naftiko: 1.0.0-alpha2 info: label: Amazon KMS API — Cryptographic Operations description: 'Amazon KMS API — Cryptographic Operations. 5 operations. Lead operation: Amazon KMS Decrypt. Self-contained Naftiko capability covering one Amazon Kms business surface.' tags: - Amazon Kms - Cryptographic Operations created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: AMAZON_KMS_API_KEY: AMAZON_KMS_API_KEY capability: consumes: - type: http namespace: amazon-kms-cryptographic-operations baseUri: https://kms.us-east-1.amazonaws.com description: Amazon KMS API — Cryptographic Operations business capability. Self-contained, no shared references. resources: - name: decrypt path: /decrypt operations: - name: decrypt method: POST description: Amazon KMS Decrypt outputRawFormat: json outputParameters: - name: result type: object value: $. - name: keys-KeyId-data-key path: /keys/{KeyId}/data-key operations: - name: generatedatakey method: POST description: Amazon KMS Generate Data Key outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: KeyId in: path type: string description: Identifies the KMS key. required: true - name: keys-KeyId-encrypt path: /keys/{KeyId}/encrypt operations: - name: encrypt method: POST description: Amazon KMS Encrypt outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: KeyId in: path type: string description: Identifies the KMS key. required: true - name: keys-KeyId-sign path: /keys/{KeyId}/sign operations: - name: sign method: POST description: Amazon KMS Sign outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: KeyId in: path type: string description: Identifies the KMS key. required: true - name: keys-KeyId-verify path: /keys/{KeyId}/verify operations: - name: verify method: POST description: Amazon KMS Verify outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: KeyId in: path type: string description: Identifies the KMS key. required: true authentication: type: apikey key: Authorization value: '{{env.AMAZON_KMS_API_KEY}}' placement: header exposes: - type: rest namespace: amazon-kms-cryptographic-operations-rest port: 8080 description: REST adapter for Amazon KMS API — Cryptographic Operations. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/decrypt name: decrypt description: REST surface for decrypt. operations: - method: POST name: decrypt description: Amazon KMS Decrypt call: amazon-kms-cryptographic-operations.decrypt outputParameters: - type: object mapping: $. - path: /v1/keys/{keyid}/data-key name: keys-keyid-data-key description: REST surface for keys-KeyId-data-key. operations: - method: POST name: generatedatakey description: Amazon KMS Generate Data Key call: amazon-kms-cryptographic-operations.generatedatakey with: KeyId: rest.KeyId outputParameters: - type: object mapping: $. - path: /v1/keys/{keyid}/encrypt name: keys-keyid-encrypt description: REST surface for keys-KeyId-encrypt. operations: - method: POST name: encrypt description: Amazon KMS Encrypt call: amazon-kms-cryptographic-operations.encrypt with: KeyId: rest.KeyId outputParameters: - type: object mapping: $. - path: /v1/keys/{keyid}/sign name: keys-keyid-sign description: REST surface for keys-KeyId-sign. operations: - method: POST name: sign description: Amazon KMS Sign call: amazon-kms-cryptographic-operations.sign with: KeyId: rest.KeyId outputParameters: - type: object mapping: $. - path: /v1/keys/{keyid}/verify name: keys-keyid-verify description: REST surface for keys-KeyId-verify. operations: - method: POST name: verify description: Amazon KMS Verify call: amazon-kms-cryptographic-operations.verify with: KeyId: rest.KeyId outputParameters: - type: object mapping: $. - type: mcp namespace: amazon-kms-cryptographic-operations-mcp port: 9090 transport: http description: MCP adapter for Amazon KMS API — Cryptographic Operations. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: amazon-kms-decrypt description: Amazon KMS Decrypt hints: readOnly: false destructive: false idempotent: false call: amazon-kms-cryptographic-operations.decrypt outputParameters: - type: object mapping: $. - name: amazon-kms-generate-data-key description: Amazon KMS Generate Data Key hints: readOnly: false destructive: false idempotent: false call: amazon-kms-cryptographic-operations.generatedatakey with: KeyId: tools.KeyId outputParameters: - type: object mapping: $. - name: amazon-kms-encrypt description: Amazon KMS Encrypt hints: readOnly: false destructive: false idempotent: false call: amazon-kms-cryptographic-operations.encrypt with: KeyId: tools.KeyId outputParameters: - type: object mapping: $. - name: amazon-kms-sign description: Amazon KMS Sign hints: readOnly: false destructive: false idempotent: false call: amazon-kms-cryptographic-operations.sign with: KeyId: tools.KeyId outputParameters: - type: object mapping: $. - name: amazon-kms-verify description: Amazon KMS Verify hints: readOnly: false destructive: false idempotent: false call: amazon-kms-cryptographic-operations.verify with: KeyId: tools.KeyId outputParameters: - type: object mapping: $.