naftiko: 1.0.0-alpha2 info: label: HashiCorp Vault Vault Secrets Engines API — Transit description: 'HashiCorp Vault Vault Secrets Engines API — Transit. 5 operations. Lead operation: HashiCorp Vault Decrypt data. Self-contained Naftiko capability covering one Hvault business surface.' tags: - Hvault - Transit created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: HVAULT_API_KEY: HVAULT_API_KEY capability: consumes: - type: http namespace: secrets-engines-transit baseUri: https://vault.example.com/v1 description: HashiCorp Vault Vault Secrets Engines API — Transit business capability. Self-contained, no shared references. resources: - name: transit-decrypt-name path: /transit/decrypt/{name} operations: - name: decryptdata method: POST description: HashiCorp Vault Decrypt data outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string description: Name of the encryption key required: true - name: body in: body type: object description: Request body (JSON). required: true - name: transit-encrypt-name path: /transit/encrypt/{name} operations: - name: encryptdata method: POST description: HashiCorp Vault Encrypt data outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string description: Name of the encryption key required: true - name: body in: body type: object description: Request body (JSON). required: true - name: transit-keys-name path: /transit/keys/{name} operations: - name: readtransitkey method: GET description: HashiCorp Vault Read transit encryption key outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string description: Name of the encryption key required: true - name: createtransitkey method: POST description: HashiCorp Vault Create transit encryption key outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string description: Name of the encryption key required: true - name: body in: body type: object description: Request body (JSON). required: false - name: deletetransitkey method: DELETE description: HashiCorp Vault Delete transit encryption key outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: path type: string description: Name of the encryption key required: true authentication: type: apikey key: X-Vault-Token value: '{{env.HVAULT_API_KEY}}' placement: header exposes: - type: rest namespace: secrets-engines-transit-rest port: 8080 description: REST adapter for HashiCorp Vault Vault Secrets Engines API — Transit. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/transit/decrypt/{name} name: transit-decrypt-name description: REST surface for transit-decrypt-name. operations: - method: POST name: decryptdata description: HashiCorp Vault Decrypt data call: secrets-engines-transit.decryptdata with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - path: /v1/transit/encrypt/{name} name: transit-encrypt-name description: REST surface for transit-encrypt-name. operations: - method: POST name: encryptdata description: HashiCorp Vault Encrypt data call: secrets-engines-transit.encryptdata with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - path: /v1/transit/keys/{name} name: transit-keys-name description: REST surface for transit-keys-name. operations: - method: GET name: readtransitkey description: HashiCorp Vault Read transit encryption key call: secrets-engines-transit.readtransitkey with: name: rest.name outputParameters: - type: object mapping: $. - method: POST name: createtransitkey description: HashiCorp Vault Create transit encryption key call: secrets-engines-transit.createtransitkey with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletetransitkey description: HashiCorp Vault Delete transit encryption key call: secrets-engines-transit.deletetransitkey with: name: rest.name outputParameters: - type: object mapping: $. - type: mcp namespace: secrets-engines-transit-mcp port: 9090 transport: http description: MCP adapter for HashiCorp Vault Vault Secrets Engines API — Transit. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: hashicorp-vault-decrypt-data description: HashiCorp Vault Decrypt data hints: readOnly: false destructive: false idempotent: false call: secrets-engines-transit.decryptdata with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: hashicorp-vault-encrypt-data description: HashiCorp Vault Encrypt data hints: readOnly: false destructive: false idempotent: false call: secrets-engines-transit.encryptdata with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: hashicorp-vault-read-transit-encryption description: HashiCorp Vault Read transit encryption key hints: readOnly: true destructive: false idempotent: true call: secrets-engines-transit.readtransitkey with: name: tools.name outputParameters: - type: object mapping: $. - name: hashicorp-vault-create-transit-encryption description: HashiCorp Vault Create transit encryption key hints: readOnly: false destructive: false idempotent: false call: secrets-engines-transit.createtransitkey with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: hashicorp-vault-delete-transit-encryption description: HashiCorp Vault Delete transit encryption key hints: readOnly: false destructive: true idempotent: true call: secrets-engines-transit.deletetransitkey with: name: tools.name outputParameters: - type: object mapping: $.