All Downloads are FREE. Search and download functionalities are using the official Maven repository.

software.amazon.awssdk.services.secretsmanager.DefaultSecretsManagerAsyncClient Maven / Gradle / Ivy

/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */

package software.amazon.awssdk.services.secretsmanager;

import java.util.Collections;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.function.Consumer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.awscore.client.handler.AwsAsyncClientHandler;
import software.amazon.awssdk.awscore.exception.AwsServiceException;
import software.amazon.awssdk.awscore.internal.AwsProtocolMetadata;
import software.amazon.awssdk.awscore.internal.AwsServiceProtocol;
import software.amazon.awssdk.awscore.retry.AwsRetryStrategy;
import software.amazon.awssdk.core.RequestOverrideConfiguration;
import software.amazon.awssdk.core.SdkPlugin;
import software.amazon.awssdk.core.SdkRequest;
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
import software.amazon.awssdk.core.client.config.SdkClientConfiguration;
import software.amazon.awssdk.core.client.config.SdkClientOption;
import software.amazon.awssdk.core.client.handler.AsyncClientHandler;
import software.amazon.awssdk.core.client.handler.ClientExecutionParams;
import software.amazon.awssdk.core.http.HttpResponseHandler;
import software.amazon.awssdk.core.metrics.CoreMetric;
import software.amazon.awssdk.core.retry.RetryMode;
import software.amazon.awssdk.metrics.MetricCollector;
import software.amazon.awssdk.metrics.MetricPublisher;
import software.amazon.awssdk.metrics.NoOpMetricCollector;
import software.amazon.awssdk.protocols.core.ExceptionMetadata;
import software.amazon.awssdk.protocols.json.AwsJsonProtocol;
import software.amazon.awssdk.protocols.json.AwsJsonProtocolFactory;
import software.amazon.awssdk.protocols.json.BaseAwsJsonProtocolFactory;
import software.amazon.awssdk.protocols.json.JsonOperationMetadata;
import software.amazon.awssdk.retries.api.RetryStrategy;
import software.amazon.awssdk.services.secretsmanager.internal.SecretsManagerServiceClientConfigurationBuilder;
import software.amazon.awssdk.services.secretsmanager.model.BatchGetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.BatchGetSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.CancelRotateSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.CancelRotateSecretResponse;
import software.amazon.awssdk.services.secretsmanager.model.CreateSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.CreateSecretResponse;
import software.amazon.awssdk.services.secretsmanager.model.DecryptionFailureException;
import software.amazon.awssdk.services.secretsmanager.model.DeleteResourcePolicyRequest;
import software.amazon.awssdk.services.secretsmanager.model.DeleteResourcePolicyResponse;
import software.amazon.awssdk.services.secretsmanager.model.DeleteSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.DeleteSecretResponse;
import software.amazon.awssdk.services.secretsmanager.model.DescribeSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.DescribeSecretResponse;
import software.amazon.awssdk.services.secretsmanager.model.EncryptionFailureException;
import software.amazon.awssdk.services.secretsmanager.model.GetRandomPasswordRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetRandomPasswordResponse;
import software.amazon.awssdk.services.secretsmanager.model.GetResourcePolicyRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetResourcePolicyResponse;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.InternalServiceErrorException;
import software.amazon.awssdk.services.secretsmanager.model.InvalidNextTokenException;
import software.amazon.awssdk.services.secretsmanager.model.InvalidParameterException;
import software.amazon.awssdk.services.secretsmanager.model.InvalidRequestException;
import software.amazon.awssdk.services.secretsmanager.model.LimitExceededException;
import software.amazon.awssdk.services.secretsmanager.model.ListSecretVersionIdsRequest;
import software.amazon.awssdk.services.secretsmanager.model.ListSecretVersionIdsResponse;
import software.amazon.awssdk.services.secretsmanager.model.ListSecretsRequest;
import software.amazon.awssdk.services.secretsmanager.model.ListSecretsResponse;
import software.amazon.awssdk.services.secretsmanager.model.MalformedPolicyDocumentException;
import software.amazon.awssdk.services.secretsmanager.model.PreconditionNotMetException;
import software.amazon.awssdk.services.secretsmanager.model.PublicPolicyException;
import software.amazon.awssdk.services.secretsmanager.model.PutResourcePolicyRequest;
import software.amazon.awssdk.services.secretsmanager.model.PutResourcePolicyResponse;
import software.amazon.awssdk.services.secretsmanager.model.PutSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.PutSecretValueResponse;
import software.amazon.awssdk.services.secretsmanager.model.RemoveRegionsFromReplicationRequest;
import software.amazon.awssdk.services.secretsmanager.model.RemoveRegionsFromReplicationResponse;
import software.amazon.awssdk.services.secretsmanager.model.ReplicateSecretToRegionsRequest;
import software.amazon.awssdk.services.secretsmanager.model.ReplicateSecretToRegionsResponse;
import software.amazon.awssdk.services.secretsmanager.model.ResourceExistsException;
import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
import software.amazon.awssdk.services.secretsmanager.model.RestoreSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.RestoreSecretResponse;
import software.amazon.awssdk.services.secretsmanager.model.RotateSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.RotateSecretResponse;
import software.amazon.awssdk.services.secretsmanager.model.SecretsManagerException;
import software.amazon.awssdk.services.secretsmanager.model.StopReplicationToReplicaRequest;
import software.amazon.awssdk.services.secretsmanager.model.StopReplicationToReplicaResponse;
import software.amazon.awssdk.services.secretsmanager.model.TagResourceRequest;
import software.amazon.awssdk.services.secretsmanager.model.TagResourceResponse;
import software.amazon.awssdk.services.secretsmanager.model.UntagResourceRequest;
import software.amazon.awssdk.services.secretsmanager.model.UntagResourceResponse;
import software.amazon.awssdk.services.secretsmanager.model.UpdateSecretRequest;
import software.amazon.awssdk.services.secretsmanager.model.UpdateSecretResponse;
import software.amazon.awssdk.services.secretsmanager.model.UpdateSecretVersionStageRequest;
import software.amazon.awssdk.services.secretsmanager.model.UpdateSecretVersionStageResponse;
import software.amazon.awssdk.services.secretsmanager.model.ValidateResourcePolicyRequest;
import software.amazon.awssdk.services.secretsmanager.model.ValidateResourcePolicyResponse;
import software.amazon.awssdk.services.secretsmanager.transform.BatchGetSecretValueRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.CancelRotateSecretRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.CreateSecretRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.DeleteResourcePolicyRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.DeleteSecretRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.DescribeSecretRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.GetRandomPasswordRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.GetResourcePolicyRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.GetSecretValueRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.ListSecretVersionIdsRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.ListSecretsRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.PutResourcePolicyRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.PutSecretValueRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.RemoveRegionsFromReplicationRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.ReplicateSecretToRegionsRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.RestoreSecretRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.RotateSecretRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.StopReplicationToReplicaRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.TagResourceRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.UntagResourceRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.UpdateSecretRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.UpdateSecretVersionStageRequestMarshaller;
import software.amazon.awssdk.services.secretsmanager.transform.ValidateResourcePolicyRequestMarshaller;
import software.amazon.awssdk.utils.CompletableFutureUtils;

