policies attached to a secret, see Permissions policies attached to a secret. *

            *

            * Required permissions: secretsmanager:GetResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

            * * @param getResourcePolicyRequest * @return Result of the GetResourcePolicy operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

            *

            * Possible causes: *

            *
              *
            • *

              * The secret is scheduled for deletion. *

              *
            • *
            • *

              * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

              *
            • * @throws InvalidParameterException * The parameter name or value is invalid. * @sample AWSSecretsManager.GetResourcePolicy * @see AWS API Documentation */ @Override public GetResourcePolicyResult getResourcePolicy(GetResourcePolicyRequest request) { request = beforeClientExecution(request); return executeGetResourcePolicy(request); } @SdkInternalApi final GetResourcePolicyResult executeGetResourcePolicy(GetResourcePolicyRequest getResourcePolicyRequest) { ExecutionContext executionContext = createExecutionContext(getResourcePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new GetResourcePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getResourcePolicyRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetResourcePolicy"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetResourcePolicyResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

              * Retrieves the contents of the encrypted fields SecretString or SecretBinary from the * specified version of a secret, whichever contains content. *

              *

              * We recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and * reduces your costs. For more information, see Cache secrets for your * applications. *

              *

              * Required permissions: secretsmanager:GetSecretValue. If the secret is encrypted using a * customer-managed key instead of the Amazon Web Services managed key aws/secretsmanager, then you * also need kms:Decrypt permissions for that key. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

              * * @param getSecretValueRequest * @return Result of the GetSecretValue operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

              *

              * Possible causes: *

              *
                *
              • *

                * The secret is scheduled for deletion. *

                *
              • *
              • *

                * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                *
              • * @throws DecryptionFailureException * Secrets Manager can't decrypt the protected secret text using the provided KMS key. * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.GetSecretValue * @see AWS * API Documentation */ @Override public GetSecretValueResult getSecretValue(GetSecretValueRequest request) { request = beforeClientExecution(request); return executeGetSecretValue(request); } @SdkInternalApi final GetSecretValueResult executeGetSecretValue(GetSecretValueRequest getSecretValueRequest) { ExecutionContext executionContext = createExecutionContext(getSecretValueRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new GetSecretValueRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(getSecretValueRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "GetSecretValue"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new GetSecretValueResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                * Lists the versions of a secret. Secrets Manager uses staging labels to indicate the different versions of a * secret. For more information, see Secrets * Manager concepts: Versions. *

                *

                * To list the secrets in the account, use ListSecrets. *

                *

                * Required permissions: secretsmanager:ListSecretVersionIds. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                * * @param listSecretVersionIdsRequest * @return Result of the ListSecretVersionIds operation returned by the service. * @throws InvalidNextTokenException * The NextToken value is invalid. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws InvalidParameterException * The parameter name or value is invalid. * @sample AWSSecretsManager.ListSecretVersionIds * @see AWS API Documentation */ @Override public ListSecretVersionIdsResult listSecretVersionIds(ListSecretVersionIdsRequest request) { request = beforeClientExecution(request); return executeListSecretVersionIds(request); } @SdkInternalApi final ListSecretVersionIdsResult executeListSecretVersionIds(ListSecretVersionIdsRequest listSecretVersionIdsRequest) { ExecutionContext executionContext = createExecutionContext(listSecretVersionIdsRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new ListSecretVersionIdsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listSecretVersionIdsRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListSecretVersionIds"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListSecretVersionIdsResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                * Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets * that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console. *

                *

                * To list the versions of a secret, use ListSecretVersionIds. *

                *

                * To get the secret value from SecretString or SecretBinary, call GetSecretValue. *

                *

                * For information about finding secrets in the console, see Find secrets in * Secrets Manager. *

                *

                * Required permissions: secretsmanager:ListSecrets. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                * * @param listSecretsRequest * @return Result of the ListSecrets operation returned by the service. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InvalidNextTokenException * The NextToken value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.ListSecrets * @see AWS API * Documentation */ @Override public ListSecretsResult listSecrets(ListSecretsRequest request) { request = beforeClientExecution(request); return executeListSecrets(request); } @SdkInternalApi final ListSecretsResult executeListSecrets(ListSecretsRequest listSecretsRequest) { ExecutionContext executionContext = createExecutionContext(listSecretsRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new ListSecretsRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(listSecretsRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ListSecrets"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ListSecretsResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                * Attaches a resource-based permission policy to a secret. A resource-based policy is optional. For more * information, see Authentication and access * control for Secrets Manager *

