naftiko: 1.0.0-alpha2 info: label: HashiCorp Vault Vault Secrets Engines API — KV V2 description: 'HashiCorp Vault Vault Secrets Engines API — KV V2. 12 operations. Lead operation: HashiCorp Vault Read KV v2 engine configuration. Self-contained Naftiko capability covering one Hvault business surface.' tags: - Hvault - KV V2 created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: HVAULT_API_KEY: HVAULT_API_KEY capability: consumes: - type: http namespace: secrets-engines-kv-v2 baseUri: https://vault.example.com/v1 description: HashiCorp Vault Vault Secrets Engines API — KV V2 business capability. Self-contained, no shared references. resources: - name: mount-config path: /{mount}/config operations: - name: readkvv2config method: GET description: HashiCorp Vault Read KV v2 engine configuration outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatekvv2config method: POST description: HashiCorp Vault Configure KV v2 engine outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: mount-data-path path: /{mount}/data/{path} operations: - name: readkvv2secret method: GET description: HashiCorp Vault Read KV v2 secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: version in: query type: integer description: Version number to read - name: createorupdatekvv2secret method: POST description: HashiCorp Vault Create or update KV v2 secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deletelatestkvv2secret method: DELETE description: HashiCorp Vault Delete latest version of KV v2 secret outputRawFormat: json outputParameters: - name: result type: object value: $. - name: mount-delete-path path: /{mount}/delete/{path} operations: - name: deletekvv2secretversions method: POST description: HashiCorp Vault Delete specific versions of KV v2 secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: mount-destroy-path path: /{mount}/destroy/{path} operations: - name: destroykvv2secretversions method: POST description: HashiCorp Vault Destroy versions of KV v2 secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: mount-metadata path: /{mount}/metadata/ operations: - name: listkvv2secrets method: GET description: HashiCorp Vault List KV v2 secrets outputRawFormat: json outputParameters: - name: result type: object value: $. - name: mount-metadata-path path: /{mount}/metadata/{path} operations: - name: readkvv2metadata method: GET description: HashiCorp Vault Read KV v2 secret metadata outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatekvv2metadata method: POST description: HashiCorp Vault Update KV v2 secret metadata outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deletekvv2metadata method: DELETE description: HashiCorp Vault Delete KV v2 secret metadata and all versions outputRawFormat: json outputParameters: - name: result type: object value: $. - name: mount-undelete-path path: /{mount}/undelete/{path} operations: - name: undeletekvv2secretversions method: POST description: HashiCorp Vault Undelete versions of KV v2 secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: apikey key: X-Vault-Token value: '{{env.HVAULT_API_KEY}}' placement: header exposes: - type: rest namespace: secrets-engines-kv-v2-rest port: 8080 description: REST adapter for HashiCorp Vault Vault Secrets Engines API — KV V2. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/{mount}/config name: mount-config description: REST surface for mount-config. operations: - method: GET name: readkvv2config description: HashiCorp Vault Read KV v2 engine configuration call: secrets-engines-kv-v2.readkvv2config outputParameters: - type: object mapping: $. - method: POST name: updatekvv2config description: HashiCorp Vault Configure KV v2 engine call: secrets-engines-kv-v2.updatekvv2config with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/{mount}/data/{path} name: mount-data-path description: REST surface for mount-data-path. operations: - method: GET name: readkvv2secret description: HashiCorp Vault Read KV v2 secret call: secrets-engines-kv-v2.readkvv2secret with: version: rest.version outputParameters: - type: object mapping: $. - method: POST name: createorupdatekvv2secret description: HashiCorp Vault Create or update KV v2 secret call: secrets-engines-kv-v2.createorupdatekvv2secret with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletelatestkvv2secret description: HashiCorp Vault Delete latest version of KV v2 secret call: secrets-engines-kv-v2.deletelatestkvv2secret outputParameters: - type: object mapping: $. - path: /v1/{mount}/delete/{path} name: mount-delete-path description: REST surface for mount-delete-path. operations: - method: POST name: deletekvv2secretversions description: HashiCorp Vault Delete specific versions of KV v2 secret call: secrets-engines-kv-v2.deletekvv2secretversions with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/{mount}/destroy/{path} name: mount-destroy-path description: REST surface for