/**
 * Internal implementation of {@link SecretsManagerAsyncClient}.
 *
 * @see SecretsManagerAsyncClient#builder()
 */
@Generated("software.amazon.awssdk:codegen")
@SdkInternalApi
final class DefaultSecretsManagerAsyncClient implements SecretsManagerAsyncClient {
    private static final Logger log = LoggerFactory.getLogger(DefaultSecretsManagerAsyncClient.class);

    private static final AwsProtocolMetadata protocolMetadata = AwsProtocolMetadata.builder()
            .serviceProtocol(AwsServiceProtocol.AWS_JSON).build();

    private final AsyncClientHandler clientHandler;

    private final AwsJsonProtocolFactory protocolFactory;

    private final SdkClientConfiguration clientConfiguration;

    protected DefaultSecretsManagerAsyncClient(SdkClientConfiguration clientConfiguration) {
        this.clientHandler = new AwsAsyncClientHandler(clientConfiguration);
        this.clientConfiguration = clientConfiguration.toBuilder().option(SdkClientOption.SDK_CLIENT, this).build();
        this.protocolFactory = init(AwsJsonProtocolFactory.builder()).build();
    }

    /**
     * 

* Retrieves the contents of the encrypted fields SecretString or SecretBinary for up to * 20 secrets. To retrieve a single secret, call GetSecretValue. *

*

* To choose which secrets to retrieve, you can specify a list of secrets by name or ARN, or you can use filters. If * Secrets Manager encounters errors such as AccessDeniedException while attempting to retrieve any of * the secrets, you can see the errors in Errors in the response. *

*

* Secrets Manager generates CloudTrail GetSecretValue log entries for each secret you request when you * call this action. Do not include sensitive information in request parameters because it might be logged. For more * information, see Logging Secrets * Manager events with CloudTrail. *

*

* Required permissions: secretsmanager:BatchGetSecretValue, and you must have * secretsmanager:GetSecretValue for each secret. If you use filters, you must also have * secretsmanager:ListSecrets. If the secrets are encrypted using customer-managed keys instead of the * Amazon Web Services managed key aws/secretsmanager, then you also need kms:Decrypt * permissions for the keys. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

* * @param batchGetSecretValueRequest * @return A Java Future containing the result of the BatchGetSecretValue operation returned by the service.
* The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
    *
  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
  • *
  • InvalidParameterException The parameter name or value is invalid.
  • *
  • InvalidRequestException A parameter value is not valid for the current state of the resource.

    *

    * Possible causes: *

    *
      *
    • *

      * The secret is scheduled for deletion. *

      *
    • *
    • *

      * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

      *
    • *
    • *

      * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

      *
    • *
    • DecryptionFailureException Secrets Manager can't decrypt the protected secret text using the provided * KMS key.
    • *
    • InternalServiceErrorException An error occurred on the server side.
    • *
    • InvalidNextTokenException The NextToken value is invalid.
    • *
    • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
    • *
    • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
    • *
    • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
    • *
    * @sample SecretsManagerAsyncClient.BatchGetSecretValue * @see AWS API Documentation */ @Override public CompletableFuture batchGetSecretValue( BatchGetSecretValueRequest batchGetSecretValueRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(batchGetSecretValueRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, batchGetSecretValueRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "BatchGetSecretValue"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, BatchGetSecretValueResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("BatchGetSecretValue").withProtocolMetadata(protocolMetadata) .withMarshaller(new BatchGetSecretValueRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(batchGetSecretValueRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

    * Turns off automatic rotation, and if a rotation is currently in progress, cancels the rotation. *

    *

    * If you cancel a rotation in progress, it can leave the VersionStage labels in an unexpected state. * You might need to remove the staging label AWSPENDING from the partially created version. You also * need to determine whether to roll back to the previous version of the secret by moving the staging label * AWSCURRENT to the version that has AWSPENDING. To determine which version has a * specific staging label, call ListSecretVersionIds. Then use UpdateSecretVersionStage to change * staging labels. For more information, see How rotation * works. *

    *

    * To turn on automatic rotation again, call RotateSecret. *

    *

    * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

    *

    * Required permissions: secretsmanager:CancelRotateSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

    * * @param cancelRotateSecretRequest * @return A Java Future containing the result of the CancelRotateSecret operation returned by the service.
    * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
      *
    • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
    • *
    • InvalidParameterException The parameter name or value is invalid.
    • *
    • InternalServiceErrorException An error occurred on the server side.
    • *
    • InvalidRequestException A parameter value is not valid for the current state of the resource.

      *

      * Possible causes: *

      *
        *
      • *

        * The secret is scheduled for deletion. *

        *
      • *
      • *

        * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

        *
      • *
      • *

        * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

        *
      • *
      • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
      • *
      • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
      • *
      • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
      • *
      * @sample SecretsManagerAsyncClient.CancelRotateSecret * @see AWS API Documentation */ @Override public CompletableFuture cancelRotateSecret(CancelRotateSecretRequest cancelRotateSecretRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(cancelRotateSecretRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, cancelRotateSecretRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "CancelRotateSecret"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, CancelRotateSecretResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("CancelRotateSecret").withProtocolMetadata(protocolMetadata) .withMarshaller(new CancelRotateSecretRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(cancelRotateSecretRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

      * Creates a new secret. A secret can be a password, a set of credentials such as a user name and password, * an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager. The secret * also includes the connection information to access a database or other service, which Secrets Manager doesn't * encrypt. A secret in Secrets Manager consists of both the protected secret data and the important information * needed to manage the secret. *

      *

      * For secrets that use managed rotation, you need to create the secret through the managing service. For * more information, see Secrets Manager * secrets managed by other Amazon Web Services services. *

      *

      * For information about creating a secret in the console, see Create a * secret. *

      *

      * To create a secret, you can provide the secret value to be encrypted in either the SecretString * parameter or the SecretBinary parameter, but not both. If you include SecretString or * SecretBinary then Secrets Manager creates an initial secret version and automatically attaches the * staging label AWSCURRENT to it. *

      *

      * For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must make * sure the JSON you store in the SecretString matches the JSON * structure of a database secret. *

      *

      * If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key * aws/secretsmanager. If this key doesn't already exist in your account, then Secrets Manager creates * it for you automatically. All users and roles in the Amazon Web Services account automatically have access to use * aws/secretsmanager. Creating aws/secretsmanager can result in a one-time significant * delay in returning the result. *

      *

      * If the secret is in a different Amazon Web Services account from the credentials calling the API, then you can't * use aws/secretsmanager to encrypt the secret, and you must create and use a customer managed KMS * key. *

      *

      * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters except SecretBinary or SecretString because it might be logged. * For more information, see Logging Secrets * Manager events with CloudTrail. *

      *

      * Required permissions: secretsmanager:CreateSecret. If you include tags in the secret, you * also need secretsmanager:TagResource. To add replica Regions, you must also have * secretsmanager:ReplicateSecretToRegions. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

      *

      * To encrypt the secret with a KMS key other than aws/secretsmanager, you need * kms:GenerateDataKey and kms:Decrypt permission to the key. *

      * *

      * When you enter commands in a command shell, there is a risk of the command history being accessed or utilities * having access to your command parameters. This is a concern if the command includes the value of a secret. Learn * how to Mitigate the * risks of using command-line tools to store Secrets Manager secrets. *

      *
      * * @param createSecretRequest * @return A Java Future containing the result of the CreateSecret operation returned by the service.
      * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
        *
      • InvalidParameterException The parameter name or value is invalid.
      • *
      • InvalidRequestException A parameter value is not valid for the current state of the resource.

