secretsmanager

type AuthResolverParameters struct {
	// The name of the operation being invoked.
	Operation string

	// The region in which the operation is being invoked.
	Region string
}

type AuthSchemeResolver interface {
	ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}

type BatchGetSecretValueAPIClient interface {
	BatchGetSecretValue(context.Context, *BatchGetSecretValueInput, ...func(*Options)) (*BatchGetSecretValueOutput, error)
}

type BatchGetSecretValueInput struct {

	// The filters to choose which secrets to retrieve. You must include Filters or
	// SecretIdList , but not both.
	Filters []types.Filter

	// The number of results to include in the response. If there are more results
	// available, in the response, Secrets Manager includes NextToken . To get the next
	// results, call BatchGetSecretValue again with the value from NextToken . To use
	// this parameter, you must also use the Filters parameter.
	MaxResults *int32

	// A token that indicates where the output should continue from, if a previous
	// call did not show all results. To get the next results, call BatchGetSecretValue
	// again with this value.
	NextToken *string

	// The ARN or names of the secrets to retrieve. You must include Filters or
	// SecretIdList , but not both.
	SecretIdList []string
	// contains filtered or unexported fields
}

type BatchGetSecretValueOutput struct {

	// A list of errors Secrets Manager encountered while attempting to retrieve
	// individual secrets.
	Errors []types.APIErrorType

	// Secrets Manager includes this value if there's more output available than what
	// is included in the current response. This can occur even when the response
	// includes no values at all, such as when you ask for a filtered view of a long
	// list. To get the next results, call BatchGetSecretValue again with this value.
	NextToken *string

	// A list of secret values.
	SecretValues []types.SecretValueEntry

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type BatchGetSecretValuePaginator struct {
	// contains filtered or unexported fields
}

type BatchGetSecretValuePaginatorOptions struct {
	// The number of results to include in the response. If there are more results
	// available, in the response, Secrets Manager includes NextToken . To get the next
	// results, call BatchGetSecretValue again with the value from NextToken . To use
	// this parameter, you must also use the Filters parameter.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

type CancelRotateSecretInput struct {

	// The ARN or name of the secret. For an ARN, we recommend that you specify a
	// complete ARN rather than a partial ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string
	// contains filtered or unexported fields
}

type CancelRotateSecretOutput struct {

	// The ARN of the secret.
	ARN *string

	// The name of the secret.
	Name *string

	// The unique identifier of the version of the secret created during the rotation.
	// This version might not be complete, and should be evaluated for possible
	// deletion. We recommend that you remove the VersionStage value AWSPENDING from
	// this version so that Secrets Manager can delete it. Failing to clean up a
	// cancelled rotation can block you from starting future rotations.
	VersionId *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type Client struct {
	// contains filtered or unexported fields
}

type CreateSecretInput struct {

	// The name of the new secret. The secret name can contain ASCII letters, numbers,
	// and the following characters: /_+=.@- Do not end your secret name with a hyphen
	// followed by six characters. If you do so, you risk confusion and unexpected
	// results when searching for a secret by partial ARN. Secrets Manager
	// automatically adds a hyphen and six random characters after the secret name at
	// the end of the ARN.
	//
	// This member is required.
	Name *string

	// A list of Regions and KMS keys to replicate secrets.
	AddReplicaRegions []types.ReplicaRegionType

	// If you include SecretString or SecretBinary , then Secrets Manager creates an
	// initial version for the secret, and this parameter specifies the unique
	// identifier for the new version. If you use the Amazon Web Services CLI or one of
	// the Amazon Web Services SDKs to call this operation, then you can leave this
	// parameter empty. The CLI or SDK generates a random UUID for you and includes it
	// as the value for this parameter in the request. If you generate a raw HTTP
	// request to the Secrets Manager service endpoint, then you must generate a
	// ClientRequestToken and include it in the request. This value helps ensure
	// idempotency. Secrets Manager uses this value to prevent the accidental creation
	// of duplicate versions if there are failures and retries during a rotation. We
	// recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value to ensure uniqueness of your versions within the specified secret.
	//   - If the ClientRequestToken value isn't already associated with a version of
	//   the secret then a new version of the secret is created.
	//   - If a version with this value already exists and the version SecretString and
	//   SecretBinary values are the same as those in the request, then the request is
	//   ignored.
	//   - If a version with this value already exists and that version's SecretString
	//   and SecretBinary values are different from those in the request, then the
	//   request fails because you cannot modify an existing version. Instead, use
	//   PutSecretValue to create a new version.
	// This value becomes the VersionId of the new version.
	ClientRequestToken *string

	// The description of the secret.
	Description *string

	// Specifies whether to overwrite a secret with the same name in the destination
	// Region. By default, secrets aren't overwritten.
	ForceOverwriteReplicaSecret bool

