-- Hoogle documentation, generated by Haddock -- See Hoogle, http://www.haskell.org/hoogle/ -- | Amazon Secrets Manager SDK. -- -- Derived from API version 2017-10-17 of the AWS service -- descriptions, licensed under Apache 2.0. -- -- The types from this library are intended to be used with -- amazonka, which provides mechanisms for specifying AuthN/AuthZ -- information, sending requests, and receiving responses. -- -- It is recommended to use generic lenses or optics from packages such -- as generic-lens or optics to modify optional fields and -- deconstruct responses. -- -- Generated lenses can be found in Amazonka.SecretsManager.Lens -- and are suitable for use with a lens package such as lens or -- lens-family-core. -- -- See Amazonka.SecretsManager and the AWS documentation to -- get started. @package amazonka-secretsmanager @version 2.0 module Amazonka.SecretsManager.Types.FilterNameStringType newtype FilterNameStringType FilterNameStringType' :: Text -> FilterNameStringType [fromFilterNameStringType] :: FilterNameStringType -> Text pattern FilterNameStringType_All :: FilterNameStringType pattern FilterNameStringType_Description :: FilterNameStringType pattern FilterNameStringType_Name :: FilterNameStringType pattern FilterNameStringType_Owning_service :: FilterNameStringType pattern FilterNameStringType_Primary_region :: FilterNameStringType pattern FilterNameStringType_Tag_key :: FilterNameStringType pattern FilterNameStringType_Tag_value :: FilterNameStringType instance Amazonka.Data.XML.ToXML Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Amazonka.Data.XML.FromXML Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Amazonka.Data.Headers.ToHeader Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Amazonka.Data.Log.ToLog Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Amazonka.Data.ByteString.ToByteString Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Amazonka.Data.Text.ToText Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Amazonka.Data.Text.FromText Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance GHC.Generics.Generic Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance GHC.Classes.Ord Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance GHC.Classes.Eq Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance GHC.Read.Read Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType instance GHC.Show.Show Amazonka.SecretsManager.Types.FilterNameStringType.FilterNameStringType module Amazonka.SecretsManager.Types.Filter -- | Allows you to add filters when you use the search function in Secrets -- Manager. For more information, see Find secrets in Secrets -- Manager. -- -- See: newFilter smart constructor. data Filter Filter' :: Maybe FilterNameStringType -> Maybe (NonEmpty Text) -> Filter -- | The following are keys you can use: -- -- [$sel:key:Filter'] :: Filter -> Maybe FilterNameStringType -- | The keyword to filter for. -- -- You can prefix your search value with an exclamation mark (!) -- in order to perform negation filters. [$sel:values:Filter'] :: Filter -> Maybe (NonEmpty Text) -- | Create a value of Filter with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:key:Filter', filter_key - The following are keys -- you can use: -- -- -- -- $sel:values:Filter', filter_values - The keyword to -- filter for. -- -- You can prefix your search value with an exclamation mark (!) -- in order to perform negation filters. newFilter :: Filter -- | The following are keys you can use: -- -- filter_key :: Lens' Filter (Maybe FilterNameStringType) -- | The keyword to filter for. -- -- You can prefix your search value with an exclamation mark (!) -- in order to perform negation filters. filter_values :: Lens' Filter (Maybe (NonEmpty Text)) instance GHC.Generics.Generic Amazonka.SecretsManager.Types.Filter.Filter instance GHC.Show.Show Amazonka.SecretsManager.Types.Filter.Filter instance GHC.Read.Read Amazonka.SecretsManager.Types.Filter.Filter instance GHC.Classes.Eq Amazonka.SecretsManager.Types.Filter.Filter instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.Filter.Filter instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.Filter.Filter instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.Types.Filter.Filter module Amazonka.SecretsManager.Types.ReplicaRegionType -- | A custom type that specifies a Region and the -- KmsKeyId for a replica secret. -- -- See: newReplicaRegionType smart constructor. data ReplicaRegionType ReplicaRegionType' :: Maybe Text -> Maybe Text -> ReplicaRegionType -- | The ARN, key ID, or alias of the KMS key to encrypt the secret. If you -- don't include this field, Secrets Manager uses -- aws/secretsmanager. [$sel:kmsKeyId:ReplicaRegionType'] :: ReplicaRegionType -> Maybe Text -- | A Region code. For a list of Region codes, see Name and code of -- Regions. [$sel:region:ReplicaRegionType'] :: ReplicaRegionType -> Maybe Text -- | Create a value of ReplicaRegionType with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:kmsKeyId:ReplicaRegionType', -- replicaRegionType_kmsKeyId - The ARN, key ID, or alias of the -- KMS key to encrypt the secret. If you don't include this field, -- Secrets Manager uses aws/secretsmanager. -- -- $sel:region:ReplicaRegionType', replicaRegionType_region -- - A Region code. For a list of Region codes, see Name and code of -- Regions. newReplicaRegionType :: ReplicaRegionType -- | The ARN, key ID, or alias of the KMS key to encrypt the secret. If you -- don't include this field, Secrets Manager uses -- aws/secretsmanager. replicaRegionType_kmsKeyId :: Lens' ReplicaRegionType (Maybe Text) -- | A Region code. For a list of Region codes, see Name and code of -- Regions. replicaRegionType_region :: Lens' ReplicaRegionType (Maybe Text) instance GHC.Generics.Generic Amazonka.SecretsManager.Types.ReplicaRegionType.ReplicaRegionType instance GHC.Show.Show Amazonka.SecretsManager.Types.ReplicaRegionType.ReplicaRegionType instance GHC.Read.Read Amazonka.SecretsManager.Types.ReplicaRegionType.ReplicaRegionType instance GHC.Classes.Eq Amazonka.SecretsManager.Types.ReplicaRegionType.ReplicaRegionType instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.ReplicaRegionType.ReplicaRegionType instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.ReplicaRegionType.ReplicaRegionType instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.Types.ReplicaRegionType.ReplicaRegionType module Amazonka.SecretsManager.Types.RotationRulesType -- | A structure that defines the rotation configuration for the secret. -- -- See: newRotationRulesType smart constructor. data RotationRulesType RotationRulesType' :: Maybe Natural -> Maybe Text -> Maybe Text -> RotationRulesType -- | The number of days between automatic scheduled rotations of the -- secret. You can use this value to check that your secret meets your -- compliance guidelines for how often secrets must be rotated. -- -- In DescribeSecret and ListSecrets, this value is -- calculated from the rotation schedule after every successful rotation. -- In RotateSecret, you can set the rotation schedule in -- RotationRules with AutomaticallyAfterDays or -- ScheduleExpression, but not both. To set a rotation schedule -- in hours, use ScheduleExpression. [$sel:automaticallyAfterDays:RotationRulesType'] :: RotationRulesType -> Maybe Natural -- | The length of the rotation window in hours, for example 3h -- for a three hour window. Secrets Manager rotates your secret at any -- time during this window. The window must not extend into the next -- rotation window or the next UTC day. The window starts according to -- the ScheduleExpression. If you don't specify a -- Duration, for a ScheduleExpression in hours, the -- window automatically closes after one hour. For a -- ScheduleExpression in days, the window automatically closes -- at the end of the UTC day. For more information, including examples, -- see Schedule expressions in Secrets Manager rotation in the -- Secrets Manager Users Guide. [$sel:duration:RotationRulesType'] :: RotationRulesType -> Maybe Text -- | A cron() or rate() expression that defines the -- schedule for rotating your secret. Secrets Manager rotation schedules -- use UTC time zone. Secrets Manager rotates your secret any time during -- a rotation window. -- -- Secrets Manager rate() expressions represent the interval in -- hours or days that you want to rotate your secret, for example -- rate(12 hours) or rate(10 days). You can rotate a -- secret as often as every four hours. If you use a rate() -- expression, the rotation window starts at midnight. For a rate in -- hours, the default rotation window closes after one hour. For a rate -- in days, the default rotation window closes at the end of the day. You -- can set the Duration to change the rotation window. The -- rotation window must not extend into the next UTC day or into the next -- rotation window. -- -- You can use a cron() expression to create a rotation schedule -- that is more detailed than a rotation interval. For more information, -- including examples, see Schedule expressions in Secrets Manager -- rotation in the Secrets Manager Users Guide. For a cron -- expression that represents a schedule in hours, the default rotation -- window closes after one hour. For a cron expression that represents a -- schedule in days, the default rotation window closes at the end of the -- day. You can set the Duration to change the rotation window. -- The rotation window must not extend into the next UTC day or into the -- next rotation window. [$sel:scheduleExpression:RotationRulesType'] :: RotationRulesType -> Maybe Text -- | Create a value of RotationRulesType with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:automaticallyAfterDays:RotationRulesType', -- rotationRulesType_automaticallyAfterDays - The number of days -- between automatic scheduled rotations of the secret. You can use this -- value to check that your secret meets your compliance guidelines for -- how often secrets must be rotated. -- -- In DescribeSecret and ListSecrets, this value is -- calculated from the rotation schedule after every successful rotation. -- In RotateSecret, you can set the rotation schedule in -- RotationRules with AutomaticallyAfterDays or -- ScheduleExpression, but not both. To set a rotation schedule -- in hours, use ScheduleExpression. -- -- $sel:duration:RotationRulesType', -- rotationRulesType_duration - The length of the rotation window -- in hours, for example 3h for a three hour window. Secrets -- Manager rotates your secret at any time during this window. The window -- must not extend into the next rotation window or the next UTC day. The -- window starts according to the ScheduleExpression. If you -- don't specify a Duration, for a ScheduleExpression -- in hours, the window automatically closes after one hour. For a -- ScheduleExpression in days, the window automatically closes -- at the end of the UTC day. For more information, including examples, -- see Schedule expressions in Secrets Manager rotation in the -- Secrets Manager Users Guide. -- -- $sel:scheduleExpression:RotationRulesType', -- rotationRulesType_scheduleExpression - A cron() or -- rate() expression that defines the schedule for rotating your -- secret. Secrets Manager rotation schedules use UTC time zone. Secrets -- Manager rotates your secret any time during a rotation window. -- -- Secrets Manager rate() expressions represent the interval in -- hours or days that you want to rotate your secret, for example -- rate(12 hours) or rate(10 days). You can rotate a -- secret as often as every four hours. If you use a rate() -- expression, the rotation window starts at midnight. For a rate in -- hours, the default rotation window closes after one hour. For a rate -- in days, the default rotation window closes at the end of the day. You -- can set the Duration to change the rotation window. The -- rotation window must not extend into the next UTC day or into the next -- rotation window. -- -- You can use a cron() expression to create a rotation schedule -- that is more detailed than a rotation interval. For more information, -- including examples, see Schedule expressions in Secrets Manager -- rotation in the Secrets Manager Users Guide. For a cron -- expression that represents a schedule in hours, the default rotation -- window closes after one hour. For a cron expression that represents a -- schedule in days, the default rotation window closes at the end of the -- day. You can set the Duration to change the rotation window. -- The rotation window must not extend into the next UTC day or into the -- next rotation window. newRotationRulesType :: RotationRulesType -- | The number of days between automatic scheduled rotations of the -- secret. You can use this value to check that your secret meets your -- compliance guidelines for how often secrets must be rotated. -- -- In DescribeSecret and ListSecrets, this value is -- calculated from the rotation schedule after every successful rotation. -- In RotateSecret, you can set the rotation schedule in -- RotationRules with AutomaticallyAfterDays or -- ScheduleExpression, but not both. To set a rotation schedule -- in hours, use ScheduleExpression. rotationRulesType_automaticallyAfterDays :: Lens' RotationRulesType (Maybe Natural) -- | The length of the rotation window in hours, for example 3h -- for a three hour window. Secrets Manager rotates your secret at any -- time during this window. The window must not extend into the next -- rotation window or the next UTC day. The window starts according to -- the ScheduleExpression. If you don't specify a -- Duration, for a ScheduleExpression in hours, the -- window automatically closes after one hour. For a -- ScheduleExpression in days, the window automatically closes -- at the end of the UTC day. For more information, including examples, -- see Schedule expressions in Secrets Manager rotation in the -- Secrets Manager Users Guide. rotationRulesType_duration :: Lens' RotationRulesType (Maybe Text) -- | A cron() or rate() expression that defines the -- schedule for rotating your secret. Secrets Manager rotation schedules -- use UTC time zone. Secrets Manager rotates your secret any time during -- a rotation window. -- -- Secrets Manager rate() expressions represent the interval in -- hours or days that you want to rotate your secret, for example -- rate(12 hours) or rate(10 days). You can rotate a -- secret as often as every four hours. If you use a rate() -- expression, the rotation window starts at midnight. For a rate in -- hours, the default rotation window closes after one hour. For a rate -- in days, the default rotation window closes at the end of the day. You -- can set the Duration to change the rotation window. The -- rotation window must not extend into the next UTC day or into the next -- rotation window. -- -- You can use a cron() expression to create a rotation schedule -- that is more detailed than a rotation interval. For more information, -- including examples, see Schedule expressions in Secrets Manager -- rotation in the Secrets Manager Users Guide. For a cron -- expression that represents a schedule in hours, the default rotation -- window closes after one hour. For a cron expression that represents a -- schedule in days, the default rotation window closes at the end of the -- day. You can set the Duration to change the rotation window. -- The rotation window must not extend into the next UTC day or into the -- next rotation window. rotationRulesType_scheduleExpression :: Lens' RotationRulesType (Maybe Text) instance GHC.Generics.Generic Amazonka.SecretsManager.Types.RotationRulesType.RotationRulesType instance GHC.Show.Show Amazonka.SecretsManager.Types.RotationRulesType.RotationRulesType instance GHC.Read.Read Amazonka.SecretsManager.Types.RotationRulesType.RotationRulesType instance GHC.Classes.Eq Amazonka.SecretsManager.Types.RotationRulesType.RotationRulesType instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.SecretsManager.Types.RotationRulesType.RotationRulesType instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.RotationRulesType.RotationRulesType instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.RotationRulesType.RotationRulesType instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.Types.RotationRulesType.RotationRulesType module Amazonka.SecretsManager.Types.SecretVersionsListEntry -- | A structure that contains information about one version of a secret. -- -- See: newSecretVersionsListEntry smart constructor. data SecretVersionsListEntry SecretVersionsListEntry' :: Maybe POSIX -> Maybe [Text] -> Maybe POSIX -> Maybe Text -> Maybe (NonEmpty Text) -> SecretVersionsListEntry -- | The date and time this version of the secret was created. [$sel:createdDate:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe POSIX -- | The KMS keys used to encrypt the secret version. [$sel:kmsKeyIds:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe [Text] -- | The date that this version of the secret was last accessed. Note that -- the resolution of this field is at the date level and does not include -- the time. [$sel:lastAccessedDate:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe POSIX -- | The unique version identifier of this version of the secret. [$sel:versionId:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe Text -- | An array of staging labels that are currently associated with this -- version of the secret. [$sel:versionStages:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe (NonEmpty Text) -- | Create a value of SecretVersionsListEntry with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:createdDate:SecretVersionsListEntry', -- secretVersionsListEntry_createdDate - The date and time this -- version of the secret was created. -- -- $sel:kmsKeyIds:SecretVersionsListEntry', -- secretVersionsListEntry_kmsKeyIds - The KMS keys used to -- encrypt the secret version. -- -- $sel:lastAccessedDate:SecretVersionsListEntry', -- secretVersionsListEntry_lastAccessedDate - The date that this -- version of the secret was last accessed. Note that the resolution of -- this field is at the date level and does not include the time. -- -- $sel:versionId:SecretVersionsListEntry', -- secretVersionsListEntry_versionId - The unique version -- identifier of this version of the secret. -- -- $sel:versionStages:SecretVersionsListEntry', -- secretVersionsListEntry_versionStages - An array of staging -- labels that are currently associated with this version of the secret. newSecretVersionsListEntry :: SecretVersionsListEntry -- | The date and time this version of the secret was created. secretVersionsListEntry_createdDate :: Lens' SecretVersionsListEntry (Maybe UTCTime) -- | The KMS keys used to encrypt the secret version. secretVersionsListEntry_kmsKeyIds :: Lens' SecretVersionsListEntry (Maybe [Text]) -- | The date that this version of the secret was last accessed. Note that -- the resolution of this field is at the date level and does not include -- the time. secretVersionsListEntry_lastAccessedDate :: Lens' SecretVersionsListEntry (Maybe UTCTime) -- | The unique version identifier of this version of the secret. secretVersionsListEntry_versionId :: Lens' SecretVersionsListEntry (Maybe Text) -- | An array of staging labels that are currently associated with this -- version of the secret. secretVersionsListEntry_versionStages :: Lens' SecretVersionsListEntry (Maybe (NonEmpty Text)) instance GHC.Generics.Generic Amazonka.SecretsManager.Types.SecretVersionsListEntry.SecretVersionsListEntry instance GHC.Show.Show Amazonka.SecretsManager.Types.SecretVersionsListEntry.SecretVersionsListEntry instance GHC.Read.Read Amazonka.SecretsManager.Types.SecretVersionsListEntry.SecretVersionsListEntry instance GHC.Classes.Eq Amazonka.SecretsManager.Types.SecretVersionsListEntry.SecretVersionsListEntry instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.SecretsManager.Types.SecretVersionsListEntry.SecretVersionsListEntry instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.SecretVersionsListEntry.SecretVersionsListEntry instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.SecretVersionsListEntry.SecretVersionsListEntry module Amazonka.SecretsManager.Types.SortOrderType newtype SortOrderType SortOrderType' :: Text -> SortOrderType [fromSortOrderType] :: SortOrderType -> Text pattern SortOrderType_Asc :: SortOrderType pattern SortOrderType_Desc :: SortOrderType instance Amazonka.Data.XML.ToXML Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Amazonka.Data.XML.FromXML Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Amazonka.Data.Headers.ToHeader Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Amazonka.Data.Log.ToLog Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Amazonka.Data.ByteString.ToByteString Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Amazonka.Data.Text.ToText Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Amazonka.Data.Text.FromText Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance GHC.Generics.Generic Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance GHC.Classes.Ord Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance GHC.Classes.Eq Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance GHC.Read.Read Amazonka.SecretsManager.Types.SortOrderType.SortOrderType instance GHC.Show.Show Amazonka.SecretsManager.Types.SortOrderType.SortOrderType module Amazonka.SecretsManager.Types.StatusType newtype StatusType StatusType' :: Text -> StatusType [fromStatusType] :: StatusType -> Text pattern StatusType_Failed :: StatusType pattern StatusType_InProgress :: StatusType pattern StatusType_InSync :: StatusType instance Amazonka.Data.XML.ToXML Amazonka.SecretsManager.Types.StatusType.StatusType instance Amazonka.Data.XML.FromXML Amazonka.SecretsManager.Types.StatusType.StatusType instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.SecretsManager.Types.StatusType.StatusType instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.Types.StatusType.StatusType instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.SecretsManager.Types.StatusType.StatusType instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.SecretsManager.Types.StatusType.StatusType instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.Types.StatusType.StatusType instance Amazonka.Data.Headers.ToHeader Amazonka.SecretsManager.Types.StatusType.StatusType instance Amazonka.Data.Log.ToLog Amazonka.SecretsManager.Types.StatusType.StatusType instance Amazonka.Data.ByteString.ToByteString Amazonka.SecretsManager.Types.StatusType.StatusType instance Amazonka.Data.Text.ToText Amazonka.SecretsManager.Types.StatusType.StatusType instance Amazonka.Data.Text.FromText Amazonka.SecretsManager.Types.StatusType.StatusType instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.StatusType.StatusType instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.StatusType.StatusType instance GHC.Generics.Generic Amazonka.SecretsManager.Types.StatusType.StatusType instance GHC.Classes.Ord Amazonka.SecretsManager.Types.StatusType.StatusType instance GHC.Classes.Eq Amazonka.SecretsManager.Types.StatusType.StatusType instance GHC.Read.Read Amazonka.SecretsManager.Types.StatusType.StatusType instance GHC.Show.Show Amazonka.SecretsManager.Types.StatusType.StatusType module Amazonka.SecretsManager.Types.ReplicationStatusType -- | A replication object consisting of a RegionReplicationStatus -- object and includes a Region, KMSKeyId, status, and status message. -- -- See: newReplicationStatusType smart constructor. data ReplicationStatusType ReplicationStatusType' :: Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe StatusType -> Maybe Text -> ReplicationStatusType -- | Can be an ARN, Key ID, or Alias. [$sel:kmsKeyId:ReplicationStatusType'] :: ReplicationStatusType -> Maybe Text -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. [$sel:lastAccessedDate:ReplicationStatusType'] :: ReplicationStatusType -> Maybe POSIX -- | The Region where replication occurs. [$sel:region:ReplicationStatusType'] :: ReplicationStatusType -> Maybe Text -- | The status can be InProgress, Failed, or -- InSync. [$sel:status:ReplicationStatusType'] :: ReplicationStatusType -> Maybe StatusType -- | Status message such as "/Secret with this name already exists in this -- region/". [$sel:statusMessage:ReplicationStatusType'] :: ReplicationStatusType -> Maybe Text -- | Create a value of ReplicationStatusType with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:kmsKeyId:ReplicationStatusType', -- replicationStatusType_kmsKeyId - Can be an ARN, -- Key ID, or Alias. -- -- $sel:lastAccessedDate:ReplicationStatusType', -- replicationStatusType_lastAccessedDate - The date that the -- secret was last accessed in the Region. This field is omitted if the -- secret has never been retrieved in the Region. -- -- $sel:region:ReplicationStatusType', -- replicationStatusType_region - The Region where replication -- occurs. -- -- $sel:status:ReplicationStatusType', -- replicationStatusType_status - The status can be -- InProgress, Failed, or InSync. -- -- $sel:statusMessage:ReplicationStatusType', -- replicationStatusType_statusMessage - Status message such as -- "/Secret with this name already exists in this region/". newReplicationStatusType :: ReplicationStatusType -- | Can be an ARN, Key ID, or Alias. replicationStatusType_kmsKeyId :: Lens' ReplicationStatusType (Maybe Text) -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. replicationStatusType_lastAccessedDate :: Lens' ReplicationStatusType (Maybe UTCTime) -- | The Region where replication occurs. replicationStatusType_region :: Lens' ReplicationStatusType (Maybe Text) -- | The status can be InProgress, Failed, or -- InSync. replicationStatusType_status :: Lens' ReplicationStatusType (Maybe StatusType) -- | Status message such as "/Secret with this name already exists in this -- region/". replicationStatusType_statusMessage :: Lens' ReplicationStatusType (Maybe Text) instance GHC.Generics.Generic Amazonka.SecretsManager.Types.ReplicationStatusType.ReplicationStatusType instance GHC.Show.Show Amazonka.SecretsManager.Types.ReplicationStatusType.ReplicationStatusType instance GHC.Read.Read Amazonka.SecretsManager.Types.ReplicationStatusType.ReplicationStatusType instance GHC.Classes.Eq Amazonka.SecretsManager.Types.ReplicationStatusType.ReplicationStatusType instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.SecretsManager.Types.ReplicationStatusType.ReplicationStatusType instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.ReplicationStatusType.ReplicationStatusType instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.ReplicationStatusType.ReplicationStatusType module Amazonka.SecretsManager.Types.Tag -- | A structure that contains information about a tag. -- -- See: newTag smart constructor. data Tag Tag' :: Maybe Text -> Maybe Text -> Tag -- | The key identifier, or name, of the tag. [$sel:key:Tag'] :: Tag -> Maybe Text -- | The string value associated with the key of the tag. [$sel:value:Tag'] :: Tag -> Maybe Text -- | Create a value of Tag with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:key:Tag', tag_key - The key identifier, or name, of -- the tag. -- -- $sel:value:Tag', tag_value - The string value associated -- with the key of the tag. newTag :: Tag -- | The key identifier, or name, of the tag. tag_key :: Lens' Tag (Maybe Text) -- | The string value associated with the key of the tag. tag_value :: Lens' Tag (Maybe Text) instance GHC.Generics.Generic Amazonka.SecretsManager.Types.Tag.Tag instance GHC.Show.Show Amazonka.SecretsManager.Types.Tag.Tag instance GHC.Read.Read Amazonka.SecretsManager.Types.Tag.Tag instance GHC.Classes.Eq Amazonka.SecretsManager.Types.Tag.Tag instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.SecretsManager.Types.Tag.Tag instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.Tag.Tag instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.Tag.Tag instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.Types.Tag.Tag module Amazonka.SecretsManager.Types.SecretListEntry -- | A structure that contains the details about a secret. It does not -- include the encrypted SecretString and SecretBinary -- values. To get those values, use GetSecretValue . -- -- See: newSecretListEntry smart constructor. data SecretListEntry SecretListEntry' :: Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe RotationRulesType -> Maybe (HashMap Text (NonEmpty Text)) -> Maybe [Tag] -> SecretListEntry -- | The Amazon Resource Name (ARN) of the secret. [$sel:arn:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | The date and time when a secret was created. [$sel:createdDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The date and time the deletion of the secret occurred. Not present on -- active secrets. The secret can be recovered until the number of days -- in the recovery window has passed, as specified in the -- RecoveryWindowInDays parameter of the DeleteSecret -- operation. [$sel:deletedDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The user-provided description of the secret. [$sel:description:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | The ARN of the KMS key that Secrets Manager uses to encrypt the secret -- value. If the secret is encrypted with the Amazon Web Services managed -- key aws/secretsmanager, this field is omitted. [$sel:kmsKeyId:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. [$sel:lastAccessedDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The last date and time that this secret was modified in any way. [$sel:lastChangedDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The most recent date and time that the Secrets Manager rotation -- process was successfully completed. This value is null if the secret -- hasn't ever rotated. [$sel:lastRotatedDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The friendly name of the secret. You can use forward slashes in the -- name to represent a path hierarchy. For example, -- /prod/databases/dbserver1 could represent the secret for a -- server named dbserver1 in the folder databases in -- the folder prod. [$sel:name:SecretListEntry'] :: SecretListEntry -> Maybe Text [$sel:nextRotationDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | Returns the name of the service that created the secret. [$sel:owningService:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | The Region where Secrets Manager originated the secret. [$sel:primaryRegion:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | Indicates whether automatic, scheduled rotation is enabled for this -- secret. [$sel:rotationEnabled:SecretListEntry'] :: SecretListEntry -> Maybe Bool -- | The ARN of an Amazon Web Services Lambda function invoked by Secrets -- Manager to rotate and expire the secret either automatically per the -- schedule or manually by a call to RotateSecret . [$sel:rotationLambdaARN:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | A structure that defines the rotation configuration for the secret. [$sel:rotationRules:SecretListEntry'] :: SecretListEntry -> Maybe RotationRulesType -- | A list of all of the currently assigned SecretVersionStage -- staging labels and the SecretVersionId attached to each one. -- Staging labels are used to keep track of the different versions during -- the rotation process. -- -- A version that does not have any SecretVersionStage is -- considered deprecated and subject to deletion. Such versions are not -- included in this list. [$sel:secretVersionsToStages:SecretListEntry'] :: SecretListEntry -> Maybe (HashMap Text (NonEmpty Text)) -- | The list of user-defined tags associated with the secret. To add tags -- to a secret, use TagResource . To remove tags, use -- UntagResource . [$sel:tags:SecretListEntry'] :: SecretListEntry -> Maybe [Tag] -- | Create a value of SecretListEntry with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:arn:SecretListEntry', secretListEntry_arn - The -- Amazon Resource Name (ARN) of the secret. -- -- $sel:createdDate:SecretListEntry', -- secretListEntry_createdDate - The date and time when a secret -- was created. -- -- $sel:deletedDate:SecretListEntry', -- secretListEntry_deletedDate - The date and time the deletion of -- the secret occurred. Not present on active secrets. The secret can be -- recovered until the number of days in the recovery window has passed, -- as specified in the RecoveryWindowInDays parameter of the -- DeleteSecret operation. -- -- $sel:description:SecretListEntry', -- secretListEntry_description - The user-provided description of -- the secret. -- -- $sel:kmsKeyId:SecretListEntry', secretListEntry_kmsKeyId -- - The ARN of the KMS key that Secrets Manager uses to encrypt the -- secret value. If the secret is encrypted with the Amazon Web Services -- managed key aws/secretsmanager, this field is omitted. -- -- $sel:lastAccessedDate:SecretListEntry', -- secretListEntry_lastAccessedDate - The date that the secret was -- last accessed in the Region. This field is omitted if the secret has -- never been retrieved in the Region. -- -- $sel:lastChangedDate:SecretListEntry', -- secretListEntry_lastChangedDate - The last date and time that -- this secret was modified in any way. -- -- $sel:lastRotatedDate:SecretListEntry', -- secretListEntry_lastRotatedDate - The most recent date and time -- that the Secrets Manager rotation process was successfully completed. -- This value is null if the secret hasn't ever rotated. -- -- $sel:name:SecretListEntry', secretListEntry_name - The -- friendly name of the secret. You can use forward slashes in the name -- to represent a path hierarchy. For example, -- /prod/databases/dbserver1 could represent the secret for a -- server named dbserver1 in the folder databases in -- the folder prod. -- -- $sel:nextRotationDate:SecretListEntry', -- secretListEntry_nextRotationDate - Undocumented member. -- -- $sel:owningService:SecretListEntry', -- secretListEntry_owningService - Returns the name of the service -- that created the secret. -- -- $sel:primaryRegion:SecretListEntry', -- secretListEntry_primaryRegion - The Region where Secrets -- Manager originated the secret. -- -- $sel:rotationEnabled:SecretListEntry', -- secretListEntry_rotationEnabled - Indicates whether automatic, -- scheduled rotation is enabled for this secret. -- -- $sel:rotationLambdaARN:SecretListEntry', -- secretListEntry_rotationLambdaARN - The ARN of an Amazon Web -- Services Lambda function invoked by Secrets Manager to rotate and -- expire the secret either automatically per the schedule or manually by -- a call to RotateSecret . -- -- $sel:rotationRules:SecretListEntry', -- secretListEntry_rotationRules - A structure that defines the -- rotation configuration for the secret. -- -- $sel:secretVersionsToStages:SecretListEntry', -- secretListEntry_secretVersionsToStages - A list of all of the -- currently assigned SecretVersionStage staging labels and the -- SecretVersionId attached to each one. Staging labels are used -- to keep track of the different versions during the rotation process. -- -- A version that does not have any SecretVersionStage is -- considered deprecated and subject to deletion. Such versions are not -- included in this list. -- -- $sel:tags:SecretListEntry', secretListEntry_tags - The -- list of user-defined tags associated with the secret. To add tags to a -- secret, use TagResource . To remove tags, use -- UntagResource . newSecretListEntry :: SecretListEntry -- | The Amazon Resource Name (ARN) of the secret. secretListEntry_arn :: Lens' SecretListEntry (Maybe Text) -- | The date and time when a secret was created. secretListEntry_createdDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The date and time the deletion of the secret occurred. Not present on -- active secrets. The secret can be recovered until the number of days -- in the recovery window has passed, as specified in the -- RecoveryWindowInDays parameter of the DeleteSecret -- operation. secretListEntry_deletedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The user-provided description of the secret. secretListEntry_description :: Lens' SecretListEntry (Maybe Text) -- | The ARN of the KMS key that Secrets Manager uses to encrypt the secret -- value. If the secret is encrypted with the Amazon Web Services managed -- key aws/secretsmanager, this field is omitted. secretListEntry_kmsKeyId :: Lens' SecretListEntry (Maybe Text) -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. secretListEntry_lastAccessedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The last date and time that this secret was modified in any way. secretListEntry_lastChangedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The most recent date and time that the Secrets Manager rotation -- process was successfully completed. This value is null if the secret -- hasn't ever rotated. secretListEntry_lastRotatedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The friendly name of the secret. You can use forward slashes in the -- name to represent a path hierarchy. For example, -- /prod/databases/dbserver1 could represent the secret for a -- server named dbserver1 in the folder databases in -- the folder prod. secretListEntry_name :: Lens' SecretListEntry (Maybe Text) -- | Undocumented member. secretListEntry_nextRotationDate :: Lens' SecretListEntry (Maybe UTCTime) -- | Returns the name of the service that created the secret. secretListEntry_owningService :: Lens' SecretListEntry (Maybe Text) -- | The Region where Secrets Manager originated the secret. secretListEntry_primaryRegion :: Lens' SecretListEntry (Maybe Text) -- | Indicates whether automatic, scheduled rotation is enabled for this -- secret. secretListEntry_rotationEnabled :: Lens' SecretListEntry (Maybe Bool) -- | The ARN of an Amazon Web Services Lambda function invoked by Secrets -- Manager to rotate and expire the secret either automatically per the -- schedule or manually by a call to RotateSecret . secretListEntry_rotationLambdaARN :: Lens' SecretListEntry (Maybe Text) -- | A structure that defines the rotation configuration for the secret. secretListEntry_rotationRules :: Lens' SecretListEntry (Maybe RotationRulesType) -- | A list of all of the currently assigned SecretVersionStage -- staging labels and the SecretVersionId attached to each one. -- Staging labels are used to keep track of the different versions during -- the rotation process. -- -- A version that does not have any SecretVersionStage is -- considered deprecated and subject to deletion. Such versions are not -- included in this list. secretListEntry_secretVersionsToStages :: Lens' SecretListEntry (Maybe (HashMap Text (NonEmpty Text))) -- | The list of user-defined tags associated with the secret. To add tags -- to a secret, use TagResource . To remove tags, use -- UntagResource . secretListEntry_tags :: Lens' SecretListEntry (Maybe [Tag]) instance GHC.Generics.Generic Amazonka.SecretsManager.Types.SecretListEntry.SecretListEntry instance GHC.Show.Show Amazonka.SecretsManager.Types.SecretListEntry.SecretListEntry instance GHC.Read.Read Amazonka.SecretsManager.Types.SecretListEntry.SecretListEntry instance GHC.Classes.Eq Amazonka.SecretsManager.Types.SecretListEntry.SecretListEntry instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.SecretsManager.Types.SecretListEntry.SecretListEntry instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.SecretListEntry.SecretListEntry instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.SecretListEntry.SecretListEntry module Amazonka.SecretsManager.Types.ValidationErrorsEntry -- | Displays errors that occurred during validation of the resource -- policy. -- -- See: newValidationErrorsEntry smart constructor. data ValidationErrorsEntry ValidationErrorsEntry' :: Maybe Text -> Maybe Text -> ValidationErrorsEntry -- | Checks the name of the policy. [$sel:checkName:ValidationErrorsEntry'] :: ValidationErrorsEntry -> Maybe Text -- | Displays error messages if validation encounters problems during -- validation of the resource policy. [$sel:errorMessage:ValidationErrorsEntry'] :: ValidationErrorsEntry -> Maybe Text -- | Create a value of ValidationErrorsEntry with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:checkName:ValidationErrorsEntry', -- validationErrorsEntry_checkName - Checks the name of the -- policy. -- -- $sel:errorMessage:ValidationErrorsEntry', -- validationErrorsEntry_errorMessage - Displays error messages if -- validation encounters problems during validation of the resource -- policy. newValidationErrorsEntry :: ValidationErrorsEntry -- | Checks the name of the policy. validationErrorsEntry_checkName :: Lens' ValidationErrorsEntry (Maybe Text) -- | Displays error messages if validation encounters problems during -- validation of the resource policy. validationErrorsEntry_errorMessage :: Lens' ValidationErrorsEntry (Maybe Text) instance GHC.Generics.Generic Amazonka.SecretsManager.Types.ValidationErrorsEntry.ValidationErrorsEntry instance GHC.Show.Show Amazonka.SecretsManager.Types.ValidationErrorsEntry.ValidationErrorsEntry instance GHC.Read.Read Amazonka.SecretsManager.Types.ValidationErrorsEntry.ValidationErrorsEntry instance GHC.Classes.Eq Amazonka.SecretsManager.Types.ValidationErrorsEntry.ValidationErrorsEntry instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.SecretsManager.Types.ValidationErrorsEntry.ValidationErrorsEntry instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.Types.ValidationErrorsEntry.ValidationErrorsEntry instance Control.DeepSeq.NFData Amazonka.SecretsManager.Types.ValidationErrorsEntry.ValidationErrorsEntry module Amazonka.SecretsManager.Types -- | API version 2017-10-17 of the Amazon Secrets Manager SDK -- configuration. defaultService :: Service -- | Secrets Manager can't decrypt the protected secret text using the -- provided KMS key. _DecryptionFailure :: AsError a => Fold a ServiceError -- | Secrets Manager can't encrypt the protected secret text using the -- provided KMS key. Check that the KMS key is available, enabled, and -- not in an invalid state. For more information, see Key state: -- Effect on your KMS key. _EncryptionFailure :: AsError a => Fold a ServiceError -- | An error occurred on the server side. _InternalServiceError :: AsError a => Fold a ServiceError -- | The NextToken value is invalid. _InvalidNextTokenException :: AsError a => Fold a ServiceError -- | The parameter name or value is invalid. _InvalidParameterException :: AsError a => Fold a ServiceError -- | A parameter value is not valid for the current state of the resource. -- -- Possible causes: -- -- _InvalidRequestException :: AsError a => Fold a ServiceError -- | The request failed because it would exceed one of the Secrets Manager -- quotas. _LimitExceededException :: AsError a => Fold a ServiceError -- | The resource policy has syntax errors. _MalformedPolicyDocumentException :: AsError a => Fold a ServiceError -- | The request failed because you did not complete all the prerequisite -- steps. _PreconditionNotMetException :: AsError a => Fold a ServiceError -- | The BlockPublicPolicy parameter is set to true, and the -- resource policy did not prevent broad access to the secret. _PublicPolicyException :: AsError a => Fold a ServiceError -- | A resource with the ID you requested already exists. _ResourceExistsException :: AsError a => Fold a ServiceError -- | Secrets Manager can't find the resource that you asked for. _ResourceNotFoundException :: AsError a => Fold a ServiceError newtype FilterNameStringType FilterNameStringType' :: Text -> FilterNameStringType [fromFilterNameStringType] :: FilterNameStringType -> Text pattern FilterNameStringType_All :: FilterNameStringType pattern FilterNameStringType_Description :: FilterNameStringType pattern FilterNameStringType_Name :: FilterNameStringType pattern FilterNameStringType_Owning_service :: FilterNameStringType pattern FilterNameStringType_Primary_region :: FilterNameStringType pattern FilterNameStringType_Tag_key :: FilterNameStringType pattern FilterNameStringType_Tag_value :: FilterNameStringType newtype SortOrderType SortOrderType' :: Text -> SortOrderType [fromSortOrderType] :: SortOrderType -> Text pattern SortOrderType_Asc :: SortOrderType pattern SortOrderType_Desc :: SortOrderType newtype StatusType StatusType' :: Text -> StatusType [fromStatusType] :: StatusType -> Text pattern StatusType_Failed :: StatusType pattern StatusType_InProgress :: StatusType pattern StatusType_InSync :: StatusType -- | Allows you to add filters when you use the search function in Secrets -- Manager. For more information, see Find secrets in Secrets -- Manager. -- -- See: newFilter smart constructor. data Filter Filter' :: Maybe FilterNameStringType -> Maybe (NonEmpty Text) -> Filter -- | The following are keys you can use: -- -- [$sel:key:Filter'] :: Filter -> Maybe FilterNameStringType -- | The keyword to filter for. -- -- You can prefix your search value with an exclamation mark (!) -- in order to perform negation filters. [$sel:values:Filter'] :: Filter -> Maybe (NonEmpty Text) -- | Create a value of Filter with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:key:Filter', filter_key - The following are keys -- you can use: -- -- -- -- $sel:values:Filter', filter_values - The keyword to -- filter for. -- -- You can prefix your search value with an exclamation mark (!) -- in order to perform negation filters. newFilter :: Filter -- | The following are keys you can use: -- -- filter_key :: Lens' Filter (Maybe FilterNameStringType) -- | The keyword to filter for. -- -- You can prefix your search value with an exclamation mark (!) -- in order to perform negation filters. filter_values :: Lens' Filter (Maybe (NonEmpty Text)) -- | A custom type that specifies a Region and the -- KmsKeyId for a replica secret. -- -- See: newReplicaRegionType smart constructor. data ReplicaRegionType