                *

                * For information about attaching a policy in the console, see Attach a permissions policy to a secret. *

                *

                * Required permissions: secretsmanager:PutResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                * * @param putResourcePolicyRequest * @return Result of the PutResourcePolicy operation returned by the service. * @throws MalformedPolicyDocumentException * The resource policy has syntax errors. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                *

                * Possible causes: *

                *
                  *
                • *

                  * The secret is scheduled for deletion. *

                  *
                • *
                • *

                  * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                  *
                • * @throws PublicPolicyException * The BlockPublicPolicy parameter is set to true, and the resource policy did not prevent * broad access to the secret. * @sample AWSSecretsManager.PutResourcePolicy * @see AWS API Documentation */ @Override public PutResourcePolicyResult putResourcePolicy(PutResourcePolicyRequest request) { request = beforeClientExecution(request); return executePutResourcePolicy(request); } @SdkInternalApi final PutResourcePolicyResult executePutResourcePolicy(PutResourcePolicyRequest putResourcePolicyRequest) { ExecutionContext executionContext = createExecutionContext(putResourcePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new PutResourcePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(putResourcePolicyRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "PutResourcePolicy"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new PutResourcePolicyResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                  * Creates a new version with a new encrypted secret value and attaches it to the secret. The version can contain a * new SecretString value or a new SecretBinary value. *

                  *

                  * We recommend you avoid calling PutSecretValue at a sustained rate of more than once every 10 * minutes. When you update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager * removes outdated versions when there are more than 100, but it does not remove versions created less than 24 * hours ago. If you call PutSecretValue more than once every 10 minutes, you create more versions than * Secrets Manager removes, and you will reach the quota for secret versions. *

                  *

                  * You can specify the staging labels to attach to the new version in VersionStages. If you don't * include VersionStages, then Secrets Manager automatically moves the staging label * AWSCURRENT to this version. If this operation creates the first version for the secret, then Secrets * Manager automatically attaches the staging label AWSCURRENT to it . *

                  *

                  * If this operation moves the staging label AWSCURRENT from another version to this version, then * Secrets Manager also automatically moves the staging label AWSPREVIOUS to the version that * AWSCURRENT was removed from. *

                  *

                  * This operation is idempotent. If a version with a VersionId with the same value as the * ClientRequestToken parameter already exists, and you specify the same secret data, the operation * succeeds but does nothing. However, if the secret data is different, then the operation fails because you can't * modify an existing version; you can only create new ones. *

                  *

                  * Required permissions: secretsmanager:PutSecretValue. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                  * * @param putSecretValueRequest * @return Result of the PutSecretValue operation returned by the service. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                  *

                  * Possible causes: *

                  *
                    *
                  • *

                    * The secret is scheduled for deletion. *

                    *
                  • *
                  • *

                    * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                    *
                  • * @throws LimitExceededException * The request failed because it would exceed one of the Secrets Manager quotas. * @throws EncryptionFailureException * Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the KMS * key is available, enabled, and not in an invalid state. For more information, see Key state: Effect on your KMS * key. * @throws ResourceExistsException * A resource with the ID you requested already exists. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws DecryptionFailureException * Secrets Manager can't decrypt the protected secret text using the provided KMS key. * @sample AWSSecretsManager.PutSecretValue * @see AWS * API Documentation */ @Override public PutSecretValueResult putSecretValue(PutSecretValueRequest request) { request = beforeClientExecution(request); return executePutSecretValue(request); } @SdkInternalApi final PutSecretValueResult executePutSecretValue(PutSecretValueRequest putSecretValueRequest) { ExecutionContext executionContext = createExecutionContext(putSecretValueRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new PutSecretValueRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(putSecretValueRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "PutSecretValue"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new PutSecretValueResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                    * For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify. *