        *

        * Possible causes: *

        *
          *
        • *

          * The secret is scheduled for deletion. *

          *
        • *
        • *

          * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

          *
        • *
        • *

          * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

          *
        • *
        • LimitExceededException The request failed because it would exceed one of the Secrets Manager quotas.
        • *
        • EncryptionFailureException Secrets Manager can't encrypt the protected secret text using the provided * KMS key. Check that the KMS key is available, enabled, and not in an invalid state. For more information, * see Key state: Effect on * your KMS key.
        • *
        • ResourceExistsException A resource with the ID you requested already exists.
        • *
        • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
        • *
        • MalformedPolicyDocumentException The resource policy has syntax errors.
        • *
        • InternalServiceErrorException An error occurred on the server side.
        • *
        • PreconditionNotMetException The request failed because you did not complete all the prerequisite * steps.
        • *
        • DecryptionFailureException Secrets Manager can't decrypt the protected secret text using the provided * KMS key.
        • *
        • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
        • *
        • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
        • *
        • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
        • *
        * @sample SecretsManagerAsyncClient.CreateSecret * @see AWS * API Documentation */ @Override public CompletableFuture createSecret(CreateSecretRequest createSecretRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(createSecretRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, createSecretRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "CreateSecret"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata, CreateSecretResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("CreateSecret").withProtocolMetadata(protocolMetadata) .withMarshaller(new CreateSecretRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(createSecretRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

        * Deletes the resource-based permission policy attached to the secret. To attach a policy to a secret, use * PutResourcePolicy. *

        *

        * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

        *

        * Required permissions: secretsmanager:DeleteResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

        * * @param deleteResourcePolicyRequest * @return A Java Future containing the result of the DeleteResourcePolicy operation returned by the service.
        * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
          *
        • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
        • *
        • InternalServiceErrorException An error occurred on the server side.
        • *
        • InvalidRequestException A parameter value is not valid for the current state of the resource.

          *

          * Possible causes: *

          *
            *
          • *

            * The secret is scheduled for deletion. *

            *
          • *
          • *

            * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

            *
          • *
          • *

            * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

            *
          • *
          • InvalidParameterException The parameter name or value is invalid.
          • *
          • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
          • *
          • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
          • *
          • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
          • *
          * @sample SecretsManagerAsyncClient.DeleteResourcePolicy * @see AWS API Documentation */ @Override public CompletableFuture deleteResourcePolicy( DeleteResourcePolicyRequest deleteResourcePolicyRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(deleteResourcePolicyRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, deleteResourcePolicyRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "DeleteResourcePolicy"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, DeleteResourcePolicyResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("DeleteResourcePolicy").withProtocolMetadata(protocolMetadata) .withMarshaller(new DeleteResourcePolicyRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(deleteResourcePolicyRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

          * Deletes a secret and all of its versions. You can specify a recovery window during which you can restore the * secret. The minimum recovery window is 7 days. The default recovery window is 30 days. Secrets Manager attaches a * DeletionDate stamp to the secret that specifies the end of the recovery window. At the end of the * recovery window, Secrets Manager deletes the secret permanently. *

          *

          * You can't delete a primary secret that is replicated to other Regions. You must first delete the replicas using * RemoveRegionsFromReplication, and then delete the primary secret. When you delete a replica, it is deleted * immediately. *

          *

          * You can't directly delete a version of a secret. Instead, you remove all staging labels from the version using * UpdateSecretVersionStage. This marks the version as deprecated, and then Secrets Manager can automatically * delete the version in the background. *

          *

          * To determine whether an application still uses a secret, you can create an Amazon CloudWatch alarm to alert you * to any attempts to access a secret during the recovery window. For more information, see * Monitor secrets scheduled for deletion. *

          *

          * Secrets Manager performs the permanent secret deletion at the end of the waiting period as a background task with * low priority. There is no guarantee of a specific time after the recovery window for the permanent delete to * occur. *

          *

          * At any time before recovery window ends, you can use RestoreSecret to remove the DeletionDate * and cancel the deletion of the secret. *

          *

          * When a secret is scheduled for deletion, you cannot retrieve the secret value. You must first cancel the deletion * with RestoreSecret and then you can retrieve the secret. *

          *

          * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

          *

          * Required permissions: secretsmanager:DeleteSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

          * * @param deleteSecretRequest * @return A Java Future containing the result of the DeleteSecret operation returned by the service.
          * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
            *
          • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
          • *
          • InvalidParameterException The parameter name or value is invalid.
          • *
          • InvalidRequestException A parameter value is not valid for the current state of the resource.

            *

            * Possible causes: *

            *
              *
            • *

              * The secret is scheduled for deletion. *

              *
            • *
            • *

              * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

              *
            • *
            • *

              * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

              *
            • *
            • InternalServiceErrorException An error occurred on the server side.
            • *
            • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
            • *
            • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
            • *
            • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
            • *
            * @sample SecretsManagerAsyncClient.DeleteSecret * @see AWS * API Documentation */ @Override public CompletableFuture deleteSecret(DeleteSecretRequest deleteSecretRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(deleteSecretRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, deleteSecretRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "DeleteSecret"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata, DeleteSecretResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("DeleteSecret").withProtocolMetadata(protocolMetadata) .withMarshaller(new DeleteSecretRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(deleteSecretRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

            * Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager only returns * fields that have a value in the response. *

            *

            * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

            *

            * Required permissions: secretsmanager:DescribeSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

            * * @param describeSecretRequest * @return A Java Future containing the result of the DescribeSecret operation returned by the service.
            * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
              *
            • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
            • *
            • InternalServiceErrorException An error occurred on the server side.
            • *
            • InvalidParameterException The parameter name or value is invalid.
            • *
            • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
            • *
            • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
            • *
            • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
            • *
            * @sample SecretsManagerAsyncClient.DescribeSecret * @see AWS * API Documentation */ @Override public CompletableFuture describeSecret(DescribeSecretRequest describeSecretRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(describeSecretRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, describeSecretRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "DescribeSecret"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, DescribeSecretResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("DescribeSecret").withProtocolMetadata(protocolMetadata) .withMarshaller(new DescribeSecretRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(describeSecretRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

            * Generates a random password. We recommend that you specify the maximum length and include every character type * that the system you are generating a password for can support. By default, Secrets Manager uses uppercase and * lowercase letters, numbers, and the following characters in passwords: * !\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~ *

            *

            * Secrets Manager generates a CloudTrail log entry when you call this action. *

            *

            * Required permissions: secretsmanager:GetRandomPassword. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

            * * @param getRandomPasswordRequest * @return A Java Future containing the result of the GetRandomPassword operation returned by the service.
            * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
              *
            • InvalidParameterException The parameter name or value is invalid.
            • *
            • InvalidRequestException A parameter value is not valid for the current state of the resource.

              *

              * Possible causes: *

              *
                *
              • *

                * The secret is scheduled for deletion. *

                *
              • *
              • *

                * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                *
              • *
              • *

                * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                *
              • *
              • InternalServiceErrorException An error occurred on the server side.
              • *
              • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
              • *
              • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
              • *
              • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
              • *
              * @sample SecretsManagerAsyncClient.GetRandomPassword * @see AWS API Documentation */ @Override public CompletableFuture getRandomPassword(GetRandomPasswordRequest getRandomPasswordRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(getRandomPasswordRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, getRandomPasswordRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "GetRandomPassword"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, GetRandomPasswordResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("GetRandomPassword").withProtocolMetadata(protocolMetadata) .withMarshaller(new GetRandomPasswordRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(getRandomPasswordRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

              * Retrieves the JSON text of the resource-based policy document attached to the secret. For more information about * permissions policies attached to a secret, see Permissions policies attached to a secret. *

              *

              * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

              *

              * Required permissions: secretsmanager:GetResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

              * * @param getResourcePolicyRequest * @return A Java Future containing the result of the GetResourcePolicy operation returned by the service.
              * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                *
              • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
              • *
              • InternalServiceErrorException An error occurred on the server side.
              • *
              • InvalidRequestException A parameter value is not valid for the current state of the resource.