	// The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt
	// the secret value in the secret. An alias is always prefixed by alias/ , for
	// example alias/aws/secretsmanager . For more information, see About aliases (https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html)
	// . To use a KMS key in a different account, use the key ARN or the alias ARN. If
	// you don't specify this value, then Secrets Manager uses the key
	// aws/secretsmanager . If that key doesn't yet exist, then Secrets Manager creates
	// it for you automatically the first time it encrypts the secret value. If the
	// secret is in a different Amazon Web Services account from the credentials
	// calling the API, then you can't use aws/secretsmanager to encrypt the secret,
	// and you must create and use a customer managed KMS key.
	KmsKeyId *string

	// The binary data to encrypt and store in the new version of the secret. We
	// recommend that you store your binary data in a file and then pass the contents
	// of the file as a parameter. Either SecretString or SecretBinary must have a
	// value, but not both. This parameter is not available in the Secrets Manager
	// console.
	SecretBinary []byte

	// The text data to encrypt and store in this new version of the secret. We
	// recommend you use a JSON structure of key/value pairs for your secret value.
	// Either SecretString or SecretBinary must have a value, but not both. If you
	// create a secret by using the Secrets Manager console then Secrets Manager puts
	// the protected secret text in only the SecretString parameter. The Secrets
	// Manager console stores the information as a JSON structure of key/value pairs
	// that a Lambda rotation function can parse.
	SecretString *string

	// A list of tags to attach to the secret. Each tag is a key and value pair of
	// strings in a JSON text string, for example:
	// [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
	// Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a
	// different tag from one with key "abc". If you check tags in permissions policies
	// as part of your security strategy, then adding or removing a tag can change
	// permissions. If the completion of this operation would result in you losing your
	// permissions for this secret, then Secrets Manager blocks the operation and
	// returns an Access Denied error. For more information, see Control access to
	// secrets using tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac)
	// and Limit access to identities with tags that match secrets' tags (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2)
	// . For information about how to format a JSON parameter for the various command
	// line tool environments, see Using JSON for Parameters (https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json)
	// . If your command-line tool or SDK requires quotation marks around the
	// parameter, you should use single quotes to avoid confusion with the double
	// quotes required in the JSON text. For tag quotas and naming restrictions, see
	// Service quotas for Tagging (https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas)
	// in the Amazon Web Services General Reference guide.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type CreateSecretOutput struct {

	// The ARN of the new secret. The ARN includes the name of the secret followed by
	// six random characters. This ensures that if you create a new secret with the
	// same name as a deleted secret, then users with access to the old secret don't
	// get access to the new secret because the ARNs are different.
	ARN *string

	// The name of the new secret.
	Name *string

	// A list of the replicas of this secret and their status:
	//   - Failed , which indicates that the replica was not created.
	//   - InProgress , which indicates that Secrets Manager is in the process of
	//   creating the replica.
	//   - InSync , which indicates that the replica was created.
	ReplicationStatus []types.ReplicationStatusType

	// The unique identifier associated with the version of the new secret.
	VersionId *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteResourcePolicyInput struct {

	// The ARN or name of the secret to delete the attached resource-based policy for.
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string
	// contains filtered or unexported fields
}

type DeleteResourcePolicyOutput struct {

	// The ARN of the secret that the resource-based policy was deleted for.
	ARN *string

	// The name of the secret that the resource-based policy was deleted for.
	Name *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteSecretInput struct {

	// The ARN or name of the secret to delete. For an ARN, we recommend that you
	// specify a complete ARN rather than a partial ARN. See Finding a secret from a
	// partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string

	// Specifies whether to delete the secret without any recovery window. You can't
	// use both this parameter and RecoveryWindowInDays in the same call. If you don't
	// use either, then by default Secrets Manager uses a 30 day recovery window.
	// Secrets Manager performs the actual deletion with an asynchronous background
	// process, so there might be a short delay before the secret is permanently
	// deleted. If you delete a secret and then immediately create a secret with the
	// same name, use appropriate back off and retry logic. If you forcibly delete an
	// already deleted or nonexistent secret, the operation does not return
	// ResourceNotFoundException . Use this parameter with caution. This parameter
	// causes the operation to skip the normal recovery window before the permanent
	// deletion that Secrets Manager would normally impose with the
	// RecoveryWindowInDays parameter. If you delete a secret with the
	// ForceDeleteWithoutRecovery parameter, then you have no opportunity to recover
	// the secret. You lose the secret permanently.
	ForceDeleteWithoutRecovery *bool

	// The number of days from 7 to 30 that Secrets Manager waits before permanently
	// deleting the secret. You can't use both this parameter and
	// ForceDeleteWithoutRecovery in the same call. If you don't use either, then by
	// default Secrets Manager uses a 30 day recovery window.
	RecoveryWindowInDays *int64
	// contains filtered or unexported fields
}

type DeleteSecretOutput struct {

	// The ARN of the secret.
	ARN *string

	// The date and time after which this secret Secrets Manager can permanently
	// delete this secret, and it can no longer be restored. This value is the date and
	// time of the delete request plus the number of days in RecoveryWindowInDays .
	DeletionDate *time.Time

	// The name of the secret.
	Name *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeSecretInput struct {