                    *

                    * Required permissions: secretsmanager:RemoveRegionsFromReplication. For more information, see * IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                    * * @param removeRegionsFromReplicationRequest * @return Result of the RemoveRegionsFromReplication operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                    *

                    * Possible causes: *

                    *
                      *
                    • *

                      * The secret is scheduled for deletion. *

                      *
                    • *
                    • *

                      * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                      *
                    • * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.RemoveRegionsFromReplication * @see AWS API Documentation */ @Override public RemoveRegionsFromReplicationResult removeRegionsFromReplication(RemoveRegionsFromReplicationRequest request) { request = beforeClientExecution(request); return executeRemoveRegionsFromReplication(request); } @SdkInternalApi final RemoveRegionsFromReplicationResult executeRemoveRegionsFromReplication(RemoveRegionsFromReplicationRequest removeRegionsFromReplicationRequest) { ExecutionContext executionContext = createExecutionContext(removeRegionsFromReplicationRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new RemoveRegionsFromReplicationRequestProtocolMarshaller(protocolFactory).marshall(super .beforeMarshalling(removeRegionsFromReplicationRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "RemoveRegionsFromReplication"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new RemoveRegionsFromReplicationResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                      * Replicates the secret to a new Regions. See Multi-Region secrets. *

                      *

                      * Required permissions: secretsmanager:ReplicateSecretToRegions. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                      * * @param replicateSecretToRegionsRequest * @return Result of the ReplicateSecretToRegions operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                      *

                      * Possible causes: *

                      *
                        *
                      • *

                        * The secret is scheduled for deletion. *

                        *
                      • *
                      • *

                        * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                        *
                      • * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.ReplicateSecretToRegions * @see AWS API Documentation */ @Override public ReplicateSecretToRegionsResult replicateSecretToRegions(ReplicateSecretToRegionsRequest request) { request = beforeClientExecution(request); return executeReplicateSecretToRegions(request); } @SdkInternalApi final ReplicateSecretToRegionsResult executeReplicateSecretToRegions(ReplicateSecretToRegionsRequest replicateSecretToRegionsRequest) { ExecutionContext executionContext = createExecutionContext(replicateSecretToRegionsRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new ReplicateSecretToRegionsRequestProtocolMarshaller(protocolFactory).marshall(super .beforeMarshalling(replicateSecretToRegionsRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ReplicateSecretToRegions"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ReplicateSecretToRegionsResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                        * Cancels the scheduled deletion of a secret by removing the DeletedDate time stamp. You can access a * secret again after it has been restored. *

                        *

                        * Required permissions: secretsmanager:RestoreSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                        * * @param restoreSecretRequest * @return Result of the RestoreSecret operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                        *

                        * Possible causes: *

                        *
                          *
                        • *

                          * The secret is scheduled for deletion. *

                          *
                        • *
                        • *

                          * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                          *
                        • * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.RestoreSecret * @see AWS * API Documentation */ @Override public RestoreSecretResult restoreSecret(RestoreSecretRequest request) { request = beforeClientExecution(request); return executeRestoreSecret(request); } @SdkInternalApi final RestoreSecretResult executeRestoreSecret(RestoreSecretRequest restoreSecretRequest) { ExecutionContext executionContext = createExecutionContext(restoreSecretRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new RestoreSecretRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(restoreSecretRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "RestoreSecret"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new RestoreSecretResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                          * Configures and starts the asynchronous process of rotating the secret. For more information about rotation, see * Rotate secrets. *

                          *

                          * If you include the configuration parameters, the operation sets the values for the secret and then immediately * starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the * values already stored in the secret. *

                          *

                          * For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must make * sure the secret value is in the JSON * structure of a database secret. In particular, if you want to use the alternating users strategy, your secret must contain the ARN of a superuser secret. *

                          *

                          * To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule for the * rotation. The Lambda rotation function creates a new version of the secret and creates or updates the credentials * on the database or service to match. After testing the new credentials, the function marks the new secret version * with the staging label AWSCURRENT. Then anyone who retrieves the secret gets the new version. For * more information, see How rotation * works. *

                          *

                          * You can create the Lambda rotation function based on the rotation function templates that Secrets Manager provides. Choose a template that matches your Rotation * strategy. *

