/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include namespace Aws { namespace SecretsManager { namespace Model { /** */ class AWS_SECRETSMANAGER_API CreateSecretRequest : public SecretsManagerRequest { public: CreateSecretRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "CreateSecret"; } Aws::String SerializePayload() const override; Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

Specifies the friendly name of the new secret.

The secret name must be * ASCII letters, digits, or the following characters : /_+=.@-

Do * not end your secret name with a hyphen followed by six characters. If you do so, * you risk confusion and unexpected results when searching for a secret by partial * ARN. Secrets Manager automatically adds a hyphen and six random characters at * the end of the ARN.

*/ inline const Aws::String& GetName() const{ return m_name; } /** *

Specifies the friendly name of the new secret.

The secret name must be * ASCII letters, digits, or the following characters : /_+=.@-

*/ inline bool NameHasBeenSet() const { return m_nameHasBeenSet; } /** *

Specifies the friendly name of the new secret.

The secret name must be * ASCII letters, digits, or the following characters : /_+=.@-

*/ inline void SetName(const Aws::String& value) { m_nameHasBeenSet = true; m_name = value; } /** *

Specifies the friendly name of the new secret.

The secret name must be * ASCII letters, digits, or the following characters : /_+=.@-

*/ inline void SetName(Aws::String&& value) { m_nameHasBeenSet = true; m_name = std::move(value); } /** *

Specifies the friendly name of the new secret.

The secret name must be * ASCII letters, digits, or the following characters : /_+=.@-

*/ inline void SetName(const char* value) { m_nameHasBeenSet = true; m_name.assign(value); } /** *

Specifies the friendly name of the new secret.

The secret name must be * ASCII letters, digits, or the following characters : /_+=.@-

*/ inline CreateSecretRequest& WithName(const Aws::String& value) { SetName(value); return *this;} /** *

Specifies the friendly name of the new secret.

The secret name must be * ASCII letters, digits, or the following characters : /_+=.@-

*/ inline CreateSecretRequest& WithName(Aws::String&& value) { SetName(std::move(value)); return *this;} /** *

Specifies the friendly name of the new secret.

The secret name must be * ASCII letters, digits, or the following characters : /_+=.@-

*/ inline CreateSecretRequest& WithName(const char* value) { SetName(value); return *this;} /** *

(Optional) If you include SecretString or * SecretBinary, then an initial version is created as part of the * secret, and this parameter specifies a unique identifier for the new version. *

If you use the AWS CLI or one of the AWS SDK to call this * operation, then you can leave this parameter empty. The CLI or SDK generates a * random UUID for you and includes it as the value for this parameter in the * request. If you don't use the SDK and instead generate a raw HTTP request to the * Secrets Manager service endpoint, then you must generate a * ClientRequestToken yourself for the new version and include the * value in the request.

This value helps ensure idempotency. * Secrets Manager uses this value to prevent the accidental creation of duplicate * versions if there are failures and retries during a rotation. We recommend that * you generate a UUID-type * value to ensure uniqueness of your versions within the specified secret.

If the ClientRequestToken value isn't already * associated with a version of the secret then a new version of the secret is * created.
If a version with this value already exists and the * version SecretString and SecretBinary values are the * same as those in the request, then the request is ignored.
If * a version with this value already exists and that version's * SecretString and SecretBinary values are different * from those in the request then the request fails because you cannot modify an * existing version. Instead, use PutSecretValue to create a new * version.

This value becomes the VersionId of the * new version.

*/ inline const Aws::String& GetClientRequestToken() const{ return m_clientRequestToken; } /** *

(Optional) If you include SecretString or * SecretBinary, then an initial version is created as part of the * secret, and this parameter specifies a unique identifier for the new version. *

If the ClientRequestToken value isn't already * associated with a version of the secret then a new version of the secret is * created.
If a version with this value already exists and the * version SecretString and SecretBinary values are the * same as those in the request, then the request is ignored.
If * a version with this value already exists and that version's * SecretString and SecretBinary values are different * from those in the request then the request fails because you cannot modify an * existing version. Instead, use PutSecretValue to create a new * version.

This value becomes the VersionId of the * new version.