	// The ARN or name of the secret. For an ARN, we recommend that you specify a
	// complete ARN rather than a partial ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string
	// contains filtered or unexported fields
}

type DescribeSecretOutput struct {

	// The ARN of the secret.
	ARN *string

	// The date the secret was created.
	CreatedDate *time.Time

	// The date the secret is scheduled for deletion. If it is not scheduled for
	// deletion, this field is omitted. When you delete a secret, Secrets Manager
	// requires a recovery window of at least 7 days before deleting the secret. Some
	// time after the deleted date, Secrets Manager deletes the secret, including all
	// of its versions. If a secret is scheduled for deletion, then its details,
	// including the encrypted secret value, is not accessible. To cancel a scheduled
	// deletion and restore access to the secret, use RestoreSecret .
	DeletedDate *time.Time

	// The description of the secret.
	Description *string

	// The key ID or alias ARN of the KMS key that Secrets Manager uses to encrypt the
	// secret value. If the secret is encrypted with the Amazon Web Services managed
	// key aws/secretsmanager , this field is omitted. Secrets created using the
	// console use an KMS key ID.
	KmsKeyId *string

	// The date that the secret was last accessed in the Region. This field is omitted
	// if the secret has never been retrieved in the Region.
	LastAccessedDate *time.Time

	// The last date and time that this secret was modified in any way.
	LastChangedDate *time.Time

	// The last date and time that Secrets Manager rotated the secret. If the secret
	// isn't configured for rotation or rotation has been disabled, Secrets Manager
	// returns null.
	LastRotatedDate *time.Time

	// The name of the secret.
	Name *string

	// The next rotation is scheduled to occur on or before this date. If the secret
	// isn't configured for rotation or rotation has been disabled, Secrets Manager
	// returns null. If rotation fails, Secrets Manager retries the entire rotation
	// process multiple times. If rotation is unsuccessful, this date may be in the
	// past. This date represents the latest date that rotation will occur, but it is
	// not an approximate rotation date. In some cases, for example if you turn off
	// automatic rotation and then turn it back on, the next rotation may occur much
	// sooner than this date.
	NextRotationDate *time.Time

	// The ID of the service that created this secret. For more information, see
	// Secrets managed by other Amazon Web Services services (https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html)
	// .
	OwningService *string

	// The Region the secret is in. If a secret is replicated to other Regions, the
	// replicas are listed in ReplicationStatus .
	PrimaryRegion *string

	// A list of the replicas of this secret and their status:
	//   - Failed , which indicates that the replica was not created.
	//   - InProgress , which indicates that Secrets Manager is in the process of
	//   creating the replica.
	//   - InSync , which indicates that the replica was created.
	ReplicationStatus []types.ReplicationStatusType

	// Specifies whether automatic rotation is turned on for this secret. To turn on
	// rotation, use RotateSecret . To turn off rotation, use CancelRotateSecret .
	RotationEnabled *bool

	// The ARN of the Lambda function that Secrets Manager invokes to rotate the
	// secret.
	RotationLambdaARN *string

	// The rotation schedule and Lambda function for this secret. If the secret
	// previously had rotation turned on, but it is now turned off, this field shows
	// the previous rotation schedule and rotation function. If the secret never had
	// rotation turned on, this field is omitted.
	RotationRules *types.RotationRulesType

	// The list of tags attached to the secret. To add tags to a secret, use
	// TagResource . To remove tags, use UntagResource .
	Tags []types.Tag

	// A list of the versions of the secret that have staging labels attached.
	// Versions that don't have staging labels are considered deprecated and Secrets
	// Manager can delete them. Secrets Manager uses staging labels to indicate the
	// status of a secret version during rotation. The three staging labels for
	// rotation are:
	//   - AWSCURRENT , which indicates the current version of the secret.
	//   - AWSPENDING , which indicates the version of the secret that contains new
	//   secret information that will become the next current version when rotation
	//   finishes. During rotation, Secrets Manager creates an AWSPENDING version ID
	//   before creating the new secret version. To check if a secret version exists,
	//   call GetSecretValue .
	//   - AWSPREVIOUS , which indicates the previous current version of the secret.
	//   You can use this as the last known good version.
	// For more information about rotation and staging labels, see How rotation works (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html)
	// .
	VersionIdsToStages map[string][]string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EndpointParameters struct {
	// The AWS region used to dispatch the request.
	//
	// Parameter is
	// required.
	//
	// AWS::Region
	Region *string

	// When true, use the dual-stack endpoint. If the configured endpoint does not
	// support dual-stack, dispatching the request MAY return an error.
	//
	// Defaults to
	// false if no value is provided.
	//
	// AWS::UseDualStack
	UseDualStack *bool

	// When true, send this request to the FIPS-compliant regional endpoint. If the
	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
	// request will return an error.
	//
	// Defaults to false if no value is
	// provided.
	//
	// AWS::UseFIPS
	UseFIPS *bool

	// Override the endpoint used to send this request
	//
	// Parameter is
	// required.
	//
	// SDK::Endpoint
	Endpoint *string
}

type EndpointResolver interface {
	ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}

type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)

type EndpointResolverOptions = internalendpoints.Options

type EndpointResolverV2 interface {
	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
	// returning the endpoint if found. Otherwise an error is returned.
	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
		smithyendpoints.Endpoint, error,
	)
}

type GetRandomPasswordInput struct {

	// A string of the characters that you don't want in the password.
	ExcludeCharacters *string