                *

                * Possible causes: *

                *
                  *
                • *

                  * The secret is scheduled for deletion. *

                  *
                • *
                • *

                  * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                  *
                • *
                • *

                  * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                  *
                • *
                • InvalidParameterException The parameter name or value is invalid.
                • *
                • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                • *
                • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                • *
                • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                • *
                * @sample SecretsManagerAsyncClient.GetResourcePolicy * @see AWS API Documentation */ @Override public CompletableFuture getResourcePolicy(GetResourcePolicyRequest getResourcePolicyRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(getResourcePolicyRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, getResourcePolicyRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "GetResourcePolicy"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, GetResourcePolicyResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("GetResourcePolicy").withProtocolMetadata(protocolMetadata) .withMarshaller(new GetResourcePolicyRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(getResourcePolicyRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                * Retrieves the contents of the encrypted fields SecretString or SecretBinary from the * specified version of a secret, whichever contains content. *

                *

                * To retrieve the values for a group of secrets, call BatchGetSecretValue. *

                *

                * We recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and * reduces your costs. For more information, see Cache secrets for your * applications. *

                *

                * To retrieve the previous version of a secret, use VersionStage and specify AWSPREVIOUS. To revert to * the previous version of a secret, call UpdateSecretVersionStage. *

                *

                * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                *

                * Required permissions: secretsmanager:GetSecretValue. If the secret is encrypted using a * customer-managed key instead of the Amazon Web Services managed key aws/secretsmanager, then you * also need kms:Decrypt permissions for that key. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                * * @param getSecretValueRequest * @return A Java Future containing the result of the GetSecretValue operation returned by the service.
                * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                  *
                • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                • *
                • InvalidParameterException The parameter name or value is invalid.
                • *
                • InvalidRequestException A parameter value is not valid for the current state of the resource.

                  *

                  * Possible causes: *

                  *
                    *
                  • *

                    * The secret is scheduled for deletion. *

                    *
                  • *
                  • *

                    * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                    *
                  • *
                  • *

                    * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                    *
                  • *
                  • DecryptionFailureException Secrets Manager can't decrypt the protected secret text using the provided * KMS key.
                  • *
                  • InternalServiceErrorException An error occurred on the server side.
                  • *
                  • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                  • *
                  • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                  • *
                  • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                  • *
                  * @sample SecretsManagerAsyncClient.GetSecretValue * @see AWS * API Documentation */ @Override public CompletableFuture getSecretValue(GetSecretValueRequest getSecretValueRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(getSecretValueRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, getSecretValueRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "GetSecretValue"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, GetSecretValueResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("GetSecretValue").withProtocolMetadata(protocolMetadata) .withMarshaller(new GetSecretValueRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(getSecretValueRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                  * Lists the versions of a secret. Secrets Manager uses staging labels to indicate the different versions of a * secret. For more information, see Secrets * Manager concepts: Versions. *

                  *

                  * To list the secrets in the account, use ListSecrets. *

                  *

                  * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                  *

                  * Required permissions: secretsmanager:ListSecretVersionIds. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                  * * @param listSecretVersionIdsRequest * @return A Java Future containing the result of the ListSecretVersionIds operation returned by the service.
                  * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                    *
                  • InvalidNextTokenException The NextToken value is invalid.
                  • *
                  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                  • *
                  • InternalServiceErrorException An error occurred on the server side.
                  • *
                  • InvalidParameterException The parameter name or value is invalid.
                  • *
                  • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                  • *
                  • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                  • *
                  • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                  • *
                  * @sample SecretsManagerAsyncClient.ListSecretVersionIds * @see AWS API Documentation */ @Override public CompletableFuture listSecretVersionIds( ListSecretVersionIdsRequest listSecretVersionIdsRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(listSecretVersionIdsRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, listSecretVersionIdsRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "ListSecretVersionIds"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, ListSecretVersionIdsResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("ListSecretVersionIds").withProtocolMetadata(protocolMetadata) .withMarshaller(new ListSecretVersionIdsRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(listSecretVersionIdsRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                  * Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets * that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console. *

                  *

                  * All Secrets Manager operations are eventually consistent. ListSecrets might not reflect changes from the last * five minutes. You can get more recent information for a specific secret by calling DescribeSecret. *

                  *

                  * To list the versions of a secret, use ListSecretVersionIds. *

                  *

                  * To retrieve the values for the secrets, call BatchGetSecretValue or GetSecretValue. *

                  *

                  * For information about finding secrets in the console, see Find secrets in * Secrets Manager. *

                  *

                  * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                  *

                  * Required permissions: secretsmanager:ListSecrets. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                  * * @param listSecretsRequest * @return A Java Future containing the result of the ListSecrets operation returned by the service.
                  * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                    *
                  • InvalidParameterException The parameter name or value is invalid.
                  • *
                  • InvalidRequestException A parameter value is not valid for the current state of the resource.

                    *

                    * Possible causes: *

                    *
                      *
                    • *

                      * The secret is scheduled for deletion. *

                      *
                    • *
                    • *

                      * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                      *
                    • *
                    • *

                      * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                      *
                    • *
                    • InvalidNextTokenException The NextToken value is invalid.
                    • *
                    • InternalServiceErrorException An error occurred on the server side.
                    • *
                    • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                    • *
                    • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                    • *
                    • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                    • *
                    * @sample SecretsManagerAsyncClient.ListSecrets * @see AWS * API Documentation */ @Override public CompletableFuture listSecrets(ListSecretsRequest listSecretsRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(listSecretsRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, listSecretsRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "ListSecrets"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata, ListSecretsResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("ListSecrets").withProtocolMetadata(protocolMetadata) .withMarshaller(new ListSecretsRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(listSecretsRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                    * Attaches a resource-based permission policy to a secret. A resource-based policy is optional. For more * information, see Authentication and access * control for Secrets Manager *

                    *

                    * For information about attaching a policy in the console, see Attach a permissions policy to a secret. *

                    *

                    * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                    *

                    * Required permissions: secretsmanager:PutResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                    * * @param putResourcePolicyRequest * @return A Java Future containing the result of the PutResourcePolicy operation returned by the service.
                    * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                      *
                    • MalformedPolicyDocumentException The resource policy has syntax errors.
                    • *
                    • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                    • *
                    • InvalidParameterException The parameter name or value is invalid.
                    • *
                    • InternalServiceErrorException An error occurred on the server side.
                    • *
                    • InvalidRequestException A parameter value is not valid for the current state of the resource.

