naftiko: 1.0.0-alpha2 info: label: HashiCorp Vault Vault Auth Methods API description: APIs for authentication methods in HashiCorp Vault including Token, AppRole, Kubernetes, LDAP, JWT/OIDC, GitHub, Userpass, and AWS auth methods. These endpoints handle user and machine authentication to obtain Vault tokens. tags: - Hvault - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: hvault baseUri: https://vault.example.com/v1 description: HashiCorp Vault Vault Auth Methods API HTTP API. authentication: type: apikey in: header name: X-Vault-Token value: '{{HVAULT_TOKEN}}' resources: - name: auth-token-create path: /auth/token/create operations: - name: createtoken method: POST description: HashiCorp Vault Create token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-create-orphan path: /auth/token/create-orphan operations: - name: createorphantoken method: POST description: HashiCorp Vault Create orphan token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-create-role-name path: /auth/token/create/{role_name} operations: - name: createtokenwithrole method: POST description: HashiCorp Vault Create token with role inputParameters: - name: role_name in: path type: string required: true description: Name of the token role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-lookup path: /auth/token/lookup operations: - name: lookuptoken method: POST description: HashiCorp Vault Lookup token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-lookup-self path: /auth/token/lookup-self operations: - name: lookupselftoken method: GET description: HashiCorp Vault Lookup self token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-renew path: /auth/token/renew operations: - name: renewtoken method: POST description: HashiCorp Vault Renew token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-renew-self path: /auth/token/renew-self operations: - name: renewselftoken method: POST description: HashiCorp Vault Renew self token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-revoke path: /auth/token/revoke operations: - name: revoketoken method: POST description: HashiCorp Vault Revoke token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-revoke-self path: /auth/token/revoke-self operations: - name: revokeselftoken method: POST description: HashiCorp Vault Revoke self token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-roles-role-name path: /auth/token/roles/{role_name} operations: - name: readtokenrole method: GET description: HashiCorp Vault Read token role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createorupdatetokenrole method: POST description: HashiCorp Vault Create or update token role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletetokenrole method: DELETE description: HashiCorp Vault Delete token role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-approle-login path: /auth/approle/login operations: - name: loginwithapprole method: POST description: HashiCorp Vault Login with AppRole outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-approle-role-role-name path: /auth/approle/role/{role_name} operations: - name: readapprole method: GET description: HashiCorp Vault Read AppRole outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createorupdateapprole method: POST description: HashiCorp Vault Create or update AppRole outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteapprole method: DELETE description: HashiCorp Vault Delete AppRole outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-approle-role-role-name-role-id path: /auth/approle/role/{role_name}/role-id operations: - name: readapproleroleid method: GET description: HashiCorp Vault Read AppRole role ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-approle-role-role-name-secret-id path: /auth/approle/role/{role_name}/secret-id operations: - name: generateapprolesecretid method: POST description: HashiCorp Vault Generate AppRole secret ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-kubernetes-login path: /auth/kubernetes/login operations: - name: loginwithkubernetes method: POST description: HashiCorp Vault Login with Kubernetes outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-kubernetes-config path: /auth/kubernetes/config operations: - name: readkubernetesconfig method: GET description: HashiCorp Vault Read Kubernetes auth configuration outputRawFormat: json outputParameters: - name: result type: object value: $. - name: configurekubernetesauth method: POST description: HashiCorp Vault Configure Kubernetes auth outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-kubernetes-role-name path: /auth/kubernetes/role/{name} operations: - name: readkubernetesrole method: GET description: HashiCorp Vault Read Kubernetes role inputParameters: - name: name in: path type: string required: true description: Name of the role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createorupdatekubernetesrole method: POST description: HashiCorp Vault Create or update Kubernetes role inputParameters: - name: name in: path type: string required: true description: Name of the role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletekubernetesrole method: DELETE description: HashiCorp Vault Delete Kubernetes role inputParameters: - name: name in: path type: string required: true description: Name of the role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-ldap-login-username path: /auth/ldap/login/{username} operations: - name: loginwithldap method: POST description: HashiCorp Vault Login with LDAP inputParameters: - name: username in: path type: string required: true description: LDAP username outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-jwt-login path: /auth/jwt/login operations: - name: loginwithjwt method: POST description: HashiCorp Vault Login with JWT/OIDC outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-userpass-login-username path: /auth/userpass/login/{username} operations: - name: loginwithuserpass method: POST description: HashiCorp Vault Login with username and password inputParameters: - name: username in: path type: string required: true description: Username outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-userpass-users-username path: /auth/userpass/users/{username} operations: - name: readuserpassuser method: GET description: HashiCorp Vault Read userpass user inputParameters: - name: username in: path type: string required: true description: Username outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createorupdateuserpassuser method: POST description: HashiCorp Vault Create or update userpass user inputParameters: - name: username in: path type: string required: true description: Username outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteuserpassuser method: DELETE description: HashiCorp Vault Delete userpass user inputParameters: - name: username in: path type: string required: true description: Username outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-github-login path: /auth/github/login operations: - name: loginwithgithub method: POST description: HashiCorp Vault Login with GitHub outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: hvault-rest description: REST adapter for HashiCorp Vault Vault Auth Methods API. resources: - path: /auth/token/create name: createtoken operations: - method: POST name: createtoken description: HashiCorp Vault Create token call: hvault.createtoken outputParameters: - type: object mapping: $. - path: /auth/token/create-orphan name: createorphantoken operations: - method: POST name: createorphantoken description: HashiCorp Vault Create orphan token call: hvault.createorphantoken outputParameters: - type: object mapping: $. - path: /auth/token/create/{role_name} name: createtokenwithrole operations: - method: POST name: createtokenwithrole description: HashiCorp Vault Create token with role call: hvault.createtokenwithrole with: role_name: rest.role_name outputParameters: - type: object mapping: $. - path: /auth/token/lookup name: lookuptoken operations: - method: POST name: lookuptoken description: HashiCorp Vault Lookup token call: hvault.lookuptoken outputParameters: - type: object mapping: $. - path: /auth/token/lookup-self name: lookupselftoken operations: - method: GET name: lookupselftoken description: HashiCorp Vault Lookup self token call: hvault.lookupselftoken outputParameters: - type: object mapping: $. - path: /auth/token/renew name: renewtoken operations: - method: POST name: renewtoken description: HashiCorp Vault Renew token call: hvault.renewtoken outputParameters: - type: object mapping: $. - path: /auth/token/renew-self name: renewselftoken operations: - method: POST name: renewselftoken description: HashiCorp Vault Renew self token call: hvault.renewselftoken outputParameters: - type: object mapping: $. - path: /auth/token/revoke name: revoketoken operations: - method: POST name: revoketoken description: HashiCorp Vault Revoke token call: hvault.revoketoken outputParameters: - type: object mapping: $. - path: /auth/token/revoke-self name: revokeselftoken operations: - method: POST name: revokeselftoken description: HashiCorp Vault Revoke self token call: hvault.revokeselftoken outputParameters: - type: object mapping: $. - path: /auth/token/roles/{role_name} name: readtokenrole operations: - method: GET name: readtokenrole description: HashiCorp Vault Read token role call: hvault.readtokenrole outputParameters: - type: object mapping: $. - path: /auth/token/roles/{role_name} name: createorupdatetokenrole operations: - method: POST name: createorupdatetokenrole description: HashiCorp Vault Create or update token role call: hvault.createorupdatetokenrole outputParameters: - type: object mapping: $. - path: /auth/token/roles/{role_name} name: deletetokenrole operations: - method: DELETE name: deletetokenrole description: HashiCorp Vault Delete token role call: hvault.deletetokenrole outputParameters: - type: object mapping: $. - path: /auth/approle/login name: loginwithapprole operations: - method: POST name: loginwithapprole description: HashiCorp Vault Login with AppRole call: hvault.loginwithapprole outputParameters: - type: object mapping: $. - path: /auth/approle/role/{role_name} name: readapprole operations: - method: GET name: readapprole description: HashiCorp Vault Read AppRole call: hvault.readapprole outputParameters: - type: object mapping: $. - path: /auth/approle/role/{role_name} name: createorupdateapprole operations: - method: POST name: createorupdateapprole description: HashiCorp Vault Create or update AppRole call: hvault.createorupdateapprole outputParameters: - type: object mapping: $. - path: /auth/approle/role/{role_name} name: deleteapprole operations: - method: DELETE name: deleteapprole description: HashiCorp Vault Delete AppRole call: hvault.deleteapprole outputParameters: - type: object mapping: $. - path: /auth/approle/role/{role_name}/role-id name: readapproleroleid operations: - method: GET name: readapproleroleid description: HashiCorp Vault Read AppRole role ID call: hvault.readapproleroleid outputParameters: - type: object mapping: $. - path: /auth/approle/role/{role_name}/secret-id name: generateapprolesecretid operations: - method: POST name: generateapprolesecretid description: HashiCorp Vault Generate AppRole secret ID call: hvault.generateapprolesecretid outputParameters: - type: object mapping: $. - path: /auth/kubernetes/login name: loginwithkubernetes operations: - method: POST name: loginwithkubernetes description: HashiCorp Vault Login with Kubernetes call: hvault.loginwithkubernetes outputParameters: - type: object mapping: $. - path: /auth/kubernetes/config name: readkubernetesconfig operations: - method: GET name: readkubernetesconfig description: HashiCorp Vault Read Kubernetes auth configuration call: hvault.readkubernetesconfig outputParameters: - type: object mapping: $. - path: /auth/kubernetes/config name: configurekubernetesauth operations: - method: POST name: configurekubernetesauth description: HashiCorp Vault Configure Kubernetes auth call: hvault.configurekubernetesauth outputParameters: - type: object mapping: $. - path: /auth/kubernetes/role/{name} name: readkubernetesrole operations: - method: GET name: readkubernetesrole description: HashiCorp Vault Read Kubernetes role call: hvault.readkubernetesrole with: name: rest.name outputParameters: - type: object mapping: $. - path: /auth/kubernetes/role/{name} name: createorupdatekubernetesrole operations: - method: POST name: createorupdatekubernetesrole description: HashiCorp Vault Create or update Kubernetes role call: hvault.createorupdatekubernetesrole with: name: rest.name outputParameters: - type: object mapping: $. - path: /auth/kubernetes/role/{name} name: deletekubernetesrole operations: - method: DELETE name: deletekubernetesrole description: HashiCorp Vault Delete Kubernetes role call: hvault.deletekubernetesrole with: name: rest.name outputParameters: - type: object mapping: $. - path: /auth/ldap/login/{username} name: loginwithldap operations: - method: POST name: loginwithldap description: HashiCorp Vault Login with LDAP call: hvault.loginwithldap with: username: rest.username outputParameters: - type: object mapping: $. - path: /auth/jwt/login name: loginwithjwt operations: - method: POST name: loginwithjwt description: HashiCorp Vault Login with JWT/OIDC call: hvault.loginwithjwt outputParameters: - type: object mapping: $. - path: /auth/userpass/login/{username} name: loginwithuserpass operations: - method: POST name: loginwithuserpass description: HashiCorp Vault Login with username and password call: hvault.loginwithuserpass with: username: rest.username outputParameters: - type: object mapping: $. - path: /auth/userpass/users/{username} name: readuserpassuser operations: - method: GET name: readuserpassuser description: HashiCorp Vault Read userpass user call: hvault.readuserpassuser with: username: rest.username outputParameters: - type: object mapping: $. - path: /auth/userpass/users/{username} name: createorupdateuserpassuser operations: - method: POST name: createorupdateuserpassuser description: HashiCorp Vault Create or update userpass user call: hvault.createorupdateuserpassuser with: username: rest.username outputParameters: - type: object mapping: $. - path: /auth/userpass/users/{username} name: deleteuserpassuser operations: - method: DELETE name: deleteuserpassuser description: HashiCorp Vault Delete userpass user call: hvault.deleteuserpassuser with: username: rest.username outputParameters: - type: object mapping: $. - path: /auth/github/login name: loginwithgithub operations: - method: POST name: loginwithgithub description: HashiCorp Vault Login with GitHub call: hvault.loginwithgithub outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: hvault-mcp transport: http description: MCP adapter for HashiCorp Vault Vault Auth Methods API for AI agent use. tools: - name: createtoken description: HashiCorp Vault Create token hints: readOnly: false destructive: false idempotent: false call: hvault.createtoken outputParameters: - type: object mapping: $. - name: createorphantoken description: HashiCorp Vault Create orphan token hints: readOnly: false destructive: false idempotent: false call: hvault.createorphantoken outputParameters: - type: object mapping: $. - name: createtokenwithrole description: HashiCorp Vault Create token with role hints: readOnly: false destructive: false idempotent: false call: hvault.createtokenwithrole with: role_name: tools.role_name inputParameters: - name: role_name type: string description: Name of the token role required: true outputParameters: - type: object mapping: $. - name: lookuptoken description: HashiCorp Vault Lookup token hints: readOnly: false destructive: false idempotent: false call: hvault.lookuptoken outputParameters: - type: object mapping: $. - name: lookupselftoken description: HashiCorp Vault Lookup self token hints: readOnly: true destructive: false idempotent: true call: hvault.lookupselftoken outputParameters: - type: object mapping: $. - name: renewtoken description: HashiCorp Vault Renew token hints: readOnly: false destructive: false idempotent: false call: hvault.renewtoken outputParameters: - type: object mapping: $. - name: renewselftoken description: HashiCorp Vault Renew self token hints: readOnly: false destructive: false idempotent: false call: hvault.renewselftoken outputParameters: - type: object mapping: $. - name: revoketoken description: HashiCorp Vault Revoke token hints: readOnly: false destructive: false idempotent: false call: hvault.revoketoken outputParameters: - type: object mapping: $. - name: revokeselftoken description: HashiCorp Vault Revoke self token hints: readOnly: false destructive: false idempotent: false call: hvault.revokeselftoken outputParameters: - type: object mapping: $. - name: readtokenrole description: HashiCorp Vault Read token role hints: readOnly: true destructive: false idempotent: true call: hvault.readtokenrole outputParameters: - type: object mapping: $. - name: createorupdatetokenrole description: HashiCorp Vault Create or update token role hints: readOnly: false destructive: false idempotent: false call: hvault.createorupdatetokenrole outputParameters: - type: object mapping: $. - name: deletetokenrole description: HashiCorp Vault Delete token role hints: readOnly: false destructive: true idempotent: true call: hvault.deletetokenrole outputParameters: - type: object mapping: $. - name: loginwithapprole description: HashiCorp Vault Login with AppRole hints: readOnly: false destructive: false idempotent: false call: hvault.loginwithapprole outputParameters: - type: object mapping: $. - name: readapprole description: HashiCorp Vault Read AppRole hints: readOnly: true destructive: false idempotent: true call: hvault.readapprole outputParameters: - type: object mapping: $. - name: createorupdateapprole description: HashiCorp Vault Create or update AppRole hints: readOnly: false destructive: false idempotent: false call: hvault.createorupdateapprole outputParameters: - type: object mapping: $. - name: deleteapprole description: HashiCorp Vault Delete AppRole hints: readOnly: false destructive: true idempotent: true call: hvault.deleteapprole outputParameters: - type: object mapping: $. - name: readapproleroleid description: HashiCorp Vault Read AppRole role ID hints: readOnly: true destructive: false idempotent: true call: hvault.readapproleroleid outputParameters: - type: object mapping: $. - name: generateapprolesecretid description: HashiCorp Vault Generate AppRole secret ID hints: readOnly: false destructive: false idempotent: false call: hvault.generateapprolesecretid outputParameters: - type: object mapping: $. - name: loginwithkubernetes description: HashiCorp Vault Login with Kubernetes hints: readOnly: false destructive: false idempotent: false call: hvault.loginwithkubernetes outputParameters: - type: object mapping: $. - name: readkubernetesconfig description: HashiCorp Vault Read Kubernetes auth configuration hints: readOnly: true destructive: false idempotent: true call: hvault.readkubernetesconfig outputParameters: - type: object mapping: $. - name: configurekubernetesauth description: HashiCorp Vault Configure Kubernetes auth hints: readOnly: false destructive: false idempotent: false call: hvault.configurekubernetesauth outputParameters: - type: object mapping: $. - name: readkubernetesrole description: HashiCorp Vault Read Kubernetes role hints: readOnly: true destructive: false idempotent: true call: hvault.readkubernetesrole with: name: tools.name inputParameters: - name: name type: string description: Name of the role required: true outputParameters: - type: object mapping: $. - name: createorupdatekubernetesrole description: HashiCorp Vault Create or update Kubernetes role hints: readOnly: false destructive: false idempotent: false call: hvault.createorupdatekubernetesrole with: name: tools.name inputParameters: - name: name type: string description: Name of the role required: true outputParameters: - type: object mapping: $. - name: deletekubernetesrole description: HashiCorp Vault Delete Kubernetes role hints: readOnly: false destructive: true idempotent: true call: hvault.deletekubernetesrole with: name: tools.name inputParameters: - name: name type: string description: Name of the role required: true outputParameters: - type: object mapping: $. - name: loginwithldap description: HashiCorp Vault Login with LDAP hints: readOnly: false destructive: false idempotent: false call: hvault.loginwithldap with: username: tools.username inputParameters: - name: username type: string description: LDAP username required: true outputParameters: - type: object mapping: $. - name: loginwithjwt description: HashiCorp Vault Login with JWT/OIDC hints: readOnly: false destructive: false idempotent: false call: hvault.loginwithjwt outputParameters: - type: object mapping: $. - name: loginwithuserpass description: HashiCorp Vault Login with username and password hints: readOnly: false destructive: false idempotent: false call: hvault.loginwithuserpass with: username: tools.username inputParameters: - name: username type: string description: Username required: true outputParameters: - type: object mapping: $. - name: readuserpassuser description: HashiCorp Vault Read userpass user hints: readOnly: true destructive: false idempotent: true call: hvault.readuserpassuser with: username: tools.username inputParameters: - name: username type: string description: Username required: true outputParameters: - type: object mapping: $. - name: createorupdateuserpassuser description: HashiCorp Vault Create or update userpass user hints: readOnly: false destructive: false idempotent: false call: hvault.createorupdateuserpassuser with: username: tools.username inputParameters: - name: username type: string description: Username required: true outputParameters: - type: object mapping: $. - name: deleteuserpassuser description: HashiCorp Vault Delete userpass user hints: readOnly: false destructive: true idempotent: true call: hvault.deleteuserpassuser with: username: tools.username inputParameters: - name: username type: string description: Username required: true outputParameters: - type: object mapping: $. - name: loginwithgithub description: HashiCorp Vault Login with GitHub hints: readOnly: false destructive: false idempotent: false call: hvault.loginwithgithub outputParameters: - type: object mapping: $. binds: - namespace: env keys: HVAULT_TOKEN: HVAULT_TOKEN