	// Specifies whether to exclude lowercase letters from the password. If you don't
	// include this switch, the password can contain lowercase letters.
	ExcludeLowercase *bool

	// Specifies whether to exclude numbers from the password. If you don't include
	// this switch, the password can contain numbers.
	ExcludeNumbers *bool

	// Specifies whether to exclude the following punctuation characters from the
	// password: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ . If
	// you don't include this switch, the password can contain punctuation.
	ExcludePunctuation *bool

	// Specifies whether to exclude uppercase letters from the password. If you don't
	// include this switch, the password can contain uppercase letters.
	ExcludeUppercase *bool

	// Specifies whether to include the space character. If you include this switch,
	// the password can contain space characters.
	IncludeSpace *bool

	// The length of the password. If you don't include this parameter, the default
	// length is 32 characters.
	PasswordLength *int64

	// Specifies whether to include at least one upper and lowercase letter, one
	// number, and one punctuation. If you don't include this switch, the password
	// contains at least one of every character type.
	RequireEachIncludedType *bool
	// contains filtered or unexported fields
}

type GetRandomPasswordOutput struct {

	// A string with the password.
	RandomPassword *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetResourcePolicyInput struct {

	// The ARN or name of the secret to retrieve the attached resource-based policy
	// for. For an ARN, we recommend that you specify a complete ARN rather than a
	// partial ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string
	// contains filtered or unexported fields
}

type GetResourcePolicyOutput struct {

	// The ARN of the secret that the resource-based policy was retrieved for.
	ARN *string

	// The name of the secret that the resource-based policy was retrieved for.
	Name *string

	// A JSON-formatted string that contains the permissions policy attached to the
	// secret. For more information about permissions policies, see Authentication and
	// access control for Secrets Manager (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html)
	// .
	ResourcePolicy *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetSecretValueInput struct {

	// The ARN or name of the secret to retrieve. For an ARN, we recommend that you
	// specify a complete ARN rather than a partial ARN. See Finding a secret from a
	// partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string

	// The unique identifier of the version of the secret to retrieve. If you include
	// both this parameter and VersionStage , the two parameters must refer to the same
	// secret version. If you don't specify either a VersionStage or VersionId , then
	// Secrets Manager returns the AWSCURRENT version. This value is typically a
	// UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value with
	// 32 hexadecimal digits.
	VersionId *string

	// The staging label of the version of the secret to retrieve. Secrets Manager
	// uses staging labels to keep track of different versions during the rotation
	// process. If you include both this parameter and VersionId , the two parameters
	// must refer to the same secret version. If you don't specify either a
	// VersionStage or VersionId , Secrets Manager returns the AWSCURRENT version.
	VersionStage *string
	// contains filtered or unexported fields
}

type GetSecretValueOutput struct {

	// The ARN of the secret.
	ARN *string

	// The date and time that this version of the secret was created. If you don't
	// specify which version in VersionId or VersionStage , then Secrets Manager uses
	// the AWSCURRENT version.
	CreatedDate *time.Time

	// The friendly name of the secret.
	Name *string

	// The decrypted secret value, if the secret value was originally provided as
	// binary data in the form of a byte array. When you retrieve a SecretBinary using
	// the HTTP API, the Python SDK, or the Amazon Web Services CLI, the value is
	// Base64-encoded. Otherwise, it is not encoded. If the secret was created by using
	// the Secrets Manager console, or if the secret value was originally provided as a
	// string, then this field is omitted. The secret value appears in SecretString
	// instead.
	SecretBinary []byte

	// The decrypted secret value, if the secret value was originally provided as a
	// string or through the Secrets Manager console. If this secret was created by
	// using the console, then Secrets Manager stores the information as a JSON
	// structure of key/value pairs.
	SecretString *string

	// The unique identifier of this version of the secret.
	VersionId *string

	// A list of all of the staging labels currently attached to this version of the
	// secret.
	VersionStages []string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}

type IdempotencyTokenProvider interface {
	GetIdempotencyToken() (string, error)
}

type ListSecretVersionIdsAPIClient interface {
	ListSecretVersionIds(context.Context, *ListSecretVersionIdsInput, ...func(*Options)) (*ListSecretVersionIdsOutput, error)
}

type ListSecretVersionIdsInput struct {

	// The ARN or name of the secret whose versions you want to list. For an ARN, we
	// recommend that you specify a complete ARN rather than a partial ARN. See
	// Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string

	// Specifies whether to include versions of secrets that don't have any staging
	// labels attached to them. Versions without staging labels are considered
	// deprecated and are subject to deletion by Secrets Manager. By default, versions
	// without staging labels aren't included.
	IncludeDeprecated *bool

	// The number of results to include in the response. If there are more results
	// available, in the response, Secrets Manager includes NextToken . To get the next
	// results, call ListSecretVersionIds again with the value from NextToken .
	MaxResults *int32