                      *

                      * Possible causes: *

                      *
                        *
                      • *

                        * The secret is scheduled for deletion. *

                        *
                      • *
                      • *

                        * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                        *
                      • *
                      • *

                        * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                        *
                      • *
                      • PublicPolicyException The BlockPublicPolicy parameter is set to true, and the resource * policy did not prevent broad access to the secret.
                      • *
                      • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                      • *
                      • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                      • *
                      • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                      • *
                      * @sample SecretsManagerAsyncClient.PutResourcePolicy * @see AWS API Documentation */ @Override public CompletableFuture putResourcePolicy(PutResourcePolicyRequest putResourcePolicyRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(putResourcePolicyRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, putResourcePolicyRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "PutResourcePolicy"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, PutResourcePolicyResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("PutResourcePolicy").withProtocolMetadata(protocolMetadata) .withMarshaller(new PutResourcePolicyRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(putResourcePolicyRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                      * Creates a new version with a new encrypted secret value and attaches it to the secret. The version can contain a * new SecretString value or a new SecretBinary value. *

                      *

                      * We recommend you avoid calling PutSecretValue at a sustained rate of more than once every 10 * minutes. When you update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager * removes outdated versions when there are more than 100, but it does not remove versions created less than 24 * hours ago. If you call PutSecretValue more than once every 10 minutes, you create more versions than * Secrets Manager removes, and you will reach the quota for secret versions. *

                      *

                      * You can specify the staging labels to attach to the new version in VersionStages. If you don't * include VersionStages, then Secrets Manager automatically moves the staging label * AWSCURRENT to this version. If this operation creates the first version for the secret, then Secrets * Manager automatically attaches the staging label AWSCURRENT to it. If this operation moves the * staging label AWSCURRENT from another version to this version, then Secrets Manager also * automatically moves the staging label AWSPREVIOUS to the version that AWSCURRENT was * removed from. *

                      *

                      * This operation is idempotent. If you call this operation with a ClientRequestToken that matches an * existing version's VersionId, and you specify the same secret data, the operation succeeds but does nothing. * However, if the secret data is different, then the operation fails because you can't modify an existing version; * you can only create new ones. *

                      *

                      * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters except SecretBinary, SecretString, or RotationToken * because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                      *

                      * Required permissions: secretsmanager:PutSecretValue. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                      * *

                      * When you enter commands in a command shell, there is a risk of the command history being accessed or utilities * having access to your command parameters. This is a concern if the command includes the value of a secret. Learn * how to Mitigate the * risks of using command-line tools to store Secrets Manager secrets. *

                      *
                      * * @param putSecretValueRequest * @return A Java Future containing the result of the PutSecretValue operation returned by the service.
                      * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                        *
                      • InvalidParameterException The parameter name or value is invalid.
                      • *
                      • InvalidRequestException A parameter value is not valid for the current state of the resource.

                        *

                        * Possible causes: *

                        *
                          *
                        • *

                          * The secret is scheduled for deletion. *

                          *
                        • *
                        • *

                          * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                          *
                        • *
                        • *

                          * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                          *
                        • *
                        • LimitExceededException The request failed because it would exceed one of the Secrets Manager quotas.
                        • *
                        • EncryptionFailureException Secrets Manager can't encrypt the protected secret text using the provided * KMS key. Check that the KMS key is available, enabled, and not in an invalid state. For more information, * see Key state: Effect on * your KMS key.
                        • *
                        • ResourceExistsException A resource with the ID you requested already exists.
                        • *
                        • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                        • *
                        • InternalServiceErrorException An error occurred on the server side.
                        • *
                        • DecryptionFailureException Secrets Manager can't decrypt the protected secret text using the provided * KMS key.
                        • *
                        • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                        • *
                        • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                        • *
                        • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                        • *
                        * @sample SecretsManagerAsyncClient.PutSecretValue * @see AWS * API Documentation */ @Override public CompletableFuture putSecretValue(PutSecretValueRequest putSecretValueRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(putSecretValueRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, putSecretValueRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "PutSecretValue"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, PutSecretValueResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("PutSecretValue").withProtocolMetadata(protocolMetadata) .withMarshaller(new PutSecretValueRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(putSecretValueRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                        * For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify. *

                        *

                        * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                        *

                        * Required permissions: secretsmanager:RemoveRegionsFromReplication. For more information, see * IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                        * * @param removeRegionsFromReplicationRequest * @return A Java Future containing the result of the RemoveRegionsFromReplication operation returned by the * service.
                        * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                          *
                        • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                        • *
                        • InvalidRequestException A parameter value is not valid for the current state of the resource.

                          *

                          * Possible causes: *

                          *
                            *
                          • *

                            * The secret is scheduled for deletion. *

                            *
                          • *
                          • *

                            * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                            *
                          • *
                          • *

                            * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                            *
                          • *
                          • InvalidParameterException The parameter name or value is invalid.
                          • *
                          • InternalServiceErrorException An error occurred on the server side.
                          • *
                          • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                          • *
                          • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                          • *
                          • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                          • *
                          * @sample SecretsManagerAsyncClient.RemoveRegionsFromReplication * @see AWS API Documentation */ @Override public CompletableFuture removeRegionsFromReplication( RemoveRegionsFromReplicationRequest removeRegionsFromReplicationRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(removeRegionsFromReplicationRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, removeRegionsFromReplicationRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "RemoveRegionsFromReplication"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, RemoveRegionsFromReplicationResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("RemoveRegionsFromReplication").withProtocolMetadata(protocolMetadata) .withMarshaller(new RemoveRegionsFromReplicationRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(removeRegionsFromReplicationRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                          * Replicates the secret to a new Regions. See Multi-Region secrets. *

                          *

                          * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                          *

                          * Required permissions: secretsmanager:ReplicateSecretToRegions. If the primary secret is * encrypted with a KMS key other than aws/secretsmanager, you also need kms:Decrypt * permission to the key. To encrypt the replicated secret with a KMS key other than aws/secretsmanager * , you need kms:GenerateDataKey and kms:Encrypt to the key. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                          * * @param replicateSecretToRegionsRequest * @return A Java Future containing the result of the ReplicateSecretToRegions operation returned by the service.
                          * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                            *
                          • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                          • *
                          • InvalidRequestException A parameter value is not valid for the current state of the resource.

                            *

                            * Possible causes: *

                            *
                              *
                            • *

                              * The secret is scheduled for deletion. *

                              *
                            • *
                            • *

                              * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                              *
                            • *
                            • *

                              * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                              *
                            • *
                            • InvalidParameterException The parameter name or value is invalid.
                            • *
                            • InternalServiceErrorException An error occurred on the server side.
                            • *
                            • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                            • *
                            • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                            • *
                            • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                            • *
                            * @sample SecretsManagerAsyncClient.ReplicateSecretToRegions * @see AWS API Documentation */ @Override public CompletableFuture replicateSecretToRegions( ReplicateSecretToRegionsRequest replicateSecretToRegionsRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(replicateSecretToRegionsRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, replicateSecretToRegionsRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "ReplicateSecretToRegions"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, ReplicateSecretToRegionsResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("ReplicateSecretToRegions").withProtocolMetadata(protocolMetadata) .withMarshaller(new ReplicateSecretToRegionsRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(replicateSecretToRegionsRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                            * Cancels the scheduled deletion of a secret by removing the DeletedDate time stamp. You can access a * secret again after it has been restored. *

                            *

                            * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                            *

                            * Required permissions: secretsmanager:RestoreSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                            * * @param restoreSecretRequest * @return A Java Future containing the result of the RestoreSecret operation returned by the service.
                            * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                              *
                            • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                            • *
                            • InvalidParameterException The parameter name or value is invalid.
                            • *
                            • InvalidRequestException A parameter value is not valid for the current state of the resource.