                          *

                          * When rotation is successful, the AWSPENDING staging label might be attached to the same version as * the AWSCURRENT version, or it might not be attached to any version. If the AWSPENDING * staging label is present but not attached to the same version as AWSCURRENT, then any later * invocation of RotateSecret assumes that a previous rotation request is still in progress and returns * an error. *

                          *

                          * Required permissions: secretsmanager:RotateSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. You also need lambda:InvokeFunction permissions on the rotation * function. For more information, see Permissions for rotation. *

                          * * @param rotateSecretRequest * @return Result of the RotateSecret operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                          *

                          * Possible causes: *

                          *
                            *
                          • *

                            * The secret is scheduled for deletion. *

                            *
                          • *
                          • *

                            * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                            *
                          • * @sample AWSSecretsManager.RotateSecret * @see AWS * API Documentation */ @Override public RotateSecretResult rotateSecret(RotateSecretRequest request) { request = beforeClientExecution(request); return executeRotateSecret(request); } @SdkInternalApi final RotateSecretResult executeRotateSecret(RotateSecretRequest rotateSecretRequest) { ExecutionContext executionContext = createExecutionContext(rotateSecretRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new RotateSecretRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(rotateSecretRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "RotateSecret"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new RotateSecretResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                            * Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret * in the replica Region. *

                            *

                            * You must call this operation from the Region in which you want to promote the replica to a primary secret. *

                            *

                            * Required permissions: secretsmanager:StopReplicationToReplica. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                            * * @param stopReplicationToReplicaRequest * @return Result of the StopReplicationToReplica operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                            *

                            * Possible causes: *

                            *
                              *
                            • *

                              * The secret is scheduled for deletion. *

                              *
                            • *
                            • *

                              * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                              *
                            • * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.StopReplicationToReplica * @see AWS API Documentation */ @Override public StopReplicationToReplicaResult stopReplicationToReplica(StopReplicationToReplicaRequest request) { request = beforeClientExecution(request); return executeStopReplicationToReplica(request); } @SdkInternalApi final StopReplicationToReplicaResult executeStopReplicationToReplica(StopReplicationToReplicaRequest stopReplicationToReplicaRequest) { ExecutionContext executionContext = createExecutionContext(stopReplicationToReplicaRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new StopReplicationToReplicaRequestProtocolMarshaller(protocolFactory).marshall(super .beforeMarshalling(stopReplicationToReplicaRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "StopReplicationToReplica"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new StopReplicationToReplicaResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                              * Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the secret's metadata. They * are not associated with specific versions of the secret. This operation appends tags to the existing list of * tags. *

                              *

                              * The following restrictions apply to tags: *

                              *
                                *
                              • *

                                * Maximum number of tags per secret: 50 *

                                *
                              • *
                              • *

                                * Maximum key length: 127 Unicode characters in UTF-8 *

                                *
                              • *
                              • *

                                * Maximum value length: 255 Unicode characters in UTF-8 *

                                *
                              • *
                              • *

                                * Tag keys and values are case sensitive. *

                                *
                              • *
                              • *

                                * Do not use the aws: prefix in your tag names or values because Amazon Web Services reserves it for * Amazon Web Services use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do * not count against your tags per secret limit. *

                                *
                              • *
                              • *

                                * If you use your tagging schema across multiple services and resources, other services might have restrictions on * allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the * following special characters: + - = . _ : / @. *

                                *
                              • *
                              * *

                              * If you use tags as part of your security strategy, then adding or removing a tag can change permissions. If * successfully completing this operation would result in you losing your permissions for this secret, then the * operation is blocked and returns an Access Denied error. *

                              *
                              *

                              * Required permissions: secretsmanager:TagResource. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                              * * @param tagResourceRequest * @return Result of the TagResource operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                              *

                              * Possible causes: *

                              *
                                *
                              • *

                                * The secret is scheduled for deletion. *

                                *
                              • *
                              • *

                                * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                *
                              • * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.TagResource * @see AWS API * Documentation */ @Override public TagResourceResult tagResource(TagResourceRequest request) { request = beforeClientExecution(request); return executeTagResource(request); } @SdkInternalApi final TagResourceResult executeTagResource(TagResourceRequest tagResourceRequest) { ExecutionContext executionContext = createExecutionContext(tagResourceRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new TagResourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(tagResourceRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "TagResource"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new TagResourceResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                * Removes specific tags from a secret. *

