diff --git a/manifest.json b/manifest.json index 6677d9ad9..e455ec05c 100644 --- a/manifest.json +++ b/manifest.json @@ -1,6 +1,6 @@ { "variables": { - "${LATEST}": "3.316.0" + "${LATEST}": "3.316.4" }, "endpoints": "https://raw.githubusercontent.com/aws/aws-sdk-php/${LATEST}/src/data/endpoints.json", "services": { diff --git a/src/Service/SecretsManager/CHANGELOG.md b/src/Service/SecretsManager/CHANGELOG.md index 73a713801..a3014b6d5 100644 --- a/src/Service/SecretsManager/CHANGELOG.md +++ b/src/Service/SecretsManager/CHANGELOG.md @@ -2,6 +2,10 @@ ## NOT RELEASED +### Changed + +- AWS enhancement: Documentation updates. + ## 2.3.0 ### Added diff --git a/src/Service/SecretsManager/src/Input/UpdateSecretRequest.php b/src/Service/SecretsManager/src/Input/UpdateSecretRequest.php index 8e9c83260..ad35dcb86 100644 --- a/src/Service/SecretsManager/src/Input/UpdateSecretRequest.php +++ b/src/Service/SecretsManager/src/Input/UpdateSecretRequest.php @@ -54,7 +54,7 @@ final class UpdateSecretRequest extends Input /** * The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt new secret versions as well as any * existing versions with the staging labels `AWSCURRENT`, `AWSPENDING`, or `AWSPREVIOUS`. If you don't have - * `kms:Encrypt` permission to the new key, Secrets Manager does not re-ecrypt existing secret versions with the new + * `kms:Encrypt` permission to the new key, Secrets Manager does not re-encrypt existing secret versions with the new * key. For more information about versions and staging labels, see Concepts: Version [^1]. * * A key alias is always prefixed by `alias/`, for example `alias/aws/secretsmanager`. For more information, see About diff --git a/src/Service/SecretsManager/src/SecretsManagerClient.php b/src/Service/SecretsManager/src/SecretsManagerClient.php index 202bdd1a4..0ccb824c1 100644 --- a/src/Service/SecretsManager/src/SecretsManagerClient.php +++ b/src/Service/SecretsManager/src/SecretsManagerClient.php @@ -77,12 +77,17 @@ class SecretsManagerClient extends AbstractApi * To encrypt the secret with a KMS key other than `aws/secretsmanager`, you need `kms:GenerateDataKey` and * `kms:Decrypt` permission to the key. * + * ! When you enter commands in a command shell, there is a risk of the command history being accessed or utilities + * ! having access to your command parameters. This is a concern if the command includes the value of a secret. Learn + * ! how to Mitigate the risks of using command-line tools to store Secrets Manager secrets [^7]. + * * [^1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html * [^2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html * [^3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html * [^4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html * [^5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions * [^6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + * [^7]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security_cli-exposure-risks.html * * @see https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-secretsmanager-2017-10-17.html#createsecret @@ -338,9 +343,14 @@ public function listSecrets($input = []): ListSecretsResponse * **Required permissions: **`secretsmanager:PutSecretValue`. For more information, see IAM policy actions for Secrets * Manager [^2] and Authentication and access control in Secrets Manager [^3]. * + * ! When you enter commands in a command shell, there is a risk of the command history being accessed or utilities + * ! having access to your command parameters. This is a concern if the command includes the value of a secret. Learn + * ! how to Mitigate the risks of using command-line tools to store Secrets Manager secrets [^4]. + * * [^1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html * [^2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions * [^3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + * [^4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security_cli-exposure-risks.html * * @see https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_PutSecretValue.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-secretsmanager-2017-10-17.html#putsecretvalue @@ -411,14 +421,19 @@ public function putSecretValue($input): PutSecretValueResponse * **Required permissions: **`secretsmanager:UpdateSecret`. For more information, see IAM policy actions for Secrets * Manager [^3] and Authentication and access control in Secrets Manager [^4]. If you use a customer managed key, you * must also have `kms:GenerateDataKey`, `kms:Encrypt`, and `kms:Decrypt` permissions on the key. If you change the KMS - * key and you don't have `kms:Encrypt` permission to the new key, Secrets Manager does not re-ecrypt existing secret + * key and you don't have `kms:Encrypt` permission to the new key, Secrets Manager does not re-encrypt existing secret * versions with the new key. For more information, see Secret encryption and decryption [^5]. * + * ! When you enter commands in a command shell, there is a risk of the command history being accessed or utilities + * ! having access to your command parameters. This is a concern if the command includes the value of a secret. Learn + * ! how to Mitigate the risks of using command-line tools to store Secrets Manager secrets [^6]. + * * [^1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html * [^2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html * [^3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions * [^4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html * [^5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html + * [^6]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security_cli-exposure-risks.html * * @see https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UpdateSecret.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-secretsmanager-2017-10-17.html#updatesecret diff --git a/src/Service/Sso/CHANGELOG.md b/src/Service/Sso/CHANGELOG.md index 098b16bdc..a6ed422f7 100644 --- a/src/Service/Sso/CHANGELOG.md +++ b/src/Service/Sso/CHANGELOG.md @@ -2,6 +2,10 @@ ## NOT RELEASED +### Added + +- AWS api-change: TODO + ## 1.2.1 ### Changed diff --git a/src/Service/Sso/composer.json b/src/Service/Sso/composer.json index 74d439403..60d5b27d3 100644 --- a/src/Service/Sso/composer.json +++ b/src/Service/Sso/composer.json @@ -26,7 +26,7 @@ }, "extra": { "branch-alias": { - "dev-master": "1.2-dev" + "dev-master": "1.3-dev" } } } diff --git a/src/Service/Sso/src/SsoClient.php b/src/Service/Sso/src/SsoClient.php index 8b7cd1cca..4d83843b8 100644 --- a/src/Service/Sso/src/SsoClient.php +++ b/src/Service/Sso/src/SsoClient.php @@ -72,6 +72,7 @@ protected function getEndpointMetadata(?string $region): array case 'ap-southeast-3': case 'ap-southeast-4': case 'ca-central-1': + case 'ca-west-1': case 'eu-central-1': case 'eu-central-2': case 'eu-north-1':