                              *

                              * Possible causes: *

                              *
                                *
                              • *

                                * The secret is scheduled for deletion. *

                                *
                              • *
                              • *

                                * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                *
                              • *
                              • *

                                * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                                *
                              • *
                              • InternalServiceErrorException An error occurred on the server side.
                              • *
                              • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                              • *
                              • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                              • *
                              • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                              • *
                              * @sample SecretsManagerAsyncClient.RestoreSecret * @see AWS * API Documentation */ @Override public CompletableFuture restoreSecret(RestoreSecretRequest restoreSecretRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(restoreSecretRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, restoreSecretRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "RestoreSecret"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata, RestoreSecretResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("RestoreSecret").withProtocolMetadata(protocolMetadata) .withMarshaller(new RestoreSecretRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(restoreSecretRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                              * Configures and starts the asynchronous process of rotating the secret. For information about rotation, see Rotate secrets in * the Secrets Manager User Guide. If you include the configuration parameters, the operation sets the values * for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the * operation starts a rotation with the values already stored in the secret. *

                              *

                              * When rotation is successful, the AWSPENDING staging label might be attached to the same version as * the AWSCURRENT version, or it might not be attached to any version. If the AWSPENDING * staging label is present but not attached to the same version as AWSCURRENT, then any later * invocation of RotateSecret assumes that a previous rotation request is still in progress and returns * an error. When rotation is unsuccessful, the AWSPENDING staging label might be attached to an empty * secret version. For more information, see Troubleshoot * rotation in the Secrets Manager User Guide. *

                              *

                              * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                              *

                              * Required permissions: secretsmanager:RotateSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. You also need lambda:InvokeFunction permissions on the rotation * function. For more information, see Permissions for rotation. *

                              * * @param rotateSecretRequest * @return A Java Future containing the result of the RotateSecret operation returned by the service.
                              * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                                *
                              • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                              • *
                              • InvalidParameterException The parameter name or value is invalid.
                              • *
                              • InternalServiceErrorException An error occurred on the server side.
                              • *
                              • InvalidRequestException A parameter value is not valid for the current state of the resource.

                                *

                                * Possible causes: *

                                *
                                  *
                                • *

                                  * The secret is scheduled for deletion. *

                                  *
                                • *
                                • *

                                  * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                  *
                                • *
                                • *

                                  * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                                  *
                                • *
                                • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                                • *
                                • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                                • *
                                • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                                • *
                                * @sample SecretsManagerAsyncClient.RotateSecret * @see AWS * API Documentation */ @Override public CompletableFuture rotateSecret(RotateSecretRequest rotateSecretRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(rotateSecretRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, rotateSecretRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "RotateSecret"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata, RotateSecretResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("RotateSecret").withProtocolMetadata(protocolMetadata) .withMarshaller(new RotateSecretRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(rotateSecretRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                                * Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret * in the replica Region. *

                                *

                                * You must call this operation from the Region in which you want to promote the replica to a primary secret. *

                                *

                                * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                                *

                                * Required permissions: secretsmanager:StopReplicationToReplica. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                                * * @param stopReplicationToReplicaRequest * @return A Java Future containing the result of the StopReplicationToReplica operation returned by the service.
                                * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                                  *
                                • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                                • *
                                • InvalidRequestException A parameter value is not valid for the current state of the resource.

                                  *

                                  * Possible causes: *

                                  *
                                    *
                                  • *

                                    * The secret is scheduled for deletion. *

                                    *
                                  • *
                                  • *

                                    * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                    *
                                  • *
                                  • *

                                    * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                                    *
                                  • *
                                  • InvalidParameterException The parameter name or value is invalid.
                                  • *
                                  • InternalServiceErrorException An error occurred on the server side.
                                  • *
                                  • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                                  • *
                                  • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                                  • *
                                  • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                                  • *
                                  * @sample SecretsManagerAsyncClient.StopReplicationToReplica * @see AWS API Documentation */ @Override public CompletableFuture stopReplicationToReplica( StopReplicationToReplicaRequest stopReplicationToReplicaRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(stopReplicationToReplicaRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, stopReplicationToReplicaRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "StopReplicationToReplica"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, StopReplicationToReplicaResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("StopReplicationToReplica").withProtocolMetadata(protocolMetadata) .withMarshaller(new StopReplicationToReplicaRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(stopReplicationToReplicaRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                                  * Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the secret's metadata. They * are not associated with specific versions of the secret. This operation appends tags to the existing list of * tags. *

                                  *

                                  * For tag quotas and naming restrictions, see Service quotas for * Tagging in the Amazon Web Services General Reference guide. *

                                  * *

                                  * If you use tags as part of your security strategy, then adding or removing a tag can change permissions. If * successfully completing this operation would result in you losing your permissions for this secret, then the * operation is blocked and returns an Access Denied error. *

                                  *
                                  *

                                  * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                                  *

                                  * Required permissions: secretsmanager:TagResource. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                                  * * @param tagResourceRequest * @return A Java Future containing the result of the TagResource operation returned by the service.
                                  * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                                    *
                                  • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                                  • *
                                  • InvalidRequestException A parameter value is not valid for the current state of the resource.

                                    *

                                    * Possible causes: *

                                    *
                                      *
                                    • *

                                      * The secret is scheduled for deletion. *

                                      *
                                    • *
                                    • *

                                      * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                      *
                                    • *
                                    • *

                                      * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                                      *
                                    • *
                                    • InvalidParameterException The parameter name or value is invalid.
                                    • *
                                    • InternalServiceErrorException An error occurred on the server side.
                                    • *
                                    • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                                    • *
                                    • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                                    • *
                                    • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                                    • *
                                    * @sample SecretsManagerAsyncClient.TagResource * @see AWS * API Documentation */ @Override public CompletableFuture tagResource(TagResourceRequest tagResourceRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(tagResourceRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, tagResourceRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "TagResource"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata, TagResourceResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("TagResource").withProtocolMetadata(protocolMetadata) .withMarshaller(new TagResourceRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(tagResourceRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                                    * Removes specific tags from a secret. *

                                    *

                                    * This operation is idempotent. If a requested tag is not attached to the secret, no error is returned and the * secret metadata is unchanged. *

                                    * *

                                    * If you use tags as part of your security strategy, then removing a tag can change permissions. If successfully * completing this operation would result in you losing your permissions for this secret, then the operation is * blocked and returns an Access Denied error. *

                                    *
                                    *

                                    * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                                    *

                                    * Required permissions: secretsmanager:UntagResource. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                                    * * @param untagResourceRequest * @return A Java Future containing the result of the UntagResource operation returned by the service.
                                    * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                                      *
                                    • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                                    • *
                                    • InvalidRequestException A parameter value is not valid for the current state of the resource.

                                      *

                                      * Possible causes: *

                                      *
                                        *
                                      • *

                                        * The secret is scheduled for deletion. *

                                        *
                                      • *
                                      • *

                                        * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                        *
                                      • *
                                      • *

                                        * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                                        *
                                      • *
                                      • InvalidParameterException The parameter name or value is invalid.
                                      • *
                                      • InternalServiceErrorException An error occurred on the server side.
                                      • *
                                      • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                                      • *
                                      • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                                      • *
                                      • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                                      • *
                                      * @sample SecretsManagerAsyncClient.UntagResource * @see AWS * API Documentation */ @Override public CompletableFuture untagResource(UntagResourceRequest untagResourceRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(untagResourceRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, untagResourceRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "UntagResource"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata, UntagResourceResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("UntagResource").withProtocolMetadata(protocolMetadata) .withMarshaller(new UntagResourceRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(untagResourceRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                                      * Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can * also use PutSecretValue. *

                                      *

                                      * To change the rotation configuration of a secret, use RotateSecret instead. *

                                      *

                                      * To change a secret so that it is managed by another service, you need to recreate the secret in that service. See * Secrets Manager * secrets managed by other Amazon Web Services services. *