	// A token that indicates where the output should continue from, if a previous
	// call did not show all results. To get the next results, call
	// ListSecretVersionIds again with this value.
	NextToken *string
	// contains filtered or unexported fields
}

type ListSecretVersionIdsOutput struct {

	// The ARN of the secret.
	ARN *string

	// The name of the secret.
	Name *string

	// Secrets Manager includes this value if there's more output available than what
	// is included in the current response. This can occur even when the response
	// includes no values at all, such as when you ask for a filtered view of a long
	// list. To get the next results, call ListSecretVersionIds again with this value.
	NextToken *string

	// A list of the versions of the secret.
	Versions []types.SecretVersionsListEntry

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListSecretVersionIdsPaginator struct {
	// contains filtered or unexported fields
}

type ListSecretVersionIdsPaginatorOptions struct {
	// The number of results to include in the response. If there are more results
	// available, in the response, Secrets Manager includes NextToken . To get the next
	// results, call ListSecretVersionIds again with the value from NextToken .
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

type ListSecretsAPIClient interface {
	ListSecrets(context.Context, *ListSecretsInput, ...func(*Options)) (*ListSecretsOutput, error)
}

type ListSecretsInput struct {

	// The filters to apply to the list of secrets.
	Filters []types.Filter

	// Specifies whether to include secrets scheduled for deletion. By default,
	// secrets scheduled for deletion aren't included.
	IncludePlannedDeletion *bool

	// The number of results to include in the response. If there are more results
	// available, in the response, Secrets Manager includes NextToken . To get the next
	// results, call ListSecrets again with the value from NextToken .
	MaxResults *int32

	// A token that indicates where the output should continue from, if a previous
	// call did not show all results. To get the next results, call ListSecrets again
	// with this value.
	NextToken *string

	// Secrets are listed by CreatedDate .
	SortOrder types.SortOrderType
	// contains filtered or unexported fields
}

type ListSecretsOutput struct {

	// Secrets Manager includes this value if there's more output available than what
	// is included in the current response. This can occur even when the response
	// includes no values at all, such as when you ask for a filtered view of a long
	// list. To get the next results, call ListSecrets again with this value.
	NextToken *string

	// A list of the secrets in the account.
	SecretList []types.SecretListEntry

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListSecretsPaginator struct {
	// contains filtered or unexported fields
}

type ListSecretsPaginatorOptions struct {
	// The number of results to include in the response. If there are more results
	// available, in the response, Secrets Manager includes NextToken . To get the next
	// results, call ListSecrets again with the value from NextToken .
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

type Options struct {
	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	APIOptions []func(*middleware.Stack) error

	// The optional application specific identifier appended to the User-Agent header.
	AppID string

	// This endpoint will be given as input to an EndpointResolverV2. It is used for
	// providing a custom base endpoint that is subject to modifications by the
	// processing EndpointResolverV2.
	BaseEndpoint *string

	// Configures the events that will be sent to the configured logger.
	ClientLogMode aws.ClientLogMode

	// The credentials object to use when signing requests.
	Credentials aws.CredentialsProvider

	// The configuration DefaultsMode that the SDK should use when constructing the
	// clients initial default settings.
	DefaultsMode aws.DefaultsMode

	// The endpoint options to be used when attempting to resolve an endpoint.
	EndpointOptions EndpointResolverOptions

	// The service endpoint resolver.
	//
	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
	// value for this field will likely prevent you from using any endpoint-related
	// service features released after the introduction of EndpointResolverV2 and
	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
	// endpoint, set the client option BaseEndpoint instead.
	EndpointResolver EndpointResolver

	// Resolves the endpoint used for a particular service operation. This should be
	// used over the deprecated EndpointResolver.
	EndpointResolverV2 EndpointResolverV2

	// Signature Version 4 (SigV4) Signer
	HTTPSignerV4 HTTPSignerV4

	// Provides idempotency tokens values that will be automatically populated into
	// idempotent API operations.
	IdempotencyTokenProvider IdempotencyTokenProvider

	// The logger writer interface to write logging messages to.
	Logger logging.Logger

	// The region to send requests to. (Required)
	Region string

	// RetryMaxAttempts specifies the maximum number attempts an API client will call
	// an operation that fails with a retryable error. A value of 0 is ignored, and
	// will not be used to configure the API client created default retryer, or modify
	// per operation call's retry max attempts. If specified in an operation call's
	// functional options with a value that is different than the constructed client's
	// Options, the Client's Retryer will be wrapped to use the operation's specific
	// RetryMaxAttempts value.
	RetryMaxAttempts int

	// RetryMode specifies the retry mode the API client will be created with, if
	// Retryer option is not also specified. When creating a new API Clients this
	// member will only be used if the Retryer Options member is nil. This value will
	// be ignored if Retryer is not nil. Currently does not support per operation call
	// overrides, may in the future.
	RetryMode aws.RetryMode

	// Retryer guides how HTTP requests should be retried in case of recoverable
	// failures. When nil the API client will use a default retryer. The kind of
	// default retry created by the API client can be changed with the RetryMode
	// option.
	Retryer aws.Retryer