                                *

                                * This operation is idempotent. If a requested tag is not attached to the secret, no error is returned and the * secret metadata is unchanged. *

                                * *

                                * If you use tags as part of your security strategy, then removing a tag can change permissions. If successfully * completing this operation would result in you losing your permissions for this secret, then the operation is * blocked and returns an Access Denied error. *

                                *
                                *

                                * Required permissions: secretsmanager:UntagResource. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                                * * @param untagResourceRequest * @return Result of the UntagResource operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                                *

                                * Possible causes: *

                                *
                                  *
                                • *

                                  * The secret is scheduled for deletion. *

                                  *
                                • *
                                • *

                                  * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                  *
                                • * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.UntagResource * @see AWS * API Documentation */ @Override public UntagResourceResult untagResource(UntagResourceRequest request) { request = beforeClientExecution(request); return executeUntagResource(request); } @SdkInternalApi final UntagResourceResult executeUntagResource(UntagResourceRequest untagResourceRequest) { ExecutionContext executionContext = createExecutionContext(untagResourceRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new UntagResourceRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(untagResourceRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UntagResource"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UntagResourceResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                  * Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can * also use PutSecretValue. *

                                  *

                                  * To change the rotation configuration of a secret, use RotateSecret instead. *

                                  *

                                  * We recommend you avoid calling UpdateSecret at a sustained rate of more than once every 10 minutes. * When you call UpdateSecret to update the secret value, Secrets Manager creates a new version of the * secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions * created less than 24 hours ago. If you update the secret value more than once every 10 minutes, you create more * versions than Secrets Manager removes, and you will reach the quota for secret versions. *

                                  *

                                  * If you include SecretString or SecretBinary to create a new secret version, Secrets * Manager automatically attaches the staging label AWSCURRENT to the new version. *

                                  *

                                  * If you call this operation with a VersionId that matches an existing version's * ClientRequestToken, the operation results in an error. You can't modify an existing version, you can * only create a new version. To remove a version, remove all staging labels from it. See * UpdateSecretVersionStage. *

                                  *

                                  * If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key * aws/secretsmanager. If this key doesn't already exist in your account, then Secrets Manager creates * it for you automatically. All users and roles in the Amazon Web Services account automatically have access to use * aws/secretsmanager. Creating aws/secretsmanager can result in a one-time significant * delay in returning the result. *

                                  *

                                  * If the secret is in a different Amazon Web Services account from the credentials calling the API, then you can't * use aws/secretsmanager to encrypt the secret, and you must create and use a customer managed key. *

                                  *

                                  * Required permissions: secretsmanager:UpdateSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. If you use a customer managed key, you must also have * kms:GenerateDataKey and kms:Decrypt permissions on the key. For more information, see * Secret encryption * and decryption. *

                                  * * @param updateSecretRequest * @return Result of the UpdateSecret operation returned by the service. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                                  *

                                  * Possible causes: *

                                  *
                                    *
                                  • *

                                    * The secret is scheduled for deletion. *

                                    *
                                  • *
                                  • *

                                    * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                    *
                                  • * @throws LimitExceededException * The request failed because it would exceed one of the Secrets Manager quotas. * @throws EncryptionFailureException * Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the KMS * key is available, enabled, and not in an invalid state. For more information, see Key state: Effect on your KMS * key. * @throws ResourceExistsException * A resource with the ID you requested already exists. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws MalformedPolicyDocumentException * The resource policy has syntax errors. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws PreconditionNotMetException * The request failed because you did not complete all the prerequisite steps. * @throws DecryptionFailureException * Secrets Manager can't decrypt the protected secret text using the provided KMS key. * @sample AWSSecretsManager.UpdateSecret * @see AWS * API Documentation */ @Override public UpdateSecretResult updateSecret(UpdateSecretRequest request) { request = beforeClientExecution(request); return executeUpdateSecret(request); } @SdkInternalApi final UpdateSecretResult executeUpdateSecret(UpdateSecretRequest updateSecretRequest) { ExecutionContext executionContext = createExecutionContext(updateSecretRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new UpdateSecretRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(updateSecretRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdateSecret"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdateSecretResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                    * Modifies the staging labels attached to a version of a secret. Secrets Manager uses staging labels to track a * version as it progresses through the secret rotation process. Each staging label can be attached to only one * version at a time. To add a staging label to a version when it is already attached to another version, Secrets * Manager first removes it from the other version first and then attaches it to this one. For more information * about versions and staging labels, see Concepts: * Version. *