                                      *

                                      * We recommend you avoid calling UpdateSecret at a sustained rate of more than once every 10 minutes. * When you call UpdateSecret to update the secret value, Secrets Manager creates a new version of the * secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions * created less than 24 hours ago. If you update the secret value more than once every 10 minutes, you create more * versions than Secrets Manager removes, and you will reach the quota for secret versions. *

                                      *

                                      * If you include SecretString or SecretBinary to create a new secret version, Secrets * Manager automatically moves the staging label AWSCURRENT to the new version. Then it attaches the * label AWSPREVIOUS to the version that AWSCURRENT was removed from. *

                                      *

                                      * If you call this operation with a ClientRequestToken that matches an existing version's * VersionId, the operation results in an error. You can't modify an existing version, you can only * create a new version. To remove a version, remove all staging labels from it. See * UpdateSecretVersionStage. *

                                      *

                                      * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters except SecretBinary or SecretString because it might be logged. * For more information, see Logging Secrets * Manager events with CloudTrail. *

                                      *

                                      * Required permissions: secretsmanager:UpdateSecret. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. If you use a customer managed key, you must also have * kms:GenerateDataKey, kms:Encrypt, and kms:Decrypt permissions on the key. * If you change the KMS key and you don't have kms:Encrypt permission to the new key, Secrets Manager * does not re-encrypt existing secret versions with the new key. For more information, see Secret encryption * and decryption. *

                                      * *

                                      * When you enter commands in a command shell, there is a risk of the command history being accessed or utilities * having access to your command parameters. This is a concern if the command includes the value of a secret. Learn * how to Mitigate the * risks of using command-line tools to store Secrets Manager secrets. *

                                      *
                                      * * @param updateSecretRequest * @return A Java Future containing the result of the UpdateSecret operation returned by the service.
                                      * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                                        *
                                      • InvalidParameterException The parameter name or value is invalid.
                                      • *
                                      • InvalidRequestException A parameter value is not valid for the current state of the resource.

                                        *

                                        * Possible causes: *

                                        *
                                          *
                                        • *

                                          * The secret is scheduled for deletion. *

                                          *
                                        • *
                                        • *

                                          * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                          *
                                        • *
                                        • *

                                          * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                                          *
                                        • *
                                        • LimitExceededException The request failed because it would exceed one of the Secrets Manager quotas.
                                        • *
                                        • EncryptionFailureException Secrets Manager can't encrypt the protected secret text using the provided * KMS key. Check that the KMS key is available, enabled, and not in an invalid state. For more information, * see Key state: Effect on * your KMS key.
                                        • *
                                        • ResourceExistsException A resource with the ID you requested already exists.
                                        • *
                                        • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                                        • *
                                        • MalformedPolicyDocumentException The resource policy has syntax errors.
                                        • *
                                        • InternalServiceErrorException An error occurred on the server side.
                                        • *
                                        • PreconditionNotMetException The request failed because you did not complete all the prerequisite * steps.
                                        • *
                                        • DecryptionFailureException Secrets Manager can't decrypt the protected secret text using the provided * KMS key.
                                        • *
                                        • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                                        • *
                                        • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                                        • *
                                        • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                                        • *
                                        * @sample SecretsManagerAsyncClient.UpdateSecret * @see AWS * API Documentation */ @Override public CompletableFuture updateSecret(UpdateSecretRequest updateSecretRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(updateSecretRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, updateSecretRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "UpdateSecret"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler(operationMetadata, UpdateSecretResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("UpdateSecret").withProtocolMetadata(protocolMetadata) .withMarshaller(new UpdateSecretRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(updateSecretRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                                        * Modifies the staging labels attached to a version of a secret. Secrets Manager uses staging labels to track a * version as it progresses through the secret rotation process. Each staging label can be attached to only one * version at a time. To add a staging label to a version when it is already attached to another version, Secrets * Manager first removes it from the other version first and then attaches it to this one. For more information * about versions and staging labels, see Concepts: * Version. *

                                        *

                                        * The staging labels that you specify in the VersionStage parameter are added to the existing list of * staging labels for the version. *

                                        *

                                        * You can move the AWSCURRENT staging label to this version by including it in this call. *

                                        * *

                                        * Whenever you move AWSCURRENT, Secrets Manager automatically moves the label AWSPREVIOUS * to the version that AWSCURRENT was removed from. *

                                        *
                                        *

                                        * If this action results in the last label being removed from a version, then the version is considered to be * 'deprecated' and can be deleted by Secrets Manager. *

                                        *

                                        * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                                        *

                                        * Required permissions: secretsmanager:UpdateSecretVersionStage. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                                        * * @param updateSecretVersionStageRequest * @return A Java Future containing the result of the UpdateSecretVersionStage operation returned by the service.
                                        * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                                          *
                                        • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                                        • *
                                        • InvalidParameterException The parameter name or value is invalid.
                                        • *
                                        • InvalidRequestException A parameter value is not valid for the current state of the resource.

                                          *

                                          * Possible causes: *

                                          *
                                            *
                                          • *

                                            * The secret is scheduled for deletion. *

                                            *
                                          • *
                                          • *

                                            * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                            *
                                          • *
                                          • *

                                            * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                                            *
                                          • *
                                          • LimitExceededException The request failed because it would exceed one of the Secrets Manager quotas.
                                          • *
                                          • InternalServiceErrorException An error occurred on the server side.
                                          • *
                                          • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                                          • *
                                          • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                                          • *
                                          • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                                          • *
                                          * @sample SecretsManagerAsyncClient.UpdateSecretVersionStage * @see AWS API Documentation */ @Override public CompletableFuture updateSecretVersionStage( UpdateSecretVersionStageRequest updateSecretVersionStageRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(updateSecretVersionStageRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, updateSecretVersionStageRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "UpdateSecretVersionStage"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, UpdateSecretVersionStageResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("UpdateSecretVersionStage").withProtocolMetadata(protocolMetadata) .withMarshaller(new UpdateSecretVersionStageRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(updateSecretVersionStageRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } /** *

                                          * Validates that a resource policy does not grant a wide range of principals access to your secret. A * resource-based policy is optional for secrets. *

                                          *

                                          * The API performs three checks when validating the policy: *

                                          *
                                            *
                                          • *

                                            * Sends a call to Zelkova, an automated reasoning engine, to ensure your resource policy does not allow broad access to your * secret, for example policies that use a wildcard for the principal. *

                                            *
                                          • *
                                          • *

                                            * Checks for correct syntax in a policy. *

                                            *
                                          • *
                                          • *

                                            * Verifies the policy does not lock out a caller. *

                                            *
                                          • *
                                          *

                                          * Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information * in request parameters because it might be logged. For more information, see Logging Secrets * Manager events with CloudTrail. *

                                          *

                                          * Required permissions: secretsmanager:ValidateResourcePolicy and * secretsmanager:PutResourcePolicy. For more information, see IAM policy actions for Secrets Manager and Authentication and access * control in Secrets Manager. *

                                          * * @param validateResourcePolicyRequest * @return A Java Future containing the result of the ValidateResourcePolicy operation returned by the service.
                                          * The CompletableFuture returned by this method can be completed exceptionally with the following * exceptions. The exception returned is wrapped with CompletionException, so you need to invoke * {@link Throwable#getCause} to retrieve the underlying exception. *
                                            *
                                          • MalformedPolicyDocumentException The resource policy has syntax errors.
                                          • *
                                          • ResourceNotFoundException Secrets Manager can't find the resource that you asked for.
                                          • *
                                          • InvalidParameterException The parameter name or value is invalid.
                                          • *
                                          • InternalServiceErrorException An error occurred on the server side.
                                          • *
                                          • InvalidRequestException A parameter value is not valid for the current state of the resource.

