naftiko: 1.0.0-alpha2 info: label: Azure Key Vault Data Plane API — Certificates description: 'Azure Key Vault Data Plane API — Certificates. 10 operations. Lead operation: Azure Key Vault List Certificates. Self-contained Naftiko capability covering one Azure Key Vault business surface.' tags: - Azure Key Vault - Certificates created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: AZURE_KEY_VAULT_API_KEY: AZURE_KEY_VAULT_API_KEY capability: consumes: - type: http namespace: data-plane-certificates baseUri: https://{vaultName}.vault.azure.net description: Azure Key Vault Data Plane API — Certificates business capability. Self-contained, no shared references. resources: - name: certificates path: /certificates operations: - name: certificatesgetcertificates method: GET description: Azure Key Vault List Certificates outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: includePending in: query type: boolean description: Specifies whether to include certificates which are not completely provisioned. - name: certificates-certificate-name path: /certificates/{certificate-name} operations: - name: certificatesdeletecertificate method: DELETE description: Azure Key Vault Delete Certificate outputRawFormat: json outputParameters: - name: result type: object value: $. - name: certificates-certificate-name-create path: /certificates/{certificate-name}/create operations: - name: certificatescreatecertificate method: POST description: Azure Key Vault Create Certificate outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: certificates-certificate-name-import path: /certificates/{certificate-name}/import operations: - name: certificatesimportcertificate method: POST description: Azure Key Vault Import Certificate outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: certificates-certificate-name-pending path: /certificates/{certificate-name}/pending operations: - name: certificatesgetcertificateoperation method: GET description: Azure Key Vault Get Certificate Operation outputRawFormat: json outputParameters: - name: result type: object value: $. - name: certificatesdeletecertificateoperation method: DELETE description: Azure Key Vault Delete Certificate Operation outputRawFormat: json outputParameters: - name: result type: object value: $. - name: certificates-certificate-name-policy path: /certificates/{certificate-name}/policy operations: - name: certificatesgetcertificatepolicy method: GET description: Azure Key Vault Get Certificate Policy outputRawFormat: json outputParameters: - name: result type: object value: $. - name: certificatesupdatecertificatepolicy method: PATCH description: Azure Key Vault Update Certificate Policy outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: certificates-certificate-name-certificate-version path: /certificates/{certificate-name}/{certificate-version} operations: - name: certificatesgetcertificate method: GET description: Azure Key Vault Get Certificate outputRawFormat: json outputParameters: - name: result type: object value: $. - name: certificatesupdatecertificate method: PATCH description: Azure Key Vault Update Certificate outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.AZURE_KEY_VAULT_API_KEY}}' exposes: - type: rest namespace: data-plane-certificates-rest port: 8080 description: REST adapter for Azure Key Vault Data Plane API — Certificates. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/certificates name: certificates description: REST surface for certificates. operations: - method: GET name: certificatesgetcertificates description: Azure Key Vault List Certificates call: data-plane-certificates.certificatesgetcertificates with: includePending: rest.includePending outputParameters: - type: object mapping: $. - path: /v1/certificates/{certificate-name} name: certificates-certificate-name description: REST surface for certificates-certificate-name. operations: - method: DELETE name: certificatesdeletecertificate description: Azure Key Vault Delete Certificate call: data-plane-certificates.certificatesdeletecertificate outputParameters: - type: object mapping: $. - path: /v1/certificates/{certificate-name}/create name: certificates-certificate-name-create description: REST surface for certificates-certificate-name-create. operations: - method: POST name: certificatescreatecertificate description: Azure Key Vault Create Certificate call: data-plane-certificates.certificatescreatecertificate with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/certificates/{certificate-name}/import name: certificates-certificate-name-import description: REST surface for certificates-certificate-name-import. operations: - method: POST name: certificatesimportcertificate description: Azure Key Vault Import Certificate call: data-plane-certificates.certificatesimportcertificate with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/certificates/{certificate-name}/pending name: certificates-certificate-name-pending description: REST surface for certificates-certificate-name-pending. operations: - method: GET name: certificatesgetcertificateoperation description: Azure Key Vault Get Certificate Operation call: data-plane-certificates.certificatesgetcertificateoperation outputParameters: - type: object mapping: $. - method: DELETE name: certificatesdeletecertificateoperation description: Azure Key Vault Delete Certificate Operation call: data-plane-certificates.certificatesdeletecertificateoperation outputParameters: - type: object mapping: $. - path: /v1/certificates/{certificate-name}/policy name: certificates-certificate-name-policy description: REST surface for certificates-certificate-name-policy. operations: - method: GET name: certificatesgetcertificatepolicy description: Azure Key Vault Get Certificate Policy call: data-plane-certificates.certificatesgetcertificatepolicy outputParameters: - type: object mapping: $. - method: PATCH name: certificatesupdatecertificatepolicy description: Azure Key Vault Update Certificate Policy call: data-plane-certificates.certificatesupdatecertificatepolicy with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/certificates/{certificate-name}/{certificate-version} name: certificates-certificate-name-certificate-version description: REST surface for certificates-certificate-name-certificate-version. operations: - method: GET name: certificatesgetcertificate description: Azure Key Vault Get Certificate call: data-plane-certificates.certificatesgetcertificate outputParameters: - type: object mapping: $. - method: PATCH name: certificatesupdatecertificate description: Azure Key Vault Update Certificate call: data-plane-certificates.certificatesupdatecertificate with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: data-plane-certificates-mcp port: 9090 transport: http description: MCP adapter for Azure Key Vault Data Plane API — Certificates. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: azure-key-vault-list-certificates description: Azure Key Vault List Certificates hints: readOnly: true destructive: false idempotent: true call: data-plane-certificates.certificatesgetcertificates with: includePending: tools.includePending outputParameters: - type: object mapping: $. - name: azure-key-vault-delete-certificate description: Azure Key Vault Delete Certificate hints: readOnly: false destructive: true idempotent: true call: data-plane-certificates.certificatesdeletecertificate outputParameters: - type: object mapping: $. - name: azure-key-vault-create-certificate description: Azure Key Vault Create Certificate hints: readOnly: false destructive: false idempotent: false call: data-plane-certificates.certificatescreatecertificate with: body: tools.body outputParameters: - type: object mapping: $. - name: azure-key-vault-import-certificate description: Azure Key Vault Import Certificate hints: readOnly: false destructive: false idempotent: false call: data-plane-certificates.certificatesimportcertificate with: body: tools.body outputParameters: - type: object mapping: $. - name: azure-key-vault-get-certificate description: Azure Key Vault Get Certificate Operation hints: readOnly: true destructive: false idempotent: true call: data-plane-certificates.certificatesgetcertificateoperation outputParameters: - type: object mapping: $. - name: azure-key-vault-delete-certificate-2 description: Azure Key Vault Delete Certificate Operation hints: readOnly: false destructive: true idempotent: true call: data-plane-certificates.certificatesdeletecertificateoperation outputParameters: - type: object mapping: $. - name: azure-key-vault-get-certificate-2 description: Azure Key Vault Get Certificate Policy hints: readOnly: true destructive: false idempotent: true call: data-plane-certificates.certificatesgetcertificatepolicy outputParameters: - type: object mapping: $. - name: azure-key-vault-update-certificate description: Azure Key Vault Update Certificate Policy hints: readOnly: false destructive: false idempotent: true call: data-plane-certificates.certificatesupdatecertificatepolicy with: body: tools.body outputParameters: - type: object mapping: $. - name: azure-key-vault-get-certificate-3 description: Azure Key Vault Get Certificate hints: readOnly: true destructive: false idempotent: true call: data-plane-certificates.certificatesgetcertificate outputParameters: - type: object mapping: $. - name: azure-key-vault-update-certificate-2 description: Azure Key Vault Update Certificate hints: readOnly: false destructive: false idempotent: true call: data-plane-certificates.certificatesupdatecertificate with: body: tools.body outputParameters: - type: object mapping: $.