*/ inline bool ClientRequestTokenHasBeenSet() const { return m_clientRequestTokenHasBeenSet; } /** *

(Optional) If you include SecretString or * SecretBinary, then an initial version is created as part of the * secret, and this parameter specifies a unique identifier for the new version. *

If the ClientRequestToken value isn't already * associated with a version of the secret then a new version of the secret is * created.
If a version with this value already exists and the * version SecretString and SecretBinary values are the * same as those in the request, then the request is ignored.
If * a version with this value already exists and that version's * SecretString and SecretBinary values are different * from those in the request then the request fails because you cannot modify an * existing version. Instead, use PutSecretValue to create a new * version.

This value becomes the VersionId of the * new version.

*/ inline void SetClientRequestToken(const Aws::String& value) { m_clientRequestTokenHasBeenSet = true; m_clientRequestToken = value; } /** *

(Optional) If you include SecretString or * SecretBinary, then an initial version is created as part of the * secret, and this parameter specifies a unique identifier for the new version. *

If the ClientRequestToken value isn't already * associated with a version of the secret then a new version of the secret is * created.
If a version with this value already exists and the * version SecretString and SecretBinary values are the * same as those in the request, then the request is ignored.
If * a version with this value already exists and that version's * SecretString and SecretBinary values are different * from those in the request then the request fails because you cannot modify an * existing version. Instead, use PutSecretValue to create a new * version.

This value becomes the VersionId of the * new version.

*/ inline void SetClientRequestToken(Aws::String&& value) { m_clientRequestTokenHasBeenSet = true; m_clientRequestToken = std::move(value); } /** *

(Optional) If you include SecretString or * SecretBinary, then an initial version is created as part of the * secret, and this parameter specifies a unique identifier for the new version. *

If the ClientRequestToken value isn't already * associated with a version of the secret then a new version of the secret is * created.
If a version with this value already exists and the * version SecretString and SecretBinary values are the * same as those in the request, then the request is ignored.
If * a version with this value already exists and that version's * SecretString and SecretBinary values are different * from those in the request then the request fails because you cannot modify an * existing version. Instead, use PutSecretValue to create a new * version.

This value becomes the VersionId of the * new version.

*/ inline void SetClientRequestToken(const char* value) { m_clientRequestTokenHasBeenSet = true; m_clientRequestToken.assign(value); } /** *

(Optional) If you include SecretString or * SecretBinary, then an initial version is created as part of the * secret, and this parameter specifies a unique identifier for the new version. *

If the ClientRequestToken value isn't already * associated with a version of the secret then a new version of the secret is * created.
If a version with this value already exists and the * version SecretString and SecretBinary values are the * same as those in the request, then the request is ignored.
If * a version with this value already exists and that version's * SecretString and SecretBinary values are different * from those in the request then the request fails because you cannot modify an * existing version. Instead, use PutSecretValue to create a new * version.

This value becomes the VersionId of the * new version.

*/ inline CreateSecretRequest& WithClientRequestToken(const Aws::String& value) { SetClientRequestToken(value); return *this;} /** *

(Optional) If you include SecretString or * SecretBinary, then an initial version is created as part of the * secret, and this parameter specifies a unique identifier for the new version. *

If the ClientRequestToken value isn't already * associated with a version of the secret then a new version of the secret is * created.
If a version with this value already exists and the * version SecretString and SecretBinary values are the * same as those in the request, then the request is ignored.
If * a version with this value already exists and that version's * SecretString and SecretBinary values are different * from those in the request then the request fails because you cannot modify an * existing version. Instead, use PutSecretValue to create a new * version.

This value becomes the VersionId of the * new version.

*/ inline CreateSecretRequest& WithClientRequestToken(Aws::String&& value) { SetClientRequestToken(std::move(value)); return *this;} /** *

(Optional) If you include SecretString or * SecretBinary, then an initial version is created as part of the * secret, and this parameter specifies a unique identifier for the new version. *

If the ClientRequestToken value isn't already * associated with a version of the secret then a new version of the secret is * created.
If a version with this value already exists and the * version SecretString and SecretBinary values are the * same as those in the request, then the request is ignored.
If * a version with this value already exists and that version's * SecretString and SecretBinary values are different * from those in the request then the request fails because you cannot modify an * existing version. Instead, use PutSecretValue to create a new * version.

This value becomes the VersionId of the * new version.

