naftiko: 1.0.0-alpha2 info: label: Azure Key Vault Data Plane API — Secrets description: 'Azure Key Vault Data Plane API — Secrets. 8 operations. Lead operation: Azure Key Vault List Secrets. Self-contained Naftiko capability covering one Azure Key Vault business surface.' tags: - Azure Key Vault - Secrets created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: AZURE_KEY_VAULT_API_KEY: AZURE_KEY_VAULT_API_KEY capability: consumes: - type: http namespace: data-plane-secrets baseUri: https://{vaultName}.vault.azure.net description: Azure Key Vault Data Plane API — Secrets business capability. Self-contained, no shared references. resources: - name: secrets path: /secrets operations: - name: secretsgetsecrets method: GET description: Azure Key Vault List Secrets outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secrets-restore path: /secrets/restore operations: - name: secretsrestoresecret method: POST description: Azure Key Vault Restore Secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: secrets-secret-name path: /secrets/{secret-name} operations: - name: secretssetsecret method: PUT description: Azure Key Vault Set Secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: secretsdeletesecret method: DELETE description: Azure Key Vault Delete Secret outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secrets-secret-name-backup path: /secrets/{secret-name}/backup operations: - name: secretsbackupsecret method: POST description: Azure Key Vault Backup Secret outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secrets-secret-name-versions path: /secrets/{secret-name}/versions operations: - name: secretsgetsecretversions method: GET description: Azure Key Vault List Secret Versions outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secrets-secret-name-secret-version path: /secrets/{secret-name}/{secret-version} operations: - name: secretsgetsecret method: GET description: Azure Key Vault Get Secret outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secretsupdatesecret method: PATCH description: Azure Key Vault Update Secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.AZURE_KEY_VAULT_API_KEY}}' exposes: - type: rest namespace: data-plane-secrets-rest port: 8080 description: REST adapter for Azure Key Vault Data Plane API — Secrets. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/secrets name: secrets description: REST surface for secrets. operations: - method: GET name: secretsgetsecrets description: Azure Key Vault List Secrets call: data-plane-secrets.secretsgetsecrets outputParameters: - type: object mapping: $. - path: /v1/secrets/restore name: secrets-restore description: REST surface for secrets-restore. operations: - method: POST name: secretsrestoresecret description: Azure Key Vault Restore Secret call: data-plane-secrets.secretsrestoresecret with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/secrets/{secret-name} name: secrets-secret-name description: REST surface for secrets-secret-name. operations: - method: PUT name: secretssetsecret description: Azure Key Vault Set Secret call: data-plane-secrets.secretssetsecret with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: secretsdeletesecret description: Azure Key Vault Delete Secret call: data-plane-secrets.secretsdeletesecret outputParameters: - type: object mapping: $. - path: /v1/secrets/{secret-name}/backup name: secrets-secret-name-backup description: REST surface for secrets-secret-name-backup. operations: - method: POST name: secretsbackupsecret description: Azure Key Vault Backup Secret call: data-plane-secrets.secretsbackupsecret outputParameters: - type: object mapping: $. - path: /v1/secrets/{secret-name}/versions name: secrets-secret-name-versions description: REST surface for secrets-secret-name-versions. operations: - method: GET name: secretsgetsecretversions description: Azure Key Vault List Secret Versions call: data-plane-secrets.secretsgetsecretversions outputParameters: - type: object mapping: $. - path: /v1/secrets/{secret-name}/{secret-version} name: secrets-secret-name-secret-version description: REST surface for secrets-secret-name-secret-version. operations: - method: GET name: secretsgetsecret description: Azure Key Vault Get Secret call: data-plane-secrets.secretsgetsecret outputParameters: - type: object mapping: $. - method: PATCH name: secretsupdatesecret description: Azure Key Vault Update Secret call: data-plane-secrets.secretsupdatesecret with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: data-plane-secrets-mcp port: 9090 transport: http description: MCP adapter for Azure Key Vault Data Plane API — Secrets. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: azure-key-vault-list-secrets description: Azure Key Vault List Secrets hints: readOnly: true destructive: false idempotent: true call: data-plane-secrets.secretsgetsecrets outputParameters: - type: object mapping: $. - name: azure-key-vault-restore-secret description: Azure Key Vault Restore Secret hints: readOnly: false destructive: false idempotent: false call: data-plane-secrets.secretsrestoresecret with: body: tools.body outputParameters: - type: object mapping: $. - name: azure-key-vault-set-secret description: Azure Key Vault Set Secret hints: readOnly: false destructive: false idempotent: true call: data-plane-secrets.secretssetsecret with: body: tools.body outputParameters: - type: object mapping: $. - name: azure-key-vault-delete-secret description: Azure Key Vault Delete Secret hints: readOnly: false destructive: true idempotent: true call: data-plane-secrets.secretsdeletesecret outputParameters: - type: object mapping: $. - name: azure-key-vault-backup-secret description: Azure Key Vault Backup Secret hints: readOnly: false destructive: false idempotent: false call: data-plane-secrets.secretsbackupsecret outputParameters: - type: object mapping: $. - name: azure-key-vault-list-secret description: Azure Key Vault List Secret Versions hints: readOnly: true destructive: false idempotent: true call: data-plane-secrets.secretsgetsecretversions outputParameters: - type: object mapping: $. - name: azure-key-vault-get-secret description: Azure Key Vault Get Secret hints: readOnly: true destructive: false idempotent: true call: data-plane-secrets.secretsgetsecret outputParameters: - type: object mapping: $. - name: azure-key-vault-update-secret description: Azure Key Vault Update Secret hints: readOnly: false destructive: false idempotent: true call: data-plane-secrets.secretsupdatesecret with: body: tools.body outputParameters: - type: object mapping: $.