mount-destroy-path. operations: - method: POST name: destroykvv2secretversions description: HashiCorp Vault Destroy versions of KV v2 secret call: secrets-engines-kv-v2.destroykvv2secretversions with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/{mount}/metadata name: mount-metadata description: REST surface for mount-metadata. operations: - method: GET name: listkvv2secrets description: HashiCorp Vault List KV v2 secrets call: secrets-engines-kv-v2.listkvv2secrets outputParameters: - type: object mapping: $. - path: /v1/{mount}/metadata/{path} name: mount-metadata-path description: REST surface for mount-metadata-path. operations: - method: GET name: readkvv2metadata description: HashiCorp Vault Read KV v2 secret metadata call: secrets-engines-kv-v2.readkvv2metadata outputParameters: - type: object mapping: $. - method: POST name: updatekvv2metadata description: HashiCorp Vault Update KV v2 secret metadata call: secrets-engines-kv-v2.updatekvv2metadata with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletekvv2metadata description: HashiCorp Vault Delete KV v2 secret metadata and all versions call: secrets-engines-kv-v2.deletekvv2metadata outputParameters: - type: object mapping: $. - path: /v1/{mount}/undelete/{path} name: mount-undelete-path description: REST surface for mount-undelete-path. operations: - method: POST name: undeletekvv2secretversions description: HashiCorp Vault Undelete versions of KV v2 secret call: secrets-engines-kv-v2.undeletekvv2secretversions with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: secrets-engines-kv-v2-mcp port: 9090 transport: http description: MCP adapter for HashiCorp Vault Vault Secrets Engines API — KV V2. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: hashicorp-vault-read-kv-v2 description: HashiCorp Vault Read KV v2 engine configuration hints: readOnly: true destructive: false idempotent: true call: secrets-engines-kv-v2.readkvv2config outputParameters: - type: object mapping: $. - name: hashicorp-vault-configure-kv-v2 description: HashiCorp Vault Configure KV v2 engine hints: readOnly: false destructive: false idempotent: false call: secrets-engines-kv-v2.updatekvv2config with: body: tools.body outputParameters: - type: object mapping: $. - name: hashicorp-vault-read-kv-v2-2 description: HashiCorp Vault Read KV v2 secret hints: readOnly: true destructive: false idempotent: true call: secrets-engines-kv-v2.readkvv2secret with: version: tools.version outputParameters: - type: object mapping: $. - name: hashicorp-vault-create-update-kv description: HashiCorp Vault Create or update KV v2 secret hints: readOnly: false destructive: false idempotent: false call: secrets-engines-kv-v2.createorupdatekvv2secret with: body: tools.body outputParameters: - type: object mapping: $. - name: hashicorp-vault-delete-latest-version description: HashiCorp Vault Delete latest version of KV v2 secret hints: readOnly: false destructive: true idempotent: true call: secrets-engines-kv-v2.deletelatestkvv2secret outputParameters: - type: object mapping: $. - name: hashicorp-vault-delete-specific-versions description: HashiCorp Vault Delete specific versions of KV v2 secret hints: readOnly: false destructive: false idempotent: false call: secrets-engines-kv-v2.deletekvv2secretversions with: body: tools.body outputParameters: - type: object mapping: $. - name: hashicorp-vault-destroy-versions-kv description: HashiCorp Vault Destroy versions of KV v2 secret hints: readOnly: false destructive: false idempotent: false call: secrets-engines-kv-v2.destroykvv2secretversions with: body: tools.body outputParameters: - type: object mapping: $. - name: hashicorp-vault-list-kv-v2 description: HashiCorp Vault List KV v2 secrets hints: readOnly: true destructive: false idempotent: true call: secrets-engines-kv-v2.listkvv2secrets outputParameters: - type: object mapping: $. - name: hashicorp-vault-read-kv-v2-3 description: HashiCorp Vault Read KV v2 secret metadata hints: readOnly: true destructive: false idempotent: true call: secrets-engines-kv-v2.readkvv2metadata outputParameters: - type: object mapping: $. - name: hashicorp-vault-update-kv-v2 description: HashiCorp Vault Update KV v2 secret metadata hints: readOnly: false destructive: false idempotent: false call: secrets-engines-kv-v2.updatekvv2metadata with: body: tools.body outputParameters: - type: object mapping: $. - name: hashicorp-vault-delete-kv-v2 description: HashiCorp Vault Delete KV v2 secret metadata and all versions hints: readOnly: false destructive: true idempotent: true call: secrets-engines-kv-v2.deletekvv2metadata outputParameters: - type: object mapping: $. - name: hashicorp-vault-undelete-versions-kv description: HashiCorp Vault Undelete versions of KV v2 secret hints: readOnly: false destructive: false idempotent: false call: secrets-engines-kv-v2.undeletekvv2secretversions with: body: tools.body outputParameters: - type: object mapping: $.