naftiko: 1.0.0-alpha2 info: label: CyberArk Conjur Secrets Manager API — Policies description: 'CyberArk Conjur Secrets Manager API — Policies. 3 operations. Lead operation: Load policy (additive). Self-contained Naftiko capability covering one Cyberark business surface.' tags: - Cyberark - Policies created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: CYBERARK_API_KEY: CYBERARK_API_KEY capability: consumes: - type: http namespace: conjur-policies baseUri: https://conjur.example.com description: CyberArk Conjur Secrets Manager API — Policies business capability. Self-contained, no shared references. resources: - name: policies-account-policy-identifier path: /policies/{account}/policy/{identifier} operations: - name: loadpolicy method: POST description: Load policy (additive) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: account in: path type: string required: true - name: identifier in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: replacepolicy method: PUT description: Replace policy outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: account in: path type: string required: true - name: identifier in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: updatepolicy method: PATCH description: Update policy (additive without delete) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: account in: path type: string required: true - name: identifier in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.CYBERARK_API_KEY}}' exposes: - type: rest namespace: conjur-policies-rest port: 8080 description: REST adapter for CyberArk Conjur Secrets Manager API — Policies. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/policies/{account}/policy/{identifier} name: policies-account-policy-identifier description: REST surface for policies-account-policy-identifier. operations: - method: POST name: loadpolicy description: Load policy (additive) call: conjur-policies.loadpolicy with: account: rest.account identifier: rest.identifier body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: replacepolicy description: Replace policy call: conjur-policies.replacepolicy with: account: rest.account identifier: rest.identifier body: rest.body outputParameters: - type: object mapping: $. - method: PATCH name: updatepolicy description: Update policy (additive without delete) call: conjur-policies.updatepolicy with: account: rest.account identifier: rest.identifier body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: conjur-policies-mcp port: 9090 transport: http description: MCP adapter for CyberArk Conjur Secrets Manager API — Policies. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: load-policy-additive description: Load policy (additive) hints: readOnly: false destructive: false idempotent: false call: conjur-policies.loadpolicy with: account: tools.account identifier: tools.identifier body: tools.body outputParameters: - type: object mapping: $. - name: replace-policy description: Replace policy hints: readOnly: false destructive: false idempotent: true call: conjur-policies.replacepolicy with: account: tools.account identifier: tools.identifier body: tools.body outputParameters: - type: object mapping: $. - name: update-policy-additive-without-delete description: Update policy (additive without delete) hints: readOnly: false destructive: false idempotent: true call: conjur-policies.updatepolicy with: account: tools.account identifier: tools.identifier body: tools.body outputParameters: - type: object mapping: $.