*/ inline CreateSecretRequest& WithClientRequestToken(const char* value) { SetClientRequestToken(value); return *this;} /** *

(Optional) Specifies a user-provided description of the secret.

*/ inline const Aws::String& GetDescription() const{ return m_description; } /** *

(Optional) Specifies a user-provided description of the secret.

*/ inline bool DescriptionHasBeenSet() const { return m_descriptionHasBeenSet; } /** *

(Optional) Specifies a user-provided description of the secret.

*/ inline void SetDescription(const Aws::String& value) { m_descriptionHasBeenSet = true; m_description = value; } /** *

(Optional) Specifies a user-provided description of the secret.

*/ inline void SetDescription(Aws::String&& value) { m_descriptionHasBeenSet = true; m_description = std::move(value); } /** *

(Optional) Specifies a user-provided description of the secret.

*/ inline void SetDescription(const char* value) { m_descriptionHasBeenSet = true; m_description.assign(value); } /** *

(Optional) Specifies a user-provided description of the secret.

*/ inline CreateSecretRequest& WithDescription(const Aws::String& value) { SetDescription(value); return *this;} /** *

(Optional) Specifies a user-provided description of the secret.

*/ inline CreateSecretRequest& WithDescription(Aws::String&& value) { SetDescription(std::move(value)); return *this;} /** *

(Optional) Specifies a user-provided description of the secret.

*/ inline CreateSecretRequest& WithDescription(const char* value) { SetDescription(value); return *this;} /** *

(Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master * key (CMK) to be used to encrypt the SecretString or * SecretBinary values in the versions stored in this secret.

You can specify any of the supported ways to identify a AWS KMS key ID. If * you need to reference a CMK in a different account, you can use only the key ARN * or the alias ARN.

If you don't specify this value, then Secrets Manager * defaults to using the AWS account's default CMK (the one named * aws/secretsmanager). If a AWS KMS CMK with that name doesn't yet * exist, then Secrets Manager creates it for you automatically the first time it * needs to encrypt a version's SecretString or * SecretBinary fields.

You can use the account * default CMK to encrypt and decrypt only if you call this operation using * credentials from the same account that owns the secret. If the secret resides in * a different account, then you must create a custom CMK and specify the ARN in * this field.

*/ inline const Aws::String& GetKmsKeyId() const{ return m_kmsKeyId; } /** *

(Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master * key (CMK) to be used to encrypt the SecretString or * SecretBinary values in the versions stored in this secret.

You can specify any of the supported ways to identify a AWS KMS key ID. If * you need to reference a CMK in a different account, you can use only the key ARN * or the alias ARN.

*/ inline bool KmsKeyIdHasBeenSet() const { return m_kmsKeyIdHasBeenSet; } /** *

(Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master * key (CMK) to be used to encrypt the SecretString or * SecretBinary values in the versions stored in this secret.

You can specify any of the supported ways to identify a AWS KMS key ID. If * you need to reference a CMK in a different account, you can use only the key ARN * or the alias ARN.

*/ inline void SetKmsKeyId(const Aws::String& value) { m_kmsKeyIdHasBeenSet = true; m_kmsKeyId = value; } /** *

(Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master * key (CMK) to be used to encrypt the SecretString or * SecretBinary values in the versions stored in this secret.

You can specify any of the supported ways to identify a AWS KMS key ID. If * you need to reference a CMK in a different account, you can use only the key ARN * or the alias ARN.

*/ inline void SetKmsKeyId(Aws::String&& value) { m_kmsKeyIdHasBeenSet = true; m_kmsKeyId = std::move(value); } /** *

(Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master * key (CMK) to be used to encrypt the SecretString or * SecretBinary values in the versions stored in this secret.

You can specify any of the supported ways to identify a AWS KMS key ID. If * you need to reference a CMK in a different account, you can use only the key ARN * or the alias ARN.

*/ inline void SetKmsKeyId(const char* value) { m_kmsKeyIdHasBeenSet = true; m_kmsKeyId.assign(value); } /** *

(Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master * key (CMK) to be used to encrypt the SecretString or * SecretBinary values in the versions stored in this secret.

You can specify any of the supported ways to identify a AWS KMS key ID. If * you need to reference a CMK in a different account, you can use only the key ARN * or the alias ARN.

