function Update-SftpPassword {
    <#
.SYNOPSIS
    Updates the password of an Alkami SFTP user.

.DESCRIPTION
    Updates the password of an Alkami SFTP user by updating the Secrets Manager entry for the user.

.PARAMETER Username
    [string] The username of the user to update.  Casing must be an exact match.

.PARAMETER Password
    [string] The new password of the user.  If not provided, one will be generated.

.PARAMETER ProfileName
    [string] The AWS profile to use during user modification.  If not provided, will default to 'temp-prod'.

.PARAMETER Region
    [string] The AWS region to use during user modification.  If not provided, will default to 'us-east-1'.

.EXAMPLE
    Update-SftpPassword -Username "TestUser-sftp"

.EXAMPLE
    Update-SftpPassword -Username "TestUser-sftp" -Password "1nsecure-ShouldHaveUsedGenerated!"
#>

    [CmdletBinding()]
    [OutputType([PSObject])]
    param (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string] $Username,

        [Parameter(Mandatory = $false)]
        [ValidateNotNullOrEmpty()]
        [string] $Password = $null,

        [Parameter(Mandatory = $false)]
        [ValidateSet('temp-qa', 'temp-prod')]
        [string] $ProfileName = 'temp-prod',

        [Parameter(Mandatory = $false)]
        [ValidateScript({ $_ -in (Get-SupportedAwsRegions) })]
        [string] $Region = 'us-east-1'
    )

    $logLead = (Get-LogLeadName)

    Import-AWSModule

    if ( $false -eq $PSBoundParameters.ContainsKey( 'Password' ) ) {

        Write-Verbose "$logLead : Generating password for user."
        $Password = New-SecurePassword -PasswordLength 15 -ProfileName $ProfileName -Region $Region
    }

    $passwordHash = New-SftpPasswordHash -Password $Password

    if ( $null -eq $passwordHash ) {

        Write-Error "$logLead : Unable to generate password hash for SFTP user."
        return $null
    }

    $secretObject = Get-SECSecretValue -SecretId $Username -ProfileName $ProfileName -Region $Region
    if ( $null -eq $secretObject ) {

        Write-Error "$logLead : Unable to retrieve secret for user [$Username] using profile [$ProfileName] and region [$Region]."
        return $null
    }

    $secret = ConvertFrom-Json $secretObject.SecretString
    $secret.Password = $passwordHash
    Update-SECSecret -SecretId $Username -SecretString (ConvertTo-Json $secret) -ProfileName $ProfileName -Region $Region | Out-Null

    return New-Object -TypeName PSObject -Property @{ Username = $Username ; Password = $Password }
}