ReplicaRegionType' :: Maybe Text -> Maybe Text -> ReplicaRegionType -- | The ARN, key ID, or alias of the KMS key to encrypt the secret. If you -- don't include this field, Secrets Manager uses -- aws/secretsmanager. [$sel:kmsKeyId:ReplicaRegionType'] :: ReplicaRegionType -> Maybe Text -- | A Region code. For a list of Region codes, see Name and code of -- Regions. [$sel:region:ReplicaRegionType'] :: ReplicaRegionType -> Maybe Text -- | Create a value of ReplicaRegionType with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:kmsKeyId:ReplicaRegionType', -- replicaRegionType_kmsKeyId - The ARN, key ID, or alias of the -- KMS key to encrypt the secret. If you don't include this field, -- Secrets Manager uses aws/secretsmanager. -- -- $sel:region:ReplicaRegionType', replicaRegionType_region -- - A Region code. For a list of Region codes, see Name and code of -- Regions. newReplicaRegionType :: ReplicaRegionType -- | The ARN, key ID, or alias of the KMS key to encrypt the secret. If you -- don't include this field, Secrets Manager uses -- aws/secretsmanager. replicaRegionType_kmsKeyId :: Lens' ReplicaRegionType (Maybe Text) -- | A Region code. For a list of Region codes, see Name and code of -- Regions. replicaRegionType_region :: Lens' ReplicaRegionType (Maybe Text) -- | A replication object consisting of a RegionReplicationStatus -- object and includes a Region, KMSKeyId, status, and status message. -- -- See: newReplicationStatusType smart constructor. data ReplicationStatusType ReplicationStatusType' :: Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe StatusType -> Maybe Text -> ReplicationStatusType -- | Can be an ARN, Key ID, or Alias. [$sel:kmsKeyId:ReplicationStatusType'] :: ReplicationStatusType -> Maybe Text -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. [$sel:lastAccessedDate:ReplicationStatusType'] :: ReplicationStatusType -> Maybe POSIX -- | The Region where replication occurs. [$sel:region:ReplicationStatusType'] :: ReplicationStatusType -> Maybe Text -- | The status can be InProgress, Failed, or -- InSync. [$sel:status:ReplicationStatusType'] :: ReplicationStatusType -> Maybe StatusType -- | Status message such as "/Secret with this name already exists in this -- region/". [$sel:statusMessage:ReplicationStatusType'] :: ReplicationStatusType -> Maybe Text -- | Create a value of ReplicationStatusType with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:kmsKeyId:ReplicationStatusType', -- replicationStatusType_kmsKeyId - Can be an ARN, -- Key ID, or Alias. -- -- $sel:lastAccessedDate:ReplicationStatusType', -- replicationStatusType_lastAccessedDate - The date that the -- secret was last accessed in the Region. This field is omitted if the -- secret has never been retrieved in the Region. -- -- $sel:region:ReplicationStatusType', -- replicationStatusType_region - The Region where replication -- occurs. -- -- $sel:status:ReplicationStatusType', -- replicationStatusType_status - The status can be -- InProgress, Failed, or InSync. -- -- $sel:statusMessage:ReplicationStatusType', -- replicationStatusType_statusMessage - Status message such as -- "/Secret with this name already exists in this region/". newReplicationStatusType :: ReplicationStatusType -- | Can be an ARN, Key ID, or Alias. replicationStatusType_kmsKeyId :: Lens' ReplicationStatusType (Maybe Text) -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. replicationStatusType_lastAccessedDate :: Lens' ReplicationStatusType (Maybe UTCTime) -- | The Region where replication occurs. replicationStatusType_region :: Lens' ReplicationStatusType (Maybe Text) -- | The status can be InProgress, Failed, or -- InSync. replicationStatusType_status :: Lens' ReplicationStatusType (Maybe StatusType) -- | Status message such as "/Secret with this name already exists in this -- region/". replicationStatusType_statusMessage :: Lens' ReplicationStatusType (Maybe Text) -- | A structure that defines the rotation configuration for the secret. -- -- See: newRotationRulesType smart constructor. data RotationRulesType RotationRulesType' :: Maybe Natural -> Maybe Text -> Maybe Text -> RotationRulesType -- | The number of days between automatic scheduled rotations of the -- secret. You can use this value to check that your secret meets your -- compliance guidelines for how often secrets must be rotated. -- -- In DescribeSecret and ListSecrets, this value is -- calculated from the rotation schedule after every successful rotation. -- In RotateSecret, you can set the rotation schedule in -- RotationRules with AutomaticallyAfterDays or -- ScheduleExpression, but not both. To set a rotation schedule -- in hours, use ScheduleExpression. [$sel:automaticallyAfterDays:RotationRulesType'] :: RotationRulesType -> Maybe Natural -- | The length of the rotation window in hours, for example 3h -- for a three hour window. Secrets Manager rotates your secret at any -- time during this window. The window must not extend into the next -- rotation window or the next UTC day. The window starts according to -- the ScheduleExpression. If you don't specify a -- Duration, for a ScheduleExpression in hours, the -- window automatically closes after one hour. For a -- ScheduleExpression in days, the window automatically closes -- at the end of the UTC day. For more information, including examples, -- see Schedule expressions in Secrets Manager rotation in the -- Secrets Manager Users Guide. [$sel:duration:RotationRulesType'] :: RotationRulesType -> Maybe Text -- | A cron() or rate() expression that defines the -- schedule for rotating your secret. Secrets Manager rotation schedules -- use UTC time zone. Secrets Manager rotates your secret any time during -- a rotation window. -- -- Secrets Manager rate() expressions represent the interval in -- hours or days that you want to rotate your secret, for example -- rate(12 hours) or rate(10 days). You can rotate a -- secret as often as every four hours. If you use a rate() -- expression, the rotation window starts at midnight. For a rate in -- hours, the default rotation window closes after one hour. For a rate -- in days, the default rotation window closes at the end of the day. You -- can set the Duration to change the rotation window. The -- rotation window must not extend into the next UTC day or into the next -- rotation window. -- -- You can use a cron() expression to create a rotation schedule -- that is more detailed than a rotation interval. For more information, -- including examples, see Schedule expressions in Secrets Manager -- rotation in the Secrets Manager Users Guide. For a cron -- expression that represents a schedule in hours, the default rotation -- window closes after one hour. For a cron expression that represents a -- schedule in days, the default rotation window closes at the end of the -- day. You can set the Duration to change the rotation window. -- The rotation window must not extend into the next UTC day or into the -- next rotation window. [$sel:scheduleExpression:RotationRulesType'] :: RotationRulesType -> Maybe Text -- | Create a value of RotationRulesType with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:automaticallyAfterDays:RotationRulesType', -- rotationRulesType_automaticallyAfterDays - The number of days -- between automatic scheduled rotations of the secret. You can use this -- value to check that your secret meets your compliance guidelines for -- how often secrets must be rotated. -- -- In DescribeSecret and ListSecrets, this value is -- calculated from the rotation schedule after every successful rotation. -- In RotateSecret, you can set the rotation schedule in -- RotationRules with AutomaticallyAfterDays or -- ScheduleExpression, but not both. To set a rotation schedule -- in hours, use ScheduleExpression. -- -- $sel:duration:RotationRulesType', -- rotationRulesType_duration - The length of the rotation window -- in hours, for example 3h for a three hour window. Secrets -- Manager rotates your secret at any time during this window. The window -- must not extend into the next rotation window or the next UTC day. The -- window starts according to the ScheduleExpression. If you -- don't specify a Duration, for a ScheduleExpression -- in hours, the window automatically closes after one hour. For a -- ScheduleExpression in days, the window automatically closes -- at the end of the UTC day. For more information, including examples, -- see Schedule expressions in Secrets Manager rotation in the -- Secrets Manager Users Guide. -- -- $sel:scheduleExpression:RotationRulesType', -- rotationRulesType_scheduleExpression - A cron() or -- rate() expression that defines the schedule for rotating your -- secret. Secrets Manager rotation schedules use UTC time zone. Secrets -- Manager rotates your secret any time during a rotation window. -- -- Secrets Manager rate() expressions represent the interval in -- hours or days that you want to rotate your secret, for example -- rate(12 hours) or rate(10 days). You can rotate a -- secret as often as every four hours. If you use a rate() -- expression, the rotation window starts at midnight. For a rate in -- hours, the default rotation window closes after one hour. For a rate -- in days, the default rotation window closes at the end of the day. You -- can set the Duration to change the rotation window. The -- rotation window must not extend into the next UTC day or into the next -- rotation window. -- -- You can use a cron() expression to create a rotation schedule -- that is more detailed than a rotation interval. For more information, -- including examples, see Schedule expressions in Secrets Manager -- rotation in the Secrets Manager Users Guide. For a cron -- expression that represents a schedule in hours, the default rotation -- window closes after one hour. For a cron expression that represents a -- schedule in days, the default rotation window closes at the end of the -- day. You can set the Duration to change the rotation window. -- The rotation window must not extend into the next UTC day or into the -- next rotation window. newRotationRulesType :: RotationRulesType -- | The number of days between automatic scheduled rotations of the -- secret. You can use this value to check that your secret meets your -- compliance guidelines for how often secrets must be rotated. -- -- In DescribeSecret and ListSecrets, this value is -- calculated from the rotation schedule after every successful rotation. -- In RotateSecret, you can set the rotation schedule in -- RotationRules with AutomaticallyAfterDays or -- ScheduleExpression, but not both. To set a rotation schedule -- in hours, use ScheduleExpression. rotationRulesType_automaticallyAfterDays :: Lens' RotationRulesType (Maybe Natural) -- | The length of the rotation window in hours, for example 3h -- for a three hour window. Secrets Manager rotates your secret at any -- time during this window. The window must not extend into the next -- rotation window or the next UTC day. The window starts according to -- the ScheduleExpression. If you don't specify a -- Duration, for a ScheduleExpression in hours, the -- window automatically closes after one hour. For a -- ScheduleExpression in days, the window automatically closes -- at the end of the UTC day. For more information, including examples, -- see Schedule expressions in Secrets Manager rotation in the -- Secrets Manager Users Guide. rotationRulesType_duration :: Lens' RotationRulesType (Maybe Text) -- | A cron() or rate() expression that defines the -- schedule for rotating your secret. Secrets Manager rotation schedules -- use UTC time zone. Secrets Manager rotates your secret any time during -- a rotation window. -- -- Secrets Manager rate() expressions represent the interval in -- hours or days that you want to rotate your secret, for example -- rate(12 hours) or rate(10 days). You can rotate a -- secret as often as every four hours. If you use a rate() -- expression, the rotation window starts at midnight. For a rate in -- hours, the default rotation window closes after one hour. For a rate -- in days, the default rotation window closes at the end of the day. You -- can set the Duration to change the rotation window. The -- rotation window must not extend into the next UTC day or into the next -- rotation window. -- -- You can use a cron() expression to create a rotation schedule -- that is more detailed than a rotation interval. For more information, -- including examples, see Schedule expressions in Secrets Manager -- rotation in the Secrets Manager Users Guide. For a cron -- expression that represents a schedule in hours, the default rotation -- window closes after one hour. For a cron expression that represents a -- schedule in days, the default rotation window closes at the end of the -- day. You can set the Duration to change the rotation window. -- The rotation window must not extend into the next UTC day or into the -- next rotation window. rotationRulesType_scheduleExpression :: Lens' RotationRulesType (Maybe Text) -- | A structure that contains the details about a secret. It does not -- include the encrypted SecretString and SecretBinary -- values. To get those values, use GetSecretValue . -- -- See: newSecretListEntry smart constructor. data SecretListEntry SecretListEntry' :: Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe RotationRulesType -> Maybe (HashMap Text (NonEmpty Text)) -> Maybe [Tag] -> SecretListEntry -- | The Amazon Resource Name (ARN) of the secret. [$sel:arn:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | The date and time when a secret was created. [$sel:createdDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The date and time the deletion of the secret occurred. Not present on -- active secrets. The secret can be recovered until the number of days -- in the recovery window has passed, as specified in the -- RecoveryWindowInDays parameter of the DeleteSecret -- operation. [$sel:deletedDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The user-provided description of the secret. [$sel:description:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | The ARN of the KMS key that Secrets Manager uses to encrypt the secret -- value. If the secret is encrypted with the Amazon Web Services managed -- key aws/secretsmanager, this field is omitted. [$sel:kmsKeyId:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. [$sel:lastAccessedDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The last date and time that this secret was modified in any way. [$sel:lastChangedDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The most recent date and time that the Secrets Manager rotation -- process was successfully completed. This value is null if the secret -- hasn't ever rotated. [$sel:lastRotatedDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | The friendly name of the secret. You can use forward slashes in the -- name to represent a path hierarchy. For example, -- /prod/databases/dbserver1 could represent the secret for a -- server named dbserver1 in the folder databases in -- the folder prod. [$sel:name:SecretListEntry'] :: SecretListEntry -> Maybe Text [$sel:nextRotationDate:SecretListEntry'] :: SecretListEntry -> Maybe POSIX -- | Returns the name of the service that created the secret. [$sel:owningService:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | The Region where Secrets Manager originated the secret. [$sel:primaryRegion:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | Indicates whether automatic, scheduled rotation is enabled for this -- secret. [$sel:rotationEnabled:SecretListEntry'] :: SecretListEntry -> Maybe Bool -- | The ARN of an Amazon Web Services Lambda function invoked by Secrets -- Manager to rotate and expire the secret either automatically per the -- schedule or manually by a call to RotateSecret . [$sel:rotationLambdaARN:SecretListEntry'] :: SecretListEntry -> Maybe Text -- | A structure that defines the rotation configuration for the secret. [$sel:rotationRules:SecretListEntry'] :: SecretListEntry -> Maybe RotationRulesType -- | A list of all of the currently assigned SecretVersionStage -- staging labels and the SecretVersionId attached to each one. -- Staging labels are used to keep track of the different versions during -- the rotation process. -- -- A version that does not have any SecretVersionStage is -- considered deprecated and subject to deletion. Such versions are not -- included in this list. [$sel:secretVersionsToStages:SecretListEntry'] :: SecretListEntry -> Maybe (HashMap Text (NonEmpty Text)) -- | The list of user-defined tags associated with the secret. To add tags -- to a secret, use TagResource . To remove tags, use -- UntagResource . [$sel:tags:SecretListEntry'] :: SecretListEntry -> Maybe [Tag] -- | Create a value of SecretListEntry with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:arn:SecretListEntry', secretListEntry_arn - The -- Amazon Resource Name (ARN) of the secret. -- -- $sel:createdDate:SecretListEntry', -- secretListEntry_createdDate - The date and time when a secret -- was created. -- -- $sel:deletedDate:SecretListEntry', -- secretListEntry_deletedDate - The date and time the deletion of -- the secret occurred. Not present on active secrets. The secret can be -- recovered until the number of days in the recovery window has passed, -- as specified in the RecoveryWindowInDays parameter of the -- DeleteSecret operation. -- -- $sel:description:SecretListEntry', -- secretListEntry_description - The user-provided description of -- the secret. -- -- $sel:kmsKeyId:SecretListEntry', secretListEntry_kmsKeyId -- - The ARN of the KMS key that Secrets Manager uses to encrypt the -- secret value. If the secret is encrypted with the Amazon Web Services -- managed key aws/secretsmanager, this field is omitted. -- -- $sel:lastAccessedDate:SecretListEntry', -- secretListEntry_lastAccessedDate - The date that the secret was -- last accessed in the Region. This field is omitted if the secret has -- never been retrieved in the Region. -- -- $sel:lastChangedDate:SecretListEntry', -- secretListEntry_lastChangedDate - The last date and time that -- this secret was modified in any way. -- -- $sel:lastRotatedDate:SecretListEntry', -- secretListEntry_lastRotatedDate - The most recent date and time -- that the Secrets Manager rotation process was successfully completed. -- This value is null if the secret hasn't ever rotated. -- -- $sel:name:SecretListEntry', secretListEntry_name - The -- friendly name of the secret. You can use forward slashes in the name -- to represent a path hierarchy. For example, -- /prod/databases/dbserver1 could represent the secret for a -- server named dbserver1 in the folder databases in -- the folder prod. -- -- $sel:nextRotationDate:SecretListEntry', -- secretListEntry_nextRotationDate - Undocumented member. -- -- $sel:owningService:SecretListEntry', -- secretListEntry_owningService - Returns the name of the service -- that created the secret. -- -- $sel:primaryRegion:SecretListEntry', -- secretListEntry_primaryRegion - The Region where Secrets -- Manager originated the secret. -- -- $sel:rotationEnabled:SecretListEntry', -- secretListEntry_rotationEnabled - Indicates whether automatic, -- scheduled rotation is enabled for this secret. -- -- $sel:rotationLambdaARN:SecretListEntry', -- secretListEntry_rotationLambdaARN - The ARN of an Amazon Web -- Services Lambda function invoked by Secrets Manager to rotate and -- expire the secret either automatically per the schedule or manually by -- a call to RotateSecret . -- -- $sel:rotationRules:SecretListEntry', -- secretListEntry_rotationRules - A structure that defines the -- rotation configuration for the secret. -- -- $sel:secretVersionsToStages:SecretListEntry', -- secretListEntry_secretVersionsToStages - A list of all of the -- currently assigned SecretVersionStage staging labels and the -- SecretVersionId attached to each one. Staging labels are used -- to keep track of the different versions during the rotation process. -- -- A version that does not have any SecretVersionStage is -- considered deprecated and subject to deletion. Such versions are not -- included in this list. -- -- $sel:tags:SecretListEntry', secretListEntry_tags - The -- list of user-defined tags associated with the secret. To add tags to a -- secret, use TagResource . To remove tags, use -- UntagResource . newSecretListEntry :: SecretListEntry -- | The Amazon Resource Name (ARN) of the secret. secretListEntry_arn :: Lens' SecretListEntry (Maybe Text) -- | The date and time when a secret was created. secretListEntry_createdDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The date and time the deletion of the secret occurred. Not present on -- active secrets. The secret can be recovered until the number of days -- in the recovery window has passed, as specified in the -- RecoveryWindowInDays parameter of the DeleteSecret -- operation. secretListEntry_deletedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The user-provided description of the secret. secretListEntry_description :: Lens' SecretListEntry (Maybe Text) -- | The ARN of the KMS key that Secrets Manager uses to encrypt the secret -- value. If the secret is encrypted with the Amazon Web Services managed -- key aws/secretsmanager, this field is omitted. secretListEntry_kmsKeyId :: Lens' SecretListEntry (Maybe Text) -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. secretListEntry_lastAccessedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The last date and time that this secret was modified in any way. secretListEntry_lastChangedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The most recent date and time that the Secrets Manager rotation -- process was successfully completed. This value is null if the secret -- hasn't ever rotated. secretListEntry_lastRotatedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The friendly name of the secret. You can use forward slashes in the -- name to represent a path hierarchy. For example, -- /prod/databases/dbserver1 could represent the secret for a -- server named dbserver1 in the folder databases in -- the folder prod. secretListEntry_name :: Lens' SecretListEntry (Maybe Text) -- | Undocumented member. secretListEntry_nextRotationDate :: Lens' SecretListEntry (Maybe UTCTime) -- | Returns the name of the service that created the secret. secretListEntry_owningService :: Lens' SecretListEntry (Maybe Text) -- | The Region where Secrets Manager originated the secret. secretListEntry_primaryRegion :: Lens' SecretListEntry (Maybe Text) -- | Indicates whether automatic, scheduled rotation is enabled for this -- secret. secretListEntry_rotationEnabled :: Lens' SecretListEntry (Maybe Bool) -- | The ARN of an Amazon Web Services Lambda function invoked by Secrets -- Manager to rotate and expire the secret either automatically per the -- schedule or manually by a call to RotateSecret . secretListEntry_rotationLambdaARN :: Lens' SecretListEntry (Maybe Text) -- | A structure that defines the rotation configuration for the secret. secretListEntry_rotationRules :: Lens' SecretListEntry (Maybe RotationRulesType) -- | A list of all of the currently assigned SecretVersionStage -- staging labels and the SecretVersionId attached to each one. -- Staging labels are used to keep track of the different versions during -- the rotation process. -- -- A version that does not have any SecretVersionStage is -- considered deprecated and subject to deletion. Such versions are not -- included in this list. secretListEntry_secretVersionsToStages :: Lens' SecretListEntry (Maybe (HashMap Text (NonEmpty Text))) -- | The list of user-defined tags associated with the secret. To add tags -- to a secret, use TagResource . To remove tags, use -- UntagResource . secretListEntry_tags :: Lens' SecretListEntry (Maybe [Tag]) -- | A structure that contains information about one version of a secret. -- -- See: newSecretVersionsListEntry smart constructor. data SecretVersionsListEntry SecretVersionsListEntry' :: Maybe POSIX -> Maybe [Text] -> Maybe POSIX -> Maybe Text -> Maybe (NonEmpty Text) -> SecretVersionsListEntry -- | The date and time this version of the secret was created. [$sel:createdDate:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe POSIX -- | The KMS keys used to encrypt the secret version. [$sel:kmsKeyIds:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe [Text] -- | The date that this version of the secret was last accessed. Note that -- the resolution of this field is at the date level and does not include -- the time. [$sel:lastAccessedDate:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe POSIX -- | The unique version identifier of this version of the secret. [$sel:versionId:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe Text -- | An array of staging labels that are currently associated with this -- version of the secret. [$sel:versionStages:SecretVersionsListEntry'] :: SecretVersionsListEntry -> Maybe (NonEmpty Text) -- | Create a value of SecretVersionsListEntry with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:createdDate:SecretVersionsListEntry', -- secretVersionsListEntry_createdDate - The date and time this -- version of the secret was created. -- -- $sel:kmsKeyIds:SecretVersionsListEntry', -- secretVersionsListEntry_kmsKeyIds - The KMS keys used to -- encrypt the secret version. -- -- $sel:lastAccessedDate:SecretVersionsListEntry', -- secretVersionsListEntry_lastAccessedDate - The date that this -- version of the secret was last accessed. Note that the resolution of -- this field is at the date level and does not include the time. -- -- $sel:versionId:SecretVersionsListEntry', -- secretVersionsListEntry_versionId - The unique version -- identifier of this version of the secret. -- -- $sel:versionStages:SecretVersionsListEntry', -- secretVersionsListEntry_versionStages - An array of staging -- labels that are currently associated with this version of the secret. newSecretVersionsListEntry :: SecretVersionsListEntry -- | The date and time this version of the secret was created. secretVersionsListEntry_createdDate :: Lens' SecretVersionsListEntry (Maybe UTCTime) -- | The KMS keys used to encrypt the secret version. secretVersionsListEntry_kmsKeyIds :: Lens' SecretVersionsListEntry (Maybe [Text]) -- | The date that this version of the secret was last accessed. Note that -- the resolution of this field is at the date level and does not include -- the time. secretVersionsListEntry_lastAccessedDate :: Lens' SecretVersionsListEntry (Maybe UTCTime) -- | The unique version identifier of this version of the secret. secretVersionsListEntry_versionId :: Lens' SecretVersionsListEntry (Maybe Text) -- | An array of staging labels that are currently associated with this -- version of the secret. secretVersionsListEntry_versionStages :: Lens' SecretVersionsListEntry (Maybe (NonEmpty Text)) -- | A structure that contains information about a tag. -- -- See: newTag smart constructor. data Tag Tag' :: Maybe Text -> Maybe Text -> Tag -- | The key identifier, or name, of the tag. [$sel:key:Tag'] :: Tag -> Maybe Text -- | The string value associated with the key of the tag. [$sel:value:Tag'] :: Tag -> Maybe Text -- | Create a value of Tag with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:key:Tag', tag_key - The key identifier, or name, of -- the tag. -- -- $sel:value:Tag', tag_value - The string value associated -- with the key of the tag. newTag :: Tag -- | The key identifier, or name, of the tag. tag_key :: Lens' Tag (Maybe Text) -- | The string value associated with the key of the tag. tag_value :: Lens' Tag (Maybe Text) -- | Displays errors that occurred during validation of the resource -- policy. -- -- See: newValidationErrorsEntry smart constructor. data ValidationErrorsEntry ValidationErrorsEntry' :: Maybe Text -> Maybe Text -> ValidationErrorsEntry -- | Checks the name of the policy. [$sel:checkName:ValidationErrorsEntry'] :: ValidationErrorsEntry -> Maybe Text -- | Displays error messages if validation encounters problems during -- validation of the resource policy. [$sel:errorMessage:ValidationErrorsEntry'] :: ValidationErrorsEntry -> Maybe Text -- | Create a value of ValidationErrorsEntry with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:checkName:ValidationErrorsEntry', -- validationErrorsEntry_checkName - Checks the name of the -- policy. -- -- $sel:errorMessage:ValidationErrorsEntry', -- validationErrorsEntry_errorMessage - Displays error messages if -- validation encounters problems during validation of the resource -- policy. newValidationErrorsEntry :: ValidationErrorsEntry -- | Checks the name of the policy. validationErrorsEntry_checkName :: Lens' ValidationErrorsEntry (Maybe Text) -- | Displays error messages if validation encounters problems during -- validation of the resource policy. validationErrorsEntry_errorMessage :: Lens' ValidationErrorsEntry (Maybe Text) -- | Attaches tags to a secret. Tags consist of a key name and a value. -- Tags are part of the secret's metadata. They are not associated with -- specific versions of the secret. This operation appends tags to the -- existing list of tags. -- -- The following restrictions apply to tags: -- -- -- -- If you use tags as part of your security strategy, then adding or -- removing a tag can change permissions. If successfully completing this -- operation would result in you losing your permissions for this secret, -- then the operation is blocked and returns an Access Denied error. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: secretsmanager:TagResource. For -- more information, see IAM policy actions for Secrets Manager -- and Authentication and access control in Secrets Manager. module Amazonka.SecretsManager.TagResource -- | See: newTagResource smart constructor. data TagResource TagResource' :: Text -> [Tag] -> TagResource -- | The identifier for the secret to attach tags to. You can specify -- either the Amazon Resource Name (ARN) or the friendly name of the -- secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:TagResource'] :: TagResource -> Text -- | The tags to attach to the secret as a JSON text string argument. Each -- element in the list consists of a Key and a Value. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. [$sel:tags:TagResource'] :: TagResource -> [Tag] -- | Create a value of TagResource with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:TagResource', tagResource_secretId - The -- identifier for the secret to attach tags to. You can specify either -- the Amazon Resource Name (ARN) or the friendly name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- TagResource, tagResource_tags - The tags to attach to -- the secret as a JSON text string argument. Each element in the list -- consists of a Key and a Value. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. newTagResource :: Text -> TagResource -- | The identifier for the secret to attach tags to. You can specify -- either the Amazon Resource Name (ARN) or the friendly name of the -- secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. tagResource_secretId :: Lens' TagResource Text -- | The tags to attach to the secret as a JSON text string argument. Each -- element in the list consists of a Key and a Value. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. tagResource_tags :: Lens' TagResource [Tag] -- | See: newTagResourceResponse smart constructor. data TagResourceResponse TagResourceResponse' :: TagResourceResponse -- | Create a value of TagResourceResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. newTagResourceResponse :: TagResourceResponse instance GHC.Generics.Generic Amazonka.SecretsManager.TagResource.TagResource instance GHC.Show.Show Amazonka.SecretsManager.TagResource.TagResource instance GHC.Read.Read Amazonka.SecretsManager.TagResource.TagResource instance GHC.Classes.Eq Amazonka.SecretsManager.TagResource.TagResource instance GHC.Generics.Generic Amazonka.SecretsManager.TagResource.TagResourceResponse instance GHC.Show.Show Amazonka.SecretsManager.TagResource.TagResourceResponse instance GHC.Read.Read Amazonka.SecretsManager.TagResource.TagResourceResponse instance GHC.Classes.Eq Amazonka.SecretsManager.TagResource.TagResourceResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.TagResource.TagResource instance Control.DeepSeq.NFData Amazonka.SecretsManager.TagResource.TagResourceResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.TagResource.TagResource instance Control.DeepSeq.NFData Amazonka.SecretsManager.TagResource.TagResource instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.TagResource.TagResource instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.TagResource.TagResource instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.TagResource.TagResource instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.TagResource.TagResource -- | Removes the link between the replica secret and the primary secret and -- promotes the replica to a primary secret in the replica Region. -- -- You must call this operation from the Region in which you want to -- promote the replica to a primary secret. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:StopReplicationToReplica. For more -- information, see IAM policy actions for Secrets Manager and -- Authentication and access control in Secrets Manager. module Amazonka.SecretsManager.StopReplicationToReplica -- | See: newStopReplicationToReplica smart constructor. data StopReplicationToReplica StopReplicationToReplica' :: Text -> StopReplicationToReplica -- | The ARN of the primary secret. [$sel:secretId:StopReplicationToReplica'] :: StopReplicationToReplica -> Text -- | Create a value of StopReplicationToReplica with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:StopReplicationToReplica', -- stopReplicationToReplica_secretId - The ARN of the primary -- secret. newStopReplicationToReplica :: Text -> StopReplicationToReplica -- | The ARN of the primary secret. stopReplicationToReplica_secretId :: Lens' StopReplicationToReplica Text -- | See: newStopReplicationToReplicaResponse smart -- constructor. data StopReplicationToReplicaResponse StopReplicationToReplicaResponse' :: Maybe Text -> Int -> StopReplicationToReplicaResponse -- | The ARN of the promoted secret. The ARN is the same as the original -- primary secret except the Region is changed. [$sel:arn:StopReplicationToReplicaResponse'] :: StopReplicationToReplicaResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:StopReplicationToReplicaResponse'] :: StopReplicationToReplicaResponse -> Int -- | Create a value of StopReplicationToReplicaResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- StopReplicationToReplicaResponse, -- stopReplicationToReplicaResponse_arn - The ARN of the promoted -- secret. The ARN is the same as the original primary secret except the -- Region is changed. -- -- $sel:httpStatus:StopReplicationToReplicaResponse', -- stopReplicationToReplicaResponse_httpStatus - The response's -- http status code. newStopReplicationToReplicaResponse :: Int -> StopReplicationToReplicaResponse -- | The ARN of the promoted secret. The ARN is the same as the original -- primary secret except the Region is changed. stopReplicationToReplicaResponse_arn :: Lens' StopReplicationToReplicaResponse (Maybe Text) -- | The response's http status code. stopReplicationToReplicaResponse_httpStatus :: Lens' StopReplicationToReplicaResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance GHC.Show.Show Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance GHC.Read.Read Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance GHC.Classes.Eq Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance GHC.Generics.Generic Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplicaResponse instance GHC.Show.Show Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplicaResponse instance GHC.Read.Read Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplicaResponse instance GHC.Classes.Eq Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplicaResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance Control.DeepSeq.NFData Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplicaResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance Control.DeepSeq.NFData Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.StopReplicationToReplica.StopReplicationToReplica -- | Configures and starts the asynchronous process of rotating the secret. -- For more information about rotation, see Rotate secrets. -- -- If you include the configuration parameters, the operation sets the -- values for the secret and then immediately starts a rotation. If you -- don't include the configuration parameters, the operation starts a -- rotation with the values already stored in the secret. -- -- For database credentials you want to rotate, for Secrets Manager to be -- able to rotate the secret, you must make sure the secret value is in -- the JSON structure of a database secret. In particular, if you -- want to use the alternating users strategy, your secret must -- contain the ARN of a superuser secret. -- -- To configure rotation, you also need the ARN of an Amazon Web Services -- Lambda function and the schedule for the rotation. The Lambda rotation -- function creates a new version of the secret and creates or updates -- the credentials on the database or service to match. After testing the -- new credentials, the function marks the new secret version with the -- staging label AWSCURRENT. Then anyone who retrieves the -- secret gets the new version. For more information, see How rotation -- works. -- -- You can create the Lambda rotation function based on the rotation -- function templates that Secrets Manager provides. Choose a -- template that matches your Rotation strategy. -- -- When rotation is successful, the AWSPENDING staging label -- might be attached to the same version as the AWSCURRENT -- version, or it might not be attached to any version. If the -- AWSPENDING staging label is present but not attached to the -- same version as AWSCURRENT, then any later invocation of -- RotateSecret assumes that a previous rotation request is -- still in progress and returns an error. -- -- When rotation is unsuccessful, the AWSPENDING staging label -- might be attached to an empty secret version. For more information, -- see Troubleshoot rotation in the Secrets Manager User -- Guide. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: secretsmanager:RotateSecret. For -- more information, see IAM policy actions for Secrets Manager -- and Authentication and access control in Secrets Manager. You -- also need lambda:InvokeFunction permissions on the rotation -- function. For more information, see Permissions for rotation. module Amazonka.SecretsManager.RotateSecret -- | See: newRotateSecret smart constructor. data RotateSecret RotateSecret' :: Maybe Text -> Maybe Bool -> Maybe Text -> Maybe RotationRulesType -> Text -> RotateSecret -- | A unique identifier for the new version of the secret that helps -- ensure idempotency. Secrets Manager uses this value to prevent the -- accidental creation of duplicate versions if there are failures and -- retries during rotation. This value becomes the VersionId of -- the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDK to call this operation, then you can leave this parameter -- empty. The CLI or SDK generates a random UUID for you and includes -- that in the request for this parameter. If you don't use the SDK and -- instead generate a raw HTTP request to the Secrets Manager service -- endpoint, then you must generate a ClientRequestToken -- yourself for new versions and include that value in the request. -- -- You only need to specify this value if you implement your own retry -- logic and you want to ensure that Secrets Manager doesn't attempt to -- create a secret version twice. We recommend that you generate a -- UUID-type value to ensure uniqueness within the specified -- secret. [$sel:clientRequestToken:RotateSecret'] :: RotateSecret -> Maybe Text -- | Specifies whether to rotate the secret immediately or wait until the -- next scheduled rotation window. The rotation schedule is defined in -- RotateSecretRequest$RotationRules. -- -- If you don't immediately rotate the secret, Secrets Manager tests the -- rotation configuration by running the testSecret step of the -- Lambda rotation function. The test creates an AWSPENDING -- version of the secret and then removes it. -- -- If you don't specify this value, then by default, Secrets Manager -- rotates the secret immediately. [$sel:rotateImmediately:RotateSecret'] :: RotateSecret -> Maybe Bool -- | The ARN of the Lambda rotation function that can rotate the secret. [$sel:rotationLambdaARN:RotateSecret'] :: RotateSecret -> Maybe Text -- | A structure that defines the rotation configuration for this secret. [$sel:rotationRules:RotateSecret'] :: RotateSecret -> Maybe RotationRulesType -- | The ARN or name of the secret to rotate. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:RotateSecret'] :: RotateSecret -> Text -- | Create a value of RotateSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:clientRequestToken:RotateSecret', -- rotateSecret_clientRequestToken - A unique identifier for the -- new version of the secret that helps ensure idempotency. Secrets -- Manager uses this value to prevent the accidental creation of -- duplicate versions if there are failures and retries during rotation. -- This value becomes the VersionId of the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDK to call this operation, then you can leave this parameter -- empty. The CLI or SDK generates a random UUID for you and includes -- that in the request for this parameter. If you don't use the SDK and -- instead generate a raw HTTP request to the Secrets Manager service -- endpoint, then you must generate a ClientRequestToken -- yourself for new versions and include that value in the request. -- -- You only need to specify this value if you implement your own retry -- logic and you want to ensure that Secrets Manager doesn't attempt to -- create a secret version twice. We recommend that you generate a -- UUID-type value to ensure uniqueness within the specified -- secret. -- -- $sel:rotateImmediately:RotateSecret', -- rotateSecret_rotateImmediately - Specifies whether to rotate -- the secret immediately or wait until the next scheduled rotation -- window. The rotation schedule is defined in -- RotateSecretRequest$RotationRules. -- -- If you don't immediately rotate the secret, Secrets Manager tests the -- rotation configuration by running the testSecret step of the -- Lambda rotation function. The test creates an AWSPENDING -- version of the secret and then removes it. -- -- If you don't specify this value, then by default, Secrets Manager -- rotates the secret immediately. -- -- RotateSecret, rotateSecret_rotationLambdaARN - The ARN -- of the Lambda rotation function that can rotate the secret. -- -- RotateSecret, rotateSecret_rotationRules - A structure -- that defines the rotation configuration for this secret. -- -- $sel:secretId:RotateSecret', rotateSecret_secretId - The -- ARN or name of the secret to rotate. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newRotateSecret :: Text -> RotateSecret -- | A unique identifier for the new version of the secret that helps -- ensure idempotency. Secrets Manager uses this value to prevent the -- accidental creation of duplicate versions if there are failures and -- retries during rotation. This value becomes the VersionId of -- the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDK to call this operation, then you can leave this parameter -- empty. The CLI or SDK generates a random UUID for you and includes -- that in the request for this parameter. If you don't use the SDK and -- instead generate a raw HTTP request to the Secrets Manager service -- endpoint, then you must generate a ClientRequestToken -- yourself for new versions and include that value in the request. -- -- You only need to specify this value if you implement your own retry -- logic and you want to ensure that Secrets Manager doesn't attempt to -- create a secret version twice. We recommend that you generate a -- UUID-type value to ensure uniqueness within the specified -- secret. rotateSecret_clientRequestToken :: Lens' RotateSecret (Maybe Text) -- | Specifies whether to rotate the secret immediately or wait until the -- next scheduled rotation window. The rotation schedule is defined in -- RotateSecretRequest$RotationRules. -- -- If you don't immediately rotate the secret, Secrets Manager tests the -- rotation configuration by running the testSecret step of the -- Lambda rotation function. The test creates an AWSPENDING -- version of the secret and then removes it. -- -- If you don't specify this value, then by default, Secrets Manager -- rotates the secret immediately. rotateSecret_rotateImmediately :: Lens' RotateSecret (Maybe Bool) -- | The ARN of the Lambda rotation function that can rotate the secret. rotateSecret_rotationLambdaARN :: Lens' RotateSecret (Maybe Text) -- | A structure that defines the rotation configuration for this secret. rotateSecret_rotationRules :: Lens' RotateSecret (Maybe RotationRulesType) -- | The ARN or name of the secret to rotate. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. rotateSecret_secretId :: Lens' RotateSecret Text -- | See: newRotateSecretResponse smart constructor. data RotateSecretResponse RotateSecretResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Int -> RotateSecretResponse -- | The ARN of the secret. [$sel:arn:RotateSecretResponse'] :: RotateSecretResponse -> Maybe Text -- | The name of the secret. [$sel:name:RotateSecretResponse'] :: RotateSecretResponse -> Maybe Text -- | The ID of the new version of the secret. [$sel:versionId:RotateSecretResponse'] :: RotateSecretResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:RotateSecretResponse'] :: RotateSecretResponse -> Int -- | Create a value of RotateSecretResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- RotateSecretResponse, rotateSecretResponse_arn - The ARN -- of the secret. -- -- RotateSecretResponse, rotateSecretResponse_name - The -- name of the secret. -- -- RotateSecretResponse, rotateSecretResponse_versionId - -- The ID of the new version of the secret. -- -- $sel:httpStatus:RotateSecretResponse', -- rotateSecretResponse_httpStatus - The response's http status -- code. newRotateSecretResponse :: Int -> RotateSecretResponse -- | The ARN of the secret. rotateSecretResponse_arn :: Lens' RotateSecretResponse (Maybe Text) -- | The name of the secret. rotateSecretResponse_name :: Lens' RotateSecretResponse (Maybe Text) -- | The ID of the new version of the secret. rotateSecretResponse_versionId :: Lens' RotateSecretResponse (Maybe Text) -- | The response's http status code. rotateSecretResponse_httpStatus :: Lens' RotateSecretResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.RotateSecret.RotateSecret instance GHC.Show.Show Amazonka.SecretsManager.RotateSecret.RotateSecret instance GHC.Read.Read Amazonka.SecretsManager.RotateSecret.RotateSecret instance GHC.Classes.Eq Amazonka.SecretsManager.RotateSecret.RotateSecret instance GHC.Generics.Generic Amazonka.SecretsManager.RotateSecret.RotateSecretResponse instance GHC.Show.Show Amazonka.SecretsManager.RotateSecret.RotateSecretResponse instance GHC.Read.Read Amazonka.SecretsManager.RotateSecret.RotateSecretResponse instance GHC.Classes.Eq Amazonka.SecretsManager.RotateSecret.RotateSecretResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.RotateSecret.RotateSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.RotateSecret.RotateSecretResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.RotateSecret.RotateSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.RotateSecret.RotateSecret instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.RotateSecret.RotateSecret instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.RotateSecret.RotateSecret instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.RotateSecret.RotateSecret instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.RotateSecret.RotateSecret -- | Cancels the scheduled deletion of a secret by removing the -- DeletedDate time stamp. You can access a secret again after -- it has been restored. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: secretsmanager:RestoreSecret. -- For more information, see IAM policy actions for Secrets -- Manager and Authentication and access control in Secrets -- Manager. module Amazonka.SecretsManager.RestoreSecret -- | See: newRestoreSecret smart constructor. data RestoreSecret RestoreSecret' :: Text -> RestoreSecret -- | The ARN or name of the secret to restore. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:RestoreSecret'] :: RestoreSecret -> Text -- | Create a value of RestoreSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:RestoreSecret', restoreSecret_secretId - -- The ARN or name of the secret to restore. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newRestoreSecret :: Text -> RestoreSecret -- | The ARN or name of the secret to restore. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. restoreSecret_secretId :: Lens' RestoreSecret Text -- | See: newRestoreSecretResponse smart constructor. data RestoreSecretResponse RestoreSecretResponse' :: Maybe Text -> Maybe Text -> Int -> RestoreSecretResponse -- | The ARN of the secret that was restored. [$sel:arn:RestoreSecretResponse'] :: RestoreSecretResponse -> Maybe Text -- | The name of the secret that was restored. [$sel:name:RestoreSecretResponse'] :: RestoreSecretResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:RestoreSecretResponse'] :: RestoreSecretResponse -> Int -- | Create a value of RestoreSecretResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- RestoreSecretResponse, restoreSecretResponse_arn - The -- ARN of the secret that was restored. -- -- RestoreSecretResponse, restoreSecretResponse_name - The -- name of the secret that was restored. -- -- $sel:httpStatus:RestoreSecretResponse', -- restoreSecretResponse_httpStatus - The response's http status -- code. newRestoreSecretResponse :: Int -> RestoreSecretResponse -- | The ARN of the secret that was restored. restoreSecretResponse_arn :: Lens' RestoreSecretResponse (Maybe Text) -- | The name of the secret that was restored. restoreSecretResponse_name :: Lens' RestoreSecretResponse (Maybe Text) -- | The response's http status code. restoreSecretResponse_httpStatus :: Lens' RestoreSecretResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance GHC.Show.Show Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance GHC.Read.Read Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance GHC.Classes.Eq Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance GHC.Generics.Generic Amazonka.SecretsManager.RestoreSecret.RestoreSecretResponse instance GHC.Show.Show Amazonka.SecretsManager.RestoreSecret.RestoreSecretResponse instance GHC.Read.Read Amazonka.SecretsManager.RestoreSecret.RestoreSecretResponse instance GHC.Classes.Eq Amazonka.SecretsManager.RestoreSecret.RestoreSecretResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.RestoreSecret.RestoreSecretResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.RestoreSecret.RestoreSecret instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.RestoreSecret.RestoreSecret -- | Replicates the secret to a new Regions. See Multi-Region -- secrets. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:ReplicateSecretToRegions. For more -- information, see IAM policy actions for Secrets Manager and -- Authentication and access control in Secrets Manager. module Amazonka.SecretsManager.ReplicateSecretToRegions -- | See: newReplicateSecretToRegions smart constructor. data ReplicateSecretToRegions ReplicateSecretToRegions' :: Maybe Bool -> Text -> NonEmpty ReplicaRegionType -> ReplicateSecretToRegions -- | Specifies whether to overwrite a secret with the same name in the -- destination Region. [$sel:forceOverwriteReplicaSecret:ReplicateSecretToRegions'] :: ReplicateSecretToRegions -> Maybe Bool -- | The ARN or name of the secret to replicate. [$sel:secretId:ReplicateSecretToRegions'] :: ReplicateSecretToRegions -> Text -- | A list of Regions in which to replicate the secret. [$sel:addReplicaRegions:ReplicateSecretToRegions'] :: ReplicateSecretToRegions -> NonEmpty ReplicaRegionType -- | Create a value of ReplicateSecretToRegions with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:forceOverwriteReplicaSecret:ReplicateSecretToRegions', -- replicateSecretToRegions_forceOverwriteReplicaSecret - -- Specifies whether to overwrite a secret with the same name in the -- destination Region. -- -- $sel:secretId:ReplicateSecretToRegions', -- replicateSecretToRegions_secretId - The ARN or name of the -- secret to replicate. -- -- $sel:addReplicaRegions:ReplicateSecretToRegions', -- replicateSecretToRegions_addReplicaRegions - A list of Regions -- in which to replicate the secret. newReplicateSecretToRegions :: Text -> NonEmpty ReplicaRegionType -> ReplicateSecretToRegions -- | Specifies whether to overwrite a secret with the same name in the -- destination Region. replicateSecretToRegions_forceOverwriteReplicaSecret :: Lens' ReplicateSecretToRegions (Maybe Bool) -- | The ARN or name of the secret to replicate. replicateSecretToRegions_secretId :: Lens' ReplicateSecretToRegions Text -- | A list of Regions in which to replicate the secret. replicateSecretToRegions_addReplicaRegions :: Lens' ReplicateSecretToRegions (NonEmpty ReplicaRegionType) -- | See: newReplicateSecretToRegionsResponse smart -- constructor. data ReplicateSecretToRegionsResponse ReplicateSecretToRegionsResponse' :: Maybe Text -> Maybe [ReplicationStatusType] -> Int -> ReplicateSecretToRegionsResponse -- | The ARN of the primary secret. [$sel:arn:ReplicateSecretToRegionsResponse'] :: ReplicateSecretToRegionsResponse -> Maybe Text -- | The status of replication. [$sel:replicationStatus:ReplicateSecretToRegionsResponse'] :: ReplicateSecretToRegionsResponse -> Maybe [ReplicationStatusType] -- | The response's http status code. [$sel:httpStatus:ReplicateSecretToRegionsResponse'] :: ReplicateSecretToRegionsResponse -> Int -- | Create a value of ReplicateSecretToRegionsResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- ReplicateSecretToRegionsResponse, -- replicateSecretToRegionsResponse_arn - The ARN of the primary -- secret. -- -- $sel:replicationStatus:ReplicateSecretToRegionsResponse', -- replicateSecretToRegionsResponse_replicationStatus - The status -- of replication. -- -- $sel:httpStatus:ReplicateSecretToRegionsResponse', -- replicateSecretToRegionsResponse_httpStatus - The response's -- http status code. newReplicateSecretToRegionsResponse :: Int -> ReplicateSecretToRegionsResponse -- | The ARN of the primary secret. replicateSecretToRegionsResponse_arn :: Lens' ReplicateSecretToRegionsResponse (Maybe Text) -- | The status of replication. replicateSecretToRegionsResponse_replicationStatus :: Lens' ReplicateSecretToRegionsResponse (Maybe [ReplicationStatusType]) -- | The response's http status code. replicateSecretToRegionsResponse_httpStatus :: Lens' ReplicateSecretToRegionsResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance GHC.Show.Show Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance GHC.Read.Read Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance GHC.Classes.Eq Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance GHC.Generics.Generic Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegionsResponse instance GHC.Show.Show Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegionsResponse instance GHC.Read.Read Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegionsResponse instance GHC.Classes.Eq Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegionsResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance Control.DeepSeq.NFData Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegionsResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance Control.DeepSeq.NFData Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.ReplicateSecretToRegions.ReplicateSecretToRegions -- | For a secret that is replicated to other Regions, deletes the secret -- replicas from the Regions you specify. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:RemoveRegionsFromReplication. For more -- information, see IAM policy actions for Secrets Manager and -- Authentication and access control in Secrets Manager. module Amazonka.SecretsManager.RemoveRegionsFromReplication -- | See: newRemoveRegionsFromReplication smart constructor. data RemoveRegionsFromReplication RemoveRegionsFromReplication' :: Text -> NonEmpty Text -> RemoveRegionsFromReplication -- | The ARN or name of the secret. [$sel:secretId:RemoveRegionsFromReplication'] :: RemoveRegionsFromReplication -> Text -- | The Regions of the replicas to remove. [$sel:removeReplicaRegions:RemoveRegionsFromReplication'] :: RemoveRegionsFromReplication -> NonEmpty Text -- | Create a value of RemoveRegionsFromReplication with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:RemoveRegionsFromReplication', -- removeRegionsFromReplication_secretId - The ARN or name of the -- secret. -- -- $sel:removeReplicaRegions:RemoveRegionsFromReplication', -- removeRegionsFromReplication_removeReplicaRegions - The Regions -- of the replicas to remove. newRemoveRegionsFromReplication :: Text -> NonEmpty Text -> RemoveRegionsFromReplication -- | The ARN or name of the secret. removeRegionsFromReplication_secretId :: Lens' RemoveRegionsFromReplication Text -- | The Regions of the replicas to remove. removeRegionsFromReplication_removeReplicaRegions :: Lens' RemoveRegionsFromReplication (NonEmpty Text) -- | See: newRemoveRegionsFromReplicationResponse smart -- constructor. data RemoveRegionsFromReplicationResponse RemoveRegionsFromReplicationResponse' :: Maybe Text -> Maybe [ReplicationStatusType] -> Int -> RemoveRegionsFromReplicationResponse -- | The ARN of the primary secret. [$sel:arn:RemoveRegionsFromReplicationResponse'] :: RemoveRegionsFromReplicationResponse -> Maybe Text -- | The status of replicas for this secret after you remove Regions. [$sel:replicationStatus:RemoveRegionsFromReplicationResponse'] :: RemoveRegionsFromReplicationResponse -> Maybe [ReplicationStatusType] -- | The response's http status code. [$sel:httpStatus:RemoveRegionsFromReplicationResponse'] :: RemoveRegionsFromReplicationResponse -> Int -- | Create a value of RemoveRegionsFromReplicationResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- RemoveRegionsFromReplicationResponse, -- removeRegionsFromReplicationResponse_arn - The ARN of the -- primary secret. -- -- $sel:replicationStatus:RemoveRegionsFromReplicationResponse', -- removeRegionsFromReplicationResponse_replicationStatus - The -- status of replicas for this secret after you remove Regions. -- -- $sel:httpStatus:RemoveRegionsFromReplicationResponse', -- removeRegionsFromReplicationResponse_httpStatus - The -- response's http status code. newRemoveRegionsFromReplicationResponse :: Int -> RemoveRegionsFromReplicationResponse -- | The ARN of the primary secret. removeRegionsFromReplicationResponse_arn :: Lens' RemoveRegionsFromReplicationResponse (Maybe Text) -- | The status of replicas for this secret after you remove Regions. removeRegionsFromReplicationResponse_replicationStatus :: Lens' RemoveRegionsFromReplicationResponse (Maybe [ReplicationStatusType]) -- | The response's http status code. removeRegionsFromReplicationResponse_httpStatus :: Lens' RemoveRegionsFromReplicationResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance GHC.Show.Show Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance GHC.Read.Read Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance GHC.Classes.Eq Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance GHC.Generics.Generic Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplicationResponse instance GHC.Show.Show Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplicationResponse instance GHC.Read.Read Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplicationResponse instance GHC.Classes.Eq Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplicationResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance Control.DeepSeq.NFData Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplicationResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance Control.DeepSeq.NFData Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.RemoveRegionsFromReplication.RemoveRegionsFromReplication -- | Creates a new version with a new encrypted secret value and attaches -- it to the secret. The version can contain a new SecretString -- value or a new SecretBinary value. -- -- We recommend you avoid calling PutSecretValue at a sustained -- rate of more than once every 10 minutes. When you update the secret -- value, Secrets Manager creates a new version of the secret. Secrets -- Manager removes outdated versions when there are more than 100, but it -- does not remove versions created less than 24 hours ago. If you call -- PutSecretValue more than once every 10 minutes, you create -- more versions than Secrets Manager removes, and you will reach the -- quota for secret versions. -- -- You can specify the staging labels to attach to the new version in -- VersionStages. If you don't include VersionStages, -- then Secrets Manager automatically moves the staging label -- AWSCURRENT to this version. If this operation creates the -- first version for the secret, then Secrets Manager automatically -- attaches the staging label AWSCURRENT to it. If this -- operation moves the staging label AWSCURRENT from another -- version to this version, then Secrets Manager also automatically moves -- the staging label AWSPREVIOUS to the version that -- AWSCURRENT was removed from. -- -- This operation is idempotent. If you call this operation with a -- ClientRequestToken that matches an existing version's -- VersionId, and you specify the same secret data, the operation -- succeeds but does nothing. However, if the secret data is different, -- then the operation fails because you can't modify an existing version; -- you can only create new ones. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- except SecretBinary or SecretString because it might -- be logged. For more information, see Logging Secrets Manager events -- with CloudTrail. -- -- Required permissions: secretsmanager:PutSecretValue. -- For more information, see IAM policy actions for Secrets -- Manager and Authentication and access control in Secrets -- Manager. module Amazonka.SecretsManager.PutSecretValue -- | See: newPutSecretValue smart constructor. data PutSecretValue PutSecretValue' :: Maybe Text -> Maybe (Sensitive Base64) -> Maybe (Sensitive Text) -> Maybe (NonEmpty Text) -> Text -> PutSecretValue -- | A unique identifier for the new version of the secret. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty because they generate a random UUID for you. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for new versions and include that -- value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during the Lambda rotation function processing. -- We recommend that you generate a UUID-type value to ensure -- uniqueness within the specified secret. -- -- -- -- This value becomes the VersionId of the new version. [$sel:clientRequestToken:PutSecretValue'] :: PutSecretValue -> Maybe Text -- | The binary data to encrypt and store in the new version of the secret. -- To use this parameter in the command-line tools, we recommend that you -- store your binary data in a file and then pass the contents of the -- file as a parameter. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- You can't access this value from the Secrets Manager console. [$sel:secretBinary:PutSecretValue'] :: PutSecretValue -> Maybe (Sensitive Base64) -- | The text to encrypt and store in the new version of the secret. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- We recommend you create the secret string as JSON key/value pairs, as -- shown in the example. [$sel:secretString:PutSecretValue'] :: PutSecretValue -> Maybe (Sensitive Text) -- | A list of staging labels to attach to this version of the secret. -- Secrets Manager uses staging labels to track versions of a secret -- through the rotation process. -- -- If you specify a staging label that's already associated with a -- different version of the same secret, then Secrets Manager removes the -- label from the other version and attaches it to this version. If you -- specify AWSCURRENT, and it is already attached to another -- version, then Secrets Manager also moves the staging label -- AWSPREVIOUS to the version that AWSCURRENT was -- removed from. -- -- If you don't include VersionStages, then Secrets Manager -- automatically moves the staging label AWSCURRENT to this -- version. [$sel:versionStages:PutSecretValue'] :: PutSecretValue -> Maybe (NonEmpty Text) -- | The ARN or name of the secret to add a new version to. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- If the secret doesn't already exist, use CreateSecret -- instead. [$sel:secretId:PutSecretValue'] :: PutSecretValue -> Text -- | Create a value of PutSecretValue with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:clientRequestToken:PutSecretValue', -- putSecretValue_clientRequestToken - A unique identifier for the -- new version of the secret. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty because they generate a random UUID for you. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for new versions and include that -- value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during the Lambda rotation function processing. -- We recommend that you generate a UUID-type value to ensure -- uniqueness within the specified secret. -- -- -- -- This value becomes the VersionId of the new version. -- -- $sel:secretBinary:PutSecretValue', -- putSecretValue_secretBinary - The binary data to encrypt and -- store in the new version of the secret. To use this parameter in the -- command-line tools, we recommend that you store your binary data in a -- file and then pass the contents of the file as a parameter. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- You can't access this value from the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. -- -- $sel:secretString:PutSecretValue', -- putSecretValue_secretString - The text to encrypt and store in -- the new version of the secret. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- We recommend you create the secret string as JSON key/value pairs, as -- shown in the example. -- -- PutSecretValue, putSecretValue_versionStages - A list of -- staging labels to attach to this version of the secret. Secrets -- Manager uses staging labels to track versions of a secret through the -- rotation process. -- -- If you specify a staging label that's already associated with a -- different version of the same secret, then Secrets Manager removes the -- label from the other version and attaches it to this version. If you -- specify AWSCURRENT, and it is already attached to another -- version, then Secrets Manager also moves the staging label -- AWSPREVIOUS to the version that AWSCURRENT was -- removed from. -- -- If you don't include VersionStages, then Secrets Manager -- automatically moves the staging label AWSCURRENT to this -- version. -- -- $sel:secretId:PutSecretValue', putSecretValue_secretId - -- The ARN or name of the secret to add a new version to. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- If the secret doesn't already exist, use CreateSecret -- instead. newPutSecretValue :: Text -> PutSecretValue -- | A unique identifier for the new version of the secret. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty because they generate a random UUID for you. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for new versions and include that -- value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during the Lambda rotation function processing. -- We recommend that you generate a UUID-type value to ensure -- uniqueness within the specified secret. -- -- -- -- This value becomes the VersionId of the new version. putSecretValue_clientRequestToken :: Lens' PutSecretValue (Maybe Text) -- | The binary data to encrypt and store in the new version of the secret. -- To use this parameter in the command-line tools, we recommend that you -- store your binary data in a file and then pass the contents of the -- file as a parameter. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- You can't access this value from the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. putSecretValue_secretBinary :: Lens' PutSecretValue (Maybe ByteString) -- | The text to encrypt and store in the new version of the secret. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- We recommend you create the secret string as JSON key/value pairs, as -- shown in the example. putSecretValue_secretString :: Lens' PutSecretValue (Maybe Text) -- | A list of staging labels to attach to this version of the secret. -- Secrets Manager uses staging labels to track versions of a secret -- through the rotation process. -- -- If you specify a staging label that's already associated with a -- different version of the same secret, then Secrets Manager removes the -- label from the other version and attaches it to this version. If you -- specify AWSCURRENT, and it is already attached to another -- version, then Secrets Manager also moves the staging label -- AWSPREVIOUS to the version that AWSCURRENT was -- removed from. -- -- If you don't include VersionStages, then Secrets Manager -- automatically moves the staging label AWSCURRENT to this -- version. putSecretValue_versionStages :: Lens' PutSecretValue (Maybe (NonEmpty Text)) -- | The ARN or name of the secret to add a new version to. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- If the secret doesn't already exist, use CreateSecret -- instead. putSecretValue_secretId :: Lens' PutSecretValue Text -- | See: newPutSecretValueResponse smart constructor. data PutSecretValueResponse PutSecretValueResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe (NonEmpty Text) -> Int -> PutSecretValueResponse -- | The ARN of the secret. [$sel:arn:PutSecretValueResponse'] :: PutSecretValueResponse -> Maybe Text -- | The name of the secret. [$sel:name:PutSecretValueResponse'] :: PutSecretValueResponse -> Maybe Text -- | The unique identifier of the version of the secret. [$sel:versionId:PutSecretValueResponse'] :: PutSecretValueResponse -> Maybe Text -- | The list of staging labels that are currently attached to this version -- of the secret. Secrets Manager uses staging labels to track a version -- as it progresses through the secret rotation process. [$sel:versionStages:PutSecretValueResponse'] :: PutSecretValueResponse -> Maybe (NonEmpty Text) -- | The response's http status code. [$sel:httpStatus:PutSecretValueResponse'] :: PutSecretValueResponse -> Int -- | Create a value of PutSecretValueResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- PutSecretValueResponse, putSecretValueResponse_arn - The -- ARN of the secret. -- -- PutSecretValueResponse, putSecretValueResponse_name - -- The name of the secret. -- -- PutSecretValueResponse, putSecretValueResponse_versionId -- - The unique identifier of the version of the secret. -- -- PutSecretValue, putSecretValueResponse_versionStages - -- The list of staging labels that are currently attached to this version -- of the secret. Secrets Manager uses staging labels to track a version -- as it progresses through the secret rotation process. -- -- $sel:httpStatus:PutSecretValueResponse', -- putSecretValueResponse_httpStatus - The response's http status -- code. newPutSecretValueResponse :: Int -> PutSecretValueResponse -- | The ARN of the secret. putSecretValueResponse_arn :: Lens' PutSecretValueResponse (Maybe Text) -- | The name of the secret. putSecretValueResponse_name :: Lens' PutSecretValueResponse (Maybe Text) -- | The unique identifier of the version of the secret. putSecretValueResponse_versionId :: Lens' PutSecretValueResponse (Maybe Text) -- | The list of staging labels that are currently attached to this version -- of the secret. Secrets Manager uses staging labels to track a version -- as it progresses through the secret rotation process. putSecretValueResponse_versionStages :: Lens' PutSecretValueResponse (Maybe (NonEmpty Text)) -- | The response's http status code. putSecretValueResponse_httpStatus :: Lens' PutSecretValueResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.PutSecretValue.PutSecretValue instance GHC.Show.Show Amazonka.SecretsManager.PutSecretValue.PutSecretValue instance GHC.Classes.Eq Amazonka.SecretsManager.PutSecretValue.PutSecretValue instance GHC.Generics.Generic Amazonka.SecretsManager.PutSecretValue.PutSecretValueResponse instance GHC.Show.Show Amazonka.SecretsManager.PutSecretValue.PutSecretValueResponse instance GHC.Read.Read Amazonka.SecretsManager.PutSecretValue.PutSecretValueResponse instance GHC.Classes.Eq Amazonka.SecretsManager.PutSecretValue.PutSecretValueResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.PutSecretValue.PutSecretValue instance Control.DeepSeq.NFData Amazonka.SecretsManager.PutSecretValue.PutSecretValueResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.PutSecretValue.PutSecretValue instance Control.DeepSeq.NFData Amazonka.SecretsManager.PutSecretValue.PutSecretValue instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.PutSecretValue.PutSecretValue instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.PutSecretValue.PutSecretValue instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.PutSecretValue.PutSecretValue instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.PutSecretValue.PutSecretValue -- | Attaches a resource-based permission policy to a secret. A -- resource-based policy is optional. For more information, see -- Authentication and access control for Secrets Manager -- -- For information about attaching a policy in the console, see Attach -- a permissions policy to a secret. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:PutResourcePolicy. For more information, see -- IAM policy actions for Secrets Manager and Authentication -- and access control in Secrets Manager. module Amazonka.SecretsManager.PutResourcePolicy -- | See: newPutResourcePolicy smart constructor. data PutResourcePolicy PutResourcePolicy' :: Maybe Bool -> Text -> Text -> PutResourcePolicy -- | Specifies whether to block resource-based policies that allow broad -- access to the secret, for example those that use a wildcard for the -- principal. [$sel:blockPublicPolicy:PutResourcePolicy'] :: PutResourcePolicy -> Maybe Bool -- | The ARN or name of the secret to attach the resource-based policy. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:PutResourcePolicy'] :: PutResourcePolicy -> Text -- | A JSON-formatted string for an Amazon Web Services resource-based -- policy. For example policies, see Permissions policy examples. [$sel:resourcePolicy:PutResourcePolicy'] :: PutResourcePolicy -> Text -- | Create a value of PutResourcePolicy with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:blockPublicPolicy:PutResourcePolicy', -- putResourcePolicy_blockPublicPolicy - Specifies whether to -- block resource-based policies that allow broad access to the secret, -- for example those that use a wildcard for the principal. -- -- $sel:secretId:PutResourcePolicy', -- putResourcePolicy_secretId - The ARN or name of the secret to -- attach the resource-based policy. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- $sel:resourcePolicy:PutResourcePolicy', -- putResourcePolicy_resourcePolicy - A JSON-formatted string for -- an Amazon Web Services resource-based policy. For example policies, -- see Permissions policy examples. newPutResourcePolicy :: Text -> Text -> PutResourcePolicy -- | Specifies whether to block resource-based policies that allow broad -- access to the secret, for example those that use a wildcard for the -- principal. putResourcePolicy_blockPublicPolicy :: Lens' PutResourcePolicy (Maybe Bool) -- | The ARN or name of the secret to attach the resource-based policy. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. putResourcePolicy_secretId :: Lens' PutResourcePolicy Text -- | A JSON-formatted string for an Amazon Web Services resource-based -- policy. For example policies, see Permissions policy examples. putResourcePolicy_resourcePolicy :: Lens' PutResourcePolicy Text -- | See: newPutResourcePolicyResponse smart constructor. data PutResourcePolicyResponse PutResourcePolicyResponse' :: Maybe Text -> Maybe Text -> Int -> PutResourcePolicyResponse -- | The ARN of the secret. [$sel:arn:PutResourcePolicyResponse'] :: PutResourcePolicyResponse -> Maybe Text -- | The name of the secret. [$sel:name:PutResourcePolicyResponse'] :: PutResourcePolicyResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:PutResourcePolicyResponse'] :: PutResourcePolicyResponse -> Int -- | Create a value of PutResourcePolicyResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- PutResourcePolicyResponse, putResourcePolicyResponse_arn -- - The ARN of the secret. -- -- PutResourcePolicyResponse, -- putResourcePolicyResponse_name - The name of the secret. -- -- $sel:httpStatus:PutResourcePolicyResponse', -- putResourcePolicyResponse_httpStatus - The response's http -- status code. newPutResourcePolicyResponse :: Int -> PutResourcePolicyResponse -- | The ARN of the secret. putResourcePolicyResponse_arn :: Lens' PutResourcePolicyResponse (Maybe Text) -- | The name of the secret. putResourcePolicyResponse_name :: Lens' PutResourcePolicyResponse (Maybe Text) -- | The response's http status code. putResourcePolicyResponse_httpStatus :: Lens' PutResourcePolicyResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance GHC.Show.Show Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance GHC.Read.Read Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance GHC.Classes.Eq Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance GHC.Generics.Generic Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicyResponse instance GHC.Show.Show Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicyResponse instance GHC.Read.Read Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicyResponse instance GHC.Classes.Eq Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicyResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance Control.DeepSeq.NFData Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicyResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance Control.DeepSeq.NFData Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.PutResourcePolicy.PutResourcePolicy -- | Lists the secrets that are stored by Secrets Manager in the Amazon Web -- Services account, not including secrets that are marked for deletion. -- To see secrets marked for deletion, use the Secrets Manager console. -- -- ListSecrets is eventually consistent, however it might not reflect -- changes from the last five minutes. To get the latest information for -- a specific secret, use DescribeSecret. -- -- To list the versions of a secret, use ListSecretVersionIds. -- -- To get the secret value from SecretString or -- SecretBinary, call GetSecretValue. -- -- For information about finding secrets in the console, see Find -- secrets in Secrets Manager. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: secretsmanager:ListSecrets. For -- more information, see IAM policy actions for Secrets Manager -- and Authentication and access control in Secrets Manager. -- -- This operation returns paginated results. module Amazonka.SecretsManager.ListSecrets -- | See: newListSecrets smart constructor. data ListSecrets ListSecrets' :: Maybe [Filter] -> Maybe Bool -> Maybe Natural -> Maybe Text -> Maybe SortOrderType -> ListSecrets -- | The filters to apply to the list of secrets. [$sel:filters:ListSecrets'] :: ListSecrets -> Maybe [Filter] [$sel:includePlannedDeletion:ListSecrets'] :: ListSecrets -> Maybe Bool -- | The number of results to include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecrets again with the value from NextToken. [$sel:maxResults:ListSecrets'] :: ListSecrets -> Maybe Natural -- | A token that indicates where the output should continue from, if a -- previous call did not show all results. To get the next results, call -- ListSecrets again with this value. [$sel:nextToken:ListSecrets'] :: ListSecrets -> Maybe Text -- | Secrets are listed by CreatedDate. [$sel:sortOrder:ListSecrets'] :: ListSecrets -> Maybe SortOrderType -- | Create a value of ListSecrets with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:filters:ListSecrets', listSecrets_filters - The -- filters to apply to the list of secrets. -- -- $sel:includePlannedDeletion:ListSecrets', -- listSecrets_includePlannedDeletion - Undocumented member. -- -- $sel:maxResults:ListSecrets', listSecrets_maxResults - -- The number of results to include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecrets again with the value from NextToken. -- -- ListSecrets, listSecrets_nextToken - A token that -- indicates where the output should continue from, if a previous call -- did not show all results. To get the next results, call -- ListSecrets again with this value. -- -- $sel:sortOrder:ListSecrets', listSecrets_sortOrder - -- Secrets are listed by CreatedDate. newListSecrets :: ListSecrets -- | The filters to apply to the list of secrets. listSecrets_filters :: Lens' ListSecrets (Maybe [Filter]) -- | Undocumented member. listSecrets_includePlannedDeletion :: Lens' ListSecrets (Maybe Bool) -- | The number of results to include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecrets again with the value from NextToken. listSecrets_maxResults :: Lens' ListSecrets (Maybe Natural) -- | A token that indicates where the output should continue from, if a -- previous call did not show all results. To get the next results, call -- ListSecrets again with this value. listSecrets_nextToken :: Lens' ListSecrets (Maybe Text) -- | Secrets are listed by CreatedDate. listSecrets_sortOrder :: Lens' ListSecrets (Maybe SortOrderType) -- | See: newListSecretsResponse smart constructor. data ListSecretsResponse ListSecretsResponse' :: Maybe Text -> Maybe [SecretListEntry] -> Int -> ListSecretsResponse -- | Secrets Manager includes this value if there's more output available -- than what is included in the current response. This can occur even -- when the response includes no values at all, such as when you ask for -- a filtered view of a long list. To get the next results, call -- ListSecrets again with this value. [$sel:nextToken:ListSecretsResponse'] :: ListSecretsResponse -> Maybe Text -- | A list of the secrets in the account. [$sel:secretList:ListSecretsResponse'] :: ListSecretsResponse -> Maybe [SecretListEntry] -- | The response's http status code. [$sel:httpStatus:ListSecretsResponse'] :: ListSecretsResponse -> Int -- | Create a value of ListSecretsResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- ListSecrets, listSecretsResponse_nextToken - Secrets -- Manager includes this value if there's more output available than what -- is included in the current response. This can occur even when the -- response includes no values at all, such as when you ask for a -- filtered view of a long list. To get the next results, call -- ListSecrets again with this value. -- -- $sel:secretList:ListSecretsResponse', -- listSecretsResponse_secretList - A list of the secrets in the -- account. -- -- $sel:httpStatus:ListSecretsResponse', -- listSecretsResponse_httpStatus - The response's http status -- code. newListSecretsResponse :: Int -> ListSecretsResponse -- | Secrets Manager includes this value if there's more output available -- than what is included in the current response. This can occur even -- when the response includes no values at all, such as when you ask for -- a filtered view of a long list. To get the next results, call -- ListSecrets again with this value. listSecretsResponse_nextToken :: Lens' ListSecretsResponse (Maybe Text) -- | A list of the secrets in the account. listSecretsResponse_secretList :: Lens' ListSecretsResponse (Maybe [SecretListEntry]) -- | The response's http status code. listSecretsResponse_httpStatus :: Lens' ListSecretsResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.ListSecrets.ListSecrets instance GHC.Show.Show Amazonka.SecretsManager.ListSecrets.ListSecrets instance GHC.Read.Read Amazonka.SecretsManager.ListSecrets.ListSecrets instance GHC.Classes.Eq Amazonka.SecretsManager.ListSecrets.ListSecrets instance GHC.Generics.Generic Amazonka.SecretsManager.ListSecrets.ListSecretsResponse instance GHC.Show.Show Amazonka.SecretsManager.ListSecrets.ListSecretsResponse instance GHC.Read.Read Amazonka.SecretsManager.ListSecrets.ListSecretsResponse instance GHC.Classes.Eq Amazonka.SecretsManager.ListSecrets.ListSecretsResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.ListSecrets.ListSecrets instance Control.DeepSeq.NFData Amazonka.SecretsManager.ListSecrets.ListSecretsResponse instance Amazonka.Pager.AWSPager Amazonka.SecretsManager.ListSecrets.ListSecrets instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.ListSecrets.ListSecrets instance Control.DeepSeq.NFData Amazonka.SecretsManager.ListSecrets.ListSecrets instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.ListSecrets.ListSecrets instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.ListSecrets.ListSecrets instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.ListSecrets.ListSecrets instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.ListSecrets.ListSecrets -- | Lists the versions of a secret. Secrets Manager uses staging labels to -- indicate the different versions of a secret. For more information, see -- Secrets Manager concepts: Versions. -- -- To list the secrets in the account, use ListSecrets. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:ListSecretVersionIds. For more information, -- see IAM policy actions for Secrets Manager and -- Authentication and access control in Secrets Manager. -- -- This operation returns paginated results. module Amazonka.SecretsManager.ListSecretVersionIds -- | See: newListSecretVersionIds smart constructor. data ListSecretVersionIds ListSecretVersionIds' :: Maybe Bool -> Maybe Natural -> Maybe Text -> Text -> ListSecretVersionIds -- | Specifies whether to include versions of secrets that don't have any -- staging labels attached to them. Versions without staging labels are -- considered deprecated and are subject to deletion by Secrets Manager. [$sel:includeDeprecated:ListSecretVersionIds'] :: ListSecretVersionIds -> Maybe Bool -- | The number of results to include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecretVersionIds again with the value from -- NextToken. [$sel:maxResults:ListSecretVersionIds'] :: ListSecretVersionIds -> Maybe Natural -- | A token that indicates where the output should continue from, if a -- previous call did not show all results. To get the next results, call -- ListSecretVersionIds again with this value. [$sel:nextToken:ListSecretVersionIds'] :: ListSecretVersionIds -> Maybe Text -- | The ARN or name of the secret whose versions you want to list. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:ListSecretVersionIds'] :: ListSecretVersionIds -> Text -- | Create a value of ListSecretVersionIds with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:includeDeprecated:ListSecretVersionIds', -- listSecretVersionIds_includeDeprecated - Specifies whether to -- include versions of secrets that don't have any staging labels -- attached to them. Versions without staging labels are considered -- deprecated and are subject to deletion by Secrets Manager. -- -- $sel:maxResults:ListSecretVersionIds', -- listSecretVersionIds_maxResults - The number of results to -- include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecretVersionIds again with the value from -- NextToken. -- -- ListSecretVersionIds, listSecretVersionIds_nextToken - A -- token that indicates where the output should continue from, if a -- previous call did not show all results. To get the next results, call -- ListSecretVersionIds again with this value. -- -- $sel:secretId:ListSecretVersionIds', -- listSecretVersionIds_secretId - The ARN or name of the secret -- whose versions you want to list. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newListSecretVersionIds :: Text -> ListSecretVersionIds -- | Specifies whether to include versions of secrets that don't have any -- staging labels attached to them. Versions without staging labels are -- considered deprecated and are subject to deletion by Secrets Manager. listSecretVersionIds_includeDeprecated :: Lens' ListSecretVersionIds (Maybe Bool) -- | The number of results to include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecretVersionIds again with the value from -- NextToken. listSecretVersionIds_maxResults :: Lens' ListSecretVersionIds (Maybe Natural) -- | A token that indicates where the output should continue from, if a -- previous call did not show all results. To get the next results, call -- ListSecretVersionIds again with this value. listSecretVersionIds_nextToken :: Lens' ListSecretVersionIds (Maybe Text) -- | The ARN or name of the secret whose versions you want to list. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. listSecretVersionIds_secretId :: Lens' ListSecretVersionIds Text -- | See: newListSecretVersionIdsResponse smart constructor. data ListSecretVersionIdsResponse ListSecretVersionIdsResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe [SecretVersionsListEntry] -> Int -> ListSecretVersionIdsResponse -- | The ARN of the secret. [$sel:arn:ListSecretVersionIdsResponse'] :: ListSecretVersionIdsResponse -> Maybe Text -- | The name of the secret. [$sel:name:ListSecretVersionIdsResponse'] :: ListSecretVersionIdsResponse -> Maybe Text -- | Secrets Manager includes this value if there's more output available -- than what is included in the current response. This can occur even -- when the response includes no values at all, such as when you ask for -- a filtered view of a long list. To get the next results, call -- ListSecretVersionIds again with this value. [$sel:nextToken:ListSecretVersionIdsResponse'] :: ListSecretVersionIdsResponse -> Maybe Text -- | A list of the versions of the secret. [$sel:versions:ListSecretVersionIdsResponse'] :: ListSecretVersionIdsResponse -> Maybe [SecretVersionsListEntry] -- | The response's http status code. [$sel:httpStatus:ListSecretVersionIdsResponse'] :: ListSecretVersionIdsResponse -> Int -- | Create a value of ListSecretVersionIdsResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- ListSecretVersionIdsResponse, -- listSecretVersionIdsResponse_arn - The ARN of the secret. -- -- ListSecretVersionIdsResponse, -- listSecretVersionIdsResponse_name - The name of the secret. -- -- ListSecretVersionIds, -- listSecretVersionIdsResponse_nextToken - Secrets Manager -- includes this value if there's more output available than what is -- included in the current response. This can occur even when the -- response includes no values at all, such as when you ask for a -- filtered view of a long list. To get the next results, call -- ListSecretVersionIds again with this value. -- -- $sel:versions:ListSecretVersionIdsResponse', -- listSecretVersionIdsResponse_versions - A list of the versions -- of the secret. -- -- $sel:httpStatus:ListSecretVersionIdsResponse', -- listSecretVersionIdsResponse_httpStatus - The response's http -- status code. newListSecretVersionIdsResponse :: Int -> ListSecretVersionIdsResponse -- | The ARN of the secret. listSecretVersionIdsResponse_arn :: Lens' ListSecretVersionIdsResponse (Maybe Text) -- | The name of the secret. listSecretVersionIdsResponse_name :: Lens' ListSecretVersionIdsResponse (Maybe Text) -- | Secrets Manager includes this value if there's more output available -- than what is included in the current response. This can occur even -- when the response includes no values at all, such as when you ask for -- a filtered view of a long list. To get the next results, call -- ListSecretVersionIds again with this value. listSecretVersionIdsResponse_nextToken :: Lens' ListSecretVersionIdsResponse (Maybe Text) -- | A list of the versions of the secret. listSecretVersionIdsResponse_versions :: Lens' ListSecretVersionIdsResponse (Maybe [SecretVersionsListEntry]) -- | The response's http status code. listSecretVersionIdsResponse_httpStatus :: Lens' ListSecretVersionIdsResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance GHC.Show.Show Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance GHC.Read.Read Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance GHC.Classes.Eq Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance GHC.Generics.Generic Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIdsResponse instance GHC.Show.Show Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIdsResponse instance GHC.Read.Read Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIdsResponse instance GHC.Classes.Eq Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIdsResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance Control.DeepSeq.NFData Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIdsResponse instance Amazonka.Pager.AWSPager Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance Control.DeepSeq.NFData Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.ListSecretVersionIds.ListSecretVersionIds -- | Retrieves the contents of the encrypted fields SecretString -- or SecretBinary from the specified version of a secret, -- whichever contains content. -- -- We recommend that you cache your secret values by using client-side -- caching. Caching secrets improves speed and reduces your costs. For -- more information, see Cache secrets for your applications. -- -- To retrieve the previous version of a secret, use -- VersionStage and specify AWSPREVIOUS. To revert to the -- previous version of a secret, call UpdateSecretVersionStage. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: secretsmanager:GetSecretValue. -- If the secret is encrypted using a customer-managed key instead of the -- Amazon Web Services managed key aws/secretsmanager, then you -- also need kms:Decrypt permissions for that key. For more -- information, see IAM policy actions for Secrets Manager and -- Authentication and access control in Secrets Manager. module Amazonka.SecretsManager.GetSecretValue -- | See: newGetSecretValue smart constructor. data GetSecretValue GetSecretValue' :: Maybe Text -> Maybe Text -> Text -> GetSecretValue -- | The unique identifier of the version of the secret to retrieve. If you -- include both this parameter and VersionStage, the two -- parameters must refer to the same secret version. If you don't specify -- either a VersionStage or VersionId, then Secrets -- Manager returns the AWSCURRENT version. -- -- This value is typically a UUID-type value with 32 hexadecimal -- digits. [$sel:versionId:GetSecretValue'] :: GetSecretValue -> Maybe Text -- | The staging label of the version of the secret to retrieve. -- -- Secrets Manager uses staging labels to keep track of different -- versions during the rotation process. If you include both this -- parameter and VersionId, the two parameters must refer to the -- same secret version. If you don't specify either a -- VersionStage or VersionId, Secrets Manager returns -- the AWSCURRENT version. [$sel:versionStage:GetSecretValue'] :: GetSecretValue -> Maybe Text -- | The ARN or name of the secret to retrieve. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:GetSecretValue'] :: GetSecretValue -> Text -- | Create a value of GetSecretValue with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- GetSecretValue, getSecretValue_versionId - The unique -- identifier of the version of the secret to retrieve. If you include -- both this parameter and VersionStage, the two parameters must -- refer to the same secret version. If you don't specify either a -- VersionStage or VersionId, then Secrets Manager -- returns the AWSCURRENT version. -- -- This value is typically a UUID-type value with 32 hexadecimal -- digits. -- -- $sel:versionStage:GetSecretValue', -- getSecretValue_versionStage - The staging label of the version -- of the secret to retrieve. -- -- Secrets Manager uses staging labels to keep track of different -- versions during the rotation process. If you include both this -- parameter and VersionId, the two parameters must refer to the -- same secret version. If you don't specify either a -- VersionStage or VersionId, Secrets Manager returns -- the AWSCURRENT version. -- -- $sel:secretId:GetSecretValue', getSecretValue_secretId - -- The ARN or name of the secret to retrieve. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newGetSecretValue :: Text -> GetSecretValue -- | The unique identifier of the version of the secret to retrieve. If you -- include both this parameter and VersionStage, the two -- parameters must refer to the same secret version. If you don't specify -- either a VersionStage or VersionId, then Secrets -- Manager returns the AWSCURRENT version. -- -- This value is typically a UUID-type value with 32 hexadecimal -- digits. getSecretValue_versionId :: Lens' GetSecretValue (Maybe Text) -- | The staging label of the version of the secret to retrieve. -- -- Secrets Manager uses staging labels to keep track of different -- versions during the rotation process. If you include both this -- parameter and VersionId, the two parameters must refer to the -- same secret version. If you don't specify either a -- VersionStage or VersionId, Secrets Manager returns -- the AWSCURRENT version. getSecretValue_versionStage :: Lens' GetSecretValue (Maybe Text) -- | The ARN or name of the secret to retrieve. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. getSecretValue_secretId :: Lens' GetSecretValue Text -- | See: newGetSecretValueResponse smart constructor. data GetSecretValueResponse GetSecretValueResponse' :: Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe (Sensitive Base64) -> Maybe (Sensitive Text) -> Maybe Text -> Maybe (NonEmpty Text) -> Int -> GetSecretValueResponse -- | The ARN of the secret. [$sel:arn:GetSecretValueResponse'] :: GetSecretValueResponse -> Maybe Text -- | The date and time that this version of the secret was created. If you -- don't specify which version in VersionId or -- VersionStage, then Secrets Manager uses the -- AWSCURRENT version. [$sel:createdDate:GetSecretValueResponse'] :: GetSecretValueResponse -> Maybe POSIX -- | The friendly name of the secret. [$sel:name:GetSecretValueResponse'] :: GetSecretValueResponse -> Maybe Text -- | The decrypted secret value, if the secret value was originally -- provided as binary data in the form of a byte array. The response -- parameter represents the binary data as a base64-encoded -- string. -- -- If the secret was created by using the Secrets Manager console, or if -- the secret value was originally provided as a string, then this field -- is omitted. The secret value appears in SecretString instead. [$sel:secretBinary:GetSecretValueResponse'] :: GetSecretValueResponse -> Maybe (Sensitive Base64) -- | The decrypted secret value, if the secret value was originally -- provided as a string or through the Secrets Manager console. -- -- If this secret was created by using the console, then Secrets Manager -- stores the information as a JSON structure of key/value pairs. [$sel:secretString:GetSecretValueResponse'] :: GetSecretValueResponse -> Maybe (Sensitive Text) -- | The unique identifier of this version of the secret. [$sel:versionId:GetSecretValueResponse'] :: GetSecretValueResponse -> Maybe Text -- | A list of all of the staging labels currently attached to this version -- of the secret. [$sel:versionStages:GetSecretValueResponse'] :: GetSecretValueResponse -> Maybe (NonEmpty Text) -- | The response's http status code. [$sel:httpStatus:GetSecretValueResponse'] :: GetSecretValueResponse -> Int -- | Create a value of GetSecretValueResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- GetSecretValueResponse, getSecretValueResponse_arn - The -- ARN of the secret. -- -- GetSecretValueResponse, -- getSecretValueResponse_createdDate - The date and time that -- this version of the secret was created. If you don't specify which -- version in VersionId or VersionStage, then Secrets -- Manager uses the AWSCURRENT version. -- -- GetSecretValueResponse, getSecretValueResponse_name - -- The friendly name of the secret. -- -- $sel:secretBinary:GetSecretValueResponse', -- getSecretValueResponse_secretBinary - The decrypted secret -- value, if the secret value was originally provided as binary data in -- the form of a byte array. The response parameter represents the binary -- data as a base64-encoded string. -- -- If the secret was created by using the Secrets Manager console, or if -- the secret value was originally provided as a string, then this field -- is omitted. The secret value appears in SecretString -- instead.-- -- Note: This Lens automatically encodes -- and decodes Base64 data. -- The underlying isomorphism will encode to -- Base64 representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. -- -- $sel:secretString:GetSecretValueResponse', -- getSecretValueResponse_secretString - The decrypted secret -- value, if the secret value was originally provided as a string or -- through the Secrets Manager console. -- -- If this secret was created by using the console, then Secrets Manager -- stores the information as a JSON structure of key/value pairs. -- -- GetSecretValue, getSecretValueResponse_versionId - The -- unique identifier of this version of the secret. -- -- GetSecretValueResponse, -- getSecretValueResponse_versionStages - A list of all of the -- staging labels currently attached to this version of the secret. -- -- $sel:httpStatus:GetSecretValueResponse', -- getSecretValueResponse_httpStatus - The response's http status -- code. newGetSecretValueResponse :: Int -> GetSecretValueResponse -- | The ARN of the secret. getSecretValueResponse_arn :: Lens' GetSecretValueResponse (Maybe Text) -- | The date and time that this version of the secret was created. If you -- don't specify which version in VersionId or -- VersionStage, then Secrets Manager uses the -- AWSCURRENT version. getSecretValueResponse_createdDate :: Lens' GetSecretValueResponse (Maybe UTCTime) -- | The friendly name of the secret. getSecretValueResponse_name :: Lens' GetSecretValueResponse (Maybe Text) -- | The decrypted secret value, if the secret value was originally -- provided as binary data in the form of a byte array. The response -- parameter represents the binary data as a base64-encoded -- string. -- -- If the secret was created by using the Secrets Manager console, or if -- the secret value was originally provided as a string, then this field -- is omitted. The secret value appears in SecretString -- instead.-- -- Note: This Lens automatically encodes -- and decodes Base64 data. -- The underlying isomorphism will encode to -- Base64 representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. getSecretValueResponse_secretBinary :: Lens' GetSecretValueResponse (Maybe ByteString) -- | The decrypted secret value, if the secret value was originally -- provided as a string or through the Secrets Manager console. -- -- If this secret was created by using the console, then Secrets Manager -- stores the information as a JSON structure of key/value pairs. getSecretValueResponse_secretString :: Lens' GetSecretValueResponse (Maybe Text) -- | The unique identifier of this version of the secret. getSecretValueResponse_versionId :: Lens' GetSecretValueResponse (Maybe Text) -- | A list of all of the staging labels currently attached to this version -- of the secret. getSecretValueResponse_versionStages :: Lens' GetSecretValueResponse (Maybe (NonEmpty Text)) -- | The response's http status code. getSecretValueResponse_httpStatus :: Lens' GetSecretValueResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance GHC.Show.Show Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance GHC.Read.Read Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance GHC.Classes.Eq Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance GHC.Generics.Generic Amazonka.SecretsManager.GetSecretValue.GetSecretValueResponse instance GHC.Show.Show Amazonka.SecretsManager.GetSecretValue.GetSecretValueResponse instance GHC.Classes.Eq Amazonka.SecretsManager.GetSecretValue.GetSecretValueResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance Control.DeepSeq.NFData Amazonka.SecretsManager.GetSecretValue.GetSecretValueResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance Control.DeepSeq.NFData Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.GetSecretValue.GetSecretValue instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.GetSecretValue.GetSecretValue -- | Retrieves the JSON text of the resource-based policy document attached -- to the secret. For more information about permissions policies -- attached to a secret, see Permissions policies attached to a -- secret. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:GetResourcePolicy. For more information, see -- IAM policy actions for Secrets Manager and Authentication -- and access control in Secrets Manager. module Amazonka.SecretsManager.GetResourcePolicy -- | See: newGetResourcePolicy smart constructor. data GetResourcePolicy GetResourcePolicy' :: Text -> GetResourcePolicy -- | The ARN or name of the secret to retrieve the attached resource-based -- policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:GetResourcePolicy'] :: GetResourcePolicy -> Text -- | Create a value of GetResourcePolicy with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:GetResourcePolicy', -- getResourcePolicy_secretId - The ARN or name of the secret to -- retrieve the attached resource-based policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newGetResourcePolicy :: Text -> GetResourcePolicy -- | The ARN or name of the secret to retrieve the attached resource-based -- policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. getResourcePolicy_secretId :: Lens' GetResourcePolicy Text -- | See: newGetResourcePolicyResponse smart constructor. data GetResourcePolicyResponse GetResourcePolicyResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Int -> GetResourcePolicyResponse -- | The ARN of the secret that the resource-based policy was retrieved -- for. [$sel:arn:GetResourcePolicyResponse'] :: GetResourcePolicyResponse -> Maybe Text -- | The name of the secret that the resource-based policy was retrieved -- for. [$sel:name:GetResourcePolicyResponse'] :: GetResourcePolicyResponse -> Maybe Text -- | A JSON-formatted string that contains the permissions policy attached -- to the secret. For more information about permissions policies, see -- Authentication and access control for Secrets Manager. [$sel:resourcePolicy:GetResourcePolicyResponse'] :: GetResourcePolicyResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:GetResourcePolicyResponse'] :: GetResourcePolicyResponse -> Int -- | Create a value of GetResourcePolicyResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- GetResourcePolicyResponse, getResourcePolicyResponse_arn -- - The ARN of the secret that the resource-based policy was retrieved -- for. -- -- GetResourcePolicyResponse, -- getResourcePolicyResponse_name - The name of the secret that -- the resource-based policy was retrieved for. -- -- $sel:resourcePolicy:GetResourcePolicyResponse', -- getResourcePolicyResponse_resourcePolicy - A JSON-formatted -- string that contains the permissions policy attached to the secret. -- For more information about permissions policies, see Authentication -- and access control for Secrets Manager. -- -- $sel:httpStatus:GetResourcePolicyResponse', -- getResourcePolicyResponse_httpStatus - The response's http -- status code. newGetResourcePolicyResponse :: Int -> GetResourcePolicyResponse -- | The ARN of the secret that the resource-based policy was retrieved -- for. getResourcePolicyResponse_arn :: Lens' GetResourcePolicyResponse (Maybe Text) -- | The name of the secret that the resource-based policy was retrieved -- for. getResourcePolicyResponse_name :: Lens' GetResourcePolicyResponse (Maybe Text) -- | A JSON-formatted string that contains the permissions policy attached -- to the secret. For more information about permissions policies, see -- Authentication and access control for Secrets Manager. getResourcePolicyResponse_resourcePolicy :: Lens' GetResourcePolicyResponse (Maybe Text) -- | The response's http status code. getResourcePolicyResponse_httpStatus :: Lens' GetResourcePolicyResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance GHC.Show.Show Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance GHC.Read.Read Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance GHC.Classes.Eq Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance GHC.Generics.Generic Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicyResponse instance GHC.Show.Show Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicyResponse instance GHC.Read.Read Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicyResponse instance GHC.Classes.Eq Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicyResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance Control.DeepSeq.NFData Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicyResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance Control.DeepSeq.NFData Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.GetResourcePolicy.GetResourcePolicy -- | Generates a random password. We recommend that you specify the maximum -- length and include every character type that the system you are -- generating a password for can support. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:GetRandomPassword. For more information, see -- IAM policy actions for Secrets Manager and Authentication -- and access control in Secrets Manager. module Amazonka.SecretsManager.GetRandomPassword -- | See: newGetRandomPassword smart constructor. data GetRandomPassword GetRandomPassword' :: Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Natural -> Maybe Bool -> GetRandomPassword -- | A string of the characters that you don't want in the password. [$sel:excludeCharacters:GetRandomPassword'] :: GetRandomPassword -> Maybe Text -- | Specifies whether to exclude lowercase letters from the password. If -- you don't include this switch, the password can contain lowercase -- letters. [$sel:excludeLowercase:GetRandomPassword'] :: GetRandomPassword -> Maybe Bool -- | Specifies whether to exclude numbers from the password. If you don't -- include this switch, the password can contain numbers. [$sel:excludeNumbers:GetRandomPassword'] :: GetRandomPassword -> Maybe Bool -- | Specifies whether to exclude the following punctuation characters from -- the password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? -- @ [ \ ] ^ _ ` { | } ~. If you don't include this switch, the -- password can contain punctuation. [$sel:excludePunctuation:GetRandomPassword'] :: GetRandomPassword -> Maybe Bool -- | Specifies whether to exclude uppercase letters from the password. If -- you don't include this switch, the password can contain uppercase -- letters. [$sel:excludeUppercase:GetRandomPassword'] :: GetRandomPassword -> Maybe Bool -- | Specifies whether to include the space character. If you include this -- switch, the password can contain space characters. [$sel:includeSpace:GetRandomPassword'] :: GetRandomPassword -> Maybe Bool -- | The length of the password. If you don't include this parameter, the -- default length is 32 characters. [$sel:passwordLength:GetRandomPassword'] :: GetRandomPassword -> Maybe Natural -- | Specifies whether to include at least one upper and lowercase letter, -- one number, and one punctuation. If you don't include this switch, the -- password contains at least one of every character type. [$sel:requireEachIncludedType:GetRandomPassword'] :: GetRandomPassword -> Maybe Bool -- | Create a value of GetRandomPassword with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:excludeCharacters:GetRandomPassword', -- getRandomPassword_excludeCharacters - A string of the -- characters that you don't want in the password. -- -- $sel:excludeLowercase:GetRandomPassword', -- getRandomPassword_excludeLowercase - Specifies whether to -- exclude lowercase letters from the password. If you don't include this -- switch, the password can contain lowercase letters. -- -- $sel:excludeNumbers:GetRandomPassword', -- getRandomPassword_excludeNumbers - Specifies whether to exclude -- numbers from the password. If you don't include this switch, the -- password can contain numbers. -- -- $sel:excludePunctuation:GetRandomPassword', -- getRandomPassword_excludePunctuation - Specifies whether to -- exclude the following punctuation characters from the password: ! -- " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } -- ~. If you don't include this switch, the password can contain -- punctuation. -- -- $sel:excludeUppercase:GetRandomPassword', -- getRandomPassword_excludeUppercase - Specifies whether to -- exclude uppercase letters from the password. If you don't include this -- switch, the password can contain uppercase letters. -- -- $sel:includeSpace:GetRandomPassword', -- getRandomPassword_includeSpace - Specifies whether to include -- the space character. If you include this switch, the password can -- contain space characters. -- -- $sel:passwordLength:GetRandomPassword', -- getRandomPassword_passwordLength - The length of the password. -- If you don't include this parameter, the default length is 32 -- characters. -- -- $sel:requireEachIncludedType:GetRandomPassword', -- getRandomPassword_requireEachIncludedType - Specifies whether -- to include at least one upper and lowercase letter, one number, and -- one punctuation. If you don't include this switch, the password -- contains at least one of every character type. newGetRandomPassword :: GetRandomPassword -- | A string of the characters that you don't want in the password. getRandomPassword_excludeCharacters :: Lens' GetRandomPassword (Maybe Text) -- | Specifies whether to exclude lowercase letters from the password. If -- you don't include this switch, the password can contain lowercase -- letters. getRandomPassword_excludeLowercase :: Lens' GetRandomPassword (Maybe Bool) -- | Specifies whether to exclude numbers from the password. If you don't -- include this switch, the password can contain numbers. getRandomPassword_excludeNumbers :: Lens' GetRandomPassword (Maybe Bool) -- | Specifies whether to exclude the following punctuation characters from -- the password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? -- @ [ \ ] ^ _ ` { | } ~. If you don't include this switch, the -- password can contain punctuation. getRandomPassword_excludePunctuation :: Lens' GetRandomPassword (Maybe Bool) -- | Specifies whether to exclude uppercase letters from the password. If -- you don't include this switch, the password can contain uppercase -- letters. getRandomPassword_excludeUppercase :: Lens' GetRandomPassword (Maybe Bool) -- | Specifies whether to include the space character. If you include this -- switch, the password can contain space characters. getRandomPassword_includeSpace :: Lens' GetRandomPassword (Maybe Bool) -- | The length of the password. If you don't include this parameter, the -- default length is 32 characters. getRandomPassword_passwordLength :: Lens' GetRandomPassword (Maybe Natural) -- | Specifies whether to include at least one upper and lowercase letter, -- one number, and one punctuation. If you don't include this switch, the -- password contains at least one of every character type. getRandomPassword_requireEachIncludedType :: Lens' GetRandomPassword (Maybe Bool) -- | See: newGetRandomPasswordResponse smart constructor. data GetRandomPasswordResponse GetRandomPasswordResponse' :: Maybe (Sensitive Text) -> Int -> GetRandomPasswordResponse -- | A string with the password. [$sel:randomPassword:GetRandomPasswordResponse'] :: GetRandomPasswordResponse -> Maybe (Sensitive Text) -- | The response's http status code. [$sel:httpStatus:GetRandomPasswordResponse'] :: GetRandomPasswordResponse -> Int -- | Create a value of GetRandomPasswordResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:randomPassword:GetRandomPasswordResponse', -- getRandomPasswordResponse_randomPassword - A string with the -- password. -- -- $sel:httpStatus:GetRandomPasswordResponse', -- getRandomPasswordResponse_httpStatus - The response's http -- status code. newGetRandomPasswordResponse :: Int -> GetRandomPasswordResponse -- | A string with the password. getRandomPasswordResponse_randomPassword :: Lens' GetRandomPasswordResponse (Maybe Text) -- | The response's http status code. getRandomPasswordResponse_httpStatus :: Lens' GetRandomPasswordResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance GHC.Show.Show Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance GHC.Read.Read Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance GHC.Classes.Eq Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance GHC.Generics.Generic Amazonka.SecretsManager.GetRandomPassword.GetRandomPasswordResponse instance GHC.Show.Show Amazonka.SecretsManager.GetRandomPassword.GetRandomPasswordResponse instance GHC.Classes.Eq Amazonka.SecretsManager.GetRandomPassword.GetRandomPasswordResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance Control.DeepSeq.NFData Amazonka.SecretsManager.GetRandomPassword.GetRandomPasswordResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance Control.DeepSeq.NFData Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.GetRandomPassword.GetRandomPassword -- | Retrieves the details of a secret. It does not include the encrypted -- secret value. Secrets Manager only returns fields that have a value in -- the response. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: secretsmanager:DescribeSecret. -- For more information, see IAM policy actions for Secrets -- Manager and Authentication and access control in Secrets -- Manager. module Amazonka.SecretsManager.DescribeSecret -- | See: newDescribeSecret smart constructor. data DescribeSecret DescribeSecret' :: Text -> DescribeSecret -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:DescribeSecret'] :: DescribeSecret -> Text -- | Create a value of DescribeSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:DescribeSecret', describeSecret_secretId - -- The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newDescribeSecret :: Text -> DescribeSecret -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. describeSecret_secretId :: Lens' DescribeSecret Text -- | See: newDescribeSecretResponse smart constructor. data DescribeSecretResponse DescribeSecretResponse' :: Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe [ReplicationStatusType] -> Maybe Bool -> Maybe Text -> Maybe RotationRulesType -> Maybe [Tag] -> Maybe (HashMap Text (NonEmpty Text)) -> Int -> DescribeSecretResponse -- | The ARN of the secret. [$sel:arn:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe Text -- | The date the secret was created. [$sel:createdDate:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe POSIX -- | The date the secret is scheduled for deletion. If it is not scheduled -- for deletion, this field is omitted. When you delete a secret, Secrets -- Manager requires a recovery window of at least 7 days before deleting -- the secret. Some time after the deleted date, Secrets Manager deletes -- the secret, including all of its versions. -- -- If a secret is scheduled for deletion, then its details, including the -- encrypted secret value, is not accessible. To cancel a scheduled -- deletion and restore access to the secret, use RestoreSecret. [$sel:deletedDate:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe POSIX -- | The description of the secret. [$sel:description:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe Text -- | The key ID or alias ARN of the KMS key that Secrets Manager uses to -- encrypt the secret value. If the secret is encrypted with the Amazon -- Web Services managed key aws/secretsmanager, this field is -- omitted. Secrets created using the console use an KMS key ID. [$sel:kmsKeyId:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe Text -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. [$sel:lastAccessedDate:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe POSIX -- | The last date and time that this secret was modified in any way. [$sel:lastChangedDate:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe POSIX -- | The last date and time that Secrets Manager rotated the secret. If the -- secret isn't configured for rotation, Secrets Manager returns null. [$sel:lastRotatedDate:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe POSIX -- | The name of the secret. [$sel:name:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe Text [$sel:nextRotationDate:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe POSIX -- | The ID of the service that created this secret. For more information, -- see Secrets managed by other Amazon Web Services services. [$sel:owningService:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe Text -- | The Region the secret is in. If a secret is replicated to other -- Regions, the replicas are listed in ReplicationStatus. [$sel:primaryRegion:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe Text -- | A list of the replicas of this secret and their status: -- -- [$sel:replicationStatus:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe [ReplicationStatusType] -- | Specifies whether automatic rotation is turned on for this secret. -- -- To turn on rotation, use RotateSecret. To turn off rotation, use -- CancelRotateSecret. [$sel:rotationEnabled:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe Bool -- | The ARN of the Lambda function that Secrets Manager invokes to rotate -- the secret. [$sel:rotationLambdaARN:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe Text -- | The rotation schedule and Lambda function for this secret. If the -- secret previously had rotation turned on, but it is now turned off, -- this field shows the previous rotation schedule and rotation function. -- If the secret never had rotation turned on, this field is omitted. [$sel:rotationRules:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe RotationRulesType -- | The list of tags attached to the secret. To add tags to a secret, use -- TagResource. To remove tags, use UntagResource. [$sel:tags:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe [Tag] -- | A list of the versions of the secret that have staging labels -- attached. Versions that don't have staging labels are considered -- deprecated and Secrets Manager can delete them. -- -- Secrets Manager uses staging labels to indicate the status of a secret -- version during rotation. The three staging labels for rotation are: -- -- -- -- For more information about rotation and staging labels, see How -- rotation works. [$sel:versionIdsToStages:DescribeSecretResponse'] :: DescribeSecretResponse -> Maybe (HashMap Text (NonEmpty Text)) -- | The response's http status code. [$sel:httpStatus:DescribeSecretResponse'] :: DescribeSecretResponse -> Int -- | Create a value of DescribeSecretResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- DescribeSecretResponse, describeSecretResponse_arn - The -- ARN of the secret. -- -- DescribeSecretResponse, -- describeSecretResponse_createdDate - The date the secret was -- created. -- -- DescribeSecretResponse, -- describeSecretResponse_deletedDate - The date the secret is -- scheduled for deletion. If it is not scheduled for deletion, this -- field is omitted. When you delete a secret, Secrets Manager requires a -- recovery window of at least 7 days before deleting the secret. Some -- time after the deleted date, Secrets Manager deletes the secret, -- including all of its versions. -- -- If a secret is scheduled for deletion, then its details, including the -- encrypted secret value, is not accessible. To cancel a scheduled -- deletion and restore access to the secret, use RestoreSecret. -- -- DescribeSecretResponse, -- describeSecretResponse_description - The description of the -- secret. -- -- DescribeSecretResponse, describeSecretResponse_kmsKeyId -- - The key ID or alias ARN of the KMS key that Secrets Manager uses to -- encrypt the secret value. If the secret is encrypted with the Amazon -- Web Services managed key aws/secretsmanager, this field is -- omitted. Secrets created using the console use an KMS key ID. -- -- DescribeSecretResponse, -- describeSecretResponse_lastAccessedDate - The date that the -- secret was last accessed in the Region. This field is omitted if the -- secret has never been retrieved in the Region. -- -- DescribeSecretResponse, -- describeSecretResponse_lastChangedDate - The last date and time -- that this secret was modified in any way. -- -- DescribeSecretResponse, -- describeSecretResponse_lastRotatedDate - The last date and time -- that Secrets Manager rotated the secret. If the secret isn't -- configured for rotation, Secrets Manager returns null. -- -- DescribeSecretResponse, describeSecretResponse_name - -- The name of the secret. -- -- DescribeSecretResponse, -- describeSecretResponse_nextRotationDate - Undocumented member. -- -- DescribeSecretResponse, -- describeSecretResponse_owningService - The ID of the service -- that created this secret. For more information, see Secrets managed -- by other Amazon Web Services services. -- -- DescribeSecretResponse, -- describeSecretResponse_primaryRegion - The Region the secret is -- in. If a secret is replicated to other Regions, the replicas are -- listed in ReplicationStatus. -- -- $sel:replicationStatus:DescribeSecretResponse', -- describeSecretResponse_replicationStatus - A list of the -- replicas of this secret and their status: -- -- -- -- DescribeSecretResponse, -- describeSecretResponse_rotationEnabled - Specifies whether -- automatic rotation is turned on for this secret. -- -- To turn on rotation, use RotateSecret. To turn off rotation, use -- CancelRotateSecret. -- -- DescribeSecretResponse, -- describeSecretResponse_rotationLambdaARN - The ARN of the -- Lambda function that Secrets Manager invokes to rotate the secret. -- -- DescribeSecretResponse, -- describeSecretResponse_rotationRules - The rotation schedule -- and Lambda function for this secret. If the secret previously had -- rotation turned on, but it is now turned off, this field shows the -- previous rotation schedule and rotation function. If the secret never -- had rotation turned on, this field is omitted. -- -- DescribeSecretResponse, describeSecretResponse_tags - -- The list of tags attached to the secret. To add tags to a secret, use -- TagResource. To remove tags, use UntagResource. -- -- $sel:versionIdsToStages:DescribeSecretResponse', -- describeSecretResponse_versionIdsToStages - A list of the -- versions of the secret that have staging labels attached. Versions -- that don't have staging labels are considered deprecated and Secrets -- Manager can delete them. -- -- Secrets Manager uses staging labels to indicate the status of a secret -- version during rotation. The three staging labels for rotation are: -- -- -- -- For more information about rotation and staging labels, see How -- rotation works. -- -- $sel:httpStatus:DescribeSecretResponse', -- describeSecretResponse_httpStatus - The response's http status -- code. newDescribeSecretResponse :: Int -> DescribeSecretResponse -- | The ARN of the secret. describeSecretResponse_arn :: Lens' DescribeSecretResponse (Maybe Text) -- | The date the secret was created. describeSecretResponse_createdDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The date the secret is scheduled for deletion. If it is not scheduled -- for deletion, this field is omitted. When you delete a secret, Secrets -- Manager requires a recovery window of at least 7 days before deleting -- the secret. Some time after the deleted date, Secrets Manager deletes -- the secret, including all of its versions. -- -- If a secret is scheduled for deletion, then its details, including the -- encrypted secret value, is not accessible. To cancel a scheduled -- deletion and restore access to the secret, use RestoreSecret. describeSecretResponse_deletedDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The description of the secret. describeSecretResponse_description :: Lens' DescribeSecretResponse (Maybe Text) -- | The key ID or alias ARN of the KMS key that Secrets Manager uses to -- encrypt the secret value. If the secret is encrypted with the Amazon -- Web Services managed key aws/secretsmanager, this field is -- omitted. Secrets created using the console use an KMS key ID. describeSecretResponse_kmsKeyId :: Lens' DescribeSecretResponse (Maybe Text) -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. describeSecretResponse_lastAccessedDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The last date and time that this secret was modified in any way. describeSecretResponse_lastChangedDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The last date and time that Secrets Manager rotated the secret. If the -- secret isn't configured for rotation, Secrets Manager returns null. describeSecretResponse_lastRotatedDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The name of the secret. describeSecretResponse_name :: Lens' DescribeSecretResponse (Maybe Text) -- | Undocumented member. describeSecretResponse_nextRotationDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The ID of the service that created this secret. For more information, -- see Secrets managed by other Amazon Web Services services. describeSecretResponse_owningService :: Lens' DescribeSecretResponse (Maybe Text) -- | The Region the secret is in. If a secret is replicated to other -- Regions, the replicas are listed in ReplicationStatus. describeSecretResponse_primaryRegion :: Lens' DescribeSecretResponse (Maybe Text) -- | A list of the replicas of this secret and their status: -- -- describeSecretResponse_replicationStatus :: Lens' DescribeSecretResponse (Maybe [ReplicationStatusType]) -- | Specifies whether automatic rotation is turned on for this secret. -- -- To turn on rotation, use RotateSecret. To turn off rotation, use -- CancelRotateSecret. describeSecretResponse_rotationEnabled :: Lens' DescribeSecretResponse (Maybe Bool) -- | The ARN of the Lambda function that Secrets Manager invokes to rotate -- the secret. describeSecretResponse_rotationLambdaARN :: Lens' DescribeSecretResponse (Maybe Text) -- | The rotation schedule and Lambda function for this secret. If the -- secret previously had rotation turned on, but it is now turned off, -- this field shows the previous rotation schedule and rotation function. -- If the secret never had rotation turned on, this field is omitted. describeSecretResponse_rotationRules :: Lens' DescribeSecretResponse (Maybe RotationRulesType) -- | The list of tags attached to the secret. To add tags to a secret, use -- TagResource. To remove tags, use UntagResource. describeSecretResponse_tags :: Lens' DescribeSecretResponse (Maybe [Tag]) -- | A list of the versions of the secret that have staging labels -- attached. Versions that don't have staging labels are considered -- deprecated and Secrets Manager can delete them. -- -- Secrets Manager uses staging labels to indicate the status of a secret -- version during rotation. The three staging labels for rotation are: -- -- -- -- For more information about rotation and staging labels, see How -- rotation works. describeSecretResponse_versionIdsToStages :: Lens' DescribeSecretResponse (Maybe (HashMap Text (NonEmpty Text))) -- | The response's http status code. describeSecretResponse_httpStatus :: Lens' DescribeSecretResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance GHC.Show.Show Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance GHC.Read.Read Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance GHC.Classes.Eq Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance GHC.Generics.Generic Amazonka.SecretsManager.DescribeSecret.DescribeSecretResponse instance GHC.Show.Show Amazonka.SecretsManager.DescribeSecret.DescribeSecretResponse instance GHC.Read.Read Amazonka.SecretsManager.DescribeSecret.DescribeSecretResponse instance GHC.Classes.Eq Amazonka.SecretsManager.DescribeSecret.DescribeSecretResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.DescribeSecret.DescribeSecretResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.DescribeSecret.DescribeSecret instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.DescribeSecret.DescribeSecret -- | Deletes a secret and all of its versions. You can specify a recovery -- window during which you can restore the secret. The minimum recovery -- window is 7 days. The default recovery window is 30 days. Secrets -- Manager attaches a DeletionDate stamp to the secret that -- specifies the end of the recovery window. At the end of the recovery -- window, Secrets Manager deletes the secret permanently. -- -- You can't delete a primary secret that is replicated to other Regions. -- You must first delete the replicas using RemoveRegionsFromReplication, -- and then delete the primary secret. When you delete a replica, it is -- deleted immediately. -- -- You can't directly delete a version of a secret. Instead, you remove -- all staging labels from the version using UpdateSecretVersionStage. -- This marks the version as deprecated, and then Secrets Manager can -- automatically delete the version in the background. -- -- To determine whether an application still uses a secret, you can -- create an Amazon CloudWatch alarm to alert you to any attempts to -- access a secret during the recovery window. For more information, see -- Monitor secrets scheduled for deletion. -- -- Secrets Manager performs the permanent secret deletion at the end of -- the waiting period as a background task with low priority. There is no -- guarantee of a specific time after the recovery window for the -- permanent delete to occur. -- -- At any time before recovery window ends, you can use RestoreSecret to -- remove the DeletionDate and cancel the deletion of the -- secret. -- -- When a secret is scheduled for deletion, you cannot retrieve the -- secret value. You must first cancel the deletion with RestoreSecret -- and then you can retrieve the secret. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: secretsmanager:DeleteSecret. For -- more information, see IAM policy actions for Secrets Manager -- and Authentication and access control in Secrets Manager. module Amazonka.SecretsManager.DeleteSecret -- | See: newDeleteSecret smart constructor. data DeleteSecret DeleteSecret' :: Maybe Bool -> Maybe Integer -> Text -> DeleteSecret -- | Specifies whether to delete the secret without any recovery window. -- You can't use both this parameter and RecoveryWindowInDays in -- the same call. If you don't use either, then Secrets Manager defaults -- to a 30 day recovery window. -- -- Secrets Manager performs the actual deletion with an asynchronous -- background process, so there might be a short delay before the secret -- is permanently deleted. If you delete a secret and then immediately -- create a secret with the same name, use appropriate back off and retry -- logic. -- -- Use this parameter with caution. This parameter causes the operation -- to skip the normal recovery window before the permanent deletion that -- Secrets Manager would normally impose with the -- RecoveryWindowInDays parameter. If you delete a secret with -- the ForceDeleteWithoutRecovery parameter, then you have no -- opportunity to recover the secret. You lose the secret permanently. [$sel:forceDeleteWithoutRecovery:DeleteSecret'] :: DeleteSecret -> Maybe Bool -- | The number of days from 7 to 30 that Secrets Manager waits before -- permanently deleting the secret. You can't use both this parameter and -- ForceDeleteWithoutRecovery in the same call. If you don't use -- either, then Secrets Manager defaults to a 30 day recovery window. [$sel:recoveryWindowInDays:DeleteSecret'] :: DeleteSecret -> Maybe Integer -- | The ARN or name of the secret to delete. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:DeleteSecret'] :: DeleteSecret -> Text -- | Create a value of DeleteSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:forceDeleteWithoutRecovery:DeleteSecret', -- deleteSecret_forceDeleteWithoutRecovery - Specifies whether to -- delete the secret without any recovery window. You can't use both this -- parameter and RecoveryWindowInDays in the same call. If you -- don't use either, then Secrets Manager defaults to a 30 day recovery -- window. -- -- Secrets Manager performs the actual deletion with an asynchronous -- background process, so there might be a short delay before the secret -- is permanently deleted. If you delete a secret and then immediately -- create a secret with the same name, use appropriate back off and retry -- logic. -- -- Use this parameter with caution. This parameter causes the operation -- to skip the normal recovery window before the permanent deletion that -- Secrets Manager would normally impose with the -- RecoveryWindowInDays parameter. If you delete a secret with -- the ForceDeleteWithoutRecovery parameter, then you have no -- opportunity to recover the secret. You lose the secret permanently. -- -- $sel:recoveryWindowInDays:DeleteSecret', -- deleteSecret_recoveryWindowInDays - The number of days from 7 -- to 30 that Secrets Manager waits before permanently deleting the -- secret. You can't use both this parameter and -- ForceDeleteWithoutRecovery in the same call. If you don't use -- either, then Secrets Manager defaults to a 30 day recovery window. -- -- $sel:secretId:DeleteSecret', deleteSecret_secretId - The -- ARN or name of the secret to delete. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newDeleteSecret :: Text -> DeleteSecret -- | Specifies whether to delete the secret without any recovery window. -- You can't use both this parameter and RecoveryWindowInDays in -- the same call. If you don't use either, then Secrets Manager defaults -- to a 30 day recovery window. -- -- Secrets Manager performs the actual deletion with an asynchronous -- background process, so there might be a short delay before the secret -- is permanently deleted. If you delete a secret and then immediately -- create a secret with the same name, use appropriate back off and retry -- logic. -- -- Use this parameter with caution. This parameter causes the operation -- to skip the normal recovery window before the permanent deletion that -- Secrets Manager would normally impose with the -- RecoveryWindowInDays parameter. If you delete a secret with -- the ForceDeleteWithoutRecovery parameter, then you have no -- opportunity to recover the secret. You lose the secret permanently. deleteSecret_forceDeleteWithoutRecovery :: Lens' DeleteSecret (Maybe Bool) -- | The number of days from 7 to 30 that Secrets Manager waits before -- permanently deleting the secret. You can't use both this parameter and -- ForceDeleteWithoutRecovery in the same call. If you don't use -- either, then Secrets Manager defaults to a 30 day recovery window. deleteSecret_recoveryWindowInDays :: Lens' DeleteSecret (Maybe Integer) -- | The ARN or name of the secret to delete. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. deleteSecret_secretId :: Lens' DeleteSecret Text -- | See: newDeleteSecretResponse smart constructor. data DeleteSecretResponse DeleteSecretResponse' :: Maybe Text -> Maybe POSIX -> Maybe Text -> Int -> DeleteSecretResponse -- | The ARN of the secret. [$sel:arn:DeleteSecretResponse'] :: DeleteSecretResponse -> Maybe Text -- | The date and time after which this secret Secrets Manager can -- permanently delete this secret, and it can no longer be restored. This -- value is the date and time of the delete request plus the number of -- days in RecoveryWindowInDays. [$sel:deletionDate:DeleteSecretResponse'] :: DeleteSecretResponse -> Maybe POSIX -- | The name of the secret. [$sel:name:DeleteSecretResponse'] :: DeleteSecretResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:DeleteSecretResponse'] :: DeleteSecretResponse -> Int -- | Create a value of DeleteSecretResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- DeleteSecretResponse, deleteSecretResponse_arn - The ARN -- of the secret. -- -- $sel:deletionDate:DeleteSecretResponse', -- deleteSecretResponse_deletionDate - The date and time after -- which this secret Secrets Manager can permanently delete this secret, -- and it can no longer be restored. This value is the date and time of -- the delete request plus the number of days in -- RecoveryWindowInDays. -- -- DeleteSecretResponse, deleteSecretResponse_name - The -- name of the secret. -- -- $sel:httpStatus:DeleteSecretResponse', -- deleteSecretResponse_httpStatus - The response's http status -- code. newDeleteSecretResponse :: Int -> DeleteSecretResponse -- | The ARN of the secret. deleteSecretResponse_arn :: Lens' DeleteSecretResponse (Maybe Text) -- | The date and time after which this secret Secrets Manager can -- permanently delete this secret, and it can no longer be restored. This -- value is the date and time of the delete request plus the number of -- days in RecoveryWindowInDays. deleteSecretResponse_deletionDate :: Lens' DeleteSecretResponse (Maybe UTCTime) -- | The name of the secret. deleteSecretResponse_name :: Lens' DeleteSecretResponse (Maybe Text) -- | The response's http status code. deleteSecretResponse_httpStatus :: Lens' DeleteSecretResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance GHC.Show.Show Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance GHC.Read.Read Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance GHC.Classes.Eq Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance GHC.Generics.Generic Amazonka.SecretsManager.DeleteSecret.DeleteSecretResponse instance GHC.Show.Show Amazonka.SecretsManager.DeleteSecret.DeleteSecretResponse instance GHC.Read.Read Amazonka.SecretsManager.DeleteSecret.DeleteSecretResponse instance GHC.Classes.Eq Amazonka.SecretsManager.DeleteSecret.DeleteSecretResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.DeleteSecret.DeleteSecretResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.DeleteSecret.DeleteSecret instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.DeleteSecret.DeleteSecret -- | Deletes the resource-based permission policy attached to the secret. -- To attach a policy to a secret, use PutResourcePolicy. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:DeleteResourcePolicy. For more information, -- see IAM policy actions for Secrets Manager and -- Authentication and access control in Secrets Manager. module Amazonka.SecretsManager.DeleteResourcePolicy -- | See: newDeleteResourcePolicy smart constructor. data DeleteResourcePolicy DeleteResourcePolicy' :: Text -> DeleteResourcePolicy -- | The ARN or name of the secret to delete the attached resource-based -- policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:DeleteResourcePolicy'] :: DeleteResourcePolicy -> Text -- | Create a value of DeleteResourcePolicy with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:DeleteResourcePolicy', -- deleteResourcePolicy_secretId - The ARN or name of the secret -- to delete the attached resource-based policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newDeleteResourcePolicy :: Text -> DeleteResourcePolicy -- | The ARN or name of the secret to delete the attached resource-based -- policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. deleteResourcePolicy_secretId :: Lens' DeleteResourcePolicy Text -- | See: newDeleteResourcePolicyResponse smart constructor. data DeleteResourcePolicyResponse DeleteResourcePolicyResponse' :: Maybe Text -> Maybe Text -> Int -> DeleteResourcePolicyResponse -- | The ARN of the secret that the resource-based policy was deleted for. [$sel:arn:DeleteResourcePolicyResponse'] :: DeleteResourcePolicyResponse -> Maybe Text -- | The name of the secret that the resource-based policy was deleted for. [$sel:name:DeleteResourcePolicyResponse'] :: DeleteResourcePolicyResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:DeleteResourcePolicyResponse'] :: DeleteResourcePolicyResponse -> Int -- | Create a value of DeleteResourcePolicyResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- DeleteResourcePolicyResponse, -- deleteResourcePolicyResponse_arn - The ARN of the secret that -- the resource-based policy was deleted for. -- -- DeleteResourcePolicyResponse, -- deleteResourcePolicyResponse_name - The name of the secret that -- the resource-based policy was deleted for. -- -- $sel:httpStatus:DeleteResourcePolicyResponse', -- deleteResourcePolicyResponse_httpStatus - The response's http -- status code. newDeleteResourcePolicyResponse :: Int -> DeleteResourcePolicyResponse -- | The ARN of the secret that the resource-based policy was deleted for. deleteResourcePolicyResponse_arn :: Lens' DeleteResourcePolicyResponse (Maybe Text) -- | The name of the secret that the resource-based policy was deleted for. deleteResourcePolicyResponse_name :: Lens' DeleteResourcePolicyResponse (Maybe Text) -- | The response's http status code. deleteResourcePolicyResponse_httpStatus :: Lens' DeleteResourcePolicyResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance GHC.Show.Show Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance GHC.Read.Read Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance GHC.Classes.Eq Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance GHC.Generics.Generic Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicyResponse instance GHC.Show.Show Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicyResponse instance GHC.Read.Read Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicyResponse instance GHC.Classes.Eq Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicyResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance Control.DeepSeq.NFData Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicyResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance Control.DeepSeq.NFData Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.DeleteResourcePolicy.DeleteResourcePolicy -- | Creates a new secret. A secret can be a password, a set of -- credentials such as a user name and password, an OAuth token, or other -- secret information that you store in an encrypted form in Secrets -- Manager. The secret also includes the connection information to access -- a database or other service, which Secrets Manager doesn't encrypt. A -- secret in Secrets Manager consists of both the protected secret data -- and the important information needed to manage the secret. -- -- For information about creating a secret in the console, see Create -- a secret. -- -- To create a secret, you can provide the secret value to be encrypted -- in either the SecretString parameter or the -- SecretBinary parameter, but not both. If you include -- SecretString or SecretBinary then Secrets Manager -- creates an initial secret version and automatically attaches the -- staging label AWSCURRENT to it. -- -- For database credentials you want to rotate, for Secrets Manager to be -- able to rotate the secret, you must make sure the JSON you store in -- the SecretString matches the JSON structure of a database -- secret. -- -- If you don't specify an KMS encryption key, Secrets Manager uses the -- Amazon Web Services managed key aws/secretsmanager. If this -- key doesn't already exist in your account, then Secrets Manager -- creates it for you automatically. All users and roles in the Amazon -- Web Services account automatically have access to use -- aws/secretsmanager. Creating aws/secretsmanager can -- result in a one-time significant delay in returning the result. -- -- If the secret is in a different Amazon Web Services account from the -- credentials calling the API, then you can't use -- aws/secretsmanager to encrypt the secret, and you must create -- and use a customer managed KMS key. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- except SecretBinary or SecretString because it might -- be logged. For more information, see Logging Secrets Manager events -- with CloudTrail. -- -- Required permissions: secretsmanager:CreateSecret. If -- you include tags in the secret, you also need -- secretsmanager:TagResource. For more information, see IAM -- policy actions for Secrets Manager and Authentication and -- access control in Secrets Manager. -- -- To encrypt the secret with a KMS key other than -- aws/secretsmanager, you need kms:GenerateDataKey and -- kms:Decrypt permission to the key. module Amazonka.SecretsManager.CreateSecret -- | See: newCreateSecret smart constructor. data CreateSecret CreateSecret' :: Maybe (NonEmpty ReplicaRegionType) -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe (Sensitive Base64) -> Maybe (Sensitive Text) -> Maybe [Tag] -> Text -> CreateSecret -- | A list of Regions and KMS keys to replicate secrets. [$sel:addReplicaRegions:CreateSecret'] :: CreateSecret -> Maybe (NonEmpty ReplicaRegionType) -- | If you include SecretString or SecretBinary, then -- Secrets Manager creates an initial version for the secret, and this -- parameter specifies the unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during a rotation. We recommend that you generate -- a UUID-type value to ensure uniqueness of your versions within -- the specified secret. -- -- -- -- This value becomes the VersionId of the new version. [$sel:clientRequestToken:CreateSecret'] :: CreateSecret -> Maybe Text -- | The description of the secret. [$sel:description:CreateSecret'] :: CreateSecret -> Maybe Text -- | Specifies whether to overwrite a secret with the same name in the -- destination Region. [$sel:forceOverwriteReplicaSecret:CreateSecret'] :: CreateSecret -> Maybe Bool -- | The ARN, key ID, or alias of the KMS key that Secrets Manager uses to -- encrypt the secret value in the secret. An alias is always prefixed by -- alias/, for example alias/aws/secretsmanager. For -- more information, see About aliases. -- -- To use a KMS key in a different account, use the key ARN or the alias -- ARN. -- -- If you don't specify this value, then Secrets Manager uses the key -- aws/secretsmanager. If that key doesn't yet exist, then -- Secrets Manager creates it for you automatically the first time it -- encrypts the secret value. -- -- If the secret is in a different Amazon Web Services account from the -- credentials calling the API, then you can't use -- aws/secretsmanager to encrypt the secret, and you must create -- and use a customer managed KMS key. [$sel:kmsKeyId:CreateSecret'] :: CreateSecret -> Maybe Text -- | The binary data to encrypt and store in the new version of the secret. -- We recommend that you store your binary data in a file and then pass -- the contents of the file as a parameter. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- This parameter is not available in the Secrets Manager console. [$sel:secretBinary:CreateSecret'] :: CreateSecret -> Maybe (Sensitive Base64) -- | The text data to encrypt and store in this new version of the secret. -- We recommend you use a JSON structure of key/value pairs for your -- secret value. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- If you create a secret by using the Secrets Manager console then -- Secrets Manager puts the protected secret text in only the -- SecretString parameter. The Secrets Manager console stores -- the information as a JSON structure of key/value pairs that a Lambda -- rotation function can parse. [$sel:secretString:CreateSecret'] :: CreateSecret -> Maybe (Sensitive Text) -- | A list of tags to attach to the secret. Each tag is a key and value -- pair of strings in a JSON text string, for example: -- -- 
--   [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
--
-- -- Secrets Manager tag key names are case sensitive. A tag with the key -- "ABC" is a different tag from one with key "abc". -- -- If you check tags in permissions policies as part of your security -- strategy, then adding or removing a tag can change permissions. If the -- completion of this operation would result in you losing your -- permissions for this secret, then Secrets Manager blocks the operation -- and returns an Access Denied error. For more information, see -- Control access to secrets using tags and Limit access to -- identities with tags that match secrets' tags. -- -- For information about how to format a JSON parameter for the various -- command line tool environments, see Using JSON for Parameters. -- If your command-line tool or SDK requires quotation marks around the -- parameter, you should use single quotes to avoid confusion with the -- double quotes required in the JSON text. -- -- The following restrictions apply to tags: -- -- [$sel:tags:CreateSecret'] :: CreateSecret -> Maybe [Tag] -- | The name of the new secret. -- -- The secret name can contain ASCII letters, numbers, and the following -- characters: /_+=.@- -- -- Do not end your secret name with a hyphen followed by six characters. -- If you do so, you risk confusion and unexpected results when searching -- for a secret by partial ARN. Secrets Manager automatically adds a -- hyphen and six random characters after the secret name at the end of -- the ARN. [$sel:name:CreateSecret'] :: CreateSecret -> Text -- | Create a value of CreateSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:addReplicaRegions:CreateSecret', -- createSecret_addReplicaRegions - A list of Regions and KMS keys -- to replicate secrets. -- -- $sel:clientRequestToken:CreateSecret', -- createSecret_clientRequestToken - If you include -- SecretString or SecretBinary, then Secrets Manager -- creates an initial version for the secret, and this parameter -- specifies the unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during a rotation. We recommend that you generate -- a UUID-type value to ensure uniqueness of your versions within -- the specified secret. -- -- -- -- This value becomes the VersionId of the new version. -- -- CreateSecret, createSecret_description - The description -- of the secret. -- -- $sel:forceOverwriteReplicaSecret:CreateSecret', -- createSecret_forceOverwriteReplicaSecret - Specifies whether to -- overwrite a secret with the same name in the destination Region. -- -- CreateSecret, createSecret_kmsKeyId - The ARN, key ID, -- or alias of the KMS key that Secrets Manager uses to encrypt the -- secret value in the secret. An alias is always prefixed by -- alias/, for example alias/aws/secretsmanager. For -- more information, see About aliases. -- -- To use a KMS key in a different account, use the key ARN or the alias -- ARN. -- -- If you don't specify this value, then Secrets Manager uses the key -- aws/secretsmanager. If that key doesn't yet exist, then -- Secrets Manager creates it for you automatically the first time it -- encrypts the secret value. -- -- If the secret is in a different Amazon Web Services account from the -- credentials calling the API, then you can't use -- aws/secretsmanager to encrypt the secret, and you must create -- and use a customer managed KMS key. -- -- $sel:secretBinary:CreateSecret', -- createSecret_secretBinary - The binary data to encrypt and -- store in the new version of the secret. We recommend that you store -- your binary data in a file and then pass the contents of the file as a -- parameter. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- This parameter is not available in the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. -- -- $sel:secretString:CreateSecret', -- createSecret_secretString - The text data to encrypt and store -- in this new version of the secret. We recommend you use a JSON -- structure of key/value pairs for your secret value. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- If you create a secret by using the Secrets Manager console then -- Secrets Manager puts the protected secret text in only the -- SecretString parameter. The Secrets Manager console stores -- the information as a JSON structure of key/value pairs that a Lambda -- rotation function can parse. -- -- CreateSecret, createSecret_tags - A list of tags to -- attach to the secret. Each tag is a key and value pair of strings in a -- JSON text string, for example: -- -- 
--   [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
--
-- -- Secrets Manager tag key names are case sensitive. A tag with the key -- "ABC" is a different tag from one with key "abc". -- -- If you check tags in permissions policies as part of your security -- strategy, then adding or removing a tag can change permissions. If the -- completion of this operation would result in you losing your -- permissions for this secret, then Secrets Manager blocks the operation -- and returns an Access Denied error. For more information, see -- Control access to secrets using tags and Limit access to -- identities with tags that match secrets' tags. -- -- For information about how to format a JSON parameter for the various -- command line tool environments, see Using JSON for Parameters. -- If your command-line tool or SDK requires quotation marks around the -- parameter, you should use single quotes to avoid confusion with the -- double quotes required in the JSON text. -- -- The following restrictions apply to tags: -- -- -- -- CreateSecret, createSecret_name - The name of the new -- secret. -- -- The secret name can contain ASCII letters, numbers, and the following -- characters: /_+=.@- -- -- Do not end your secret name with a hyphen followed by six characters. -- If you do so, you risk confusion and unexpected results when searching -- for a secret by partial ARN. Secrets Manager automatically adds a -- hyphen and six random characters after the secret name at the end of -- the ARN. newCreateSecret :: Text -> CreateSecret -- | A list of Regions and KMS keys to replicate secrets. createSecret_addReplicaRegions :: Lens' CreateSecret (Maybe (NonEmpty ReplicaRegionType)) -- | If you include SecretString or SecretBinary, then -- Secrets Manager creates an initial version for the secret, and this -- parameter specifies the unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during a rotation. We recommend that you generate -- a UUID-type value to ensure uniqueness of your versions within -- the specified secret. -- -- -- -- This value becomes the VersionId of the new version. createSecret_clientRequestToken :: Lens' CreateSecret (Maybe Text) -- | The description of the secret. createSecret_description :: Lens' CreateSecret (Maybe Text) -- | Specifies whether to overwrite a secret with the same name in the -- destination Region. createSecret_forceOverwriteReplicaSecret :: Lens' CreateSecret (Maybe Bool) -- | The ARN, key ID, or alias of the KMS key that Secrets Manager uses to -- encrypt the secret value in the secret. An alias is always prefixed by -- alias/, for example alias/aws/secretsmanager. For -- more information, see About aliases. -- -- To use a KMS key in a different account, use the key ARN or the alias -- ARN. -- -- If you don't specify this value, then Secrets Manager uses the key -- aws/secretsmanager. If that key doesn't yet exist, then -- Secrets Manager creates it for you automatically the first time it -- encrypts the secret value. -- -- If the secret is in a different Amazon Web Services account from the -- credentials calling the API, then you can't use -- aws/secretsmanager to encrypt the secret, and you must create -- and use a customer managed KMS key. createSecret_kmsKeyId :: Lens' CreateSecret (Maybe Text) -- | The binary data to encrypt and store in the new version of the secret. -- We recommend that you store your binary data in a file and then pass -- the contents of the file as a parameter. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- This parameter is not available in the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. createSecret_secretBinary :: Lens' CreateSecret (Maybe ByteString) -- | The text data to encrypt and store in this new version of the secret. -- We recommend you use a JSON structure of key/value pairs for your -- secret value. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- If you create a secret by using the Secrets Manager console then -- Secrets Manager puts the protected secret text in only the -- SecretString parameter. The Secrets Manager console stores -- the information as a JSON structure of key/value pairs that a Lambda -- rotation function can parse. createSecret_secretString :: Lens' CreateSecret (Maybe Text) -- | A list of tags to attach to the secret. Each tag is a key and value -- pair of strings in a JSON text string, for example: -- -- 
--   [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
--
-- -- Secrets Manager tag key names are case sensitive. A tag with the key -- "ABC" is a different tag from one with key "abc". -- -- If you check tags in permissions policies as part of your security -- strategy, then adding or removing a tag can change permissions. If the -- completion of this operation would result in you losing your -- permissions for this secret, then Secrets Manager blocks the operation -- and returns an Access Denied error. For more information, see -- Control access to secrets using tags and Limit access to -- identities with tags that match secrets' tags. -- -- For information about how to format a JSON parameter for the various -- command line tool environments, see Using JSON for Parameters. -- If your command-line tool or SDK requires quotation marks around the -- parameter, you should use single quotes to avoid confusion with the -- double quotes required in the JSON text. -- -- The following restrictions apply to tags: -- -- createSecret_tags :: Lens' CreateSecret (Maybe [Tag]) -- | The name of the new secret. -- -- The secret name can contain ASCII letters, numbers, and the following -- characters: /_+=.@- -- -- Do not end your secret name with a hyphen followed by six characters. -- If you do so, you risk confusion and unexpected results when searching -- for a secret by partial ARN. Secrets Manager automatically adds a -- hyphen and six random characters after the secret name at the end of -- the ARN. createSecret_name :: Lens' CreateSecret Text -- | See: newCreateSecretResponse smart constructor. data CreateSecretResponse CreateSecretResponse' :: Maybe Text -> Maybe Text -> Maybe [ReplicationStatusType] -> Maybe Text -> Int -> CreateSecretResponse -- | The ARN of the new secret. The ARN includes the name of the secret -- followed by six random characters. This ensures that if you create a -- new secret with the same name as a deleted secret, then users with -- access to the old secret don't get access to the new secret because -- the ARNs are different. [$sel:arn:CreateSecretResponse'] :: CreateSecretResponse -> Maybe Text -- | The name of the new secret. [$sel:name:CreateSecretResponse'] :: CreateSecretResponse -> Maybe Text -- | A list of the replicas of this secret and their status: -- -- [$sel:replicationStatus:CreateSecretResponse'] :: CreateSecretResponse -> Maybe [ReplicationStatusType] -- | The unique identifier associated with the version of the new secret. [$sel:versionId:CreateSecretResponse'] :: CreateSecretResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:CreateSecretResponse'] :: CreateSecretResponse -> Int -- | Create a value of CreateSecretResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- CreateSecretResponse, createSecretResponse_arn - The ARN -- of the new secret. The ARN includes the name of the secret followed by -- six random characters. This ensures that if you create a new secret -- with the same name as a deleted secret, then users with access to the -- old secret don't get access to the new secret because the ARNs are -- different. -- -- CreateSecret, createSecretResponse_name - The name of -- the new secret. -- -- $sel:replicationStatus:CreateSecretResponse', -- createSecretResponse_replicationStatus - A list of the replicas -- of this secret and their status: -- -- -- -- CreateSecretResponse, createSecretResponse_versionId - -- The unique identifier associated with the version of the new secret. -- -- $sel:httpStatus:CreateSecretResponse', -- createSecretResponse_httpStatus - The response's http status -- code. newCreateSecretResponse :: Int -> CreateSecretResponse -- | The ARN of the new secret. The ARN includes the name of the secret -- followed by six random characters. This ensures that if you create a -- new secret with the same name as a deleted secret, then users with -- access to the old secret don't get access to the new secret because -- the ARNs are different. createSecretResponse_arn :: Lens' CreateSecretResponse (Maybe Text) -- | The name of the new secret. createSecretResponse_name :: Lens' CreateSecretResponse (Maybe Text) -- | A list of the replicas of this secret and their status: -- -- createSecretResponse_replicationStatus :: Lens' CreateSecretResponse (Maybe [ReplicationStatusType]) -- | The unique identifier associated with the version of the new secret. createSecretResponse_versionId :: Lens' CreateSecretResponse (Maybe Text) -- | The response's http status code. createSecretResponse_httpStatus :: Lens' CreateSecretResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.CreateSecret.CreateSecret instance GHC.Show.Show Amazonka.SecretsManager.CreateSecret.CreateSecret instance GHC.Classes.Eq Amazonka.SecretsManager.CreateSecret.CreateSecret instance GHC.Generics.Generic Amazonka.SecretsManager.CreateSecret.CreateSecretResponse instance GHC.Show.Show Amazonka.SecretsManager.CreateSecret.CreateSecretResponse instance GHC.Read.Read Amazonka.SecretsManager.CreateSecret.CreateSecretResponse instance GHC.Classes.Eq Amazonka.SecretsManager.CreateSecret.CreateSecretResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.CreateSecret.CreateSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.CreateSecret.CreateSecretResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.CreateSecret.CreateSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.CreateSecret.CreateSecret instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.CreateSecret.CreateSecret instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.CreateSecret.CreateSecret instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.CreateSecret.CreateSecret instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.CreateSecret.CreateSecret -- | Turns off automatic rotation, and if a rotation is currently in -- progress, cancels the rotation. -- -- If you cancel a rotation in progress, it can leave the -- VersionStage labels in an unexpected state. You might need to -- remove the staging label AWSPENDING from the partially -- created version. You also need to determine whether to roll back to -- the previous version of the secret by moving the staging label -- AWSCURRENT to the version that has AWSPENDING. To -- determine which version has a specific staging label, call -- ListSecretVersionIds. Then use UpdateSecretVersionStage to change -- staging labels. For more information, see How rotation works. -- -- To turn on automatic rotation again, call RotateSecret. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:CancelRotateSecret. For more information, see -- IAM policy actions for Secrets Manager and Authentication -- and access control in Secrets Manager. module Amazonka.SecretsManager.CancelRotateSecret -- | See: newCancelRotateSecret smart constructor. data CancelRotateSecret CancelRotateSecret' :: Text -> CancelRotateSecret -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:CancelRotateSecret'] :: CancelRotateSecret -> Text -- | Create a value of CancelRotateSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:CancelRotateSecret', -- cancelRotateSecret_secretId - The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newCancelRotateSecret :: Text -> CancelRotateSecret -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. cancelRotateSecret_secretId :: Lens' CancelRotateSecret Text -- | See: newCancelRotateSecretResponse smart constructor. data CancelRotateSecretResponse CancelRotateSecretResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Int -> CancelRotateSecretResponse -- | The ARN of the secret. [$sel:arn:CancelRotateSecretResponse'] :: CancelRotateSecretResponse -> Maybe Text -- | The name of the secret. [$sel:name:CancelRotateSecretResponse'] :: CancelRotateSecretResponse -> Maybe Text -- | The unique identifier of the version of the secret created during the -- rotation. This version might not be complete, and should be evaluated -- for possible deletion. We recommend that you remove the -- VersionStage value AWSPENDING from this version so -- that Secrets Manager can delete it. Failing to clean up a cancelled -- rotation can block you from starting future rotations. [$sel:versionId:CancelRotateSecretResponse'] :: CancelRotateSecretResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:CancelRotateSecretResponse'] :: CancelRotateSecretResponse -> Int -- | Create a value of CancelRotateSecretResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- CancelRotateSecretResponse, -- cancelRotateSecretResponse_arn - The ARN of the secret. -- -- CancelRotateSecretResponse, -- cancelRotateSecretResponse_name - The name of the secret. -- -- CancelRotateSecretResponse, -- cancelRotateSecretResponse_versionId - The unique identifier of -- the version of the secret created during the rotation. This version -- might not be complete, and should be evaluated for possible deletion. -- We recommend that you remove the VersionStage value -- AWSPENDING from this version so that Secrets Manager can -- delete it. Failing to clean up a cancelled rotation can block you from -- starting future rotations. -- -- $sel:httpStatus:CancelRotateSecretResponse', -- cancelRotateSecretResponse_httpStatus - The response's http -- status code. newCancelRotateSecretResponse :: Int -> CancelRotateSecretResponse -- | The ARN of the secret. cancelRotateSecretResponse_arn :: Lens' CancelRotateSecretResponse (Maybe Text) -- | The name of the secret. cancelRotateSecretResponse_name :: Lens' CancelRotateSecretResponse (Maybe Text) -- | The unique identifier of the version of the secret created during the -- rotation. This version might not be complete, and should be evaluated -- for possible deletion. We recommend that you remove the -- VersionStage value AWSPENDING from this version so -- that Secrets Manager can delete it. Failing to clean up a cancelled -- rotation can block you from starting future rotations. cancelRotateSecretResponse_versionId :: Lens' CancelRotateSecretResponse (Maybe Text) -- | The response's http status code. cancelRotateSecretResponse_httpStatus :: Lens' CancelRotateSecretResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance GHC.Show.Show Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance GHC.Read.Read Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance GHC.Classes.Eq Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance GHC.Generics.Generic Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecretResponse instance GHC.Show.Show Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecretResponse instance GHC.Read.Read Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecretResponse instance GHC.Classes.Eq Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecretResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecretResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.CancelRotateSecret.CancelRotateSecret -- | Removes specific tags from a secret. -- -- This operation is idempotent. If a requested tag is not attached to -- the secret, no error is returned and the secret metadata is unchanged. -- -- If you use tags as part of your security strategy, then removing a tag -- can change permissions. If successfully completing this operation -- would result in you losing your permissions for this secret, then the -- operation is blocked and returns an Access Denied error. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: secretsmanager:UntagResource. -- For more information, see IAM policy actions for Secrets -- Manager and Authentication and access control in Secrets -- Manager. module Amazonka.SecretsManager.UntagResource -- | See: newUntagResource smart constructor. data UntagResource UntagResource' :: Text -> [Text] -> UntagResource -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:UntagResource'] :: UntagResource -> Text -- | A list of tag key names to remove from the secret. You don't specify -- the value. Both the key and its associated value are removed. -- -- This parameter requires a JSON text string argument. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. [$sel:tagKeys:UntagResource'] :: UntagResource -> [Text] -- | Create a value of UntagResource with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:UntagResource', untagResource_secretId - -- The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- $sel:tagKeys:UntagResource', untagResource_tagKeys - A -- list of tag key names to remove from the secret. You don't specify the -- value. Both the key and its associated value are removed. -- -- This parameter requires a JSON text string argument. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. newUntagResource :: Text -> UntagResource -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. untagResource_secretId :: Lens' UntagResource Text -- | A list of tag key names to remove from the secret. You don't specify -- the value. Both the key and its associated value are removed. -- -- This parameter requires a JSON text string argument. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. untagResource_tagKeys :: Lens' UntagResource [Text] -- | See: newUntagResourceResponse smart constructor. data UntagResourceResponse UntagResourceResponse' :: UntagResourceResponse -- | Create a value of UntagResourceResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. newUntagResourceResponse :: UntagResourceResponse instance GHC.Generics.Generic Amazonka.SecretsManager.UntagResource.UntagResource instance GHC.Show.Show Amazonka.SecretsManager.UntagResource.UntagResource instance GHC.Read.Read Amazonka.SecretsManager.UntagResource.UntagResource instance GHC.Classes.Eq Amazonka.SecretsManager.UntagResource.UntagResource instance GHC.Generics.Generic Amazonka.SecretsManager.UntagResource.UntagResourceResponse instance GHC.Show.Show Amazonka.SecretsManager.UntagResource.UntagResourceResponse instance GHC.Read.Read Amazonka.SecretsManager.UntagResource.UntagResourceResponse instance GHC.Classes.Eq Amazonka.SecretsManager.UntagResource.UntagResourceResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.UntagResource.UntagResource instance Control.DeepSeq.NFData Amazonka.SecretsManager.UntagResource.UntagResourceResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.UntagResource.UntagResource instance Control.DeepSeq.NFData Amazonka.SecretsManager.UntagResource.UntagResource instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.UntagResource.UntagResource instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.UntagResource.UntagResource instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.UntagResource.UntagResource instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.UntagResource.UntagResource -- | Modifies the details of a secret, including metadata and the secret -- value. To change the secret value, you can also use PutSecretValue. -- -- To change the rotation configuration of a secret, use RotateSecret -- instead. -- -- We recommend you avoid calling UpdateSecret at a sustained -- rate of more than once every 10 minutes. When you call -- UpdateSecret to update the secret value, Secrets Manager -- creates a new version of the secret. Secrets Manager removes outdated -- versions when there are more than 100, but it does not remove versions -- created less than 24 hours ago. If you update the secret value more -- than once every 10 minutes, you create more versions than Secrets -- Manager removes, and you will reach the quota for secret versions. -- -- If you include SecretString or SecretBinary to -- create a new secret version, Secrets Manager automatically moves the -- staging label AWSCURRENT to the new version. Then it attaches -- the label AWSPREVIOUS to the version that AWSCURRENT -- was removed from. -- -- If you call this operation with a ClientRequestToken that -- matches an existing version's VersionId, the operation -- results in an error. You can't modify an existing version, you can -- only create a new version. To remove a version, remove all staging -- labels from it. See UpdateSecretVersionStage. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- except SecretBinary or SecretString because it might -- be logged. For more information, see Logging Secrets Manager events -- with CloudTrail. -- -- Required permissions: secretsmanager:UpdateSecret. For -- more information, see IAM policy actions for Secrets Manager -- and Authentication and access control in Secrets Manager. If -- you use a customer managed key, you must also have -- kms:GenerateDataKey and kms:Decrypt permissions on -- the key. For more information, see Secret encryption and -- decryption. module Amazonka.SecretsManager.UpdateSecret -- | See: newUpdateSecret smart constructor. data UpdateSecret UpdateSecret' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe (Sensitive Base64) -> Maybe (Sensitive Text) -> Text -> UpdateSecret -- | If you include SecretString or SecretBinary, then -- Secrets Manager creates a new version for the secret, and this -- parameter specifies the unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value becomes the VersionId of the new version. [$sel:clientRequestToken:UpdateSecret'] :: UpdateSecret -> Maybe Text -- | The description of the secret. [$sel:description:UpdateSecret'] :: UpdateSecret -> Maybe Text -- | The ARN, key ID, or alias of the KMS key that Secrets Manager uses to -- encrypt new secret versions as well as any existing versions with the -- staging labels AWSCURRENT, AWSPENDING, or -- AWSPREVIOUS. For more information about versions and staging -- labels, see Concepts: Version. -- -- A key alias is always prefixed by alias/, for example -- alias/aws/secretsmanager. For more information, see About -- aliases. -- -- If you set this to an empty string, Secrets Manager uses the Amazon -- Web Services managed key aws/secretsmanager. If this key -- doesn't already exist in your account, then Secrets Manager creates it -- for you automatically. All users and roles in the Amazon Web Services -- account automatically have access to use aws/secretsmanager. -- Creating aws/secretsmanager can result in a one-time -- significant delay in returning the result. -- -- You can only use the Amazon Web Services managed key -- aws/secretsmanager if you call this operation using -- credentials from the same Amazon Web Services account that owns the -- secret. If the secret is in a different account, then you must use a -- customer managed key and provide the ARN of that KMS key in this -- field. The user making the call must have permissions to both the -- secret and the KMS key in their respective accounts. [$sel:kmsKeyId:UpdateSecret'] :: UpdateSecret -> Maybe Text -- | The binary data to encrypt and store in the new version of the secret. -- We recommend that you store your binary data in a file and then pass -- the contents of the file as a parameter. -- -- Either SecretBinary or SecretString must have a -- value, but not both. -- -- You can't access this parameter in the Secrets Manager console. [$sel:secretBinary:UpdateSecret'] :: UpdateSecret -> Maybe (Sensitive Base64) -- | The text data to encrypt and store in the new version of the secret. -- We recommend you use a JSON structure of key/value pairs for your -- secret value. -- -- Either SecretBinary or SecretString must have a -- value, but not both. [$sel:secretString:UpdateSecret'] :: UpdateSecret -> Maybe (Sensitive Text) -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:UpdateSecret'] :: UpdateSecret -> Text -- | Create a value of UpdateSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:clientRequestToken:UpdateSecret', -- updateSecret_clientRequestToken - If you include -- SecretString or SecretBinary, then Secrets Manager -- creates a new version for the secret, and this parameter specifies the -- unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value becomes the VersionId of the new version. -- -- UpdateSecret, updateSecret_description - The description -- of the secret. -- -- UpdateSecret, updateSecret_kmsKeyId - The ARN, key ID, -- or alias of the KMS key that Secrets Manager uses to encrypt new -- secret versions as well as any existing versions with the staging -- labels AWSCURRENT, AWSPENDING, or -- AWSPREVIOUS. For more information about versions and staging -- labels, see Concepts: Version. -- -- A key alias is always prefixed by alias/, for example -- alias/aws/secretsmanager. For more information, see About -- aliases. -- -- If you set this to an empty string, Secrets Manager uses the Amazon -- Web Services managed key aws/secretsmanager. If this key -- doesn't already exist in your account, then Secrets Manager creates it -- for you automatically. All users and roles in the Amazon Web Services -- account automatically have access to use aws/secretsmanager. -- Creating aws/secretsmanager can result in a one-time -- significant delay in returning the result. -- -- You can only use the Amazon Web Services managed key -- aws/secretsmanager if you call this operation using -- credentials from the same Amazon Web Services account that owns the -- secret. If the secret is in a different account, then you must use a -- customer managed key and provide the ARN of that KMS key in this -- field. The user making the call must have permissions to both the -- secret and the KMS key in their respective accounts. -- -- $sel:secretBinary:UpdateSecret', -- updateSecret_secretBinary - The binary data to encrypt and -- store in the new version of the secret. We recommend that you store -- your binary data in a file and then pass the contents of the file as a -- parameter. -- -- Either SecretBinary or SecretString must have a -- value, but not both. -- -- You can't access this parameter in the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. -- -- $sel:secretString:UpdateSecret', -- updateSecret_secretString - The text data to encrypt and store -- in the new version of the secret. We recommend you use a JSON -- structure of key/value pairs for your secret value. -- -- Either SecretBinary or SecretString must have a -- value, but not both. -- -- $sel:secretId:UpdateSecret', updateSecret_secretId - The -- ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newUpdateSecret :: Text -> UpdateSecret -- | If you include SecretString or SecretBinary, then -- Secrets Manager creates a new version for the secret, and this -- parameter specifies the unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value becomes the VersionId of the new version. updateSecret_clientRequestToken :: Lens' UpdateSecret (Maybe Text) -- | The description of the secret. updateSecret_description :: Lens' UpdateSecret (Maybe Text) -- | The ARN, key ID, or alias of the KMS key that Secrets Manager uses to -- encrypt new secret versions as well as any existing versions with the -- staging labels AWSCURRENT, AWSPENDING, or -- AWSPREVIOUS. For more information about versions and staging -- labels, see Concepts: Version. -- -- A key alias is always prefixed by alias/, for example -- alias/aws/secretsmanager. For more information, see About -- aliases. -- -- If you set this to an empty string, Secrets Manager uses the Amazon -- Web Services managed key aws/secretsmanager. If this key -- doesn't already exist in your account, then Secrets Manager creates it -- for you automatically. All users and roles in the Amazon Web Services -- account automatically have access to use aws/secretsmanager. -- Creating aws/secretsmanager can result in a one-time -- significant delay in returning the result. -- -- You can only use the Amazon Web Services managed key -- aws/secretsmanager if you call this operation using -- credentials from the same Amazon Web Services account that owns the -- secret. If the secret is in a different account, then you must use a -- customer managed key and provide the ARN of that KMS key in this -- field. The user making the call must have permissions to both the -- secret and the KMS key in their respective accounts. updateSecret_kmsKeyId :: Lens' UpdateSecret (Maybe Text) -- | The binary data to encrypt and store in the new version of the secret. -- We recommend that you store your binary data in a file and then pass -- the contents of the file as a parameter. -- -- Either SecretBinary or SecretString must have a -- value, but not both. -- -- You can't access this parameter in the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. updateSecret_secretBinary :: Lens' UpdateSecret (Maybe ByteString) -- | The text data to encrypt and store in the new version of the secret. -- We recommend you use a JSON structure of key/value pairs for your -- secret value. -- -- Either SecretBinary or SecretString must have a -- value, but not both. updateSecret_secretString :: Lens' UpdateSecret (Maybe Text) -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. updateSecret_secretId :: Lens' UpdateSecret Text -- | See: newUpdateSecretResponse smart constructor. data UpdateSecretResponse UpdateSecretResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Int -> UpdateSecretResponse -- | The ARN of the secret that was updated. [$sel:arn:UpdateSecretResponse'] :: UpdateSecretResponse -> Maybe Text -- | The name of the secret that was updated. [$sel:name:UpdateSecretResponse'] :: UpdateSecretResponse -> Maybe Text -- | If Secrets Manager created a new version of the secret during this -- operation, then VersionId contains the unique identifier of -- the new version. [$sel:versionId:UpdateSecretResponse'] :: UpdateSecretResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:UpdateSecretResponse'] :: UpdateSecretResponse -> Int -- | Create a value of UpdateSecretResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- UpdateSecretResponse, updateSecretResponse_arn - The ARN -- of the secret that was updated. -- -- UpdateSecretResponse, updateSecretResponse_name - The -- name of the secret that was updated. -- -- UpdateSecretResponse, updateSecretResponse_versionId - -- If Secrets Manager created a new version of the secret during this -- operation, then VersionId contains the unique identifier of -- the new version. -- -- $sel:httpStatus:UpdateSecretResponse', -- updateSecretResponse_httpStatus - The response's http status -- code. newUpdateSecretResponse :: Int -> UpdateSecretResponse -- | The ARN of the secret that was updated. updateSecretResponse_arn :: Lens' UpdateSecretResponse (Maybe Text) -- | The name of the secret that was updated. updateSecretResponse_name :: Lens' UpdateSecretResponse (Maybe Text) -- | If Secrets Manager created a new version of the secret during this -- operation, then VersionId contains the unique identifier of -- the new version. updateSecretResponse_versionId :: Lens' UpdateSecretResponse (Maybe Text) -- | The response's http status code. updateSecretResponse_httpStatus :: Lens' UpdateSecretResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.UpdateSecret.UpdateSecret instance GHC.Show.Show Amazonka.SecretsManager.UpdateSecret.UpdateSecret instance GHC.Classes.Eq Amazonka.SecretsManager.UpdateSecret.UpdateSecret instance GHC.Generics.Generic Amazonka.SecretsManager.UpdateSecret.UpdateSecretResponse instance GHC.Show.Show Amazonka.SecretsManager.UpdateSecret.UpdateSecretResponse instance GHC.Read.Read Amazonka.SecretsManager.UpdateSecret.UpdateSecretResponse instance GHC.Classes.Eq Amazonka.SecretsManager.UpdateSecret.UpdateSecretResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.UpdateSecret.UpdateSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.UpdateSecret.UpdateSecretResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.UpdateSecret.UpdateSecret instance Control.DeepSeq.NFData Amazonka.SecretsManager.UpdateSecret.UpdateSecret instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.UpdateSecret.UpdateSecret instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.UpdateSecret.UpdateSecret instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.UpdateSecret.UpdateSecret instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.UpdateSecret.UpdateSecret -- | Modifies the staging labels attached to a version of a secret. Secrets -- Manager uses staging labels to track a version as it progresses -- through the secret rotation process. Each staging label can be -- attached to only one version at a time. To add a staging label to a -- version when it is already attached to another version, Secrets -- Manager first removes it from the other version first and then -- attaches it to this one. For more information about versions and -- staging labels, see Concepts: Version. -- -- The staging labels that you specify in the VersionStage -- parameter are added to the existing list of staging labels for the -- version. -- -- You can move the AWSCURRENT staging label to this version by -- including it in this call. -- -- Whenever you move AWSCURRENT, Secrets Manager automatically -- moves the label AWSPREVIOUS to the version that -- AWSCURRENT was removed from. -- -- If this action results in the last label being removed from a version, -- then the version is considered to be 'deprecated' and can be deleted -- by Secrets Manager. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:UpdateSecretVersionStage. For more -- information, see IAM policy actions for Secrets Manager and -- Authentication and access control in Secrets Manager. module Amazonka.SecretsManager.UpdateSecretVersionStage -- | See: newUpdateSecretVersionStage smart constructor. data UpdateSecretVersionStage UpdateSecretVersionStage' :: Maybe Text -> Maybe Text -> Text -> Text -> UpdateSecretVersionStage -- | The ID of the version to add the staging label to. To remove a label -- from a version, then do not specify this parameter. -- -- If the staging label is already attached to a different version of the -- secret, then you must also specify the RemoveFromVersionId -- parameter. [$sel:moveToVersionId:UpdateSecretVersionStage'] :: UpdateSecretVersionStage -> Maybe Text -- | The ID of the version that the staging label is to be removed from. If -- the staging label you are trying to attach to one version is already -- attached to a different version, then you must include this parameter -- and specify the version that the label is to be removed from. If the -- label is attached and you either do not specify this parameter, or the -- version ID does not match, then the operation fails. [$sel:removeFromVersionId:UpdateSecretVersionStage'] :: UpdateSecretVersionStage -> Maybe Text -- | The ARN or the name of the secret with the version and staging -- labelsto modify. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. [$sel:secretId:UpdateSecretVersionStage'] :: UpdateSecretVersionStage -> Text -- | The staging label to add to this version. [$sel:versionStage:UpdateSecretVersionStage'] :: UpdateSecretVersionStage -> Text -- | Create a value of UpdateSecretVersionStage with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:moveToVersionId:UpdateSecretVersionStage', -- updateSecretVersionStage_moveToVersionId - The ID of the -- version to add the staging label to. To remove a label from a version, -- then do not specify this parameter. -- -- If the staging label is already attached to a different version of the -- secret, then you must also specify the RemoveFromVersionId -- parameter. -- -- $sel:removeFromVersionId:UpdateSecretVersionStage', -- updateSecretVersionStage_removeFromVersionId - The ID of the -- version that the staging label is to be removed from. If the staging -- label you are trying to attach to one version is already attached to a -- different version, then you must include this parameter and specify -- the version that the label is to be removed from. If the label is -- attached and you either do not specify this parameter, or the version -- ID does not match, then the operation fails. -- -- $sel:secretId:UpdateSecretVersionStage', -- updateSecretVersionStage_secretId - The ARN or the name of the -- secret with the version and staging labelsto modify. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- $sel:versionStage:UpdateSecretVersionStage', -- updateSecretVersionStage_versionStage - The staging label to -- add to this version. newUpdateSecretVersionStage :: Text -> Text -> UpdateSecretVersionStage -- | The ID of the version to add the staging label to. To remove a label -- from a version, then do not specify this parameter. -- -- If the staging label is already attached to a different version of the -- secret, then you must also specify the RemoveFromVersionId -- parameter. updateSecretVersionStage_moveToVersionId :: Lens' UpdateSecretVersionStage (Maybe Text) -- | The ID of the version that the staging label is to be removed from. If -- the staging label you are trying to attach to one version is already -- attached to a different version, then you must include this parameter -- and specify the version that the label is to be removed from. If the -- label is attached and you either do not specify this parameter, or the -- version ID does not match, then the operation fails. updateSecretVersionStage_removeFromVersionId :: Lens' UpdateSecretVersionStage (Maybe Text) -- | The ARN or the name of the secret with the version and staging -- labelsto modify. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. updateSecretVersionStage_secretId :: Lens' UpdateSecretVersionStage Text -- | The staging label to add to this version. updateSecretVersionStage_versionStage :: Lens' UpdateSecretVersionStage Text -- | See: newUpdateSecretVersionStageResponse smart -- constructor. data UpdateSecretVersionStageResponse UpdateSecretVersionStageResponse' :: Maybe Text -> Maybe Text -> Int -> UpdateSecretVersionStageResponse -- | The ARN of the secret that was updated. [$sel:arn:UpdateSecretVersionStageResponse'] :: UpdateSecretVersionStageResponse -> Maybe Text -- | The name of the secret that was updated. [$sel:name:UpdateSecretVersionStageResponse'] :: UpdateSecretVersionStageResponse -> Maybe Text -- | The response's http status code. [$sel:httpStatus:UpdateSecretVersionStageResponse'] :: UpdateSecretVersionStageResponse -> Int -- | Create a value of UpdateSecretVersionStageResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- UpdateSecretVersionStageResponse, -- updateSecretVersionStageResponse_arn - The ARN of the secret -- that was updated. -- -- UpdateSecretVersionStageResponse, -- updateSecretVersionStageResponse_name - The name of the secret -- that was updated. -- -- $sel:httpStatus:UpdateSecretVersionStageResponse', -- updateSecretVersionStageResponse_httpStatus - The response's -- http status code. newUpdateSecretVersionStageResponse :: Int -> UpdateSecretVersionStageResponse -- | The ARN of the secret that was updated. updateSecretVersionStageResponse_arn :: Lens' UpdateSecretVersionStageResponse (Maybe Text) -- | The name of the secret that was updated. updateSecretVersionStageResponse_name :: Lens' UpdateSecretVersionStageResponse (Maybe Text) -- | The response's http status code. updateSecretVersionStageResponse_httpStatus :: Lens' UpdateSecretVersionStageResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance GHC.Show.Show Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance GHC.Read.Read Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance GHC.Classes.Eq Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance GHC.Generics.Generic Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStageResponse instance GHC.Show.Show Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStageResponse instance GHC.Read.Read Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStageResponse instance GHC.Classes.Eq Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStageResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance Control.DeepSeq.NFData Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStageResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance Control.DeepSeq.NFData Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.UpdateSecretVersionStage.UpdateSecretVersionStage -- | Validates that a resource policy does not grant a wide range of -- principals access to your secret. A resource-based policy is optional -- for secrets. -- -- The API performs three checks when validating the policy: -- -- -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see Logging -- Secrets Manager events with CloudTrail. -- -- Required permissions: -- secretsmanager:ValidateResourcePolicy. For more information, -- see IAM policy actions for Secrets Manager and -- Authentication and access control in Secrets Manager. module Amazonka.SecretsManager.ValidateResourcePolicy -- | See: newValidateResourcePolicy smart constructor. data ValidateResourcePolicy ValidateResourcePolicy' :: Maybe Text -> Text -> ValidateResourcePolicy -- | This field is reserved for internal use. [$sel:secretId:ValidateResourcePolicy'] :: ValidateResourcePolicy -> Maybe Text -- | A JSON-formatted string that contains an Amazon Web Services -- resource-based policy. The policy in the string identifies who can -- access or manage this secret and its versions. For example policies, -- see Permissions policy examples. [$sel:resourcePolicy:ValidateResourcePolicy'] :: ValidateResourcePolicy -> Text -- | Create a value of ValidateResourcePolicy with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:ValidateResourcePolicy', -- validateResourcePolicy_secretId - This field is reserved for -- internal use. -- -- $sel:resourcePolicy:ValidateResourcePolicy', -- validateResourcePolicy_resourcePolicy - A JSON-formatted string -- that contains an Amazon Web Services resource-based policy. The policy -- in the string identifies who can access or manage this secret and its -- versions. For example policies, see Permissions policy -- examples. newValidateResourcePolicy :: Text -> ValidateResourcePolicy -- | This field is reserved for internal use. validateResourcePolicy_secretId :: Lens' ValidateResourcePolicy (Maybe Text) -- | A JSON-formatted string that contains an Amazon Web Services -- resource-based policy. The policy in the string identifies who can -- access or manage this secret and its versions. For example policies, -- see Permissions policy examples. validateResourcePolicy_resourcePolicy :: Lens' ValidateResourcePolicy Text -- | See: newValidateResourcePolicyResponse smart -- constructor. data ValidateResourcePolicyResponse ValidateResourcePolicyResponse' :: Maybe Bool -> Maybe [ValidationErrorsEntry] -> Int -> ValidateResourcePolicyResponse -- | True if your policy passes validation, otherwise false. [$sel:policyValidationPassed:ValidateResourcePolicyResponse'] :: ValidateResourcePolicyResponse -> Maybe Bool -- | Validation errors if your policy didn't pass validation. [$sel:validationErrors:ValidateResourcePolicyResponse'] :: ValidateResourcePolicyResponse -> Maybe [ValidationErrorsEntry] -- | The response's http status code. [$sel:httpStatus:ValidateResourcePolicyResponse'] :: ValidateResourcePolicyResponse -> Int -- | Create a value of ValidateResourcePolicyResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:policyValidationPassed:ValidateResourcePolicyResponse', -- validateResourcePolicyResponse_policyValidationPassed - True if -- your policy passes validation, otherwise false. -- -- $sel:validationErrors:ValidateResourcePolicyResponse', -- validateResourcePolicyResponse_validationErrors - Validation -- errors if your policy didn't pass validation. -- -- $sel:httpStatus:ValidateResourcePolicyResponse', -- validateResourcePolicyResponse_httpStatus - The response's http -- status code. newValidateResourcePolicyResponse :: Int -> ValidateResourcePolicyResponse -- | True if your policy passes validation, otherwise false. validateResourcePolicyResponse_policyValidationPassed :: Lens' ValidateResourcePolicyResponse (Maybe Bool) -- | Validation errors if your policy didn't pass validation. validateResourcePolicyResponse_validationErrors :: Lens' ValidateResourcePolicyResponse (Maybe [ValidationErrorsEntry]) -- | The response's http status code. validateResourcePolicyResponse_httpStatus :: Lens' ValidateResourcePolicyResponse Int instance GHC.Generics.Generic Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance GHC.Show.Show Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance GHC.Read.Read Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance GHC.Classes.Eq Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance GHC.Generics.Generic Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicyResponse instance GHC.Show.Show Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicyResponse instance GHC.Read.Read Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicyResponse instance GHC.Classes.Eq Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicyResponse instance Amazonka.Types.AWSRequest Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance Control.DeepSeq.NFData Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicyResponse instance Data.Hashable.Class.Hashable Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance Control.DeepSeq.NFData Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance Amazonka.Data.Headers.ToHeaders Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance Amazonka.Data.Path.ToPath Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy instance Amazonka.Data.Query.ToQuery Amazonka.SecretsManager.ValidateResourcePolicy.ValidateResourcePolicy module Amazonka.SecretsManager.Lens -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. cancelRotateSecret_secretId :: Lens' CancelRotateSecret Text -- | The ARN of the secret. cancelRotateSecretResponse_arn :: Lens' CancelRotateSecretResponse (Maybe Text) -- | The name of the secret. cancelRotateSecretResponse_name :: Lens' CancelRotateSecretResponse (Maybe Text) -- | The unique identifier of the version of the secret created during the -- rotation. This version might not be complete, and should be evaluated -- for possible deletion. We recommend that you remove the -- VersionStage value AWSPENDING from this version so -- that Secrets Manager can delete it. Failing to clean up a cancelled -- rotation can block you from starting future rotations. cancelRotateSecretResponse_versionId :: Lens' CancelRotateSecretResponse (Maybe Text) -- | The response's http status code. cancelRotateSecretResponse_httpStatus :: Lens' CancelRotateSecretResponse Int -- | A list of Regions and KMS keys to replicate secrets. createSecret_addReplicaRegions :: Lens' CreateSecret (Maybe (NonEmpty ReplicaRegionType)) -- | If you include SecretString or SecretBinary, then -- Secrets Manager creates an initial version for the secret, and this -- parameter specifies the unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during a rotation. We recommend that you generate -- a UUID-type value to ensure uniqueness of your versions within -- the specified secret. -- -- -- -- This value becomes the VersionId of the new version. createSecret_clientRequestToken :: Lens' CreateSecret (Maybe Text) -- | The description of the secret. createSecret_description :: Lens' CreateSecret (Maybe Text) -- | Specifies whether to overwrite a secret with the same name in the -- destination Region. createSecret_forceOverwriteReplicaSecret :: Lens' CreateSecret (Maybe Bool) -- | The ARN, key ID, or alias of the KMS key that Secrets Manager uses to -- encrypt the secret value in the secret. An alias is always prefixed by -- alias/, for example alias/aws/secretsmanager. For -- more information, see About aliases. -- -- To use a KMS key in a different account, use the key ARN or the alias -- ARN. -- -- If you don't specify this value, then Secrets Manager uses the key -- aws/secretsmanager. If that key doesn't yet exist, then -- Secrets Manager creates it for you automatically the first time it -- encrypts the secret value. -- -- If the secret is in a different Amazon Web Services account from the -- credentials calling the API, then you can't use -- aws/secretsmanager to encrypt the secret, and you must create -- and use a customer managed KMS key. createSecret_kmsKeyId :: Lens' CreateSecret (Maybe Text) -- | The binary data to encrypt and store in the new version of the secret. -- We recommend that you store your binary data in a file and then pass -- the contents of the file as a parameter. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- This parameter is not available in the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. createSecret_secretBinary :: Lens' CreateSecret (Maybe ByteString) -- | The text data to encrypt and store in this new version of the secret. -- We recommend you use a JSON structure of key/value pairs for your -- secret value. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- If you create a secret by using the Secrets Manager console then -- Secrets Manager puts the protected secret text in only the -- SecretString parameter. The Secrets Manager console stores -- the information as a JSON structure of key/value pairs that a Lambda -- rotation function can parse. createSecret_secretString :: Lens' CreateSecret (Maybe Text) -- | A list of tags to attach to the secret. Each tag is a key and value -- pair of strings in a JSON text string, for example: -- -- 
--   [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
--
-- -- Secrets Manager tag key names are case sensitive. A tag with the key -- "ABC" is a different tag from one with key "abc". -- -- If you check tags in permissions policies as part of your security -- strategy, then adding or removing a tag can change permissions. If the -- completion of this operation would result in you losing your -- permissions for this secret, then Secrets Manager blocks the operation -- and returns an Access Denied error. For more information, see -- Control access to secrets using tags and Limit access to -- identities with tags that match secrets' tags. -- -- For information about how to format a JSON parameter for the various -- command line tool environments, see Using JSON for Parameters. -- If your command-line tool or SDK requires quotation marks around the -- parameter, you should use single quotes to avoid confusion with the -- double quotes required in the JSON text. -- -- The following restrictions apply to tags: -- -- createSecret_tags :: Lens' CreateSecret (Maybe [Tag]) -- | The name of the new secret. -- -- The secret name can contain ASCII letters, numbers, and the following -- characters: /_+=.@- -- -- Do not end your secret name with a hyphen followed by six characters. -- If you do so, you risk confusion and unexpected results when searching -- for a secret by partial ARN. Secrets Manager automatically adds a -- hyphen and six random characters after the secret name at the end of -- the ARN. createSecret_name :: Lens' CreateSecret Text -- | The ARN of the new secret. The ARN includes the name of the secret -- followed by six random characters. This ensures that if you create a -- new secret with the same name as a deleted secret, then users with -- access to the old secret don't get access to the new secret because -- the ARNs are different. createSecretResponse_arn :: Lens' CreateSecretResponse (Maybe Text) -- | The name of the new secret. createSecretResponse_name :: Lens' CreateSecretResponse (Maybe Text) -- | A list of the replicas of this secret and their status: -- -- createSecretResponse_replicationStatus :: Lens' CreateSecretResponse (Maybe [ReplicationStatusType]) -- | The unique identifier associated with the version of the new secret. createSecretResponse_versionId :: Lens' CreateSecretResponse (Maybe Text) -- | The response's http status code. createSecretResponse_httpStatus :: Lens' CreateSecretResponse Int -- | The ARN or name of the secret to delete the attached resource-based -- policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. deleteResourcePolicy_secretId :: Lens' DeleteResourcePolicy Text -- | The ARN of the secret that the resource-based policy was deleted for. deleteResourcePolicyResponse_arn :: Lens' DeleteResourcePolicyResponse (Maybe Text) -- | The name of the secret that the resource-based policy was deleted for. deleteResourcePolicyResponse_name :: Lens' DeleteResourcePolicyResponse (Maybe Text) -- | The response's http status code. deleteResourcePolicyResponse_httpStatus :: Lens' DeleteResourcePolicyResponse Int -- | Specifies whether to delete the secret without any recovery window. -- You can't use both this parameter and RecoveryWindowInDays in -- the same call. If you don't use either, then Secrets Manager defaults -- to a 30 day recovery window. -- -- Secrets Manager performs the actual deletion with an asynchronous -- background process, so there might be a short delay before the secret -- is permanently deleted. If you delete a secret and then immediately -- create a secret with the same name, use appropriate back off and retry -- logic. -- -- Use this parameter with caution. This parameter causes the operation -- to skip the normal recovery window before the permanent deletion that -- Secrets Manager would normally impose with the -- RecoveryWindowInDays parameter. If you delete a secret with -- the ForceDeleteWithoutRecovery parameter, then you have no -- opportunity to recover the secret. You lose the secret permanently. deleteSecret_forceDeleteWithoutRecovery :: Lens' DeleteSecret (Maybe Bool) -- | The number of days from 7 to 30 that Secrets Manager waits before -- permanently deleting the secret. You can't use both this parameter and -- ForceDeleteWithoutRecovery in the same call. If you don't use -- either, then Secrets Manager defaults to a 30 day recovery window. deleteSecret_recoveryWindowInDays :: Lens' DeleteSecret (Maybe Integer) -- | The ARN or name of the secret to delete. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. deleteSecret_secretId :: Lens' DeleteSecret Text -- | The ARN of the secret. deleteSecretResponse_arn :: Lens' DeleteSecretResponse (Maybe Text) -- | The date and time after which this secret Secrets Manager can -- permanently delete this secret, and it can no longer be restored. This -- value is the date and time of the delete request plus the number of -- days in RecoveryWindowInDays. deleteSecretResponse_deletionDate :: Lens' DeleteSecretResponse (Maybe UTCTime) -- | The name of the secret. deleteSecretResponse_name :: Lens' DeleteSecretResponse (Maybe Text) -- | The response's http status code. deleteSecretResponse_httpStatus :: Lens' DeleteSecretResponse Int -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. describeSecret_secretId :: Lens' DescribeSecret Text -- | The ARN of the secret. describeSecretResponse_arn :: Lens' DescribeSecretResponse (Maybe Text) -- | The date the secret was created. describeSecretResponse_createdDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The date the secret is scheduled for deletion. If it is not scheduled -- for deletion, this field is omitted. When you delete a secret, Secrets -- Manager requires a recovery window of at least 7 days before deleting -- the secret. Some time after the deleted date, Secrets Manager deletes -- the secret, including all of its versions. -- -- If a secret is scheduled for deletion, then its details, including the -- encrypted secret value, is not accessible. To cancel a scheduled -- deletion and restore access to the secret, use RestoreSecret. describeSecretResponse_deletedDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The description of the secret. describeSecretResponse_description :: Lens' DescribeSecretResponse (Maybe Text) -- | The key ID or alias ARN of the KMS key that Secrets Manager uses to -- encrypt the secret value. If the secret is encrypted with the Amazon -- Web Services managed key aws/secretsmanager, this field is -- omitted. Secrets created using the console use an KMS key ID. describeSecretResponse_kmsKeyId :: Lens' DescribeSecretResponse (Maybe Text) -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. describeSecretResponse_lastAccessedDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The last date and time that this secret was modified in any way. describeSecretResponse_lastChangedDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The last date and time that Secrets Manager rotated the secret. If the -- secret isn't configured for rotation, Secrets Manager returns null. describeSecretResponse_lastRotatedDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The name of the secret. describeSecretResponse_name :: Lens' DescribeSecretResponse (Maybe Text) -- | Undocumented member. describeSecretResponse_nextRotationDate :: Lens' DescribeSecretResponse (Maybe UTCTime) -- | The ID of the service that created this secret. For more information, -- see Secrets managed by other Amazon Web Services services. describeSecretResponse_owningService :: Lens' DescribeSecretResponse (Maybe Text) -- | The Region the secret is in. If a secret is replicated to other -- Regions, the replicas are listed in ReplicationStatus. describeSecretResponse_primaryRegion :: Lens' DescribeSecretResponse (Maybe Text) -- | A list of the replicas of this secret and their status: -- -- describeSecretResponse_replicationStatus :: Lens' DescribeSecretResponse (Maybe [ReplicationStatusType]) -- | Specifies whether automatic rotation is turned on for this secret. -- -- To turn on rotation, use RotateSecret. To turn off rotation, use -- CancelRotateSecret. describeSecretResponse_rotationEnabled :: Lens' DescribeSecretResponse (Maybe Bool) -- | The ARN of the Lambda function that Secrets Manager invokes to rotate -- the secret. describeSecretResponse_rotationLambdaARN :: Lens' DescribeSecretResponse (Maybe Text) -- | The rotation schedule and Lambda function for this secret. If the -- secret previously had rotation turned on, but it is now turned off, -- this field shows the previous rotation schedule and rotation function. -- If the secret never had rotation turned on, this field is omitted. describeSecretResponse_rotationRules :: Lens' DescribeSecretResponse (Maybe RotationRulesType) -- | The list of tags attached to the secret. To add tags to a secret, use -- TagResource. To remove tags, use UntagResource. describeSecretResponse_tags :: Lens' DescribeSecretResponse (Maybe [Tag]) -- | A list of the versions of the secret that have staging labels -- attached. Versions that don't have staging labels are considered -- deprecated and Secrets Manager can delete them. -- -- Secrets Manager uses staging labels to indicate the status of a secret -- version during rotation. The three staging labels for rotation are: -- -- -- -- For more information about rotation and staging labels, see How -- rotation works. describeSecretResponse_versionIdsToStages :: Lens' DescribeSecretResponse (Maybe (HashMap Text (NonEmpty Text))) -- | The response's http status code. describeSecretResponse_httpStatus :: Lens' DescribeSecretResponse Int -- | A string of the characters that you don't want in the password. getRandomPassword_excludeCharacters :: Lens' GetRandomPassword (Maybe Text) -- | Specifies whether to exclude lowercase letters from the password. If -- you don't include this switch, the password can contain lowercase -- letters. getRandomPassword_excludeLowercase :: Lens' GetRandomPassword (Maybe Bool) -- | Specifies whether to exclude numbers from the password. If you don't -- include this switch, the password can contain numbers. getRandomPassword_excludeNumbers :: Lens' GetRandomPassword (Maybe Bool) -- | Specifies whether to exclude the following punctuation characters from -- the password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? -- @ [ \ ] ^ _ ` { | } ~. If you don't include this switch, the -- password can contain punctuation. getRandomPassword_excludePunctuation :: Lens' GetRandomPassword (Maybe Bool) -- | Specifies whether to exclude uppercase letters from the password. If -- you don't include this switch, the password can contain uppercase -- letters. getRandomPassword_excludeUppercase :: Lens' GetRandomPassword (Maybe Bool) -- | Specifies whether to include the space character. If you include this -- switch, the password can contain space characters. getRandomPassword_includeSpace :: Lens' GetRandomPassword (Maybe Bool) -- | The length of the password. If you don't include this parameter, the -- default length is 32 characters. getRandomPassword_passwordLength :: Lens' GetRandomPassword (Maybe Natural) -- | Specifies whether to include at least one upper and lowercase letter, -- one number, and one punctuation. If you don't include this switch, the -- password contains at least one of every character type. getRandomPassword_requireEachIncludedType :: Lens' GetRandomPassword (Maybe Bool) -- | A string with the password. getRandomPasswordResponse_randomPassword :: Lens' GetRandomPasswordResponse (Maybe Text) -- | The response's http status code. getRandomPasswordResponse_httpStatus :: Lens' GetRandomPasswordResponse Int -- | The ARN or name of the secret to retrieve the attached resource-based -- policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. getResourcePolicy_secretId :: Lens' GetResourcePolicy Text -- | The ARN of the secret that the resource-based policy was retrieved -- for. getResourcePolicyResponse_arn :: Lens' GetResourcePolicyResponse (Maybe Text) -- | The name of the secret that the resource-based policy was retrieved -- for. getResourcePolicyResponse_name :: Lens' GetResourcePolicyResponse (Maybe Text) -- | A JSON-formatted string that contains the permissions policy attached -- to the secret. For more information about permissions policies, see -- Authentication and access control for Secrets Manager. getResourcePolicyResponse_resourcePolicy :: Lens' GetResourcePolicyResponse (Maybe Text) -- | The response's http status code. getResourcePolicyResponse_httpStatus :: Lens' GetResourcePolicyResponse Int -- | The unique identifier of the version of the secret to retrieve. If you -- include both this parameter and VersionStage, the two -- parameters must refer to the same secret version. If you don't specify -- either a VersionStage or VersionId, then Secrets -- Manager returns the AWSCURRENT version. -- -- This value is typically a UUID-type value with 32 hexadecimal -- digits. getSecretValue_versionId :: Lens' GetSecretValue (Maybe Text) -- | The staging label of the version of the secret to retrieve. -- -- Secrets Manager uses staging labels to keep track of different -- versions during the rotation process. If you include both this -- parameter and VersionId, the two parameters must refer to the -- same secret version. If you don't specify either a -- VersionStage or VersionId, Secrets Manager returns -- the AWSCURRENT version. getSecretValue_versionStage :: Lens' GetSecretValue (Maybe Text) -- | The ARN or name of the secret to retrieve. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. getSecretValue_secretId :: Lens' GetSecretValue Text -- | The ARN of the secret. getSecretValueResponse_arn :: Lens' GetSecretValueResponse (Maybe Text) -- | The date and time that this version of the secret was created. If you -- don't specify which version in VersionId or -- VersionStage, then Secrets Manager uses the -- AWSCURRENT version. getSecretValueResponse_createdDate :: Lens' GetSecretValueResponse (Maybe UTCTime) -- | The friendly name of the secret. getSecretValueResponse_name :: Lens' GetSecretValueResponse (Maybe Text) -- | The decrypted secret value, if the secret value was originally -- provided as binary data in the form of a byte array. The response -- parameter represents the binary data as a base64-encoded -- string. -- -- If the secret was created by using the Secrets Manager console, or if -- the secret value was originally provided as a string, then this field -- is omitted. The secret value appears in SecretString -- instead.-- -- Note: This Lens automatically encodes -- and decodes Base64 data. -- The underlying isomorphism will encode to -- Base64 representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. getSecretValueResponse_secretBinary :: Lens' GetSecretValueResponse (Maybe ByteString) -- | The decrypted secret value, if the secret value was originally -- provided as a string or through the Secrets Manager console. -- -- If this secret was created by using the console, then Secrets Manager -- stores the information as a JSON structure of key/value pairs. getSecretValueResponse_secretString :: Lens' GetSecretValueResponse (Maybe Text) -- | The unique identifier of this version of the secret. getSecretValueResponse_versionId :: Lens' GetSecretValueResponse (Maybe Text) -- | A list of all of the staging labels currently attached to this version -- of the secret. getSecretValueResponse_versionStages :: Lens' GetSecretValueResponse (Maybe (NonEmpty Text)) -- | The response's http status code. getSecretValueResponse_httpStatus :: Lens' GetSecretValueResponse Int -- | Specifies whether to include versions of secrets that don't have any -- staging labels attached to them. Versions without staging labels are -- considered deprecated and are subject to deletion by Secrets Manager. listSecretVersionIds_includeDeprecated :: Lens' ListSecretVersionIds (Maybe Bool) -- | The number of results to include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecretVersionIds again with the value from -- NextToken. listSecretVersionIds_maxResults :: Lens' ListSecretVersionIds (Maybe Natural) -- | A token that indicates where the output should continue from, if a -- previous call did not show all results. To get the next results, call -- ListSecretVersionIds again with this value. listSecretVersionIds_nextToken :: Lens' ListSecretVersionIds (Maybe Text) -- | The ARN or name of the secret whose versions you want to list. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. listSecretVersionIds_secretId :: Lens' ListSecretVersionIds Text -- | The ARN of the secret. listSecretVersionIdsResponse_arn :: Lens' ListSecretVersionIdsResponse (Maybe Text) -- | The name of the secret. listSecretVersionIdsResponse_name :: Lens' ListSecretVersionIdsResponse (Maybe Text) -- | Secrets Manager includes this value if there's more output available -- than what is included in the current response. This can occur even -- when the response includes no values at all, such as when you ask for -- a filtered view of a long list. To get the next results, call -- ListSecretVersionIds again with this value. listSecretVersionIdsResponse_nextToken :: Lens' ListSecretVersionIdsResponse (Maybe Text) -- | A list of the versions of the secret. listSecretVersionIdsResponse_versions :: Lens' ListSecretVersionIdsResponse (Maybe [SecretVersionsListEntry]) -- | The response's http status code. listSecretVersionIdsResponse_httpStatus :: Lens' ListSecretVersionIdsResponse Int -- | The filters to apply to the list of secrets. listSecrets_filters :: Lens' ListSecrets (Maybe [Filter]) -- | Undocumented member. listSecrets_includePlannedDeletion :: Lens' ListSecrets (Maybe Bool) -- | The number of results to include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecrets again with the value from NextToken. listSecrets_maxResults :: Lens' ListSecrets (Maybe Natural) -- | A token that indicates where the output should continue from, if a -- previous call did not show all results. To get the next results, call -- ListSecrets again with this value. listSecrets_nextToken :: Lens' ListSecrets (Maybe Text) -- | Secrets are listed by CreatedDate. listSecrets_sortOrder :: Lens' ListSecrets (Maybe SortOrderType) -- | Secrets Manager includes this value if there's more output available -- than what is included in the current response. This can occur even -- when the response includes no values at all, such as when you ask for -- a filtered view of a long list. To get the next results, call -- ListSecrets again with this value. listSecretsResponse_nextToken :: Lens' ListSecretsResponse (Maybe Text) -- | A list of the secrets in the account. listSecretsResponse_secretList :: Lens' ListSecretsResponse (Maybe [SecretListEntry]) -- | The response's http status code. listSecretsResponse_httpStatus :: Lens' ListSecretsResponse Int -- | Specifies whether to block resource-based policies that allow broad -- access to the secret, for example those that use a wildcard for the -- principal. putResourcePolicy_blockPublicPolicy :: Lens' PutResourcePolicy (Maybe Bool) -- | The ARN or name of the secret to attach the resource-based policy. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. putResourcePolicy_secretId :: Lens' PutResourcePolicy Text -- | A JSON-formatted string for an Amazon Web Services resource-based -- policy. For example policies, see Permissions policy examples. putResourcePolicy_resourcePolicy :: Lens' PutResourcePolicy Text -- | The ARN of the secret. putResourcePolicyResponse_arn :: Lens' PutResourcePolicyResponse (Maybe Text) -- | The name of the secret. putResourcePolicyResponse_name :: Lens' PutResourcePolicyResponse (Maybe Text) -- | The response's http status code. putResourcePolicyResponse_httpStatus :: Lens' PutResourcePolicyResponse Int -- | A unique identifier for the new version of the secret. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty because they generate a random UUID for you. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for new versions and include that -- value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during the Lambda rotation function processing. -- We recommend that you generate a UUID-type value to ensure -- uniqueness within the specified secret. -- -- -- -- This value becomes the VersionId of the new version. putSecretValue_clientRequestToken :: Lens' PutSecretValue (Maybe Text) -- | The binary data to encrypt and store in the new version of the secret. -- To use this parameter in the command-line tools, we recommend that you -- store your binary data in a file and then pass the contents of the -- file as a parameter. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- You can't access this value from the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. putSecretValue_secretBinary :: Lens' PutSecretValue (Maybe ByteString) -- | The text to encrypt and store in the new version of the secret. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- We recommend you create the secret string as JSON key/value pairs, as -- shown in the example. putSecretValue_secretString :: Lens' PutSecretValue (Maybe Text) -- | A list of staging labels to attach to this version of the secret. -- Secrets Manager uses staging labels to track versions of a secret -- through the rotation process. -- -- If you specify a staging label that's already associated with a -- different version of the same secret, then Secrets Manager removes the -- label from the other version and attaches it to this version. If you -- specify AWSCURRENT, and it is already attached to another -- version, then Secrets Manager also moves the staging label -- AWSPREVIOUS to the version that AWSCURRENT was -- removed from. -- -- If you don't include VersionStages, then Secrets Manager -- automatically moves the staging label AWSCURRENT to this -- version. putSecretValue_versionStages :: Lens' PutSecretValue (Maybe (NonEmpty Text)) -- | The ARN or name of the secret to add a new version to. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- If the secret doesn't already exist, use CreateSecret -- instead. putSecretValue_secretId :: Lens' PutSecretValue Text -- | The ARN of the secret. putSecretValueResponse_arn :: Lens' PutSecretValueResponse (Maybe Text) -- | The name of the secret. putSecretValueResponse_name :: Lens' PutSecretValueResponse (Maybe Text) -- | The unique identifier of the version of the secret. putSecretValueResponse_versionId :: Lens' PutSecretValueResponse (Maybe Text) -- | The list of staging labels that are currently attached to this version -- of the secret. Secrets Manager uses staging labels to track a version -- as it progresses through the secret rotation process. putSecretValueResponse_versionStages :: Lens' PutSecretValueResponse (Maybe (NonEmpty Text)) -- | The response's http status code. putSecretValueResponse_httpStatus :: Lens' PutSecretValueResponse Int -- | The ARN or name of the secret. removeRegionsFromReplication_secretId :: Lens' RemoveRegionsFromReplication Text -- | The Regions of the replicas to remove. removeRegionsFromReplication_removeReplicaRegions :: Lens' RemoveRegionsFromReplication (NonEmpty Text) -- | The ARN of the primary secret. removeRegionsFromReplicationResponse_arn :: Lens' RemoveRegionsFromReplicationResponse (Maybe Text) -- | The status of replicas for this secret after you remove Regions. removeRegionsFromReplicationResponse_replicationStatus :: Lens' RemoveRegionsFromReplicationResponse (Maybe [ReplicationStatusType]) -- | The response's http status code. removeRegionsFromReplicationResponse_httpStatus :: Lens' RemoveRegionsFromReplicationResponse Int -- | Specifies whether to overwrite a secret with the same name in the -- destination Region. replicateSecretToRegions_forceOverwriteReplicaSecret :: Lens' ReplicateSecretToRegions (Maybe Bool) -- | The ARN or name of the secret to replicate. replicateSecretToRegions_secretId :: Lens' ReplicateSecretToRegions Text -- | A list of Regions in which to replicate the secret. replicateSecretToRegions_addReplicaRegions :: Lens' ReplicateSecretToRegions (NonEmpty ReplicaRegionType) -- | The ARN of the primary secret. replicateSecretToRegionsResponse_arn :: Lens' ReplicateSecretToRegionsResponse (Maybe Text) -- | The status of replication. replicateSecretToRegionsResponse_replicationStatus :: Lens' ReplicateSecretToRegionsResponse (Maybe [ReplicationStatusType]) -- | The response's http status code. replicateSecretToRegionsResponse_httpStatus :: Lens' ReplicateSecretToRegionsResponse Int -- | The ARN or name of the secret to restore. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. restoreSecret_secretId :: Lens' RestoreSecret Text -- | The ARN of the secret that was restored. restoreSecretResponse_arn :: Lens' RestoreSecretResponse (Maybe Text) -- | The name of the secret that was restored. restoreSecretResponse_name :: Lens' RestoreSecretResponse (Maybe Text) -- | The response's http status code. restoreSecretResponse_httpStatus :: Lens' RestoreSecretResponse Int -- | A unique identifier for the new version of the secret that helps -- ensure idempotency. Secrets Manager uses this value to prevent the -- accidental creation of duplicate versions if there are failures and -- retries during rotation. This value becomes the VersionId of -- the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDK to call this operation, then you can leave this parameter -- empty. The CLI or SDK generates a random UUID for you and includes -- that in the request for this parameter. If you don't use the SDK and -- instead generate a raw HTTP request to the Secrets Manager service -- endpoint, then you must generate a ClientRequestToken -- yourself for new versions and include that value in the request. -- -- You only need to specify this value if you implement your own retry -- logic and you want to ensure that Secrets Manager doesn't attempt to -- create a secret version twice. We recommend that you generate a -- UUID-type value to ensure uniqueness within the specified -- secret. rotateSecret_clientRequestToken :: Lens' RotateSecret (Maybe Text) -- | Specifies whether to rotate the secret immediately or wait until the -- next scheduled rotation window. The rotation schedule is defined in -- RotateSecretRequest$RotationRules. -- -- If you don't immediately rotate the secret, Secrets Manager tests the -- rotation configuration by running the testSecret step of the -- Lambda rotation function. The test creates an AWSPENDING -- version of the secret and then removes it. -- -- If you don't specify this value, then by default, Secrets Manager -- rotates the secret immediately. rotateSecret_rotateImmediately :: Lens' RotateSecret (Maybe Bool) -- | The ARN of the Lambda rotation function that can rotate the secret. rotateSecret_rotationLambdaARN :: Lens' RotateSecret (Maybe Text) -- | A structure that defines the rotation configuration for this secret. rotateSecret_rotationRules :: Lens' RotateSecret (Maybe RotationRulesType) -- | The ARN or name of the secret to rotate. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. rotateSecret_secretId :: Lens' RotateSecret Text -- | The ARN of the secret. rotateSecretResponse_arn :: Lens' RotateSecretResponse (Maybe Text) -- | The name of the secret. rotateSecretResponse_name :: Lens' RotateSecretResponse (Maybe Text) -- | The ID of the new version of the secret. rotateSecretResponse_versionId :: Lens' RotateSecretResponse (Maybe Text) -- | The response's http status code. rotateSecretResponse_httpStatus :: Lens' RotateSecretResponse Int -- | The ARN of the primary secret. stopReplicationToReplica_secretId :: Lens' StopReplicationToReplica Text -- | The ARN of the promoted secret. The ARN is the same as the original -- primary secret except the Region is changed. stopReplicationToReplicaResponse_arn :: Lens' StopReplicationToReplicaResponse (Maybe Text) -- | The response's http status code. stopReplicationToReplicaResponse_httpStatus :: Lens' StopReplicationToReplicaResponse Int -- | The identifier for the secret to attach tags to. You can specify -- either the Amazon Resource Name (ARN) or the friendly name of the -- secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. tagResource_secretId :: Lens' TagResource Text -- | The tags to attach to the secret as a JSON text string argument. Each -- element in the list consists of a Key and a Value. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. tagResource_tags :: Lens' TagResource [Tag] -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. untagResource_secretId :: Lens' UntagResource Text -- | A list of tag key names to remove from the secret. You don't specify -- the value. Both the key and its associated value are removed. -- -- This parameter requires a JSON text string argument. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. untagResource_tagKeys :: Lens' UntagResource [Text] -- | If you include SecretString or SecretBinary, then -- Secrets Manager creates a new version for the secret, and this -- parameter specifies the unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value becomes the VersionId of the new version. updateSecret_clientRequestToken :: Lens' UpdateSecret (Maybe Text) -- | The description of the secret. updateSecret_description :: Lens' UpdateSecret (Maybe Text) -- | The ARN, key ID, or alias of the KMS key that Secrets Manager uses to -- encrypt new secret versions as well as any existing versions with the -- staging labels AWSCURRENT, AWSPENDING, or -- AWSPREVIOUS. For more information about versions and staging -- labels, see Concepts: Version. -- -- A key alias is always prefixed by alias/, for example -- alias/aws/secretsmanager. For more information, see About -- aliases. -- -- If you set this to an empty string, Secrets Manager uses the Amazon -- Web Services managed key aws/secretsmanager. If this key -- doesn't already exist in your account, then Secrets Manager creates it -- for you automatically. All users and roles in the Amazon Web Services -- account automatically have access to use aws/secretsmanager. -- Creating aws/secretsmanager can result in a one-time -- significant delay in returning the result. -- -- You can only use the Amazon Web Services managed key -- aws/secretsmanager if you call this operation using -- credentials from the same Amazon Web Services account that owns the -- secret. If the secret is in a different account, then you must use a -- customer managed key and provide the ARN of that KMS key in this -- field. The user making the call must have permissions to both the -- secret and the KMS key in their respective accounts. updateSecret_kmsKeyId :: Lens' UpdateSecret (Maybe Text) -- | The binary data to encrypt and store in the new version of the secret. -- We recommend that you store your binary data in a file and then pass -- the contents of the file as a parameter. -- -- Either SecretBinary or SecretString must have a -- value, but not both. -- -- You can't access this parameter in the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. updateSecret_secretBinary :: Lens' UpdateSecret (Maybe ByteString) -- | The text data to encrypt and store in the new version of the secret. -- We recommend you use a JSON structure of key/value pairs for your -- secret value. -- -- Either SecretBinary or SecretString must have a -- value, but not both. updateSecret_secretString :: Lens' UpdateSecret (Maybe Text) -- | The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. updateSecret_secretId :: Lens' UpdateSecret Text -- | The ARN of the secret that was updated. updateSecretResponse_arn :: Lens' UpdateSecretResponse (Maybe Text) -- | The name of the secret that was updated. updateSecretResponse_name :: Lens' UpdateSecretResponse (Maybe Text) -- | If Secrets Manager created a new version of the secret during this -- operation, then VersionId contains the unique identifier of -- the new version. updateSecretResponse_versionId :: Lens' UpdateSecretResponse (Maybe Text) -- | The response's http status code. updateSecretResponse_httpStatus :: Lens' UpdateSecretResponse Int -- | The ID of the version to add the staging label to. To remove a label -- from a version, then do not specify this parameter. -- -- If the staging label is already attached to a different version of the -- secret, then you must also specify the RemoveFromVersionId -- parameter. updateSecretVersionStage_moveToVersionId :: Lens' UpdateSecretVersionStage (Maybe Text) -- | The ID of the version that the staging label is to be removed from. If -- the staging label you are trying to attach to one version is already -- attached to a different version, then you must include this parameter -- and specify the version that the label is to be removed from. If the -- label is attached and you either do not specify this parameter, or the -- version ID does not match, then the operation fails. updateSecretVersionStage_removeFromVersionId :: Lens' UpdateSecretVersionStage (Maybe Text) -- | The ARN or the name of the secret with the version and staging -- labelsto modify. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. updateSecretVersionStage_secretId :: Lens' UpdateSecretVersionStage Text -- | The staging label to add to this version. updateSecretVersionStage_versionStage :: Lens' UpdateSecretVersionStage Text -- | The ARN of the secret that was updated. updateSecretVersionStageResponse_arn :: Lens' UpdateSecretVersionStageResponse (Maybe Text) -- | The name of the secret that was updated. updateSecretVersionStageResponse_name :: Lens' UpdateSecretVersionStageResponse (Maybe Text) -- | The response's http status code. updateSecretVersionStageResponse_httpStatus :: Lens' UpdateSecretVersionStageResponse Int -- | This field is reserved for internal use. validateResourcePolicy_secretId :: Lens' ValidateResourcePolicy (Maybe Text) -- | A JSON-formatted string that contains an Amazon Web Services -- resource-based policy. The policy in the string identifies who can -- access or manage this secret and its versions. For example policies, -- see Permissions policy examples. validateResourcePolicy_resourcePolicy :: Lens' ValidateResourcePolicy Text -- | True if your policy passes validation, otherwise false. validateResourcePolicyResponse_policyValidationPassed :: Lens' ValidateResourcePolicyResponse (Maybe Bool) -- | Validation errors if your policy didn't pass validation. validateResourcePolicyResponse_validationErrors :: Lens' ValidateResourcePolicyResponse (Maybe [ValidationErrorsEntry]) -- | The response's http status code. validateResourcePolicyResponse_httpStatus :: Lens' ValidateResourcePolicyResponse Int -- | The following are keys you can use: -- -- filter_key :: Lens' Filter (Maybe FilterNameStringType) -- | The keyword to filter for. -- -- You can prefix your search value with an exclamation mark (!) -- in order to perform negation filters. filter_values :: Lens' Filter (Maybe (NonEmpty Text)) -- | The ARN, key ID, or alias of the KMS key to encrypt the secret. If you -- don't include this field, Secrets Manager uses -- aws/secretsmanager. replicaRegionType_kmsKeyId :: Lens' ReplicaRegionType (Maybe Text) -- | A Region code. For a list of Region codes, see Name and code of -- Regions. replicaRegionType_region :: Lens' ReplicaRegionType (Maybe Text) -- | Can be an ARN, Key ID, or Alias. replicationStatusType_kmsKeyId :: Lens' ReplicationStatusType (Maybe Text) -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. replicationStatusType_lastAccessedDate :: Lens' ReplicationStatusType (Maybe UTCTime) -- | The Region where replication occurs. replicationStatusType_region :: Lens' ReplicationStatusType (Maybe Text) -- | The status can be InProgress, Failed, or -- InSync. replicationStatusType_status :: Lens' ReplicationStatusType (Maybe StatusType) -- | Status message such as "/Secret with this name already exists in this -- region/". replicationStatusType_statusMessage :: Lens' ReplicationStatusType (Maybe Text) -- | The number of days between automatic scheduled rotations of the -- secret. You can use this value to check that your secret meets your -- compliance guidelines for how often secrets must be rotated. -- -- In DescribeSecret and ListSecrets, this value is -- calculated from the rotation schedule after every successful rotation. -- In RotateSecret, you can set the rotation schedule in -- RotationRules with AutomaticallyAfterDays or -- ScheduleExpression, but not both. To set a rotation schedule -- in hours, use ScheduleExpression. rotationRulesType_automaticallyAfterDays :: Lens' RotationRulesType (Maybe Natural) -- | The length of the rotation window in hours, for example 3h -- for a three hour window. Secrets Manager rotates your secret at any -- time during this window. The window must not extend into the next -- rotation window or the next UTC day. The window starts according to -- the ScheduleExpression. If you don't specify a -- Duration, for a ScheduleExpression in hours, the -- window automatically closes after one hour. For a -- ScheduleExpression in days, the window automatically closes -- at the end of the UTC day. For more information, including examples, -- see Schedule expressions in Secrets Manager rotation in the -- Secrets Manager Users Guide. rotationRulesType_duration :: Lens' RotationRulesType (Maybe Text) -- | A cron() or rate() expression that defines the -- schedule for rotating your secret. Secrets Manager rotation schedules -- use UTC time zone. Secrets Manager rotates your secret any time during -- a rotation window. -- -- Secrets Manager rate() expressions represent the interval in -- hours or days that you want to rotate your secret, for example -- rate(12 hours) or rate(10 days). You can rotate a -- secret as often as every four hours. If you use a rate() -- expression, the rotation window starts at midnight. For a rate in -- hours, the default rotation window closes after one hour. For a rate -- in days, the default rotation window closes at the end of the day. You -- can set the Duration to change the rotation window. The -- rotation window must not extend into the next UTC day or into the next -- rotation window. -- -- You can use a cron() expression to create a rotation schedule -- that is more detailed than a rotation interval. For more information, -- including examples, see Schedule expressions in Secrets Manager -- rotation in the Secrets Manager Users Guide. For a cron -- expression that represents a schedule in hours, the default rotation -- window closes after one hour. For a cron expression that represents a -- schedule in days, the default rotation window closes at the end of the -- day. You can set the Duration to change the rotation window. -- The rotation window must not extend into the next UTC day or into the -- next rotation window. rotationRulesType_scheduleExpression :: Lens' RotationRulesType (Maybe Text) -- | The Amazon Resource Name (ARN) of the secret. secretListEntry_arn :: Lens' SecretListEntry (Maybe Text) -- | The date and time when a secret was created. secretListEntry_createdDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The date and time the deletion of the secret occurred. Not present on -- active secrets. The secret can be recovered until the number of days -- in the recovery window has passed, as specified in the -- RecoveryWindowInDays parameter of the DeleteSecret -- operation. secretListEntry_deletedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The user-provided description of the secret. secretListEntry_description :: Lens' SecretListEntry (Maybe Text) -- | The ARN of the KMS key that Secrets Manager uses to encrypt the secret -- value. If the secret is encrypted with the Amazon Web Services managed -- key aws/secretsmanager, this field is omitted. secretListEntry_kmsKeyId :: Lens' SecretListEntry (Maybe Text) -- | The date that the secret was last accessed in the Region. This field -- is omitted if the secret has never been retrieved in the Region. secretListEntry_lastAccessedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The last date and time that this secret was modified in any way. secretListEntry_lastChangedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The most recent date and time that the Secrets Manager rotation -- process was successfully completed. This value is null if the secret -- hasn't ever rotated. secretListEntry_lastRotatedDate :: Lens' SecretListEntry (Maybe UTCTime) -- | The friendly name of the secret. You can use forward slashes in the -- name to represent a path hierarchy. For example, -- /prod/databases/dbserver1 could represent the secret for a -- server named dbserver1 in the folder databases in -- the folder prod. secretListEntry_name :: Lens' SecretListEntry (Maybe Text) -- | Undocumented member. secretListEntry_nextRotationDate :: Lens' SecretListEntry (Maybe UTCTime) -- | Returns the name of the service that created the secret. secretListEntry_owningService :: Lens' SecretListEntry (Maybe Text) -- | The Region where Secrets Manager originated the secret. secretListEntry_primaryRegion :: Lens' SecretListEntry (Maybe Text) -- | Indicates whether automatic, scheduled rotation is enabled for this -- secret. secretListEntry_rotationEnabled :: Lens' SecretListEntry (Maybe Bool) -- | The ARN of an Amazon Web Services Lambda function invoked by Secrets -- Manager to rotate and expire the secret either automatically per the -- schedule or manually by a call to RotateSecret . secretListEntry_rotationLambdaARN :: Lens' SecretListEntry (Maybe Text) -- | A structure that defines the rotation configuration for the secret. secretListEntry_rotationRules :: Lens' SecretListEntry (Maybe RotationRulesType) -- | A list of all of the currently assigned SecretVersionStage -- staging labels and the SecretVersionId attached to each one. -- Staging labels are used to keep track of the different versions during -- the rotation process. -- -- A version that does not have any SecretVersionStage is -- considered deprecated and subject to deletion. Such versions are not -- included in this list. secretListEntry_secretVersionsToStages :: Lens' SecretListEntry (Maybe (HashMap Text (NonEmpty Text))) -- | The list of user-defined tags associated with the secret. To add tags -- to a secret, use TagResource . To remove tags, use -- UntagResource . secretListEntry_tags :: Lens' SecretListEntry (Maybe [Tag]) -- | The date and time this version of the secret was created. secretVersionsListEntry_createdDate :: Lens' SecretVersionsListEntry (Maybe UTCTime) -- | The KMS keys used to encrypt the secret version. secretVersionsListEntry_kmsKeyIds :: Lens' SecretVersionsListEntry (Maybe [Text]) -- | The date that this version of the secret was last accessed. Note that -- the resolution of this field is at the date level and does not include -- the time. secretVersionsListEntry_lastAccessedDate :: Lens' SecretVersionsListEntry (Maybe UTCTime) -- | The unique version identifier of this version of the secret. secretVersionsListEntry_versionId :: Lens' SecretVersionsListEntry (Maybe Text) -- | An array of staging labels that are currently associated with this -- version of the secret. secretVersionsListEntry_versionStages :: Lens' SecretVersionsListEntry (Maybe (NonEmpty Text)) -- | The key identifier, or name, of the tag. tag_key :: Lens' Tag (Maybe Text) -- | The string value associated with the key of the tag. tag_value :: Lens' Tag (Maybe Text) -- | Checks the name of the policy. validationErrorsEntry_checkName :: Lens' ValidationErrorsEntry (Maybe Text) -- | Displays error messages if validation encounters problems during -- validation of the resource policy. validationErrorsEntry_errorMessage :: Lens' ValidationErrorsEntry (Maybe Text) module Amazonka.SecretsManager.Waiters -- | Derived from API version 2017-10-17 of the AWS service -- descriptions, licensed under Apache 2.0. -- -- Amazon Web Services Secrets Manager -- -- Amazon Web Services Secrets Manager provides a service to enable you -- to store, manage, and retrieve, secrets. -- -- This guide provides descriptions of the Secrets Manager API. For more -- information about using this service, see the Amazon Web Services -- Secrets Manager User Guide. -- -- API Version -- -- This version of the Secrets Manager API Reference documents the -- Secrets Manager API version 2017-10-17. -- -- Support and Feedback for Amazon Web Services Secrets Manager -- -- We welcome your feedback. Send your comments to -- awssecretsmanager-feedback@amazon.com, or post your feedback -- and questions in the Amazon Web Services Secrets Manager Discussion -- Forum. For more information about the Amazon Web Services -- Discussion Forums, see Forums Help. -- -- Logging API Requests -- -- Amazon Web Services Secrets Manager supports Amazon Web Services -- CloudTrail, a service that records Amazon Web Services API calls for -- your Amazon Web Services account and delivers log files to an Amazon -- S3 bucket. By using information that's collected by Amazon Web -- Services CloudTrail, you can determine the requests successfully made -- to Secrets Manager, who made the request, when it was made, and so on. -- For more about Amazon Web Services Secrets Manager and support for -- Amazon Web Services CloudTrail, see Logging Amazon Web Services -- Secrets Manager Events with Amazon Web Services CloudTrail in the -- Amazon Web Services Secrets Manager User Guide. To learn more -- about CloudTrail, including enabling it and find your log files, see -- the Amazon Web Services CloudTrail User Guide. module Amazonka.SecretsManager -- | API version 2017-10-17 of the Amazon Secrets Manager SDK -- configuration. defaultService :: Service -- | Secrets Manager can't decrypt the protected secret text using the -- provided KMS key. _DecryptionFailure :: AsError a => Fold a ServiceError -- | Secrets Manager can't encrypt the protected secret text using the -- provided KMS key. Check that the KMS key is available, enabled, and -- not in an invalid state. For more information, see Key state: -- Effect on your KMS key. _EncryptionFailure :: AsError a => Fold a ServiceError -- | An error occurred on the server side. _InternalServiceError :: AsError a => Fold a ServiceError -- | The NextToken value is invalid. _InvalidNextTokenException :: AsError a => Fold a ServiceError -- | The parameter name or value is invalid. _InvalidParameterException :: AsError a => Fold a ServiceError -- | A parameter value is not valid for the current state of the resource. -- -- Possible causes: -- -- _InvalidRequestException :: AsError a => Fold a ServiceError -- | The request failed because it would exceed one of the Secrets Manager -- quotas. _LimitExceededException :: AsError a => Fold a ServiceError -- | The resource policy has syntax errors. _MalformedPolicyDocumentException :: AsError a => Fold a ServiceError -- | The request failed because you did not complete all the prerequisite -- steps. _PreconditionNotMetException :: AsError a => Fold a ServiceError -- | The BlockPublicPolicy parameter is set to true, and the -- resource policy did not prevent broad access to the secret. _PublicPolicyException :: AsError a => Fold a ServiceError -- | A resource with the ID you requested already exists. _ResourceExistsException :: AsError a => Fold a ServiceError -- | Secrets Manager can't find the resource that you asked for. _ResourceNotFoundException :: AsError a => Fold a ServiceError -- | See: newCancelRotateSecret smart constructor. data CancelRotateSecret CancelRotateSecret' :: Text -> CancelRotateSecret -- | Create a value of CancelRotateSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:CancelRotateSecret', -- cancelRotateSecret_secretId - The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newCancelRotateSecret :: Text -> CancelRotateSecret -- | See: newCancelRotateSecretResponse smart constructor. data CancelRotateSecretResponse CancelRotateSecretResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Int -> CancelRotateSecretResponse -- | Create a value of CancelRotateSecretResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- CancelRotateSecretResponse, -- cancelRotateSecretResponse_arn - The ARN of the secret. -- -- CancelRotateSecretResponse, -- cancelRotateSecretResponse_name - The name of the secret. -- -- CancelRotateSecretResponse, -- cancelRotateSecretResponse_versionId - The unique identifier of -- the version of the secret created during the rotation. This version -- might not be complete, and should be evaluated for possible deletion. -- We recommend that you remove the VersionStage value -- AWSPENDING from this version so that Secrets Manager can -- delete it. Failing to clean up a cancelled rotation can block you from -- starting future rotations. -- -- $sel:httpStatus:CancelRotateSecretResponse', -- cancelRotateSecretResponse_httpStatus - The response's http -- status code. newCancelRotateSecretResponse :: Int -> CancelRotateSecretResponse -- | See: newCreateSecret smart constructor. data CreateSecret CreateSecret' :: Maybe (NonEmpty ReplicaRegionType) -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe (Sensitive Base64) -> Maybe (Sensitive Text) -> Maybe [Tag] -> Text -> CreateSecret -- | Create a value of CreateSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:addReplicaRegions:CreateSecret', -- createSecret_addReplicaRegions - A list of Regions and KMS keys -- to replicate secrets. -- -- $sel:clientRequestToken:CreateSecret', -- createSecret_clientRequestToken - If you include -- SecretString or SecretBinary, then Secrets Manager -- creates an initial version for the secret, and this parameter -- specifies the unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during a rotation. We recommend that you generate -- a UUID-type value to ensure uniqueness of your versions within -- the specified secret. -- -- -- -- This value becomes the VersionId of the new version. -- -- CreateSecret, createSecret_description - The description -- of the secret. -- -- $sel:forceOverwriteReplicaSecret:CreateSecret', -- createSecret_forceOverwriteReplicaSecret - Specifies whether to -- overwrite a secret with the same name in the destination Region. -- -- CreateSecret, createSecret_kmsKeyId - The ARN, key ID, -- or alias of the KMS key that Secrets Manager uses to encrypt the -- secret value in the secret. An alias is always prefixed by -- alias/, for example alias/aws/secretsmanager. For -- more information, see About aliases. -- -- To use a KMS key in a different account, use the key ARN or the alias -- ARN. -- -- If you don't specify this value, then Secrets Manager uses the key -- aws/secretsmanager. If that key doesn't yet exist, then -- Secrets Manager creates it for you automatically the first time it -- encrypts the secret value. -- -- If the secret is in a different Amazon Web Services account from the -- credentials calling the API, then you can't use -- aws/secretsmanager to encrypt the secret, and you must create -- and use a customer managed KMS key. -- -- $sel:secretBinary:CreateSecret', -- createSecret_secretBinary - The binary data to encrypt and -- store in the new version of the secret. We recommend that you store -- your binary data in a file and then pass the contents of the file as a -- parameter. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- This parameter is not available in the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. -- -- $sel:secretString:CreateSecret', -- createSecret_secretString - The text data to encrypt and store -- in this new version of the secret. We recommend you use a JSON -- structure of key/value pairs for your secret value. -- -- Either SecretString or SecretBinary must have a -- value, but not both. -- -- If you create a secret by using the Secrets Manager console then -- Secrets Manager puts the protected secret text in only the -- SecretString parameter. The Secrets Manager console stores -- the information as a JSON structure of key/value pairs that a Lambda -- rotation function can parse. -- -- CreateSecret, createSecret_tags - A list of tags to -- attach to the secret. Each tag is a key and value pair of strings in a -- JSON text string, for example: -- -- 
--   [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
--
-- -- Secrets Manager tag key names are case sensitive. A tag with the key -- "ABC" is a different tag from one with key "abc". -- -- If you check tags in permissions policies as part of your security -- strategy, then adding or removing a tag can change permissions. If the -- completion of this operation would result in you losing your -- permissions for this secret, then Secrets Manager blocks the operation -- and returns an Access Denied error. For more information, see -- Control access to secrets using tags and Limit access to -- identities with tags that match secrets' tags. -- -- For information about how to format a JSON parameter for the various -- command line tool environments, see Using JSON for Parameters. -- If your command-line tool or SDK requires quotation marks around the -- parameter, you should use single quotes to avoid confusion with the -- double quotes required in the JSON text. -- -- The following restrictions apply to tags: -- -- -- -- CreateSecret, createSecret_name - The name of the new -- secret. -- -- The secret name can contain ASCII letters, numbers, and the following -- characters: /_+=.@- -- -- Do not end your secret name with a hyphen followed by six characters. -- If you do so, you risk confusion and unexpected results when searching -- for a secret by partial ARN. Secrets Manager automatically adds a -- hyphen and six random characters after the secret name at the end of -- the ARN. newCreateSecret :: Text -> CreateSecret -- | See: newCreateSecretResponse smart constructor. data CreateSecretResponse CreateSecretResponse' :: Maybe Text -> Maybe Text -> Maybe [ReplicationStatusType] -> Maybe Text -> Int -> CreateSecretResponse -- | Create a value of CreateSecretResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- CreateSecretResponse, createSecretResponse_arn - The ARN -- of the new secret. The ARN includes the name of the secret followed by -- six random characters. This ensures that if you create a new secret -- with the same name as a deleted secret, then users with access to the -- old secret don't get access to the new secret because the ARNs are -- different. -- -- CreateSecret, createSecretResponse_name - The name of -- the new secret. -- -- $sel:replicationStatus:CreateSecretResponse', -- createSecretResponse_replicationStatus - A list of the replicas -- of this secret and their status: -- -- -- -- CreateSecretResponse, createSecretResponse_versionId - -- The unique identifier associated with the version of the new secret. -- -- $sel:httpStatus:CreateSecretResponse', -- createSecretResponse_httpStatus - The response's http status -- code. newCreateSecretResponse :: Int -> CreateSecretResponse -- | See: newDeleteResourcePolicy smart constructor. data DeleteResourcePolicy DeleteResourcePolicy' :: Text -> DeleteResourcePolicy -- | Create a value of DeleteResourcePolicy with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:DeleteResourcePolicy', -- deleteResourcePolicy_secretId - The ARN or name of the secret -- to delete the attached resource-based policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newDeleteResourcePolicy :: Text -> DeleteResourcePolicy -- | See: newDeleteResourcePolicyResponse smart constructor. data DeleteResourcePolicyResponse DeleteResourcePolicyResponse' :: Maybe Text -> Maybe Text -> Int -> DeleteResourcePolicyResponse -- | Create a value of DeleteResourcePolicyResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- DeleteResourcePolicyResponse, -- deleteResourcePolicyResponse_arn - The ARN of the secret that -- the resource-based policy was deleted for. -- -- DeleteResourcePolicyResponse, -- deleteResourcePolicyResponse_name - The name of the secret that -- the resource-based policy was deleted for. -- -- $sel:httpStatus:DeleteResourcePolicyResponse', -- deleteResourcePolicyResponse_httpStatus - The response's http -- status code. newDeleteResourcePolicyResponse :: Int -> DeleteResourcePolicyResponse -- | See: newDeleteSecret smart constructor. data DeleteSecret DeleteSecret' :: Maybe Bool -> Maybe Integer -> Text -> DeleteSecret -- | Create a value of DeleteSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:forceDeleteWithoutRecovery:DeleteSecret', -- deleteSecret_forceDeleteWithoutRecovery - Specifies whether to -- delete the secret without any recovery window. You can't use both this -- parameter and RecoveryWindowInDays in the same call. If you -- don't use either, then Secrets Manager defaults to a 30 day recovery -- window. -- -- Secrets Manager performs the actual deletion with an asynchronous -- background process, so there might be a short delay before the secret -- is permanently deleted. If you delete a secret and then immediately -- create a secret with the same name, use appropriate back off and retry -- logic. -- -- Use this parameter with caution. This parameter causes the operation -- to skip the normal recovery window before the permanent deletion that -- Secrets Manager would normally impose with the -- RecoveryWindowInDays parameter. If you delete a secret with -- the ForceDeleteWithoutRecovery parameter, then you have no -- opportunity to recover the secret. You lose the secret permanently. -- -- $sel:recoveryWindowInDays:DeleteSecret', -- deleteSecret_recoveryWindowInDays - The number of days from 7 -- to 30 that Secrets Manager waits before permanently deleting the -- secret. You can't use both this parameter and -- ForceDeleteWithoutRecovery in the same call. If you don't use -- either, then Secrets Manager defaults to a 30 day recovery window. -- -- $sel:secretId:DeleteSecret', deleteSecret_secretId - The -- ARN or name of the secret to delete. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newDeleteSecret :: Text -> DeleteSecret -- | See: newDeleteSecretResponse smart constructor. data DeleteSecretResponse DeleteSecretResponse' :: Maybe Text -> Maybe POSIX -> Maybe Text -> Int -> DeleteSecretResponse -- | Create a value of DeleteSecretResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- DeleteSecretResponse, deleteSecretResponse_arn - The ARN -- of the secret. -- -- $sel:deletionDate:DeleteSecretResponse', -- deleteSecretResponse_deletionDate - The date and time after -- which this secret Secrets Manager can permanently delete this secret, -- and it can no longer be restored. This value is the date and time of -- the delete request plus the number of days in -- RecoveryWindowInDays. -- -- DeleteSecretResponse, deleteSecretResponse_name - The -- name of the secret. -- -- $sel:httpStatus:DeleteSecretResponse', -- deleteSecretResponse_httpStatus - The response's http status -- code. newDeleteSecretResponse :: Int -> DeleteSecretResponse -- | See: newDescribeSecret smart constructor. data DescribeSecret DescribeSecret' :: Text -> DescribeSecret -- | Create a value of DescribeSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:DescribeSecret', describeSecret_secretId - -- The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newDescribeSecret :: Text -> DescribeSecret -- | See: newDescribeSecretResponse smart constructor. data DescribeSecretResponse DescribeSecretResponse' :: Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe [ReplicationStatusType] -> Maybe Bool -> Maybe Text -> Maybe RotationRulesType -> Maybe [Tag] -> Maybe (HashMap Text (NonEmpty Text)) -> Int -> DescribeSecretResponse -- | Create a value of DescribeSecretResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- DescribeSecretResponse, describeSecretResponse_arn - The -- ARN of the secret. -- -- DescribeSecretResponse, -- describeSecretResponse_createdDate - The date the secret was -- created. -- -- DescribeSecretResponse, -- describeSecretResponse_deletedDate - The date the secret is -- scheduled for deletion. If it is not scheduled for deletion, this -- field is omitted. When you delete a secret, Secrets Manager requires a -- recovery window of at least 7 days before deleting the secret. Some -- time after the deleted date, Secrets Manager deletes the secret, -- including all of its versions. -- -- If a secret is scheduled for deletion, then its details, including the -- encrypted secret value, is not accessible. To cancel a scheduled -- deletion and restore access to the secret, use RestoreSecret. -- -- DescribeSecretResponse, -- describeSecretResponse_description - The description of the -- secret. -- -- DescribeSecretResponse, describeSecretResponse_kmsKeyId -- - The key ID or alias ARN of the KMS key that Secrets Manager uses to -- encrypt the secret value. If the secret is encrypted with the Amazon -- Web Services managed key aws/secretsmanager, this field is -- omitted. Secrets created using the console use an KMS key ID. -- -- DescribeSecretResponse, -- describeSecretResponse_lastAccessedDate - The date that the -- secret was last accessed in the Region. This field is omitted if the -- secret has never been retrieved in the Region. -- -- DescribeSecretResponse, -- describeSecretResponse_lastChangedDate - The last date and time -- that this secret was modified in any way. -- -- DescribeSecretResponse, -- describeSecretResponse_lastRotatedDate - The last date and time -- that Secrets Manager rotated the secret. If the secret isn't -- configured for rotation, Secrets Manager returns null. -- -- DescribeSecretResponse, describeSecretResponse_name - -- The name of the secret. -- -- DescribeSecretResponse, -- describeSecretResponse_nextRotationDate - Undocumented member. -- -- DescribeSecretResponse, -- describeSecretResponse_owningService - The ID of the service -- that created this secret. For more information, see Secrets managed -- by other Amazon Web Services services. -- -- DescribeSecretResponse, -- describeSecretResponse_primaryRegion - The Region the secret is -- in. If a secret is replicated to other Regions, the replicas are -- listed in ReplicationStatus. -- -- $sel:replicationStatus:DescribeSecretResponse', -- describeSecretResponse_replicationStatus - A list of the -- replicas of this secret and their status: -- -- -- -- DescribeSecretResponse, -- describeSecretResponse_rotationEnabled - Specifies whether -- automatic rotation is turned on for this secret. -- -- To turn on rotation, use RotateSecret. To turn off rotation, use -- CancelRotateSecret. -- -- DescribeSecretResponse, -- describeSecretResponse_rotationLambdaARN - The ARN of the -- Lambda function that Secrets Manager invokes to rotate the secret. -- -- DescribeSecretResponse, -- describeSecretResponse_rotationRules - The rotation schedule -- and Lambda function for this secret. If the secret previously had -- rotation turned on, but it is now turned off, this field shows the -- previous rotation schedule and rotation function. If the secret never -- had rotation turned on, this field is omitted. -- -- DescribeSecretResponse, describeSecretResponse_tags - -- The list of tags attached to the secret. To add tags to a secret, use -- TagResource. To remove tags, use UntagResource. -- -- $sel:versionIdsToStages:DescribeSecretResponse', -- describeSecretResponse_versionIdsToStages - A list of the -- versions of the secret that have staging labels attached. Versions -- that don't have staging labels are considered deprecated and Secrets -- Manager can delete them. -- -- Secrets Manager uses staging labels to indicate the status of a secret -- version during rotation. The three staging labels for rotation are: -- -- -- -- For more information about rotation and staging labels, see How -- rotation works. -- -- $sel:httpStatus:DescribeSecretResponse', -- describeSecretResponse_httpStatus - The response's http status -- code. newDescribeSecretResponse :: Int -> DescribeSecretResponse -- | See: newGetRandomPassword smart constructor. data GetRandomPassword GetRandomPassword' :: Maybe Text -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Bool -> Maybe Natural -> Maybe Bool -> GetRandomPassword -- | Create a value of GetRandomPassword with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:excludeCharacters:GetRandomPassword', -- getRandomPassword_excludeCharacters - A string of the -- characters that you don't want in the password. -- -- $sel:excludeLowercase:GetRandomPassword', -- getRandomPassword_excludeLowercase - Specifies whether to -- exclude lowercase letters from the password. If you don't include this -- switch, the password can contain lowercase letters. -- -- $sel:excludeNumbers:GetRandomPassword', -- getRandomPassword_excludeNumbers - Specifies whether to exclude -- numbers from the password. If you don't include this switch, the -- password can contain numbers. -- -- $sel:excludePunctuation:GetRandomPassword', -- getRandomPassword_excludePunctuation - Specifies whether to -- exclude the following punctuation characters from the password: ! -- " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } -- ~. If you don't include this switch, the password can contain -- punctuation. -- -- $sel:excludeUppercase:GetRandomPassword', -- getRandomPassword_excludeUppercase - Specifies whether to -- exclude uppercase letters from the password. If you don't include this -- switch, the password can contain uppercase letters. -- -- $sel:includeSpace:GetRandomPassword', -- getRandomPassword_includeSpace - Specifies whether to include -- the space character. If you include this switch, the password can -- contain space characters. -- -- $sel:passwordLength:GetRandomPassword', -- getRandomPassword_passwordLength - The length of the password. -- If you don't include this parameter, the default length is 32 -- characters. -- -- $sel:requireEachIncludedType:GetRandomPassword', -- getRandomPassword_requireEachIncludedType - Specifies whether -- to include at least one upper and lowercase letter, one number, and -- one punctuation. If you don't include this switch, the password -- contains at least one of every character type. newGetRandomPassword :: GetRandomPassword -- | See: newGetRandomPasswordResponse smart constructor. data GetRandomPasswordResponse GetRandomPasswordResponse' :: Maybe (Sensitive Text) -> Int -> GetRandomPasswordResponse -- | Create a value of GetRandomPasswordResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:randomPassword:GetRandomPasswordResponse', -- getRandomPasswordResponse_randomPassword - A string with the -- password. -- -- $sel:httpStatus:GetRandomPasswordResponse', -- getRandomPasswordResponse_httpStatus - The response's http -- status code. newGetRandomPasswordResponse :: Int -> GetRandomPasswordResponse -- | See: newGetResourcePolicy smart constructor. data GetResourcePolicy GetResourcePolicy' :: Text -> GetResourcePolicy -- | Create a value of GetResourcePolicy with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:GetResourcePolicy', -- getResourcePolicy_secretId - The ARN or name of the secret to -- retrieve the attached resource-based policy for. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newGetResourcePolicy :: Text -> GetResourcePolicy -- | See: newGetResourcePolicyResponse smart constructor. data GetResourcePolicyResponse GetResourcePolicyResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Int -> GetResourcePolicyResponse -- | Create a value of GetResourcePolicyResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- GetResourcePolicyResponse, getResourcePolicyResponse_arn -- - The ARN of the secret that the resource-based policy was retrieved -- for. -- -- GetResourcePolicyResponse, -- getResourcePolicyResponse_name - The name of the secret that -- the resource-based policy was retrieved for. -- -- $sel:resourcePolicy:GetResourcePolicyResponse', -- getResourcePolicyResponse_resourcePolicy - A JSON-formatted -- string that contains the permissions policy attached to the secret. -- For more information about permissions policies, see Authentication -- and access control for Secrets Manager. -- -- $sel:httpStatus:GetResourcePolicyResponse', -- getResourcePolicyResponse_httpStatus - The response's http -- status code. newGetResourcePolicyResponse :: Int -> GetResourcePolicyResponse -- | See: newGetSecretValue smart constructor. data GetSecretValue GetSecretValue' :: Maybe Text -> Maybe Text -> Text -> GetSecretValue -- | Create a value of GetSecretValue with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- GetSecretValue, getSecretValue_versionId - The unique -- identifier of the version of the secret to retrieve. If you include -- both this parameter and VersionStage, the two parameters must -- refer to the same secret version. If you don't specify either a -- VersionStage or VersionId, then Secrets Manager -- returns the AWSCURRENT version. -- -- This value is typically a UUID-type value with 32 hexadecimal -- digits. -- -- $sel:versionStage:GetSecretValue', -- getSecretValue_versionStage - The staging label of the version -- of the secret to retrieve. -- -- Secrets Manager uses staging labels to keep track of different -- versions during the rotation process. If you include both this -- parameter and VersionId, the two parameters must refer to the -- same secret version. If you don't specify either a -- VersionStage or VersionId, Secrets Manager returns -- the AWSCURRENT version. -- -- $sel:secretId:GetSecretValue', getSecretValue_secretId - -- The ARN or name of the secret to retrieve. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newGetSecretValue :: Text -> GetSecretValue -- | See: newGetSecretValueResponse smart constructor. data GetSecretValueResponse GetSecretValueResponse' :: Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe (Sensitive Base64) -> Maybe (Sensitive Text) -> Maybe Text -> Maybe (NonEmpty Text) -> Int -> GetSecretValueResponse -- | Create a value of GetSecretValueResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- GetSecretValueResponse, getSecretValueResponse_arn - The -- ARN of the secret. -- -- GetSecretValueResponse, -- getSecretValueResponse_createdDate - The date and time that -- this version of the secret was created. If you don't specify which -- version in VersionId or VersionStage, then Secrets -- Manager uses the AWSCURRENT version. -- -- GetSecretValueResponse, getSecretValueResponse_name - -- The friendly name of the secret. -- -- $sel:secretBinary:GetSecretValueResponse', -- getSecretValueResponse_secretBinary - The decrypted secret -- value, if the secret value was originally provided as binary data in -- the form of a byte array. The response parameter represents the binary -- data as a base64-encoded string. -- -- If the secret was created by using the Secrets Manager console, or if -- the secret value was originally provided as a string, then this field -- is omitted. The secret value appears in SecretString -- instead.-- -- Note: This Lens automatically encodes -- and decodes Base64 data. -- The underlying isomorphism will encode to -- Base64 representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. -- -- $sel:secretString:GetSecretValueResponse', -- getSecretValueResponse_secretString - The decrypted secret -- value, if the secret value was originally provided as a string or -- through the Secrets Manager console. -- -- If this secret was created by using the console, then Secrets Manager -- stores the information as a JSON structure of key/value pairs. -- -- GetSecretValue, getSecretValueResponse_versionId - The -- unique identifier of this version of the secret. -- -- GetSecretValueResponse, -- getSecretValueResponse_versionStages - A list of all of the -- staging labels currently attached to this version of the secret. -- -- $sel:httpStatus:GetSecretValueResponse', -- getSecretValueResponse_httpStatus - The response's http status -- code. newGetSecretValueResponse :: Int -> GetSecretValueResponse -- | See: newListSecretVersionIds smart constructor. data ListSecretVersionIds ListSecretVersionIds' :: Maybe Bool -> Maybe Natural -> Maybe Text -> Text -> ListSecretVersionIds -- | Create a value of ListSecretVersionIds with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:includeDeprecated:ListSecretVersionIds', -- listSecretVersionIds_includeDeprecated - Specifies whether to -- include versions of secrets that don't have any staging labels -- attached to them. Versions without staging labels are considered -- deprecated and are subject to deletion by Secrets Manager. -- -- $sel:maxResults:ListSecretVersionIds', -- listSecretVersionIds_maxResults - The number of results to -- include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecretVersionIds again with the value from -- NextToken. -- -- ListSecretVersionIds, listSecretVersionIds_nextToken - A -- token that indicates where the output should continue from, if a -- previous call did not show all results. To get the next results, call -- ListSecretVersionIds again with this value. -- -- $sel:secretId:ListSecretVersionIds', -- listSecretVersionIds_secretId - The ARN or name of the secret -- whose versions you want to list. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newListSecretVersionIds :: Text -> ListSecretVersionIds -- | See: newListSecretVersionIdsResponse smart constructor. data ListSecretVersionIdsResponse ListSecretVersionIdsResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe [SecretVersionsListEntry] -> Int -> ListSecretVersionIdsResponse -- | Create a value of ListSecretVersionIdsResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- ListSecretVersionIdsResponse, -- listSecretVersionIdsResponse_arn - The ARN of the secret. -- -- ListSecretVersionIdsResponse, -- listSecretVersionIdsResponse_name - The name of the secret. -- -- ListSecretVersionIds, -- listSecretVersionIdsResponse_nextToken - Secrets Manager -- includes this value if there's more output available than what is -- included in the current response. This can occur even when the -- response includes no values at all, such as when you ask for a -- filtered view of a long list. To get the next results, call -- ListSecretVersionIds again with this value. -- -- $sel:versions:ListSecretVersionIdsResponse', -- listSecretVersionIdsResponse_versions - A list of the versions -- of the secret. -- -- $sel:httpStatus:ListSecretVersionIdsResponse', -- listSecretVersionIdsResponse_httpStatus - The response's http -- status code. newListSecretVersionIdsResponse :: Int -> ListSecretVersionIdsResponse -- | See: newListSecrets smart constructor. data ListSecrets ListSecrets' :: Maybe [Filter] -> Maybe Bool -> Maybe Natural -> Maybe Text -> Maybe SortOrderType -> ListSecrets -- | Create a value of ListSecrets with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:filters:ListSecrets', listSecrets_filters - The -- filters to apply to the list of secrets. -- -- $sel:includePlannedDeletion:ListSecrets', -- listSecrets_includePlannedDeletion - Undocumented member. -- -- $sel:maxResults:ListSecrets', listSecrets_maxResults - -- The number of results to include in the response. -- -- If there are more results available, in the response, Secrets Manager -- includes NextToken. To get the next results, call -- ListSecrets again with the value from NextToken. -- -- ListSecrets, listSecrets_nextToken - A token that -- indicates where the output should continue from, if a previous call -- did not show all results. To get the next results, call -- ListSecrets again with this value. -- -- $sel:sortOrder:ListSecrets', listSecrets_sortOrder - -- Secrets are listed by CreatedDate. newListSecrets :: ListSecrets -- | See: newListSecretsResponse smart constructor. data ListSecretsResponse ListSecretsResponse' :: Maybe Text -> Maybe [SecretListEntry] -> Int -> ListSecretsResponse -- | Create a value of ListSecretsResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- ListSecrets, listSecretsResponse_nextToken - Secrets -- Manager includes this value if there's more output available than what -- is included in the current response. This can occur even when the -- response includes no values at all, such as when you ask for a -- filtered view of a long list. To get the next results, call -- ListSecrets again with this value. -- -- $sel:secretList:ListSecretsResponse', -- listSecretsResponse_secretList - A list of the secrets in the -- account. -- -- $sel:httpStatus:ListSecretsResponse', -- listSecretsResponse_httpStatus - The response's http status -- code. newListSecretsResponse :: Int -> ListSecretsResponse -- | See: newPutResourcePolicy smart constructor. data PutResourcePolicy PutResourcePolicy' :: Maybe Bool -> Text -> Text -> PutResourcePolicy -- | Create a value of PutResourcePolicy with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:blockPublicPolicy:PutResourcePolicy', -- putResourcePolicy_blockPublicPolicy - Specifies whether to -- block resource-based policies that allow broad access to the secret, -- for example those that use a wildcard for the principal. -- -- $sel:secretId:PutResourcePolicy', -- putResourcePolicy_secretId - The ARN or name of the secret to -- attach the resource-based policy. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- $sel:resourcePolicy:PutResourcePolicy', -- putResourcePolicy_resourcePolicy - A JSON-formatted string for -- an Amazon Web Services resource-based policy. For example policies, -- see Permissions policy examples. newPutResourcePolicy :: Text -> Text -> PutResourcePolicy -- | See: newPutResourcePolicyResponse smart constructor. data PutResourcePolicyResponse PutResourcePolicyResponse' :: Maybe Text -> Maybe Text -> Int -> PutResourcePolicyResponse -- | Create a value of PutResourcePolicyResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- PutResourcePolicyResponse, putResourcePolicyResponse_arn -- - The ARN of the secret. -- -- PutResourcePolicyResponse, -- putResourcePolicyResponse_name - The name of the secret. -- -- $sel:httpStatus:PutResourcePolicyResponse', -- putResourcePolicyResponse_httpStatus - The response's http -- status code. newPutResourcePolicyResponse :: Int -> PutResourcePolicyResponse -- | See: newPutSecretValue smart constructor. data PutSecretValue PutSecretValue' :: Maybe Text -> Maybe (Sensitive Base64) -> Maybe (Sensitive Text) -> Maybe (NonEmpty Text) -> Text -> PutSecretValue -- | Create a value of PutSecretValue with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:clientRequestToken:PutSecretValue', -- putSecretValue_clientRequestToken - A unique identifier for the -- new version of the secret. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty because they generate a random UUID for you. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for new versions and include that -- value in the request. -- -- This value helps ensure idempotency. Secrets Manager uses this value -- to prevent the accidental creation of duplicate versions if there are -- failures and retries during the Lambda rotation function processing. -- We recommend that you generate a UUID-type value to ensure -- uniqueness within the specified secret. -- -- -- -- This value becomes the VersionId of the new version. -- -- $sel:secretBinary:PutSecretValue', -- putSecretValue_secretBinary - The binary data to encrypt and -- store in the new version of the secret. To use this parameter in the -- command-line tools, we recommend that you store your binary data in a -- file and then pass the contents of the file as a parameter. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- You can't access this value from the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. -- -- $sel:secretString:PutSecretValue', -- putSecretValue_secretString - The text to encrypt and store in -- the new version of the secret. -- -- You must include SecretBinary or SecretString, but -- not both. -- -- We recommend you create the secret string as JSON key/value pairs, as -- shown in the example. -- -- PutSecretValue, putSecretValue_versionStages - A list of -- staging labels to attach to this version of the secret. Secrets -- Manager uses staging labels to track versions of a secret through the -- rotation process. -- -- If you specify a staging label that's already associated with a -- different version of the same secret, then Secrets Manager removes the -- label from the other version and attaches it to this version. If you -- specify AWSCURRENT, and it is already attached to another -- version, then Secrets Manager also moves the staging label -- AWSPREVIOUS to the version that AWSCURRENT was -- removed from. -- -- If you don't include VersionStages, then Secrets Manager -- automatically moves the staging label AWSCURRENT to this -- version. -- -- $sel:secretId:PutSecretValue', putSecretValue_secretId - -- The ARN or name of the secret to add a new version to. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- If the secret doesn't already exist, use CreateSecret -- instead. newPutSecretValue :: Text -> PutSecretValue -- | See: newPutSecretValueResponse smart constructor. data PutSecretValueResponse PutSecretValueResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe (NonEmpty Text) -> Int -> PutSecretValueResponse -- | Create a value of PutSecretValueResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- PutSecretValueResponse, putSecretValueResponse_arn - The -- ARN of the secret. -- -- PutSecretValueResponse, putSecretValueResponse_name - -- The name of the secret. -- -- PutSecretValueResponse, putSecretValueResponse_versionId -- - The unique identifier of the version of the secret. -- -- PutSecretValue, putSecretValueResponse_versionStages - -- The list of staging labels that are currently attached to this version -- of the secret. Secrets Manager uses staging labels to track a version -- as it progresses through the secret rotation process. -- -- $sel:httpStatus:PutSecretValueResponse', -- putSecretValueResponse_httpStatus - The response's http status -- code. newPutSecretValueResponse :: Int -> PutSecretValueResponse -- | See: newRemoveRegionsFromReplication smart constructor. data RemoveRegionsFromReplication RemoveRegionsFromReplication' :: Text -> NonEmpty Text -> RemoveRegionsFromReplication -- | Create a value of RemoveRegionsFromReplication with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:RemoveRegionsFromReplication', -- removeRegionsFromReplication_secretId - The ARN or name of the -- secret. -- -- $sel:removeReplicaRegions:RemoveRegionsFromReplication', -- removeRegionsFromReplication_removeReplicaRegions - The Regions -- of the replicas to remove. newRemoveRegionsFromReplication :: Text -> NonEmpty Text -> RemoveRegionsFromReplication -- | See: newRemoveRegionsFromReplicationResponse smart -- constructor. data RemoveRegionsFromReplicationResponse RemoveRegionsFromReplicationResponse' :: Maybe Text -> Maybe [ReplicationStatusType] -> Int -> RemoveRegionsFromReplicationResponse -- | Create a value of RemoveRegionsFromReplicationResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- RemoveRegionsFromReplicationResponse, -- removeRegionsFromReplicationResponse_arn - The ARN of the -- primary secret. -- -- $sel:replicationStatus:RemoveRegionsFromReplicationResponse', -- removeRegionsFromReplicationResponse_replicationStatus - The -- status of replicas for this secret after you remove Regions. -- -- $sel:httpStatus:RemoveRegionsFromReplicationResponse', -- removeRegionsFromReplicationResponse_httpStatus - The -- response's http status code. newRemoveRegionsFromReplicationResponse :: Int -> RemoveRegionsFromReplicationResponse -- | See: newReplicateSecretToRegions smart constructor. data ReplicateSecretToRegions ReplicateSecretToRegions' :: Maybe Bool -> Text -> NonEmpty ReplicaRegionType -> ReplicateSecretToRegions -- | Create a value of ReplicateSecretToRegions with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:forceOverwriteReplicaSecret:ReplicateSecretToRegions', -- replicateSecretToRegions_forceOverwriteReplicaSecret - -- Specifies whether to overwrite a secret with the same name in the -- destination Region. -- -- $sel:secretId:ReplicateSecretToRegions', -- replicateSecretToRegions_secretId - The ARN or name of the -- secret to replicate. -- -- $sel:addReplicaRegions:ReplicateSecretToRegions', -- replicateSecretToRegions_addReplicaRegions - A list of Regions -- in which to replicate the secret. newReplicateSecretToRegions :: Text -> NonEmpty ReplicaRegionType -> ReplicateSecretToRegions -- | See: newReplicateSecretToRegionsResponse smart -- constructor. data ReplicateSecretToRegionsResponse ReplicateSecretToRegionsResponse' :: Maybe Text -> Maybe [ReplicationStatusType] -> Int -> ReplicateSecretToRegionsResponse -- | Create a value of ReplicateSecretToRegionsResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- ReplicateSecretToRegionsResponse, -- replicateSecretToRegionsResponse_arn - The ARN of the primary -- secret. -- -- $sel:replicationStatus:ReplicateSecretToRegionsResponse', -- replicateSecretToRegionsResponse_replicationStatus - The status -- of replication. -- -- $sel:httpStatus:ReplicateSecretToRegionsResponse', -- replicateSecretToRegionsResponse_httpStatus - The response's -- http status code. newReplicateSecretToRegionsResponse :: Int -> ReplicateSecretToRegionsResponse -- | See: newRestoreSecret smart constructor. data RestoreSecret RestoreSecret' :: Text -> RestoreSecret -- | Create a value of RestoreSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:RestoreSecret', restoreSecret_secretId - -- The ARN or name of the secret to restore. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newRestoreSecret :: Text -> RestoreSecret -- | See: newRestoreSecretResponse smart constructor. data RestoreSecretResponse RestoreSecretResponse' :: Maybe Text -> Maybe Text -> Int -> RestoreSecretResponse -- | Create a value of RestoreSecretResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- RestoreSecretResponse, restoreSecretResponse_arn - The -- ARN of the secret that was restored. -- -- RestoreSecretResponse, restoreSecretResponse_name - The -- name of the secret that was restored. -- -- $sel:httpStatus:RestoreSecretResponse', -- restoreSecretResponse_httpStatus - The response's http status -- code. newRestoreSecretResponse :: Int -> RestoreSecretResponse -- | See: newRotateSecret smart constructor. data RotateSecret RotateSecret' :: Maybe Text -> Maybe Bool -> Maybe Text -> Maybe RotationRulesType -> Text -> RotateSecret -- | Create a value of RotateSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:clientRequestToken:RotateSecret', -- rotateSecret_clientRequestToken - A unique identifier for the -- new version of the secret that helps ensure idempotency. Secrets -- Manager uses this value to prevent the accidental creation of -- duplicate versions if there are failures and retries during rotation. -- This value becomes the VersionId of the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDK to call this operation, then you can leave this parameter -- empty. The CLI or SDK generates a random UUID for you and includes -- that in the request for this parameter. If you don't use the SDK and -- instead generate a raw HTTP request to the Secrets Manager service -- endpoint, then you must generate a ClientRequestToken -- yourself for new versions and include that value in the request. -- -- You only need to specify this value if you implement your own retry -- logic and you want to ensure that Secrets Manager doesn't attempt to -- create a secret version twice. We recommend that you generate a -- UUID-type value to ensure uniqueness within the specified -- secret. -- -- $sel:rotateImmediately:RotateSecret', -- rotateSecret_rotateImmediately - Specifies whether to rotate -- the secret immediately or wait until the next scheduled rotation -- window. The rotation schedule is defined in -- RotateSecretRequest$RotationRules. -- -- If you don't immediately rotate the secret, Secrets Manager tests the -- rotation configuration by running the testSecret step of the -- Lambda rotation function. The test creates an AWSPENDING -- version of the secret and then removes it. -- -- If you don't specify this value, then by default, Secrets Manager -- rotates the secret immediately. -- -- RotateSecret, rotateSecret_rotationLambdaARN - The ARN -- of the Lambda rotation function that can rotate the secret. -- -- RotateSecret, rotateSecret_rotationRules - A structure -- that defines the rotation configuration for this secret. -- -- $sel:secretId:RotateSecret', rotateSecret_secretId - The -- ARN or name of the secret to rotate. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newRotateSecret :: Text -> RotateSecret -- | See: newRotateSecretResponse smart constructor. data RotateSecretResponse RotateSecretResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Int -> RotateSecretResponse -- | Create a value of RotateSecretResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- RotateSecretResponse, rotateSecretResponse_arn - The ARN -- of the secret. -- -- RotateSecretResponse, rotateSecretResponse_name - The -- name of the secret. -- -- RotateSecretResponse, rotateSecretResponse_versionId - -- The ID of the new version of the secret. -- -- $sel:httpStatus:RotateSecretResponse', -- rotateSecretResponse_httpStatus - The response's http status -- code. newRotateSecretResponse :: Int -> RotateSecretResponse -- | See: newStopReplicationToReplica smart constructor. data StopReplicationToReplica StopReplicationToReplica' :: Text -> StopReplicationToReplica -- | Create a value of StopReplicationToReplica with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:StopReplicationToReplica', -- stopReplicationToReplica_secretId - The ARN of the primary -- secret. newStopReplicationToReplica :: Text -> StopReplicationToReplica -- | See: newStopReplicationToReplicaResponse smart -- constructor. data StopReplicationToReplicaResponse StopReplicationToReplicaResponse' :: Maybe Text -> Int -> StopReplicationToReplicaResponse -- | Create a value of StopReplicationToReplicaResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- StopReplicationToReplicaResponse, -- stopReplicationToReplicaResponse_arn - The ARN of the promoted -- secret. The ARN is the same as the original primary secret except the -- Region is changed. -- -- $sel:httpStatus:StopReplicationToReplicaResponse', -- stopReplicationToReplicaResponse_httpStatus - The response's -- http status code. newStopReplicationToReplicaResponse :: Int -> StopReplicationToReplicaResponse -- | See: newTagResource smart constructor. data TagResource TagResource' :: Text -> [Tag] -> TagResource -- | Create a value of TagResource with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:TagResource', tagResource_secretId - The -- identifier for the secret to attach tags to. You can specify either -- the Amazon Resource Name (ARN) or the friendly name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- TagResource, tagResource_tags - The tags to attach to -- the secret as a JSON text string argument. Each element in the list -- consists of a Key and a Value. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. newTagResource :: Text -> TagResource -- | See: newTagResourceResponse smart constructor. data TagResourceResponse TagResourceResponse' :: TagResourceResponse -- | Create a value of TagResourceResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. newTagResourceResponse :: TagResourceResponse -- | See: newUntagResource smart constructor. data UntagResource UntagResource' :: Text -> [Text] -> UntagResource -- | Create a value of UntagResource with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:UntagResource', untagResource_secretId - -- The ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- $sel:tagKeys:UntagResource', untagResource_tagKeys - A -- list of tag key names to remove from the secret. You don't specify the -- value. Both the key and its associated value are removed. -- -- This parameter requires a JSON text string argument. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key/value pairs. For more information, see -- Specifying parameter values for the Amazon Web Services CLI in -- the Amazon Web Services CLI User Guide. newUntagResource :: Text -> UntagResource -- | See: newUntagResourceResponse smart constructor. data UntagResourceResponse UntagResourceResponse' :: UntagResourceResponse -- | Create a value of UntagResourceResponse with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. newUntagResourceResponse :: UntagResourceResponse -- | See: newUpdateSecret smart constructor. data UpdateSecret UpdateSecret' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe (Sensitive Base64) -> Maybe (Sensitive Text) -> Text -> UpdateSecret -- | Create a value of UpdateSecret with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:clientRequestToken:UpdateSecret', -- updateSecret_clientRequestToken - If you include -- SecretString or SecretBinary, then Secrets Manager -- creates a new version for the secret, and this parameter specifies the -- unique identifier for the new version. -- -- If you use the Amazon Web Services CLI or one of the Amazon Web -- Services SDKs to call this operation, then you can leave this -- parameter empty. The CLI or SDK generates a random UUID for you and -- includes it as the value for this parameter in the request. If you -- don't use the SDK and instead generate a raw HTTP request to the -- Secrets Manager service endpoint, then you must generate a -- ClientRequestToken yourself for the new version and include -- the value in the request. -- -- This value becomes the VersionId of the new version. -- -- UpdateSecret, updateSecret_description - The description -- of the secret. -- -- UpdateSecret, updateSecret_kmsKeyId - The ARN, key ID, -- or alias of the KMS key that Secrets Manager uses to encrypt new -- secret versions as well as any existing versions with the staging -- labels AWSCURRENT, AWSPENDING, or -- AWSPREVIOUS. For more information about versions and staging -- labels, see Concepts: Version. -- -- A key alias is always prefixed by alias/, for example -- alias/aws/secretsmanager. For more information, see About -- aliases. -- -- If you set this to an empty string, Secrets Manager uses the Amazon -- Web Services managed key aws/secretsmanager. If this key -- doesn't already exist in your account, then Secrets Manager creates it -- for you automatically. All users and roles in the Amazon Web Services -- account automatically have access to use aws/secretsmanager. -- Creating aws/secretsmanager can result in a one-time -- significant delay in returning the result. -- -- You can only use the Amazon Web Services managed key -- aws/secretsmanager if you call this operation using -- credentials from the same Amazon Web Services account that owns the -- secret. If the secret is in a different account, then you must use a -- customer managed key and provide the ARN of that KMS key in this -- field. The user making the call must have permissions to both the -- secret and the KMS key in their respective accounts. -- -- $sel:secretBinary:UpdateSecret', -- updateSecret_secretBinary - The binary data to encrypt and -- store in the new version of the secret. We recommend that you store -- your binary data in a file and then pass the contents of the file as a -- parameter. -- -- Either SecretBinary or SecretString must have a -- value, but not both. -- -- You can't access this parameter in the Secrets Manager console.-- -- -- Note: This Lens automatically encodes and decodes -- Base64 data. -- The underlying isomorphism will encode to Base64 -- representation during -- serialisation, and decode from Base64 -- representation during deserialisation. -- This Lens accepts -- and returns only raw unencoded data. -- -- $sel:secretString:UpdateSecret', -- updateSecret_secretString - The text data to encrypt and store -- in the new version of the secret. We recommend you use a JSON -- structure of key/value pairs for your secret value. -- -- Either SecretBinary or SecretString must have a -- value, but not both. -- -- $sel:secretId:UpdateSecret', updateSecret_secretId - The -- ARN or name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. newUpdateSecret :: Text -> UpdateSecret -- | See: newUpdateSecretResponse smart constructor. data UpdateSecretResponse UpdateSecretResponse' :: Maybe Text -> Maybe Text -> Maybe Text -> Int -> UpdateSecretResponse -- | Create a value of UpdateSecretResponse with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- UpdateSecretResponse, updateSecretResponse_arn - The ARN -- of the secret that was updated. -- -- UpdateSecretResponse, updateSecretResponse_name - The -- name of the secret that was updated. -- -- UpdateSecretResponse, updateSecretResponse_versionId - -- If Secrets Manager created a new version of the secret during this -- operation, then VersionId contains the unique identifier of -- the new version. -- -- $sel:httpStatus:UpdateSecretResponse', -- updateSecretResponse_httpStatus - The response's http status -- code. newUpdateSecretResponse :: Int -> UpdateSecretResponse -- | See: newUpdateSecretVersionStage smart constructor. data UpdateSecretVersionStage UpdateSecretVersionStage' :: Maybe Text -> Maybe Text -> Text -> Text -> UpdateSecretVersionStage -- | Create a value of UpdateSecretVersionStage with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:moveToVersionId:UpdateSecretVersionStage', -- updateSecretVersionStage_moveToVersionId - The ID of the -- version to add the staging label to. To remove a label from a version, -- then do not specify this parameter. -- -- If the staging label is already attached to a different version of the -- secret, then you must also specify the RemoveFromVersionId -- parameter. -- -- $sel:removeFromVersionId:UpdateSecretVersionStage', -- updateSecretVersionStage_removeFromVersionId - The ID of the -- version that the staging label is to be removed from. If the staging -- label you are trying to attach to one version is already attached to a -- different version, then you must include this parameter and specify -- the version that the label is to be removed from. If the label is -- attached and you either do not specify this parameter, or the version -- ID does not match, then the operation fails. -- -- $sel:secretId:UpdateSecretVersionStage', -- updateSecretVersionStage_secretId - The ARN or the name of the -- secret with the version and staging labelsto modify. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See Finding a secret from a partial ARN. -- -- $sel:versionStage:UpdateSecretVersionStage', -- updateSecretVersionStage_versionStage - The staging label to -- add to this version. newUpdateSecretVersionStage :: Text -> Text -> UpdateSecretVersionStage -- | See: newUpdateSecretVersionStageResponse smart -- constructor. data UpdateSecretVersionStageResponse UpdateSecretVersionStageResponse' :: Maybe Text -> Maybe Text -> Int -> UpdateSecretVersionStageResponse -- | Create a value of UpdateSecretVersionStageResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- UpdateSecretVersionStageResponse, -- updateSecretVersionStageResponse_arn - The ARN of the secret -- that was updated. -- -- UpdateSecretVersionStageResponse, -- updateSecretVersionStageResponse_name - The name of the secret -- that was updated. -- -- $sel:httpStatus:UpdateSecretVersionStageResponse', -- updateSecretVersionStageResponse_httpStatus - The response's -- http status code. newUpdateSecretVersionStageResponse :: Int -> UpdateSecretVersionStageResponse -- | See: newValidateResourcePolicy smart constructor. data ValidateResourcePolicy ValidateResourcePolicy' :: Maybe Text -> Text -> ValidateResourcePolicy -- | Create a value of ValidateResourcePolicy with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:secretId:ValidateResourcePolicy', -- validateResourcePolicy_secretId - This field is reserved for -- internal use. -- -- $sel:resourcePolicy:ValidateResourcePolicy', -- validateResourcePolicy_resourcePolicy - A JSON-formatted string -- that contains an Amazon Web Services resource-based policy. The policy -- in the string identifies who can access or manage this secret and its -- versions. For example policies, see Permissions policy -- examples. newValidateResourcePolicy :: Text -> ValidateResourcePolicy -- | See: newValidateResourcePolicyResponse smart -- constructor. data ValidateResourcePolicyResponse ValidateResourcePolicyResponse' :: Maybe Bool -> Maybe [ValidationErrorsEntry] -> Int -> ValidateResourcePolicyResponse -- | Create a value of ValidateResourcePolicyResponse with all -- optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:policyValidationPassed:ValidateResourcePolicyResponse', -- validateResourcePolicyResponse_policyValidationPassed - True if -- your policy passes validation, otherwise false. -- -- $sel:validationErrors:ValidateResourcePolicyResponse', -- validateResourcePolicyResponse_validationErrors - Validation -- errors if your policy didn't pass validation. -- -- $sel:httpStatus:ValidateResourcePolicyResponse', -- validateResourcePolicyResponse_httpStatus - The response's http -- status code. newValidateResourcePolicyResponse :: Int -> ValidateResourcePolicyResponse newtype FilterNameStringType FilterNameStringType' :: Text -> FilterNameStringType [fromFilterNameStringType] :: FilterNameStringType -> Text pattern FilterNameStringType_All :: FilterNameStringType pattern FilterNameStringType_Description :: FilterNameStringType pattern FilterNameStringType_Name :: FilterNameStringType pattern FilterNameStringType_Owning_service :: FilterNameStringType pattern FilterNameStringType_Primary_region :: FilterNameStringType pattern FilterNameStringType_Tag_key :: FilterNameStringType pattern FilterNameStringType_Tag_value :: FilterNameStringType newtype SortOrderType SortOrderType' :: Text -> SortOrderType [fromSortOrderType] :: SortOrderType -> Text pattern SortOrderType_Asc :: SortOrderType pattern SortOrderType_Desc :: SortOrderType newtype StatusType StatusType' :: Text -> StatusType [fromStatusType] :: StatusType -> Text pattern StatusType_Failed :: StatusType pattern StatusType_InProgress :: StatusType pattern StatusType_InSync :: StatusType -- | Allows you to add filters when you use the search function in Secrets -- Manager. For more information, see Find secrets in Secrets -- Manager. -- -- See: newFilter smart constructor. data Filter Filter' :: Maybe FilterNameStringType -> Maybe (NonEmpty Text) -> Filter -- | Create a value of Filter with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:key:Filter', filter_key - The following are keys -- you can use: -- -- -- -- $sel:values:Filter', filter_values - The keyword to -- filter for. -- -- You can prefix your search value with an exclamation mark (!) -- in order to perform negation filters. newFilter :: Filter -- | A custom type that specifies a Region and the -- KmsKeyId for a replica secret. -- -- See: newReplicaRegionType smart constructor. data ReplicaRegionType ReplicaRegionType' :: Maybe Text -> Maybe Text -> ReplicaRegionType -- | Create a value of ReplicaRegionType with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:kmsKeyId:ReplicaRegionType', -- replicaRegionType_kmsKeyId - The ARN, key ID, or alias of the -- KMS key to encrypt the secret. If you don't include this field, -- Secrets Manager uses aws/secretsmanager. -- -- $sel:region:ReplicaRegionType', replicaRegionType_region -- - A Region code. For a list of Region codes, see Name and code of -- Regions. newReplicaRegionType :: ReplicaRegionType -- | A replication object consisting of a RegionReplicationStatus -- object and includes a Region, KMSKeyId, status, and status message. -- -- See: newReplicationStatusType smart constructor. data ReplicationStatusType ReplicationStatusType' :: Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe StatusType -> Maybe Text -> ReplicationStatusType -- | Create a value of ReplicationStatusType with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:kmsKeyId:ReplicationStatusType', -- replicationStatusType_kmsKeyId - Can be an ARN, -- Key ID, or Alias. -- -- $sel:lastAccessedDate:ReplicationStatusType', -- replicationStatusType_lastAccessedDate - The date that the -- secret was last accessed in the Region. This field is omitted if the -- secret has never been retrieved in the Region. -- -- $sel:region:ReplicationStatusType', -- replicationStatusType_region - The Region where replication -- occurs. -- -- $sel:status:ReplicationStatusType', -- replicationStatusType_status - The status can be -- InProgress, Failed, or InSync. -- -- $sel:statusMessage:ReplicationStatusType', -- replicationStatusType_statusMessage - Status message such as -- "/Secret with this name already exists in this region/". newReplicationStatusType :: ReplicationStatusType -- | A structure that defines the rotation configuration for the secret. -- -- See: newRotationRulesType smart constructor. data RotationRulesType RotationRulesType' :: Maybe Natural -> Maybe Text -> Maybe Text -> RotationRulesType -- | Create a value of RotationRulesType with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:automaticallyAfterDays:RotationRulesType', -- rotationRulesType_automaticallyAfterDays - The number of days -- between automatic scheduled rotations of the secret. You can use this -- value to check that your secret meets your compliance guidelines for -- how often secrets must be rotated. -- -- In DescribeSecret and ListSecrets, this value is -- calculated from the rotation schedule after every successful rotation. -- In RotateSecret, you can set the rotation schedule in -- RotationRules with AutomaticallyAfterDays or -- ScheduleExpression, but not both. To set a rotation schedule -- in hours, use ScheduleExpression. -- -- $sel:duration:RotationRulesType', -- rotationRulesType_duration - The length of the rotation window -- in hours, for example 3h for a three hour window. Secrets -- Manager rotates your secret at any time during this window. The window -- must not extend into the next rotation window or the next UTC day. The -- window starts according to the ScheduleExpression. If you -- don't specify a Duration, for a ScheduleExpression -- in hours, the window automatically closes after one hour. For a -- ScheduleExpression in days, the window automatically closes -- at the end of the UTC day. For more information, including examples, -- see Schedule expressions in Secrets Manager rotation in the -- Secrets Manager Users Guide. -- -- $sel:scheduleExpression:RotationRulesType', -- rotationRulesType_scheduleExpression - A cron() or -- rate() expression that defines the schedule for rotating your -- secret. Secrets Manager rotation schedules use UTC time zone. Secrets -- Manager rotates your secret any time during a rotation window. -- -- Secrets Manager rate() expressions represent the interval in -- hours or days that you want to rotate your secret, for example -- rate(12 hours) or rate(10 days). You can rotate a -- secret as often as every four hours. If you use a rate() -- expression, the rotation window starts at midnight. For a rate in -- hours, the default rotation window closes after one hour. For a rate -- in days, the default rotation window closes at the end of the day. You -- can set the Duration to change the rotation window. The -- rotation window must not extend into the next UTC day or into the next -- rotation window. -- -- You can use a cron() expression to create a rotation schedule -- that is more detailed than a rotation interval. For more information, -- including examples, see Schedule expressions in Secrets Manager -- rotation in the Secrets Manager Users Guide. For a cron -- expression that represents a schedule in hours, the default rotation -- window closes after one hour. For a cron expression that represents a -- schedule in days, the default rotation window closes at the end of the -- day. You can set the Duration to change the rotation window. -- The rotation window must not extend into the next UTC day or into the -- next rotation window. newRotationRulesType :: RotationRulesType -- | A structure that contains the details about a secret. It does not -- include the encrypted SecretString and SecretBinary -- values. To get those values, use GetSecretValue . -- -- See: newSecretListEntry smart constructor. data SecretListEntry SecretListEntry' :: Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe RotationRulesType -> Maybe (HashMap Text (NonEmpty Text)) -> Maybe [Tag] -> SecretListEntry -- | Create a value of SecretListEntry with all optional fields -- omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:arn:SecretListEntry', secretListEntry_arn - The -- Amazon Resource Name (ARN) of the secret. -- -- $sel:createdDate:SecretListEntry', -- secretListEntry_createdDate - The date and time when a secret -- was created. -- -- $sel:deletedDate:SecretListEntry', -- secretListEntry_deletedDate - The date and time the deletion of -- the secret occurred. Not present on active secrets. The secret can be -- recovered until the number of days in the recovery window has passed, -- as specified in the RecoveryWindowInDays parameter of the -- DeleteSecret operation. -- -- $sel:description:SecretListEntry', -- secretListEntry_description - The user-provided description of -- the secret. -- -- $sel:kmsKeyId:SecretListEntry', secretListEntry_kmsKeyId -- - The ARN of the KMS key that Secrets Manager uses to encrypt the -- secret value. If the secret is encrypted with the Amazon Web Services -- managed key aws/secretsmanager, this field is omitted. -- -- $sel:lastAccessedDate:SecretListEntry', -- secretListEntry_lastAccessedDate - The date that the secret was -- last accessed in the Region. This field is omitted if the secret has -- never been retrieved in the Region. -- -- $sel:lastChangedDate:SecretListEntry', -- secretListEntry_lastChangedDate - The last date and time that -- this secret was modified in any way. -- -- $sel:lastRotatedDate:SecretListEntry', -- secretListEntry_lastRotatedDate - The most recent date and time -- that the Secrets Manager rotation process was successfully completed. -- This value is null if the secret hasn't ever rotated. -- -- $sel:name:SecretListEntry', secretListEntry_name - The -- friendly name of the secret. You can use forward slashes in the name -- to represent a path hierarchy. For example, -- /prod/databases/dbserver1 could represent the secret for a -- server named dbserver1 in the folder databases in -- the folder prod. -- -- $sel:nextRotationDate:SecretListEntry', -- secretListEntry_nextRotationDate - Undocumented member. -- -- $sel:owningService:SecretListEntry', -- secretListEntry_owningService - Returns the name of the service -- that created the secret. -- -- $sel:primaryRegion:SecretListEntry', -- secretListEntry_primaryRegion - The Region where Secrets -- Manager originated the secret. -- -- $sel:rotationEnabled:SecretListEntry', -- secretListEntry_rotationEnabled - Indicates whether automatic, -- scheduled rotation is enabled for this secret. -- -- $sel:rotationLambdaARN:SecretListEntry', -- secretListEntry_rotationLambdaARN - The ARN of an Amazon Web -- Services Lambda function invoked by Secrets Manager to rotate and -- expire the secret either automatically per the schedule or manually by -- a call to RotateSecret . -- -- $sel:rotationRules:SecretListEntry', -- secretListEntry_rotationRules - A structure that defines the -- rotation configuration for the secret. -- -- $sel:secretVersionsToStages:SecretListEntry', -- secretListEntry_secretVersionsToStages - A list of all of the -- currently assigned SecretVersionStage staging labels and the -- SecretVersionId attached to each one. Staging labels are used -- to keep track of the different versions during the rotation process. -- -- A version that does not have any SecretVersionStage is -- considered deprecated and subject to deletion. Such versions are not -- included in this list. -- -- $sel:tags:SecretListEntry', secretListEntry_tags - The -- list of user-defined tags associated with the secret. To add tags to a -- secret, use TagResource . To remove tags, use -- UntagResource . newSecretListEntry :: SecretListEntry -- | A structure that contains information about one version of a secret. -- -- See: newSecretVersionsListEntry smart constructor. data SecretVersionsListEntry SecretVersionsListEntry' :: Maybe POSIX -> Maybe [Text] -> Maybe POSIX -> Maybe Text -> Maybe (NonEmpty Text) -> SecretVersionsListEntry -- | Create a value of SecretVersionsListEntry with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:createdDate:SecretVersionsListEntry', -- secretVersionsListEntry_createdDate - The date and time this -- version of the secret was created. -- -- $sel:kmsKeyIds:SecretVersionsListEntry', -- secretVersionsListEntry_kmsKeyIds - The KMS keys used to -- encrypt the secret version. -- -- $sel:lastAccessedDate:SecretVersionsListEntry', -- secretVersionsListEntry_lastAccessedDate - The date that this -- version of the secret was last accessed. Note that the resolution of -- this field is at the date level and does not include the time. -- -- $sel:versionId:SecretVersionsListEntry', -- secretVersionsListEntry_versionId - The unique version -- identifier of this version of the secret. -- -- $sel:versionStages:SecretVersionsListEntry', -- secretVersionsListEntry_versionStages - An array of staging -- labels that are currently associated with this version of the secret. newSecretVersionsListEntry :: SecretVersionsListEntry -- | A structure that contains information about a tag. -- -- See: newTag smart constructor. data Tag Tag' :: Maybe Text -> Maybe Text -> Tag -- | Create a value of Tag with all optional fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:key:Tag', tag_key - The key identifier, or name, of -- the tag. -- -- $sel:value:Tag', tag_value - The string value associated -- with the key of the tag. newTag :: Tag -- | Displays errors that occurred during validation of the resource -- policy. -- -- See: newValidationErrorsEntry smart constructor. data ValidationErrorsEntry ValidationErrorsEntry' :: Maybe Text -> Maybe Text -> ValidationErrorsEntry -- | Create a value of ValidationErrorsEntry with all optional -- fields omitted. -- -- Use generic-lens or optics to modify other optional -- fields. -- -- The following record fields are available, with the corresponding -- lenses provided for backwards compatibility: -- -- $sel:checkName:ValidationErrorsEntry', -- validationErrorsEntry_checkName - Checks the name of the -- policy. -- -- $sel:errorMessage:ValidationErrorsEntry', -- validationErrorsEntry_errorMessage - Displays error messages if -- validation encounters problems during validation of the resource -- policy. newValidationErrorsEntry :: ValidationErrorsEntry