*/ inline CreateSecretRequest& WithKmsKeyId(const Aws::String& value) { SetKmsKeyId(value); return *this;} /** *

(Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master * key (CMK) to be used to encrypt the SecretString or * SecretBinary values in the versions stored in this secret.

You can specify any of the supported ways to identify a AWS KMS key ID. If * you need to reference a CMK in a different account, you can use only the key ARN * or the alias ARN.

*/ inline CreateSecretRequest& WithKmsKeyId(Aws::String&& value) { SetKmsKeyId(std::move(value)); return *this;} /** *

(Optional) Specifies the ARN, Key ID, or alias of the AWS KMS customer master * key (CMK) to be used to encrypt the SecretString or * SecretBinary values in the versions stored in this secret.

You can specify any of the supported ways to identify a AWS KMS key ID. If * you need to reference a CMK in a different account, you can use only the key ARN * or the alias ARN.

*/ inline CreateSecretRequest& WithKmsKeyId(const char* value) { SetKmsKeyId(value); return *this;} /** *

(Optional) Specifies binary data that you want to encrypt and store in the * new version of the secret. To use this parameter in the command-line tools, we * recommend that you store your binary data in a file and then use the appropriate * technique for your tool to pass the contents of the file as a parameter.

Either SecretString or SecretBinary must have a * value, but not both. They cannot both be empty.

This parameter is not * available using the Secrets Manager console. It can be accessed only by using * the AWS CLI or one of the AWS SDKs.

*/ inline const Aws::Utils::CryptoBuffer& GetSecretBinary() const{ return m_secretBinary; } /** *

Either SecretString or SecretBinary must have a * value, but not both. They cannot both be empty.

This parameter is not * available using the Secrets Manager console. It can be accessed only by using * the AWS CLI or one of the AWS SDKs.

*/ inline bool SecretBinaryHasBeenSet() const { return m_secretBinaryHasBeenSet; } /** *

Either SecretString or SecretBinary must have a * value, but not both. They cannot both be empty.

This parameter is not * available using the Secrets Manager console. It can be accessed only by using * the AWS CLI or one of the AWS SDKs.

*/ inline void SetSecretBinary(const Aws::Utils::CryptoBuffer& value) { m_secretBinaryHasBeenSet = true; m_secretBinary = value; } /** *

Either SecretString or SecretBinary must have a * value, but not both. They cannot both be empty.

This parameter is not * available using the Secrets Manager console. It can be accessed only by using * the AWS CLI or one of the AWS SDKs.

*/ inline void SetSecretBinary(Aws::Utils::CryptoBuffer&& value) { m_secretBinaryHasBeenSet = true; m_secretBinary = std::move(value); } /** *

Either SecretString or SecretBinary must have a * value, but not both. They cannot both be empty.

This parameter is not * available using the Secrets Manager console. It can be accessed only by using * the AWS CLI or one of the AWS SDKs.

*/ inline CreateSecretRequest& WithSecretBinary(const Aws::Utils::CryptoBuffer& value) { SetSecretBinary(value); return *this;} /** *

Either SecretString or SecretBinary must have a * value, but not both. They cannot both be empty.

This parameter is not * available using the Secrets Manager console. It can be accessed only by using * the AWS CLI or one of the AWS SDKs.

*/ inline CreateSecretRequest& WithSecretBinary(Aws::Utils::CryptoBuffer&& value) { SetSecretBinary(std::move(value)); return *this;} /** *

(Optional) Specifies text data that you want to encrypt and store in this new * version of the secret.

Either SecretString or * SecretBinary must have a value, but not both. They cannot both be * empty.

If you create a secret by using the Secrets Manager console then * Secrets Manager puts the protected secret text in only the * SecretString parameter. The Secrets Manager console stores the * information as a JSON structure of key/value pairs that the Lambda rotation * function knows how to parse.

For storing multiple values, we recommend * that you use a JSON text string argument and specify key/value pairs. For * information on how to format a JSON parameter for the various command line tool * environments, see Using * JSON for Parameters in the AWS CLI User Guide. For example:

* {"username":"bob","password":"abc123xyz456"}

If your * command-line tool or SDK requires quotation marks around the parameter, you * should use single quotes to avoid confusion with the double quotes required in * the JSON text.

*/ inline const Aws::String& GetSecretString() const{ return m_secretString; } /** *

(Optional) Specifies text data that you want to encrypt and store in this new * version of the secret.