                                    *

                                    * The staging labels that you specify in the VersionStage parameter are added to the existing list of * staging labels for the version. *

                                    *

                                    * You can move the AWSCURRENT staging label to this version by including it in this call. *

                                    * *

                                    * Whenever you move AWSCURRENT, Secrets Manager automatically moves the label AWSPREVIOUS * to the version that AWSCURRENT was removed from. *

                                    *
                                    *

                                    * If this action results in the last label being removed from a version, then the version is considered to be * 'deprecated' and can be deleted by Secrets Manager. *

                                    *

                                    * Required permissions: secretsmanager:UpdateSecretVersionStage. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                                    * * @param updateSecretVersionStageRequest * @return Result of the UpdateSecretVersionStage operation returned by the service. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                                    *

                                    * Possible causes: *

                                    *
                                      *
                                    • *

                                      * The secret is scheduled for deletion. *

                                      *
                                    • *
                                    • *

                                      * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                      *
                                    • * @throws LimitExceededException * The request failed because it would exceed one of the Secrets Manager quotas. * @throws InternalServiceErrorException * An error occurred on the server side. * @sample AWSSecretsManager.UpdateSecretVersionStage * @see AWS API Documentation */ @Override public UpdateSecretVersionStageResult updateSecretVersionStage(UpdateSecretVersionStageRequest request) { request = beforeClientExecution(request); return executeUpdateSecretVersionStage(request); } @SdkInternalApi final UpdateSecretVersionStageResult executeUpdateSecretVersionStage(UpdateSecretVersionStageRequest updateSecretVersionStageRequest) { ExecutionContext executionContext = createExecutionContext(updateSecretVersionStageRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new UpdateSecretVersionStageRequestProtocolMarshaller(protocolFactory).marshall(super .beforeMarshalling(updateSecretVersionStageRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "UpdateSecretVersionStage"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new UpdateSecretVersionStageResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** *

                                      * Validates that a resource policy does not grant a wide range of principals access to your secret. A * resource-based policy is optional for secrets. *

                                      *

                                      * The API performs three checks when validating the policy: *

                                      *
                                        *
                                      • *

                                        * Sends a call to Zelkova, an automated reasoning engine, to ensure your resource policy does not allow broad access to your * secret, for example policies that use a wildcard for the principal. *

                                        *
                                      • *
                                      • *

                                        * Checks for correct syntax in a policy. *

                                        *
                                      • *
                                      • *

                                        * Verifies the policy does not lock out a caller. *

                                        *
                                      • *
                                      *

                                      * Required permissions: secretsmanager:ValidateResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                                      * * @param validateResourcePolicyRequest * @return Result of the ValidateResourcePolicy operation returned by the service. * @throws MalformedPolicyDocumentException * The resource policy has syntax errors. * @throws ResourceNotFoundException * Secrets Manager can't find the resource that you asked for. * @throws InvalidParameterException * The parameter name or value is invalid. * @throws InternalServiceErrorException * An error occurred on the server side. * @throws InvalidRequestException * A parameter value is not valid for the current state of the resource.

