naftiko: 1.0.0-alpha2 info: label: HashiCorp Vault HTTP API — Secrets - KV v2 description: 'HashiCorp Vault HTTP API — Secrets - KV v2. 8 operations. Lead operation: Read KV secret (v2). Self-contained Naftiko capability covering one Hashicorp Vault business surface.' tags: - Hashicorp Vault - Secrets - KV v2 created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: HASHICORP_VAULT_API_KEY: HASHICORP_VAULT_API_KEY capability: consumes: - type: http namespace: hashicorp-vault-secrets-kv-v2 baseUri: https://127.0.0.1:8200/v1 description: HashiCorp Vault HTTP API — Secrets - KV v2 business capability. Self-contained, no shared references. resources: - name: secret-data-path path: /secret/data/{path} operations: - name: readkvsecret method: GET description: Read KV secret (v2) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: version in: query type: integer description: Specific version to read - name: createkvsecret method: POST description: Create or update KV secret (v2) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deletekvsecretlatest method: DELETE description: Delete latest version of KV secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: secret-delete-path path: /secret/delete/{path} operations: - name: deletekvsecretversions method: POST description: Delete specific versions of KV secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: secret-destroy-path path: /secret/destroy/{path} operations: - name: destroykvsecretversions method: POST description: Permanently destroy versions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: secret-metadata-path path: /secret/metadata/{path} operations: - name: getkvmetadata method: GET description: Read KV secret metadata outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: deletekvmetadata method: DELETE description: Delete all versions and metadata outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: secret-undelete-path path: /secret/undelete/{path} operations: - name: undeletekvsecretversions method: POST description: Undelete versions of KV secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: apikey key: X-Vault-Token value: '{{env.HASHICORP_VAULT_API_KEY}}' placement: header exposes: - type: rest namespace: hashicorp-vault-secrets-kv-v2-rest port: 8080 description: REST adapter for HashiCorp Vault HTTP API — Secrets - KV v2. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/secret/data/{path} name: secret-data-path description: REST surface for secret-data-path. operations: - method: GET name: readkvsecret description: Read KV secret (v2) call: hashicorp-vault-secrets-kv-v2.readkvsecret with: path: rest.path version: rest.version outputParameters: - type: object mapping: $. - method: POST name: createkvsecret description: Create or update KV secret (v2) call: hashicorp-vault-secrets-kv-v2.createkvsecret with: path: rest.path body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletekvsecretlatest description: Delete latest version of KV secret call: hashicorp-vault-secrets-kv-v2.deletekvsecretlatest with: path: rest.path outputParameters: - type: object mapping: $. - path: /v1/secret/delete/{path} name: secret-delete-path description: REST surface for secret-delete-path. operations: - method: POST name: deletekvsecretversions description: Delete specific versions of KV secret call: hashicorp-vault-secrets-kv-v2.deletekvsecretversions with: path: rest.path body: rest.body outputParameters: - type: object mapping: $. - path: /v1/secret/destroy/{path} name: secret-destroy-path description: REST surface for secret-destroy-path. operations: - method: POST name: destroykvsecretversions description: Permanently destroy versions call: hashicorp-vault-secrets-kv-v2.destroykvsecretversions with: path: rest.path body: rest.body outputParameters: - type: object mapping: $. - path: /v1/secret/metadata/{path} name: secret-metadata-path description: REST surface for secret-metadata-path. operations: - method: GET name: getkvmetadata description: Read KV secret metadata call: hashicorp-vault-secrets-kv-v2.getkvmetadata with: path: rest.path outputParameters: - type: object mapping: $. - method: DELETE name: deletekvmetadata description: Delete all versions and metadata call: hashicorp-vault-secrets-kv-v2.deletekvmetadata with: path: rest.path outputParameters: - type: object mapping: $. - path: /v1/secret/undelete/{path} name: secret-undelete-path description: REST surface for secret-undelete-path. operations: - method: POST name: undeletekvsecretversions description: Undelete versions of KV secret call: hashicorp-vault-secrets-kv-v2.undeletekvsecretversions with: path: rest.path body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: hashicorp-vault-secrets-kv-v2-mcp port: 9090 transport: http description: MCP adapter for HashiCorp Vault HTTP API — Secrets - KV v2. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: read-kv-secret-v2 description: Read KV secret (v2) hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-secrets-kv-v2.readkvsecret with: path: tools.path version: tools.version outputParameters: - type: object mapping: $. - name: create-update-kv-secret-v2 description: Create or update KV secret (v2) hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-secrets-kv-v2.createkvsecret with: path: tools.path body: tools.body outputParameters: - type: object mapping: $. - name: delete-latest-version-kv-secret description: Delete latest version of KV secret hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault-secrets-kv-v2.deletekvsecretlatest with: path: tools.path outputParameters: - type: object mapping: $. - name: delete-specific-versions-kv-secret description: Delete specific versions of KV secret hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-secrets-kv-v2.deletekvsecretversions with: path: tools.path body: tools.body outputParameters: - type: object mapping: $. - name: permanently-destroy-versions description: Permanently destroy versions hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-secrets-kv-v2.destroykvsecretversions with: path: tools.path body: tools.body outputParameters: - type: object mapping: $. - name: read-kv-secret-metadata description: Read KV secret metadata hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-secrets-kv-v2.getkvmetadata with: path: tools.path outputParameters: - type: object mapping: $. - name: delete-all-versions-and-metadata description: Delete all versions and metadata hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault-secrets-kv-v2.deletekvmetadata with: path: tools.path outputParameters: - type: object mapping: $. - name: undelete-versions-kv-secret description: Undelete versions of KV secret hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-secrets-kv-v2.undeletekvsecretversions with: path: tools.path body: tools.body outputParameters: - type: object mapping: $.