                                            *

                                            * Possible causes: *

                                            *
                                              *
                                            • *

                                              * The secret is scheduled for deletion. *

                                              *
                                            • *
                                            • *

                                              * You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and * you didn't include such an ARN as a parameter in this call. *

                                              *
                                            • *
                                            • *

                                              * The secret is managed by another service, and you must use that service to update it. For more * information, see Secrets * managed by other Amazon Web Services services. *

                                              *
                                            • *
                                            • SdkException Base class for all exceptions that can be thrown by the SDK (both service and client). * Can be used for catch all scenarios.
                                            • *
                                            • SdkClientException If any client side error occurs such as an IO related failure, failure to get * credentials, etc.
                                            • *
                                            • SecretsManagerException Base class for all service exceptions. Unknown exceptions will be thrown as * an instance of this type.
                                            • *
                                            * @sample SecretsManagerAsyncClient.ValidateResourcePolicy * @see AWS API Documentation */ @Override public CompletableFuture validateResourcePolicy( ValidateResourcePolicyRequest validateResourcePolicyRequest) { SdkClientConfiguration clientConfiguration = updateSdkClientConfiguration(validateResourcePolicyRequest, this.clientConfiguration); List metricPublishers = resolveMetricPublishers(clientConfiguration, validateResourcePolicyRequest .overrideConfiguration().orElse(null)); MetricCollector apiCallMetricCollector = metricPublishers.isEmpty() ? NoOpMetricCollector.create() : MetricCollector .create("ApiCall"); try { apiCallMetricCollector.reportMetric(CoreMetric.SERVICE_ID, "Secrets Manager"); apiCallMetricCollector.reportMetric(CoreMetric.OPERATION_NAME, "ValidateResourcePolicy"); JsonOperationMetadata operationMetadata = JsonOperationMetadata.builder().hasStreamingSuccessResponse(false) .isPayloadJson(true).build(); HttpResponseHandler responseHandler = protocolFactory.createResponseHandler( operationMetadata, ValidateResourcePolicyResponse::builder); HttpResponseHandler errorResponseHandler = createErrorResponseHandler(protocolFactory, operationMetadata); CompletableFuture executeFuture = clientHandler .execute(new ClientExecutionParams() .withOperationName("ValidateResourcePolicy").withProtocolMetadata(protocolMetadata) .withMarshaller(new ValidateResourcePolicyRequestMarshaller(protocolFactory)) .withResponseHandler(responseHandler).withErrorResponseHandler(errorResponseHandler) .withRequestConfiguration(clientConfiguration).withMetricCollector(apiCallMetricCollector) .withInput(validateResourcePolicyRequest)); CompletableFuture whenCompleted = executeFuture.whenComplete((r, e) -> { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); }); executeFuture = CompletableFutureUtils.forwardExceptionTo(whenCompleted, executeFuture); return executeFuture; } catch (Throwable t) { metricPublishers.forEach(p -> p.publish(apiCallMetricCollector.collect())); return CompletableFutureUtils.failedFuture(t); } } @Override public final SecretsManagerServiceClientConfiguration serviceClientConfiguration() { return new SecretsManagerServiceClientConfigurationBuilder(this.clientConfiguration.toBuilder()).build(); } @Override public final String serviceName() { return SERVICE_NAME; } private > T init(T builder) { return builder .clientConfiguration(clientConfiguration) .defaultServiceExceptionSupplier(SecretsManagerException::builder) .protocol(AwsJsonProtocol.AWS_JSON) .protocolVersion("1.1") .registerModeledException( ExceptionMetadata.builder().errorCode("EncryptionFailure") .exceptionBuilderSupplier(EncryptionFailureException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("InvalidParameterException") .exceptionBuilderSupplier(InvalidParameterException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("PublicPolicyException") .exceptionBuilderSupplier(PublicPolicyException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("MalformedPolicyDocumentException") .exceptionBuilderSupplier(MalformedPolicyDocumentException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("DecryptionFailure") .exceptionBuilderSupplier(DecryptionFailureException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("InvalidRequestException") .exceptionBuilderSupplier(InvalidRequestException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("ResourceNotFoundException") .exceptionBuilderSupplier(ResourceNotFoundException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("InternalServiceError") .exceptionBuilderSupplier(InternalServiceErrorException::builder).httpStatusCode(500).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("ResourceExistsException") .exceptionBuilderSupplier(ResourceExistsException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("InvalidNextTokenException") .exceptionBuilderSupplier(InvalidNextTokenException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("LimitExceededException") .exceptionBuilderSupplier(LimitExceededException::builder).httpStatusCode(400).build()) .registerModeledException( ExceptionMetadata.builder().errorCode("PreconditionNotMetException") .exceptionBuilderSupplier(PreconditionNotMetException::builder).httpStatusCode(400).build()); } private static List resolveMetricPublishers(SdkClientConfiguration clientConfiguration, RequestOverrideConfiguration requestOverrideConfiguration) { List publishers = null; if (requestOverrideConfiguration != null) { publishers = requestOverrideConfiguration.metricPublishers(); } if (publishers == null || publishers.isEmpty()) { publishers = clientConfiguration.option(SdkClientOption.METRIC_PUBLISHERS); } if (publishers == null) { publishers = Collections.emptyList(); } return publishers; } private void updateRetryStrategyClientConfiguration(SdkClientConfiguration.Builder configuration) { ClientOverrideConfiguration.Builder builder = configuration.asOverrideConfigurationBuilder(); RetryMode retryMode = builder.retryMode(); if (retryMode != null) { configuration.option(SdkClientOption.RETRY_STRATEGY, AwsRetryStrategy.forRetryMode(retryMode)); } else { Consumer> configurator = builder.retryStrategyConfigurator(); if (configurator != null) { RetryStrategy.Builder defaultBuilder = AwsRetryStrategy.defaultRetryStrategy().toBuilder(); configurator.accept(defaultBuilder); configuration.option(SdkClientOption.RETRY_STRATEGY, defaultBuilder.build()); } else { RetryStrategy retryStrategy = builder.retryStrategy(); if (retryStrategy != null) { configuration.option(SdkClientOption.RETRY_STRATEGY, retryStrategy); } } } configuration.option(SdkClientOption.CONFIGURED_RETRY_MODE, null); configuration.option(SdkClientOption.CONFIGURED_RETRY_STRATEGY, null); configuration.option(SdkClientOption.CONFIGURED_RETRY_CONFIGURATOR, null); } private SdkClientConfiguration updateSdkClientConfiguration(SdkRequest request, SdkClientConfiguration clientConfiguration) { List plugins = request.overrideConfiguration().map(c -> c.plugins()).orElse(Collections.emptyList()); SdkClientConfiguration.Builder configuration = clientConfiguration.toBuilder(); if (plugins.isEmpty()) { return configuration.build(); } SecretsManagerServiceClientConfigurationBuilder serviceConfigBuilder = new SecretsManagerServiceClientConfigurationBuilder( configuration); for (SdkPlugin plugin : plugins) { plugin.configureClient(serviceConfigBuilder); } updateRetryStrategyClientConfiguration(configuration); return configuration.build(); } private HttpResponseHandler createErrorResponseHandler(BaseAwsJsonProtocolFactory protocolFactory, JsonOperationMetadata operationMetadata) { return protocolFactory.createErrorResponseHandler(operationMetadata); } @Override public void close() { clientHandler.close(); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy