naftiko: 1.0.0-alpha2 info: label: HashiCorp Vault HTTP API description: The Vault HTTP API provides full access to Vault functionality via HTTP. Every aspect of Vault can be controlled via this API including secrets management, authentication, system configuration, identity, and policy management. tags: - Hashicorp - Vault - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: hashicorp-vault baseUri: https://127.0.0.1:8200/v1 description: HashiCorp Vault HTTP API HTTP API. authentication: type: apikey in: header name: X-Vault-Token value: '{{HASHICORP_VAULT_TOKEN}}' resources: - name: sys-init path: /sys/init operations: - name: getinitstatus method: GET description: Check initialization status outputRawFormat: json outputParameters: - name: result type: object value: $. - name: initialize method: PUT description: Initialize Vault outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-seal-status path: /sys/seal-status operations: - name: getsealstatus method: GET description: Check seal status outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-seal path: /sys/seal operations: - name: seal method: PUT description: Seal the Vault outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-unseal path: /sys/unseal operations: - name: unseal method: PUT description: Submit an unseal key outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-health path: /sys/health operations: - name: gethealth method: GET description: Health status inputParameters: - name: standbyok in: query type: boolean description: Return 200 for standby nodes too - name: activecode in: query type: integer description: Custom status code for active node - name: standbycode in: query type: integer description: Custom status code for standby node - name: sealedcode in: query type: integer description: Custom status code for sealed node - name: uninitcode in: query type: integer description: Custom status code for uninitialized node outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-mounts path: /sys/mounts operations: - name: listsecretengines method: GET description: List mounted secrets engines outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-mounts-path path: /sys/mounts/{path} operations: - name: enablesecretengine method: POST description: Enable a secrets engine inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: disablesecretengine method: DELETE description: Disable a secrets engine inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-auth path: /sys/auth operations: - name: listauthmethods method: GET description: List auth methods outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-auth-path path: /sys/auth/{path} operations: - name: enableauthmethod method: POST description: Enable an auth method inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: disableauthmethod method: DELETE description: Disable an auth method inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-policies-acl path: /sys/policies/acl operations: - name: listaclpolicies method: GET description: List ACL policies outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-policies-acl-name path: /sys/policies/acl/{name} operations: - name: getaclpolicy method: GET description: Read an ACL policy inputParameters: - name: name in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createaclpolicy method: PUT description: Create or update an ACL policy inputParameters: - name: name in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteaclpolicy method: DELETE description: Delete an ACL policy inputParameters: - name: name in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-audit path: /sys/audit operations: - name: listauditdevices method: GET description: List audit devices outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-audit-path path: /sys/audit/{path} operations: - name: enableauditdevice method: PUT description: Enable an audit device inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: disableauditdevice method: DELETE description: Disable an audit device inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-leases-lookup path: /sys/leases/lookup operations: - name: lookuplease method: PUT description: Lookup a lease outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-leases-renew path: /sys/leases/renew operations: - name: renewlease method: PUT description: Renew a lease outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-leases-revoke path: /sys/leases/revoke operations: - name: revokelease method: PUT description: Revoke a lease outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-create path: /auth/token/create operations: - name: createtoken method: POST description: Create a token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-lookup path: /auth/token/lookup operations: - name: lookuptoken method: POST description: Lookup a token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-lookup-self path: /auth/token/lookup-self operations: - name: lookupselftoken method: GET description: Lookup own token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-renew path: /auth/token/renew operations: - name: renewtoken method: POST description: Renew a token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-renew-self path: /auth/token/renew-self operations: - name: renewselftoken method: POST description: Renew own token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-revoke path: /auth/token/revoke operations: - name: revoketoken method: POST description: Revoke a token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-revoke-self path: /auth/token/revoke-self operations: - name: revokeselftoken method: POST description: Revoke own token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-userpass-login-username path: /auth/userpass/login/{username} operations: - name: loginuserpass method: POST description: Login with username and password inputParameters: - name: username in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-approle-login path: /auth/approle/login operations: - name: loginapprole method: POST description: Login with AppRole outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secret-data-path path: /secret/data/{path} operations: - name: readkvsecret method: GET description: Read KV secret (v2) inputParameters: - name: path in: path type: string required: true - name: version in: query type: integer description: Specific version to read outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createkvsecret method: POST description: Create or update KV secret (v2) inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletekvsecretlatest method: DELETE description: Delete latest version of KV secret inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secret-metadata-path path: /secret/metadata/{path} operations: - name: getkvmetadata method: GET description: Read KV secret metadata inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletekvmetadata method: DELETE description: Delete all versions and metadata inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secret-delete-path path: /secret/delete/{path} operations: - name: deletekvsecretversions method: POST description: Delete specific versions of KV secret inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secret-undelete-path path: /secret/undelete/{path} operations: - name: undeletekvsecretversions method: POST description: Undelete versions of KV secret inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: secret-destroy-path path: /secret/destroy/{path} operations: - name: destroykvsecretversions method: POST description: Permanently destroy versions inputParameters: - name: path in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: transit-encrypt-name path: /transit/encrypt/{name} operations: - name: transitencrypt method: POST description: Encrypt data inputParameters: - name: name in: path type: string required: true description: Name of the encryption key outputRawFormat: json outputParameters: - name: result type: object value: $. - name: transit-decrypt-name path: /transit/decrypt/{name} operations: - name: transitdecrypt method: POST description: Decrypt data inputParameters: - name: name in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: transit-keys-name path: /transit/keys/{name} operations: - name: createtransitkey method: POST description: Create an encryption key inputParameters: - name: name in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: gettransitkey method: GET description: Read an encryption key inputParameters: - name: name in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletetransitkey method: DELETE description: Delete an encryption key inputParameters: - name: name in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: identity-entity path: /identity/entity operations: - name: createentity method: POST description: Create an identity entity outputRawFormat: json outputParameters: - name: result type: object value: $. - name: identity-entity-id-id path: /identity/entity/id/{id} operations: - name: getentity method: GET description: Read an entity by ID inputParameters: - name: id in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateentity method: POST description: Update an entity inputParameters: - name: id in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteentity method: DELETE description: Delete an entity inputParameters: - name: id in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-generate-root-attempt path: /sys/generate-root/attempt operations: - name: getrootgenerationprogress method: GET description: Read root generation progress outputRawFormat: json outputParameters: - name: result type: object value: $. - name: startrootgeneration method: PUT description: Start root token generation outputRawFormat: json outputParameters: - name: result type: object value: $. - name: cancelrootgeneration method: DELETE description: Cancel root token generation outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-leader path: /sys/leader operations: - name: getleader method: GET description: Get leader information outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-wrapping-wrap path: /sys/wrapping/wrap operations: - name: wrap method: POST description: Wrap data inputParameters: - name: X-Vault-Wrap-TTL in: header type: string required: true description: TTL for the wrapping token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-wrapping-unwrap path: /sys/wrapping/unwrap operations: - name: unwrap method: POST description: Unwrap data outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: hashicorp-vault-rest description: REST adapter for HashiCorp Vault HTTP API. resources: - path: /sys/init name: getinitstatus operations: - method: GET name: getinitstatus description: Check initialization status call: hashicorp-vault.getinitstatus outputParameters: - type: object mapping: $. - path: /sys/init name: initialize operations: - method: PUT name: initialize description: Initialize Vault call: hashicorp-vault.initialize outputParameters: - type: object mapping: $. - path: /sys/seal-status name: getsealstatus operations: - method: GET name: getsealstatus description: Check seal status call: hashicorp-vault.getsealstatus outputParameters: - type: object mapping: $. - path: /sys/seal name: seal operations: - method: PUT name: seal description: Seal the Vault call: hashicorp-vault.seal outputParameters: - type: object mapping: $. - path: /sys/unseal name: unseal operations: - method: PUT name: unseal description: Submit an unseal key call: hashicorp-vault.unseal outputParameters: - type: object mapping: $. - path: /sys/health name: gethealth operations: - method: GET name: gethealth description: Health status call: hashicorp-vault.gethealth outputParameters: - type: object mapping: $. - path: /sys/mounts name: listsecretengines operations: - method: GET name: listsecretengines description: List mounted secrets engines call: hashicorp-vault.listsecretengines outputParameters: - type: object mapping: $. - path: /sys/mounts/{path} name: enablesecretengine operations: - method: POST name: enablesecretengine description: Enable a secrets engine call: hashicorp-vault.enablesecretengine with: path: rest.path outputParameters: - type: object mapping: $. - path: /sys/mounts/{path} name: disablesecretengine operations: - method: DELETE name: disablesecretengine description: Disable a secrets engine call: hashicorp-vault.disablesecretengine with: path: rest.path outputParameters: - type: object mapping: $. - path: /sys/auth name: listauthmethods operations: - method: GET name: listauthmethods description: List auth methods call: hashicorp-vault.listauthmethods outputParameters: - type: object mapping: $. - path: /sys/auth/{path} name: enableauthmethod operations: - method: POST name: enableauthmethod description: Enable an auth method call: hashicorp-vault.enableauthmethod with: path: rest.path outputParameters: - type: object mapping: $. - path: /sys/auth/{path} name: disableauthmethod operations: - method: DELETE name: disableauthmethod description: Disable an auth method call: hashicorp-vault.disableauthmethod with: path: rest.path outputParameters: - type: object mapping: $. - path: /sys/policies/acl name: listaclpolicies operations: - method: GET name: listaclpolicies description: List ACL policies call: hashicorp-vault.listaclpolicies outputParameters: - type: object mapping: $. - path: /sys/policies/acl/{name} name: getaclpolicy operations: - method: GET name: getaclpolicy description: Read an ACL policy call: hashicorp-vault.getaclpolicy with: name: rest.name outputParameters: - type: object mapping: $. - path: /sys/policies/acl/{name} name: createaclpolicy operations: - method: PUT name: createaclpolicy description: Create or update an ACL policy call: hashicorp-vault.createaclpolicy with: name: rest.name outputParameters: - type: object mapping: $. - path: /sys/policies/acl/{name} name: deleteaclpolicy operations: - method: DELETE name: deleteaclpolicy description: Delete an ACL policy call: hashicorp-vault.deleteaclpolicy with: name: rest.name outputParameters: - type: object mapping: $. - path: /sys/audit name: listauditdevices operations: - method: GET name: listauditdevices description: List audit devices call: hashicorp-vault.listauditdevices outputParameters: - type: object mapping: $. - path: /sys/audit/{path} name: enableauditdevice operations: - method: PUT name: enableauditdevice description: Enable an audit device call: hashicorp-vault.enableauditdevice with: path: rest.path outputParameters: - type: object mapping: $. - path: /sys/audit/{path} name: disableauditdevice operations: - method: DELETE name: disableauditdevice description: Disable an audit device call: hashicorp-vault.disableauditdevice with: path: rest.path outputParameters: - type: object mapping: $. - path: /sys/leases/lookup name: lookuplease operations: - method: PUT name: lookuplease description: Lookup a lease call: hashicorp-vault.lookuplease outputParameters: - type: object mapping: $. - path: /sys/leases/renew name: renewlease operations: - method: PUT name: renewlease description: Renew a lease call: hashicorp-vault.renewlease outputParameters: - type: object mapping: $. - path: /sys/leases/revoke name: revokelease operations: - method: PUT name: revokelease description: Revoke a lease call: hashicorp-vault.revokelease outputParameters: - type: object mapping: $. - path: /auth/token/create name: createtoken operations: - method: POST name: createtoken description: Create a token call: hashicorp-vault.createtoken outputParameters: - type: object mapping: $. - path: /auth/token/lookup name: lookuptoken operations: - method: POST name: lookuptoken description: Lookup a token call: hashicorp-vault.lookuptoken outputParameters: - type: object mapping: $. - path: /auth/token/lookup-self name: lookupselftoken operations: - method: GET name: lookupselftoken description: Lookup own token call: hashicorp-vault.lookupselftoken outputParameters: - type: object mapping: $. - path: /auth/token/renew name: renewtoken operations: - method: POST name: renewtoken description: Renew a token call: hashicorp-vault.renewtoken outputParameters: - type: object mapping: $. - path: /auth/token/renew-self name: renewselftoken operations: - method: POST name: renewselftoken description: Renew own token call: hashicorp-vault.renewselftoken outputParameters: - type: object mapping: $. - path: /auth/token/revoke name: revoketoken operations: - method: POST name: revoketoken description: Revoke a token call: hashicorp-vault.revoketoken outputParameters: - type: object mapping: $. - path: /auth/token/revoke-self name: revokeselftoken operations: - method: POST name: revokeselftoken description: Revoke own token call: hashicorp-vault.revokeselftoken outputParameters: - type: object mapping: $. - path: /auth/userpass/login/{username} name: loginuserpass operations: - method: POST name: loginuserpass description: Login with username and password call: hashicorp-vault.loginuserpass with: username: rest.username outputParameters: - type: object mapping: $. - path: /auth/approle/login name: loginapprole operations: - method: POST name: loginapprole description: Login with AppRole call: hashicorp-vault.loginapprole outputParameters: - type: object mapping: $. - path: /secret/data/{path} name: readkvsecret operations: - method: GET name: readkvsecret description: Read KV secret (v2) call: hashicorp-vault.readkvsecret with: path: rest.path outputParameters: - type: object mapping: $. - path: /secret/data/{path} name: createkvsecret operations: - method: POST name: createkvsecret description: Create or update KV secret (v2) call: hashicorp-vault.createkvsecret with: path: rest.path outputParameters: - type: object mapping: $. - path: /secret/data/{path} name: deletekvsecretlatest operations: - method: DELETE name: deletekvsecretlatest description: Delete latest version of KV secret call: hashicorp-vault.deletekvsecretlatest with: path: rest.path outputParameters: - type: object mapping: $. - path: /secret/metadata/{path} name: getkvmetadata operations: - method: GET name: getkvmetadata description: Read KV secret metadata call: hashicorp-vault.getkvmetadata with: path: rest.path outputParameters: - type: object mapping: $. - path: /secret/metadata/{path} name: deletekvmetadata operations: - method: DELETE name: deletekvmetadata description: Delete all versions and metadata call: hashicorp-vault.deletekvmetadata with: path: rest.path outputParameters: - type: object mapping: $. - path: /secret/delete/{path} name: deletekvsecretversions operations: - method: POST name: deletekvsecretversions description: Delete specific versions of KV secret call: hashicorp-vault.deletekvsecretversions with: path: rest.path outputParameters: - type: object mapping: $. - path: /secret/undelete/{path} name: undeletekvsecretversions operations: - method: POST name: undeletekvsecretversions description: Undelete versions of KV secret call: hashicorp-vault.undeletekvsecretversions with: path: rest.path outputParameters: - type: object mapping: $. - path: /secret/destroy/{path} name: destroykvsecretversions operations: - method: POST name: destroykvsecretversions description: Permanently destroy versions call: hashicorp-vault.destroykvsecretversions with: path: rest.path outputParameters: - type: object mapping: $. - path: /transit/encrypt/{name} name: transitencrypt operations: - method: POST name: transitencrypt description: Encrypt data call: hashicorp-vault.transitencrypt with: name: rest.name outputParameters: - type: object mapping: $. - path: /transit/decrypt/{name} name: transitdecrypt operations: - method: POST name: transitdecrypt description: Decrypt data call: hashicorp-vault.transitdecrypt with: name: rest.name outputParameters: - type: object mapping: $. - path: /transit/keys/{name} name: createtransitkey operations: - method: POST name: createtransitkey description: Create an encryption key call: hashicorp-vault.createtransitkey with: name: rest.name outputParameters: - type: object mapping: $. - path: /transit/keys/{name} name: gettransitkey operations: - method: GET name: gettransitkey description: Read an encryption key call: hashicorp-vault.gettransitkey with: name: rest.name outputParameters: - type: object mapping: $. - path: /transit/keys/{name} name: deletetransitkey operations: - method: DELETE name: deletetransitkey description: Delete an encryption key call: hashicorp-vault.deletetransitkey with: name: rest.name outputParameters: - type: object mapping: $. - path: /identity/entity name: createentity operations: - method: POST name: createentity description: Create an identity entity call: hashicorp-vault.createentity outputParameters: - type: object mapping: $. - path: /identity/entity/id/{id} name: getentity operations: - method: GET name: getentity description: Read an entity by ID call: hashicorp-vault.getentity with: id: rest.id outputParameters: - type: object mapping: $. - path: /identity/entity/id/{id} name: updateentity operations: - method: POST name: updateentity description: Update an entity call: hashicorp-vault.updateentity with: id: rest.id outputParameters: - type: object mapping: $. - path: /identity/entity/id/{id} name: deleteentity operations: - method: DELETE name: deleteentity description: Delete an entity call: hashicorp-vault.deleteentity with: id: rest.id outputParameters: - type: object mapping: $. - path: /sys/generate-root/attempt name: getrootgenerationprogress operations: - method: GET name: getrootgenerationprogress description: Read root generation progress call: hashicorp-vault.getrootgenerationprogress outputParameters: - type: object mapping: $. - path: /sys/generate-root/attempt name: startrootgeneration operations: - method: PUT name: startrootgeneration description: Start root token generation call: hashicorp-vault.startrootgeneration outputParameters: - type: object mapping: $. - path: /sys/generate-root/attempt name: cancelrootgeneration operations: - method: DELETE name: cancelrootgeneration description: Cancel root token generation call: hashicorp-vault.cancelrootgeneration outputParameters: - type: object mapping: $. - path: /sys/leader name: getleader operations: - method: GET name: getleader description: Get leader information call: hashicorp-vault.getleader outputParameters: - type: object mapping: $. - path: /sys/wrapping/wrap name: wrap operations: - method: POST name: wrap description: Wrap data call: hashicorp-vault.wrap outputParameters: - type: object mapping: $. - path: /sys/wrapping/unwrap name: unwrap operations: - method: POST name: unwrap description: Unwrap data call: hashicorp-vault.unwrap outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: hashicorp-vault-mcp transport: http description: MCP adapter for HashiCorp Vault HTTP API for AI agent use. tools: - name: getinitstatus description: Check initialization status hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.getinitstatus outputParameters: - type: object mapping: $. - name: initialize description: Initialize Vault hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault.initialize outputParameters: - type: object mapping: $. - name: getsealstatus description: Check seal status hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.getsealstatus outputParameters: - type: object mapping: $. - name: seal description: Seal the Vault hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault.seal outputParameters: - type: object mapping: $. - name: unseal description: Submit an unseal key hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault.unseal outputParameters: - type: object mapping: $. - name: gethealth description: Health status hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.gethealth with: standbyok: tools.standbyok activecode: tools.activecode standbycode: tools.standbycode sealedcode: tools.sealedcode uninitcode: tools.uninitcode inputParameters: - name: standbyok type: boolean description: Return 200 for standby nodes too - name: activecode type: integer description: Custom status code for active node - name: standbycode type: integer description: Custom status code for standby node - name: sealedcode type: integer description: Custom status code for sealed node - name: uninitcode type: integer description: Custom status code for uninitialized node outputParameters: - type: object mapping: $. - name: listsecretengines description: List mounted secrets engines hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.listsecretengines outputParameters: - type: object mapping: $. - name: enablesecretengine description: Enable a secrets engine hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.enablesecretengine with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: disablesecretengine description: Disable a secrets engine hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault.disablesecretengine with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: listauthmethods description: List auth methods hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.listauthmethods outputParameters: - type: object mapping: $. - name: enableauthmethod description: Enable an auth method hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.enableauthmethod with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: disableauthmethod description: Disable an auth method hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault.disableauthmethod with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: listaclpolicies description: List ACL policies hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.listaclpolicies outputParameters: - type: object mapping: $. - name: getaclpolicy description: Read an ACL policy hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.getaclpolicy with: name: tools.name inputParameters: - name: name type: string description: name required: true outputParameters: - type: object mapping: $. - name: createaclpolicy description: Create or update an ACL policy hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault.createaclpolicy with: name: tools.name inputParameters: - name: name type: string description: name required: true outputParameters: - type: object mapping: $. - name: deleteaclpolicy description: Delete an ACL policy hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault.deleteaclpolicy with: name: tools.name inputParameters: - name: name type: string description: name required: true outputParameters: - type: object mapping: $. - name: listauditdevices description: List audit devices hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.listauditdevices outputParameters: - type: object mapping: $. - name: enableauditdevice description: Enable an audit device hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault.enableauditdevice with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: disableauditdevice description: Disable an audit device hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault.disableauditdevice with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: lookuplease description: Lookup a lease hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault.lookuplease outputParameters: - type: object mapping: $. - name: renewlease description: Renew a lease hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault.renewlease outputParameters: - type: object mapping: $. - name: revokelease description: Revoke a lease hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault.revokelease outputParameters: - type: object mapping: $. - name: createtoken description: Create a token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.createtoken outputParameters: - type: object mapping: $. - name: lookuptoken description: Lookup a token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.lookuptoken outputParameters: - type: object mapping: $. - name: lookupselftoken description: Lookup own token hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.lookupselftoken outputParameters: - type: object mapping: $. - name: renewtoken description: Renew a token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.renewtoken outputParameters: - type: object mapping: $. - name: renewselftoken description: Renew own token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.renewselftoken outputParameters: - type: object mapping: $. - name: revoketoken description: Revoke a token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.revoketoken outputParameters: - type: object mapping: $. - name: revokeselftoken description: Revoke own token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.revokeselftoken outputParameters: - type: object mapping: $. - name: loginuserpass description: Login with username and password hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.loginuserpass with: username: tools.username inputParameters: - name: username type: string description: username required: true outputParameters: - type: object mapping: $. - name: loginapprole description: Login with AppRole hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.loginapprole outputParameters: - type: object mapping: $. - name: readkvsecret description: Read KV secret (v2) hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.readkvsecret with: path: tools.path version: tools.version inputParameters: - name: path type: string description: path required: true - name: version type: integer description: Specific version to read outputParameters: - type: object mapping: $. - name: createkvsecret description: Create or update KV secret (v2) hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.createkvsecret with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: deletekvsecretlatest description: Delete latest version of KV secret hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault.deletekvsecretlatest with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: getkvmetadata description: Read KV secret metadata hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.getkvmetadata with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: deletekvmetadata description: Delete all versions and metadata hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault.deletekvmetadata with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: deletekvsecretversions description: Delete specific versions of KV secret hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.deletekvsecretversions with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: undeletekvsecretversions description: Undelete versions of KV secret hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.undeletekvsecretversions with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: destroykvsecretversions description: Permanently destroy versions hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.destroykvsecretversions with: path: tools.path inputParameters: - name: path type: string description: path required: true outputParameters: - type: object mapping: $. - name: transitencrypt description: Encrypt data hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.transitencrypt with: name: tools.name inputParameters: - name: name type: string description: Name of the encryption key required: true outputParameters: - type: object mapping: $. - name: transitdecrypt description: Decrypt data hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.transitdecrypt with: name: tools.name inputParameters: - name: name type: string description: name required: true outputParameters: - type: object mapping: $. - name: createtransitkey description: Create an encryption key hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.createtransitkey with: name: tools.name inputParameters: - name: name type: string description: name required: true outputParameters: - type: object mapping: $. - name: gettransitkey description: Read an encryption key hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.gettransitkey with: name: tools.name inputParameters: - name: name type: string description: name required: true outputParameters: - type: object mapping: $. - name: deletetransitkey description: Delete an encryption key hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault.deletetransitkey with: name: tools.name inputParameters: - name: name type: string description: name required: true outputParameters: - type: object mapping: $. - name: createentity description: Create an identity entity hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.createentity outputParameters: - type: object mapping: $. - name: getentity description: Read an entity by ID hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.getentity with: id: tools.id inputParameters: - name: id type: string description: id required: true outputParameters: - type: object mapping: $. - name: updateentity description: Update an entity hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.updateentity with: id: tools.id inputParameters: - name: id type: string description: id required: true outputParameters: - type: object mapping: $. - name: deleteentity description: Delete an entity hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault.deleteentity with: id: tools.id inputParameters: - name: id type: string description: id required: true outputParameters: - type: object mapping: $. - name: getrootgenerationprogress description: Read root generation progress hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.getrootgenerationprogress outputParameters: - type: object mapping: $. - name: startrootgeneration description: Start root token generation hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault.startrootgeneration outputParameters: - type: object mapping: $. - name: cancelrootgeneration description: Cancel root token generation hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault.cancelrootgeneration outputParameters: - type: object mapping: $. - name: getleader description: Get leader information hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault.getleader outputParameters: - type: object mapping: $. - name: wrap description: Wrap data hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.wrap outputParameters: - type: object mapping: $. - name: unwrap description: Unwrap data hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault.unwrap outputParameters: - type: object mapping: $. binds: - namespace: env keys: HASHICORP_VAULT_TOKEN: HASHICORP_VAULT_TOKEN