naftiko: 1.0.0-alpha2 info: label: HashiCorp Vault HTTP API — Secrets - Transit description: 'HashiCorp Vault HTTP API — Secrets - Transit. 5 operations. Lead operation: Decrypt data. Self-contained Naftiko capability covering one Hashicorp Vault business surface.' tags: - Hashicorp Vault - Secrets - Transit created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: HASHICORP_VAULT_API_KEY: HASHICORP_VAULT_API_KEY capability: consumes: - type: http namespace: hashicorp-vault-secrets-transit baseUri: https://127.0.0.1:8200/v1 description: HashiCorp Vault HTTP API — Secrets - Transit business capability. Self-contained, no shared references. resources: - name: transit-decrypt-name path: /transit/decrypt/{name} operations: - name: transitdecrypt method: POST description: Decrypt data outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: transit-encrypt-name path: /transit/encrypt/{name} operations: - name: transitencrypt method: POST description: Encrypt data outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string description: Name of the encryption key required: true - name: body in: body type: object description: Request body (JSON). required: true - name: transit-keys-name path: /transit/keys/{name} operations: - name: createtransitkey method: POST description: Create an encryption key outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: false - name: gettransitkey method: GET description: Read an encryption key outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string required: true - name: deletetransitkey method: DELETE description: Delete an encryption key outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string required: true authentication: type: apikey key: X-Vault-Token value: '{{env.HASHICORP_VAULT_API_KEY}}' placement: header exposes: - type: rest namespace: hashicorp-vault-secrets-transit-rest port: 8080 description: REST adapter for HashiCorp Vault HTTP API — Secrets - Transit. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/transit/decrypt/{name} name: transit-decrypt-name description: REST surface for transit-decrypt-name. operations: - method: POST name: transitdecrypt description: Decrypt data call: hashicorp-vault-secrets-transit.transitdecrypt with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - path: /v1/transit/encrypt/{name} name: transit-encrypt-name description: REST surface for transit-encrypt-name. operations: - method: POST name: transitencrypt description: Encrypt data call: hashicorp-vault-secrets-transit.transitencrypt with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - path: /v1/transit/keys/{name} name: transit-keys-name description: REST surface for transit-keys-name. operations: - method: POST name: createtransitkey description: Create an encryption key call: hashicorp-vault-secrets-transit.createtransitkey with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - method: GET name: gettransitkey description: Read an encryption key call: hashicorp-vault-secrets-transit.gettransitkey with: name: rest.name outputParameters: - type: object mapping: $. - method: DELETE name: deletetransitkey description: Delete an encryption key call: hashicorp-vault-secrets-transit.deletetransitkey with: name: rest.name outputParameters: - type: object mapping: $. - type: mcp namespace: hashicorp-vault-secrets-transit-mcp port: 9090 transport: http description: MCP adapter for HashiCorp Vault HTTP API — Secrets - Transit. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: decrypt-data description: Decrypt data hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-secrets-transit.transitdecrypt with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: encrypt-data description: Encrypt data hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-secrets-transit.transitencrypt with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: create-encryption-key description: Create an encryption key hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-secrets-transit.createtransitkey with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: read-encryption-key description: Read an encryption key hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-secrets-transit.gettransitkey with: name: tools.name outputParameters: - type: object mapping: $. - name: delete-encryption-key description: Delete an encryption key hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault-secrets-transit.deletetransitkey with: name: tools.name outputParameters: - type: object mapping: $.