	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
	// should not populate this structure programmatically, or rely on the values here
	// within your applications.
	RuntimeEnvironment aws.RuntimeEnvironment

	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient HTTPClient

	// The auth scheme resolver which determines how to authenticate for each
	// operation.
	AuthSchemeResolver AuthSchemeResolver

	// The list of auth schemes supported by the client.
	AuthSchemes []smithyhttp.AuthScheme
	// contains filtered or unexported fields
}

type PutResourcePolicyInput struct {

	// A JSON-formatted string for an Amazon Web Services resource-based policy. For
	// example policies, see Permissions policy examples (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html)
	// .
	//
	// This member is required.
	ResourcePolicy *string

	// The ARN or name of the secret to attach the resource-based policy. For an ARN,
	// we recommend that you specify a complete ARN rather than a partial ARN. See
	// Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string

	// Specifies whether to block resource-based policies that allow broad access to
	// the secret, for example those that use a wildcard for the principal. By default,
	// public policies aren't blocked. Resource policy validation and the
	// BlockPublicPolicy parameter help protect your resources by preventing public
	// access from being granted through the resource policies that are directly
	// attached to your secrets. In addition to using these features, carefully inspect
	// the following policies to confirm that they do not grant public access:
	//   - Identity-based policies attached to associated Amazon Web Services
	//   principals (for example, IAM roles)
	//   - Resource-based policies attached to associated Amazon Web Services
	//   resources (for example, Key Management Service (KMS) keys)
	// To review permissions to your secrets, see Determine who has permissions to
	// your secrets (https://docs.aws.amazon.com/secretsmanager/latest/userguide/determine-acccess_examine-iam-policies.html)
	// .
	BlockPublicPolicy *bool
	// contains filtered or unexported fields
}

type PutResourcePolicyOutput struct {

	// The ARN of the secret.
	ARN *string

	// The name of the secret.
	Name *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type PutSecretValueInput struct {

	// The ARN or name of the secret to add a new version to. For an ARN, we recommend
	// that you specify a complete ARN rather than a partial ARN. See Finding a secret
	// from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// . If the secret doesn't already exist, use CreateSecret instead.
	//
	// This member is required.
	SecretId *string

	// A unique identifier for the new version of the secret. If you use the Amazon
	// Web Services CLI or one of the Amazon Web Services SDKs to call this operation,
	// then you can leave this parameter empty. The CLI or SDK generates a random UUID
	// for you and includes it as the value for this parameter in the request. If you
	// generate a raw HTTP request to the Secrets Manager service endpoint, then you
	// must generate a ClientRequestToken and include it in the request. This value
	// helps ensure idempotency. Secrets Manager uses this value to prevent the
	// accidental creation of duplicate versions if there are failures and retries
	// during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value to ensure uniqueness of your versions within the specified secret.
	//   - If the ClientRequestToken value isn't already associated with a version of
	//   the secret then a new version of the secret is created.
	//   - If a version with this value already exists and that version's SecretString
	//   or SecretBinary values are the same as those in the request then the request
	//   is ignored. The operation is idempotent.
	//   - If a version with this value already exists and the version of the
	//   SecretString and SecretBinary values are different from those in the request,
	//   then the request fails because you can't modify a secret version. You can only
	//   create new versions to store new secret values.
	// This value becomes the VersionId of the new version.
	ClientRequestToken *string

	// The binary data to encrypt and store in the new version of the secret. To use
	// this parameter in the command-line tools, we recommend that you store your
	// binary data in a file and then pass the contents of the file as a parameter. You
	// must include SecretBinary or SecretString , but not both. You can't access this
	// value from the Secrets Manager console.
	SecretBinary []byte

	// The text to encrypt and store in the new version of the secret. You must
	// include SecretBinary or SecretString , but not both. We recommend you create the
	// secret string as JSON key/value pairs, as shown in the example.
	SecretString *string

	// A list of staging labels to attach to this version of the secret. Secrets
	// Manager uses staging labels to track versions of a secret through the rotation
	// process. If you specify a staging label that's already associated with a
	// different version of the same secret, then Secrets Manager removes the label
	// from the other version and attaches it to this version. If you specify
	// AWSCURRENT , and it is already attached to another version, then Secrets Manager
	// also moves the staging label AWSPREVIOUS to the version that AWSCURRENT was
	// removed from. If you don't include VersionStages , then Secrets Manager
	// automatically moves the staging label AWSCURRENT to this version.
	VersionStages []string
	// contains filtered or unexported fields
}

type PutSecretValueOutput struct {

	// The ARN of the secret.
	ARN *string

	// The name of the secret.
	Name *string

	// The unique identifier of the version of the secret.
	VersionId *string

	// The list of staging labels that are currently attached to this version of the
	// secret. Secrets Manager uses staging labels to track a version as it progresses
	// through the secret rotation process.
	VersionStages []string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type RemoveRegionsFromReplicationInput struct {

