naftiko: 1.0.0-alpha2 info: label: CyberArk Conjur Secrets Manager API — Secrets description: 'CyberArk Conjur Secrets Manager API — Secrets. 2 operations. Lead operation: Retrieve secret value. Self-contained Naftiko capability covering one Cyberark business surface.' tags: - Cyberark - Secrets created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: CYBERARK_API_KEY: CYBERARK_API_KEY capability: consumes: - type: http namespace: conjur-secrets baseUri: https://conjur.example.com description: CyberArk Conjur Secrets Manager API — Secrets business capability. Self-contained, no shared references. resources: - name: secrets-account-kind-identifier path: /secrets/{account}/{kind}/{identifier} operations: - name: retrievesecret method: GET description: Retrieve secret value outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: account in: path type: string required: true - name: kind in: path type: string required: true - name: identifier in: path type: string required: true - name: version in: query type: integer - name: addsecret method: POST description: Store secret value outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: account in: path type: string required: true - name: kind in: path type: string required: true - name: identifier in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.CYBERARK_API_KEY}}' exposes: - type: rest namespace: conjur-secrets-rest port: 8080 description: REST adapter for CyberArk Conjur Secrets Manager API — Secrets. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/secrets/{account}/{kind}/{identifier} name: secrets-account-kind-identifier description: REST surface for secrets-account-kind-identifier. operations: - method: GET name: retrievesecret description: Retrieve secret value call: conjur-secrets.retrievesecret with: account: rest.account kind: rest.kind identifier: rest.identifier version: rest.version outputParameters: - type: object mapping: $. - method: POST name: addsecret description: Store secret value call: conjur-secrets.addsecret with: account: rest.account kind: rest.kind identifier: rest.identifier body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: conjur-secrets-mcp port: 9090 transport: http description: MCP adapter for CyberArk Conjur Secrets Manager API — Secrets. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: retrieve-secret-value description: Retrieve secret value hints: readOnly: true destructive: false idempotent: true call: conjur-secrets.retrievesecret with: account: tools.account kind: tools.kind identifier: tools.identifier version: tools.version outputParameters: - type: object mapping: $. - name: store-secret-value description: Store secret value hints: readOnly: false destructive: false idempotent: false call: conjur-secrets.addsecret with: account: tools.account kind: tools.kind identifier: tools.identifier body: tools.body outputParameters: - type: object mapping: $.