Either SecretString or * SecretBinary must have a value, but not both. They cannot both be * empty.

* {"username":"bob","password":"abc123xyz456"}

If your * command-line tool or SDK requires quotation marks around the parameter, you * should use single quotes to avoid confusion with the double quotes required in * the JSON text.

*/ inline bool SecretStringHasBeenSet() const { return m_secretStringHasBeenSet; } /** *

(Optional) Specifies text data that you want to encrypt and store in this new * version of the secret.

Either SecretString or * SecretBinary must have a value, but not both. They cannot both be * empty.

* {"username":"bob","password":"abc123xyz456"}

If your * command-line tool or SDK requires quotation marks around the parameter, you * should use single quotes to avoid confusion with the double quotes required in * the JSON text.

*/ inline void SetSecretString(const Aws::String& value) { m_secretStringHasBeenSet = true; m_secretString = value; } /** *

(Optional) Specifies text data that you want to encrypt and store in this new * version of the secret.

Either SecretString or * SecretBinary must have a value, but not both. They cannot both be * empty.

* {"username":"bob","password":"abc123xyz456"}

If your * command-line tool or SDK requires quotation marks around the parameter, you * should use single quotes to avoid confusion with the double quotes required in * the JSON text.

*/ inline void SetSecretString(Aws::String&& value) { m_secretStringHasBeenSet = true; m_secretString = std::move(value); } /** *

(Optional) Specifies text data that you want to encrypt and store in this new * version of the secret.

Either SecretString or * SecretBinary must have a value, but not both. They cannot both be * empty.

* {"username":"bob","password":"abc123xyz456"}

If your * command-line tool or SDK requires quotation marks around the parameter, you * should use single quotes to avoid confusion with the double quotes required in * the JSON text.

*/ inline void SetSecretString(const char* value) { m_secretStringHasBeenSet = true; m_secretString.assign(value); } /** *

(Optional) Specifies text data that you want to encrypt and store in this new * version of the secret.

Either SecretString or * SecretBinary must have a value, but not both. They cannot both be * empty.

* {"username":"bob","password":"abc123xyz456"}

If your * command-line tool or SDK requires quotation marks around the parameter, you * should use single quotes to avoid confusion with the double quotes required in * the JSON text.

*/ inline CreateSecretRequest& WithSecretString(const Aws::String& value) { SetSecretString(value); return *this;} /** *

(Optional) Specifies text data that you want to encrypt and store in this new * version of the secret.

Either SecretString or * SecretBinary must have a value, but not both. They cannot both be * empty.

* {"username":"bob","password":"abc123xyz456"}

If your * command-line tool or SDK requires quotation marks around the parameter, you * should use single quotes to avoid confusion with the double quotes required in * the JSON text.

*/ inline CreateSecretRequest& WithSecretString(Aws::String&& value) { SetSecretString(std::move(value)); return *this;} /** *

(Optional) Specifies text data that you want to encrypt and store in this new * version of the secret.

Either SecretString or * SecretBinary must have a value, but not both. They cannot both be * empty.

* {"username":"bob","password":"abc123xyz456"}

If your * command-line tool or SDK requires quotation marks around the parameter, you * should use single quotes to avoid confusion with the double quotes required in * the JSON text.

*/ inline CreateSecretRequest& WithSecretString(const char* value) { SetSecretString(value); return *this;} /** *

(Optional) Specifies a list of user-defined tags that are attached to the * secret. Each tag is a "Key" and "Value" pair of strings. This operation only * appends tags to the existing list of tags. To remove tags, you must use * UntagResource.

Secrets Manager tag key names * are case sensitive. A tag with the key "ABC" is a different tag from one with * key "abc".
If you check tags in IAM policy * Condition elements as part of your security strategy, then adding * or removing a tag can change permissions. If the successful completion of this * operation would result in you losing your permissions for this secret, then this * operation is blocked and returns an Access Denied error.

This parameter requires a JSON text string argument. For * information on how to format a JSON parameter for the various command line tool * environments, see Using * JSON for Parameters in the AWS CLI User Guide. For example:

* [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}] *

If your command-line tool or SDK requires quotation marks around the * parameter, you should use single quotes to avoid confusion with the double * quotes required in the JSON text.