naftiko: 1.0.0-alpha2 info: label: HCP Vault Secrets API — Secrets description: 'HCP Vault Secrets API — Secrets. 4 operations. Lead operation: List secrets. Self-contained Naftiko capability covering one Hcp business surface.' tags: - Hcp - Secrets created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: HCP_API_KEY: HCP_API_KEY capability: consumes: - type: http namespace: hcp-secrets baseUri: https://api.cloud.hashicorp.com description: HCP Vault Secrets API — Secrets business capability. Self-contained, no shared references. resources: - name: secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret path: /secrets/2023-11-28/organizations/{org_id}/projects/{project_id}/apps/{app_name}/secrets operations: - name: listsecrets method: GET description: List secrets outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: org_id in: path type: string required: true - name: project_id in: path type: string required: true - name: app_name in: path type: string required: true - name: secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret path: /secrets/2023-11-28/organizations/{org_id}/projects/{project_id}/apps/{app_name}/secrets/{name} operations: - name: getsecret method: GET description: Get secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: org_id in: path type: string required: true - name: project_id in: path type: string required: true - name: app_name in: path type: string required: true - name: name in: path type: string required: true - name: deletesecret method: DELETE description: Delete secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: org_id in: path type: string required: true - name: project_id in: path type: string required: true - name: app_name in: path type: string required: true - name: name in: path type: string required: true - name: secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret path: /secrets/2023-11-28/organizations/{org_id}/projects/{project_id}/apps/{app_name}/secrets/{name}:open operations: - name: opensecret method: GET description: Open (read) a secret value outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: org_id in: path type: string required: true - name: project_id in: path type: string required: true - name: app_name in: path type: string required: true - name: name in: path type: string required: true authentication: type: bearer token: '{{env.HCP_API_KEY}}' exposes: - type: rest namespace: hcp-secrets-rest port: 8080 description: REST adapter for HCP Vault Secrets API — Secrets. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/secrets/2023-11-28/organizations/{org-id}/projects/{project-id}/apps/{app-name}/secrets name: secrets-2023-11-28-organizations-org-id-projects-project-id-apps-app-name-secret description: REST surface for secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret. operations: - method: GET name: listsecrets description: List secrets call: hcp-secrets.listsecrets with: org_id: rest.org_id project_id: rest.project_id app_name: rest.app_name outputParameters: - type: object mapping: $. - path: /v1/secrets/2023-11-28/organizations/{org-id}/projects/{project-id}/apps/{app-name}/secrets/{name} name: secrets-2023-11-28-organizations-org-id-projects-project-id-apps-app-name-secret description: REST surface for secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret. operations: - method: GET name: getsecret description: Get secret call: hcp-secrets.getsecret with: org_id: rest.org_id project_id: rest.project_id app_name: rest.app_name name: rest.name outputParameters: - type: object mapping: $. - method: DELETE name: deletesecret description: Delete secret call: hcp-secrets.deletesecret with: org_id: rest.org_id project_id: rest.project_id app_name: rest.app_name name: rest.name outputParameters: - type: object mapping: $. - path: /v1/secrets/2023-11-28/organizations/{org-id}/projects/{project-id}/apps/{app-name}/secrets/name-open name: secrets-2023-11-28-organizations-org-id-projects-project-id-apps-app-name-secret description: REST surface for secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret. operations: - method: GET name: opensecret description: Open (read) a secret value call: hcp-secrets.opensecret with: org_id: rest.org_id project_id: rest.project_id app_name: rest.app_name name: rest.name outputParameters: - type: object mapping: $. - type: mcp namespace: hcp-secrets-mcp port: 9090 transport: http description: MCP adapter for HCP Vault Secrets API — Secrets. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-secrets description: List secrets hints: readOnly: true destructive: false idempotent: true call: hcp-secrets.listsecrets with: org_id: tools.org_id project_id: tools.project_id app_name: tools.app_name outputParameters: - type: object mapping: $. - name: get-secret description: Get secret hints: readOnly: true destructive: false idempotent: true call: hcp-secrets.getsecret with: org_id: tools.org_id project_id: tools.project_id app_name: tools.app_name name: tools.name outputParameters: - type: object mapping: $. - name: delete-secret description: Delete secret hints: readOnly: false destructive: true idempotent: true call: hcp-secrets.deletesecret with: org_id: tools.org_id project_id: tools.project_id app_name: tools.app_name name: tools.name outputParameters: - type: object mapping: $. - name: open-read-secret-value description: Open (read) a secret value hints: readOnly: true destructive: false idempotent: true call: hcp-secrets.opensecret with: org_id: tools.org_id project_id: tools.project_id app_name: tools.app_name name: tools.name outputParameters: - type: object mapping: $.