                                      *

                                      * Possible causes: *

                                      *
                                        *
                                      • *

                                        * The secret is scheduled for deletion. *

                                        *
                                      • *
                                      • *

                                        * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                        *
                                      • * @sample AWSSecretsManager.ValidateResourcePolicy * @see AWS API Documentation */ @Override public ValidateResourcePolicyResult validateResourcePolicy(ValidateResourcePolicyRequest request) { request = beforeClientExecution(request); return executeValidateResourcePolicy(request); } @SdkInternalApi final ValidateResourcePolicyResult executeValidateResourcePolicy(ValidateResourcePolicyRequest validateResourcePolicyRequest) { ExecutionContext executionContext = createExecutionContext(validateResourcePolicyRequest); AWSRequestMetrics awsRequestMetrics = executionContext.getAwsRequestMetrics(); awsRequestMetrics.startEvent(Field.ClientExecuteTime); Request request = null; Response response = null; try { awsRequestMetrics.startEvent(Field.RequestMarshallTime); try { request = new ValidateResourcePolicyRequestProtocolMarshaller(protocolFactory).marshall(super.beforeMarshalling(validateResourcePolicyRequest)); // Binds the request metrics to the current request. request.setAWSRequestMetrics(awsRequestMetrics); request.addHandlerContext(HandlerContextKey.CLIENT_ENDPOINT, endpoint); request.addHandlerContext(HandlerContextKey.ENDPOINT_OVERRIDDEN, isEndpointOverridden()); request.addHandlerContext(HandlerContextKey.SIGNING_REGION, getSigningRegion()); request.addHandlerContext(HandlerContextKey.SERVICE_ID, "Secrets Manager"); request.addHandlerContext(HandlerContextKey.OPERATION_NAME, "ValidateResourcePolicy"); request.addHandlerContext(HandlerContextKey.ADVANCED_CONFIG, advancedConfig); } finally { awsRequestMetrics.endEvent(Field.RequestMarshallTime); } HttpResponseHandler> responseHandler = protocolFactory.createResponseHandler( new JsonOperationMetadata().withPayloadJson(true).withHasStreamingSuccessResponse(false), new ValidateResourcePolicyResultJsonUnmarshaller()); response = invoke(request, responseHandler, executionContext); return response.getAwsResponse(); } finally { endClientExecution(awsRequestMetrics, request, response); } } /** * Returns additional metadata for a previously executed successful, request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. *

                                        * Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing the request. * * @param request * The originally executed request * * @return The response metadata for the specified request, or null if none is available. */ public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request) { return client.getResponseMetadataForRequest(request); } /** * Normal invoke with authentication. Credentials are required and may be overriden at the request level. **/ private Response invoke(Request request, HttpResponseHandler> responseHandler, ExecutionContext executionContext) { return invoke(request, responseHandler, executionContext, null, null); } /** * Normal invoke with authentication. Credentials are required and may be overriden at the request level. **/ private Response invoke(Request request, HttpResponseHandler> responseHandler, ExecutionContext executionContext, URI cachedEndpoint, URI uriFromEndpointTrait) { executionContext.setCredentialsProvider(CredentialUtils.getCredentialsProvider(request.getOriginalRequest(), awsCredentialsProvider)); return doInvoke(request, responseHandler, executionContext, cachedEndpoint, uriFromEndpointTrait); } /** * Invoke with no authentication. Credentials are not required and any credentials set on the client or request will * be ignored for this operation. **/ private Response anonymousInvoke(Request request, HttpResponseHandler> responseHandler, ExecutionContext executionContext) { return doInvoke(request, responseHandler, executionContext, null, null); } /** * Invoke the request using the http client. Assumes credentials (or lack thereof) have been configured in the * ExecutionContext beforehand. **/ private Response doInvoke(Request request, HttpResponseHandler> responseHandler, ExecutionContext executionContext, URI discoveredEndpoint, URI uriFromEndpointTrait) { if (discoveredEndpoint != null) { request.setEndpoint(discoveredEndpoint); request.getOriginalRequest().getRequestClientOptions().appendUserAgent("endpoint-discovery"); } else if (uriFromEndpointTrait != null) { request.setEndpoint(uriFromEndpointTrait); } else { request.setEndpoint(endpoint); } request.setTimeOffset(timeOffset); HttpResponseHandler errorResponseHandler = protocolFactory.createErrorResponseHandler(new JsonErrorResponseMetadata()); return client.execute(request, responseHandler, errorResponseHandler, executionContext); } @com.amazonaws.annotation.SdkInternalApi static com.amazonaws.protocol.json.SdkJsonProtocolFactory getProtocolFactory() { return protocolFactory; } @Override public void shutdown() { super.shutdown(); } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy