naftiko: 1.0.0-alpha2 info: label: Google Cloud Secret Manager API description: The Secret Manager API enables creating, managing, and accessing secrets and their versions, providing secure storage for sensitive configuration data and credentials. tags: - Google - Cloud - Secret - Manager - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: google-cloud-secret-manager baseUri: https://secretmanager.googleapis.com/v1 description: Google Cloud Secret Manager API HTTP API. authentication: type: bearer token: '{{GOOGLE_CLOUD_SECRET_MANAGER_TOKEN}}' resources: - name: projects-projectid-secrets path: /projects/{projectId}/secrets operations: - name: listsecrets method: GET description: Google Cloud Secret Manager List secrets inputParameters: - name: projectId in: path type: string required: true - name: pageSize in: query type: integer - name: pageToken in: query type: string - name: filter in: query type: string outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createsecret method: POST description: Google Cloud Secret Manager Create a secret inputParameters: - name: projectId in: path type: string required: true - name: secretId in: query type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-secrets-secretid path: /projects/{projectId}/secrets/{secretId} operations: - name: getsecret method: GET description: Google Cloud Secret Manager Get a secret inputParameters: - name: projectId in: path type: string required: true - name: secretId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatesecret method: PATCH description: Google Cloud Secret Manager Update a secret inputParameters: - name: projectId in: path type: string required: true - name: secretId in: path type: string required: true - name: updateMask in: query type: string outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletesecret method: DELETE description: Google Cloud Secret Manager Delete a secret inputParameters: - name: projectId in: path type: string required: true - name: secretId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-secrets-secretid-addversion path: /projects/{projectId}/secrets/{secretId}:addVersion operations: - name: addsecretversion method: POST description: Google Cloud Secret Manager Add a secret version inputParameters: - name: projectId in: path type: string required: true - name: secretId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-secrets-secretid-versions path: /projects/{projectId}/secrets/{secretId}/versions operations: - name: listsecretversions method: GET description: Google Cloud Secret Manager List secret versions inputParameters: - name: projectId in: path type: string required: true - name: secretId in: path type: string required: true - name: pageSize in: query type: integer - name: pageToken in: query type: string outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-secrets-secretid-versions-ver path: /projects/{projectId}/secrets/{secretId}/versions/{versionId}:access operations: - name: accesssecretversion method: GET description: Google Cloud Secret Manager Access a secret version inputParameters: - name: projectId in: path type: string required: true - name: secretId in: path type: string required: true - name: versionId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-secrets-secretid-versions-ver path: /projects/{projectId}/secrets/{secretId}/versions/{versionId}:destroy operations: - name: destroysecretversion method: POST description: Google Cloud Secret Manager Destroy a secret version inputParameters: - name: projectId in: path type: string required: true - name: secretId in: path type: string required: true - name: versionId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: google-cloud-secret-manager-rest description: REST adapter for Google Cloud Secret Manager API. resources: - path: /projects/{projectId}/secrets name: listsecrets operations: - method: GET name: listsecrets description: Google Cloud Secret Manager List secrets call: google-cloud-secret-manager.listsecrets with: projectId: rest.projectId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/secrets name: createsecret operations: - method: POST name: createsecret description: Google Cloud Secret Manager Create a secret call: google-cloud-secret-manager.createsecret with: projectId: rest.projectId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/secrets/{secretId} name: getsecret operations: - method: GET name: getsecret description: Google Cloud Secret Manager Get a secret call: google-cloud-secret-manager.getsecret with: projectId: rest.projectId secretId: rest.secretId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/secrets/{secretId} name: updatesecret operations: - method: PATCH name: updatesecret description: Google Cloud Secret Manager Update a secret call: google-cloud-secret-manager.updatesecret with: projectId: rest.projectId secretId: rest.secretId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/secrets/{secretId} name: deletesecret operations: - method: DELETE name: deletesecret description: Google Cloud Secret Manager Delete a secret call: google-cloud-secret-manager.deletesecret with: projectId: rest.projectId secretId: rest.secretId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/secrets/{secretId}:addVersion name: addsecretversion operations: - method: POST name: addsecretversion description: Google Cloud Secret Manager Add a secret version call: google-cloud-secret-manager.addsecretversion with: projectId: rest.projectId secretId: rest.secretId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/secrets/{secretId}/versions name: listsecretversions operations: - method: GET name: listsecretversions description: Google Cloud Secret Manager List secret versions call: google-cloud-secret-manager.listsecretversions with: projectId: rest.projectId secretId: rest.secretId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/secrets/{secretId}/versions/{versionId}:access name: accesssecretversion operations: - method: GET name: accesssecretversion description: Google Cloud Secret Manager Access a secret version call: google-cloud-secret-manager.accesssecretversion with: projectId: rest.projectId secretId: rest.secretId versionId: rest.versionId outputParameters: - type: object mapping: $. - path: /projects/{projectId}/secrets/{secretId}/versions/{versionId}:destroy name: destroysecretversion operations: - method: POST name: destroysecretversion description: Google Cloud Secret Manager Destroy a secret version call: google-cloud-secret-manager.destroysecretversion with: projectId: rest.projectId secretId: rest.secretId versionId: rest.versionId outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: google-cloud-secret-manager-mcp transport: http description: MCP adapter for Google Cloud Secret Manager API for AI agent use. tools: - name: listsecrets description: Google Cloud Secret Manager List secrets hints: readOnly: true destructive: false idempotent: true call: google-cloud-secret-manager.listsecrets with: projectId: tools.projectId pageSize: tools.pageSize pageToken: tools.pageToken filter: tools.filter inputParameters: - name: projectId type: string description: projectId required: true - name: pageSize type: integer description: pageSize - name: pageToken type: string description: pageToken - name: filter type: string description: filter outputParameters: - type: object mapping: $. - name: createsecret description: Google Cloud Secret Manager Create a secret hints: readOnly: false destructive: false idempotent: false call: google-cloud-secret-manager.createsecret with: projectId: tools.projectId secretId: tools.secretId inputParameters: - name: projectId type: string description: projectId required: true - name: secretId type: string description: secretId required: true outputParameters: - type: object mapping: $. - name: getsecret description: Google Cloud Secret Manager Get a secret hints: readOnly: true destructive: false idempotent: true call: google-cloud-secret-manager.getsecret with: projectId: tools.projectId secretId: tools.secretId inputParameters: - name: projectId type: string description: projectId required: true - name: secretId type: string description: secretId required: true outputParameters: - type: object mapping: $. - name: updatesecret description: Google Cloud Secret Manager Update a secret hints: readOnly: false destructive: false idempotent: false call: google-cloud-secret-manager.updatesecret with: projectId: tools.projectId secretId: tools.secretId updateMask: tools.updateMask inputParameters: - name: projectId type: string description: projectId required: true - name: secretId type: string description: secretId required: true - name: updateMask type: string description: updateMask outputParameters: - type: object mapping: $. - name: deletesecret description: Google Cloud Secret Manager Delete a secret hints: readOnly: false destructive: true idempotent: true call: google-cloud-secret-manager.deletesecret with: projectId: tools.projectId secretId: tools.secretId inputParameters: - name: projectId type: string description: projectId required: true - name: secretId type: string description: secretId required: true outputParameters: - type: object mapping: $. - name: addsecretversion description: Google Cloud Secret Manager Add a secret version hints: readOnly: false destructive: false idempotent: false call: google-cloud-secret-manager.addsecretversion with: projectId: tools.projectId secretId: tools.secretId inputParameters: - name: projectId type: string description: projectId required: true - name: secretId type: string description: secretId required: true outputParameters: - type: object mapping: $. - name: listsecretversions description: Google Cloud Secret Manager List secret versions hints: readOnly: true destructive: false idempotent: true call: google-cloud-secret-manager.listsecretversions with: projectId: tools.projectId secretId: tools.secretId pageSize: tools.pageSize pageToken: tools.pageToken inputParameters: - name: projectId type: string description: projectId required: true - name: secretId type: string description: secretId required: true - name: pageSize type: integer description: pageSize - name: pageToken type: string description: pageToken outputParameters: - type: object mapping: $. - name: accesssecretversion description: Google Cloud Secret Manager Access a secret version hints: readOnly: true destructive: false idempotent: true call: google-cloud-secret-manager.accesssecretversion with: projectId: tools.projectId secretId: tools.secretId versionId: tools.versionId inputParameters: - name: projectId type: string description: projectId required: true - name: secretId type: string description: secretId required: true - name: versionId type: string description: versionId required: true outputParameters: - type: object mapping: $. - name: destroysecretversion description: Google Cloud Secret Manager Destroy a secret version hints: readOnly: false destructive: false idempotent: false call: google-cloud-secret-manager.destroysecretversion with: projectId: tools.projectId secretId: tools.secretId versionId: tools.versionId inputParameters: - name: projectId type: string description: projectId required: true - name: secretId type: string description: secretId required: true - name: versionId type: string description: versionId required: true outputParameters: - type: object mapping: $. binds: - namespace: env keys: GOOGLE_CLOUD_SECRET_MANAGER_TOKEN: GOOGLE_CLOUD_SECRET_MANAGER_TOKEN