	// The Regions of the replicas to remove.
	//
	// This member is required.
	RemoveReplicaRegions []string

	// The ARN or name of the secret.
	//
	// This member is required.
	SecretId *string
	// contains filtered or unexported fields
}

type RemoveRegionsFromReplicationOutput struct {

	// The ARN of the primary secret.
	ARN *string

	// The status of replicas for this secret after you remove Regions.
	ReplicationStatus []types.ReplicationStatusType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ReplicateSecretToRegionsInput struct {

	// A list of Regions in which to replicate the secret.
	//
	// This member is required.
	AddReplicaRegions []types.ReplicaRegionType

	// The ARN or name of the secret to replicate.
	//
	// This member is required.
	SecretId *string

	// Specifies whether to overwrite a secret with the same name in the destination
	// Region. By default, secrets aren't overwritten.
	ForceOverwriteReplicaSecret bool
	// contains filtered or unexported fields
}

type ReplicateSecretToRegionsOutput struct {

	// The ARN of the primary secret.
	ARN *string

	// The status of replication.
	ReplicationStatus []types.ReplicationStatusType

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ResolveEndpoint struct {
	Resolver EndpointResolver
	Options  EndpointResolverOptions
}

type RestoreSecretInput struct {

	// The ARN or name of the secret to restore. For an ARN, we recommend that you
	// specify a complete ARN rather than a partial ARN. See Finding a secret from a
	// partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string
	// contains filtered or unexported fields
}

type RestoreSecretOutput struct {

	// The ARN of the secret that was restored.
	ARN *string

	// The name of the secret that was restored.
	Name *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type RotateSecretInput struct {

	// The ARN or name of the secret to rotate. For an ARN, we recommend that you
	// specify a complete ARN rather than a partial ARN. See Finding a secret from a
	// partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string

	// A unique identifier for the new version of the secret. You only need to specify
	// this value if you implement your own retry logic and you want to ensure that
	// Secrets Manager doesn't attempt to create a secret version twice. If you use the
	// Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this
	// operation, then you can leave this parameter empty. The CLI or SDK generates a
	// random UUID for you and includes it as the value for this parameter in the
	// request. If you generate a raw HTTP request to the Secrets Manager service
	// endpoint, then you must generate a ClientRequestToken and include it in the
	// request. This value helps ensure idempotency. Secrets Manager uses this value to
	// prevent the accidental creation of duplicate versions if there are failures and
	// retries during a rotation. We recommend that you generate a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier)
	// value to ensure uniqueness of your versions within the specified secret.
	ClientRequestToken *string

	// Specifies whether to rotate the secret immediately or wait until the next
	// scheduled rotation window. The rotation schedule is defined in
	// RotateSecretRequest$RotationRules . For secrets that use a Lambda rotation
	// function to rotate, if you don't immediately rotate the secret, Secrets Manager
	// tests the rotation configuration by running the testSecret step (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html)
	// of the Lambda rotation function. The test creates an AWSPENDING version of the
	// secret and then removes it. By default, Secrets Manager rotates the secret
	// immediately.
	RotateImmediately *bool

	// For secrets that use a Lambda rotation function to rotate, the ARN of the
	// Lambda rotation function. For secrets that use managed rotation, omit this
	// field. For more information, see Managed rotation (https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html)
	// in the Secrets Manager User Guide.
	RotationLambdaARN *string

	// A structure that defines the rotation configuration for this secret.
	RotationRules *types.RotationRulesType
	// contains filtered or unexported fields
}

type RotateSecretOutput struct {

	// The ARN of the secret.
	ARN *string

	// The name of the secret.
	Name *string

	// The ID of the new version of the secret.
	VersionId *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type StopReplicationToReplicaInput struct {

	// The ARN of the primary secret.
	//
	// This member is required.
	SecretId *string
	// contains filtered or unexported fields
}

type StopReplicationToReplicaOutput struct {

	// The ARN of the promoted secret. The ARN is the same as the original primary
	// secret except the Region is changed.
	ARN *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type TagResourceInput struct {

	// The identifier for the secret to attach tags to. You can specify either the
	// Amazon Resource Name (ARN) or the friendly name of the secret. For an ARN, we
	// recommend that you specify a complete ARN rather than a partial ARN. See
	// Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string

	// The tags to attach to the secret as a JSON text string argument. Each element
	// in the list consists of a Key and a Value . For storing multiple values, we
	// recommend that you use a JSON text string argument and specify key/value pairs.
	// For more information, see Specifying parameter values for the Amazon Web
	// Services CLI (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html)
	// in the Amazon Web Services CLI User Guide.
	//
	// This member is required.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type TagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UntagResourceInput struct {

	// The ARN or name of the secret. For an ARN, we recommend that you specify a
	// complete ARN rather than a partial ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string

	// A list of tag key names to remove from the secret. You don't specify the value.
	// Both the key and its associated value are removed. This parameter requires a
	// JSON text string argument. For storing multiple values, we recommend that you
	// use a JSON text string argument and specify key/value pairs. For more
	// information, see Specifying parameter values for the Amazon Web Services CLI (https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html)
	// in the Amazon Web Services CLI User Guide.
	//
	// This member is required.
	TagKeys []string
	// contains filtered or unexported fields
}

type UntagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateSecretInput struct {

	// The ARN or name of the secret. For an ARN, we recommend that you specify a
	// complete ARN rather than a partial ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string

	// If you include SecretString or SecretBinary , then Secrets Manager creates a new
	// version for the secret, and this parameter specifies the unique identifier for
	// the new version. If you use the Amazon Web Services CLI or one of the Amazon Web
	// Services SDKs to call this operation, then you can leave this parameter empty.
	// The CLI or SDK generates a random UUID for you and includes it as the value for
	// this parameter in the request. If you generate a raw HTTP request to the Secrets
	// Manager service endpoint, then you must generate a ClientRequestToken and
	// include it in the request. This value helps ensure idempotency. Secrets Manager
	// uses this value to prevent the accidental creation of duplicate versions if
	// there are failures and retries during a rotation. We recommend that you generate
	// a UUID-type (https://wikipedia.org/wiki/Universally_unique_identifier) value to
	// ensure uniqueness of your versions within the specified secret.
	ClientRequestToken *string

	// The description of the secret.
	Description *string

	// The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt
	// new secret versions as well as any existing versions with the staging labels
	// AWSCURRENT , AWSPENDING , or AWSPREVIOUS . If you don't have kms:Encrypt
	// permission to the new key, Secrets Manager does not re-ecrypt existing secret
	// versions with the new key. For more information about versions and staging
	// labels, see Concepts: Version (https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version)
	// . A key alias is always prefixed by alias/ , for example
	// alias/aws/secretsmanager . For more information, see About aliases (https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html)
	// . If you set this to an empty string, Secrets Manager uses the Amazon Web
	// Services managed key aws/secretsmanager . If this key doesn't already exist in
	// your account, then Secrets Manager creates it for you automatically. All users
	// and roles in the Amazon Web Services account automatically have access to use
	// aws/secretsmanager . Creating aws/secretsmanager can result in a one-time
	// significant delay in returning the result. You can only use the Amazon Web
	// Services managed key aws/secretsmanager if you call this operation using
	// credentials from the same Amazon Web Services account that owns the secret. If
	// the secret is in a different account, then you must use a customer managed key
	// and provide the ARN of that KMS key in this field. The user making the call must
	// have permissions to both the secret and the KMS key in their respective
	// accounts.
	KmsKeyId *string

	// The binary data to encrypt and store in the new version of the secret. We
	// recommend that you store your binary data in a file and then pass the contents
	// of the file as a parameter. Either SecretBinary or SecretString must have a
	// value, but not both. You can't access this parameter in the Secrets Manager
	// console.
	SecretBinary []byte

	// The text data to encrypt and store in the new version of the secret. We
	// recommend you use a JSON structure of key/value pairs for your secret value.
	// Either SecretBinary or SecretString must have a value, but not both.
	SecretString *string
	// contains filtered or unexported fields
}

type UpdateSecretOutput struct {

	// The ARN of the secret that was updated.
	ARN *string

	// The name of the secret that was updated.
	Name *string

	// If Secrets Manager created a new version of the secret during this operation,
	// then VersionId contains the unique identifier of the new version.
	VersionId *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateSecretVersionStageInput struct {

	// The ARN or the name of the secret with the version and staging labelsto modify.
	// For an ARN, we recommend that you specify a complete ARN rather than a partial
	// ARN. See Finding a secret from a partial ARN (https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen)
	// .
	//
	// This member is required.
	SecretId *string

	// The staging label to add to this version.
	//
	// This member is required.
	VersionStage *string

	// The ID of the version to add the staging label to. To remove a label from a
	// version, then do not specify this parameter. If the staging label is already
	// attached to a different version of the secret, then you must also specify the
	// RemoveFromVersionId parameter.
	MoveToVersionId *string

	// The ID of the version that the staging label is to be removed from. If the
	// staging label you are trying to attach to one version is already attached to a
	// different version, then you must include this parameter and specify the version
	// that the label is to be removed from. If the label is attached and you either do
	// not specify this parameter, or the version ID does not match, then the operation
	// fails.
	RemoveFromVersionId *string
	// contains filtered or unexported fields
}

type UpdateSecretVersionStageOutput struct {

	// The ARN of the secret that was updated.
	ARN *string

	// The name of the secret that was updated.
	Name *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ValidateResourcePolicyInput struct {

	// A JSON-formatted string that contains an Amazon Web Services resource-based
	// policy. The policy in the string identifies who can access or manage this secret
	// and its versions. For example policies, see Permissions policy examples (https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html)
	// .
	//
	// This member is required.
	ResourcePolicy *string

	// This field is reserved for internal use.
	SecretId *string
	// contains filtered or unexported fields
}

type ValidateResourcePolicyOutput struct {

	// True if your policy passes validation, otherwise false.
	PolicyValidationPassed bool

	// Validation errors if your policy didn't pass validation.
	ValidationErrors []types.ValidationErrorsEntry

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}