naftiko: 1.0.0-alpha2 info: label: MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management description: 'MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management. 6 operations. Lead operation: Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project. Self-contained Naftiko capability covering one Mongodb business surface.' tags: - Mongodb - Encryption at Rest using Customer Key Management created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: MONGODB_API_KEY: MONGODB_API_KEY capability: consumes: - type: http namespace: atlas-encryption-at-rest-using-customer-key-management baseUri: https://cloud.mongodb.com description: MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management business capability. Self-contained, no shared references. resources: - name: api-atlas-v2-groups-groupId-encryptionAtRest path: /api/atlas/v2/groups/{groupId}/encryptionAtRest operations: - name: getgroupencryptionatrest method: GET description: Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updategroupencryptionatrest method: PATCH description: Update Encryption at Rest Configuration in One Project outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-groups-groupId-encryptionAtRest-cloudProvider-privateEndpoints path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints operations: - name: listgroupencryptionatrestprivateendpoints method: GET description: Return Private Endpoints for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: cloudProvider in: path type: string description: Human-readable label that identifies the cloud provider for the private endpoints to return. required: true - name: creategroupencryptionatrestprivateendpoint method: POST description: Create One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: cloudProvider in: path type: string description: Human-readable label that identifies the cloud provider for the private endpoint to create. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-atlas-v2-groups-groupId-encryptionAtRest-cloudProvider-privateEndpoints-endp path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints/{endpointId} operations: - name: requestgroupencryptionatrestprivateendpointdeletion method: DELETE description: Delete One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider from One Project outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: cloudProvider in: path type: string description: Human-readable label that identifies the cloud provider of the private endpoint to delete. required: true - name: endpointId in: path type: string description: Unique 24-hexadecimal digit string that identifies the private endpoint to delete. required: true - name: getgroupencryptionatrestprivateendpoint method: GET description: Return One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: cloudProvider in: path type: string description: Human-readable label that identifies the cloud provider of the private endpoint. required: true - name: endpointId in: path type: string description: Unique 24-hexadecimal digit string that identifies the private endpoint. required: true authentication: type: bearer token: '{{env.MONGODB_API_KEY}}' exposes: - type: rest namespace: atlas-encryption-at-rest-using-customer-key-management-rest port: 8080 description: REST adapter for MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/atlas/v2/groups/{groupid}/encryptionatrest name: api-atlas-v2-groups-groupid-encryptionatrest description: REST surface for api-atlas-v2-groups-groupId-encryptionAtRest. operations: - method: GET name: getgroupencryptionatrest description: Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project call: atlas-encryption-at-rest-using-customer-key-management.getgroupencryptionatrest outputParameters: - type: object mapping: $. - method: PATCH name: updategroupencryptionatrest description: Update Encryption at Rest Configuration in One Project call: atlas-encryption-at-rest-using-customer-key-management.updategroupencryptionatrest with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/groups/{groupid}/encryptionatrest/{cloudprovider}/privateendpoints name: api-atlas-v2-groups-groupid-encryptionatrest-cloudprovider-privateendpoints description: REST surface for api-atlas-v2-groups-groupId-encryptionAtRest-cloudProvider-privateEndpoints. operations: - method: GET name: listgroupencryptionatrestprivateendpoints description: Return Private Endpoints for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project call: atlas-encryption-at-rest-using-customer-key-management.listgroupencryptionatrestprivateendpoints with: cloudProvider: rest.cloudProvider outputParameters: - type: object mapping: $. - method: POST name: creategroupencryptionatrestprivateendpoint description: Create One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project call: atlas-encryption-at-rest-using-customer-key-management.creategroupencryptionatrestprivateendpoint with: cloudProvider: rest.cloudProvider body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/atlas/v2/groups/{groupid}/encryptionatrest/{cloudprovider}/privateendpoints/{endpointid} name: api-atlas-v2-groups-groupid-encryptionatrest-cloudprovider-privateendpoints-endp description: REST surface for api-atlas-v2-groups-groupId-encryptionAtRest-cloudProvider-privateEndpoints-endp. operations: - method: DELETE name: requestgroupencryptionatrestprivateendpointdeletion description: Delete One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider from One Project call: atlas-encryption-at-rest-using-customer-key-management.requestgroupencryptionatrestprivateendpointdeletion with: cloudProvider: rest.cloudProvider endpointId: rest.endpointId outputParameters: - type: object mapping: $. - method: GET name: getgroupencryptionatrestprivateendpoint description: Return One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project call: atlas-encryption-at-rest-using-customer-key-management.getgroupencryptionatrestprivateendpoint with: cloudProvider: rest.cloudProvider endpointId: rest.endpointId outputParameters: - type: object mapping: $. - type: mcp namespace: atlas-encryption-at-rest-using-customer-key-management-mcp port: 9090 transport: http description: MCP adapter for MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: return-one-configuration-encryption-rest description: Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project hints: readOnly: true destructive: false idempotent: true call: atlas-encryption-at-rest-using-customer-key-management.getgroupencryptionatrest outputParameters: - type: object mapping: $. - name: update-encryption-rest-configuration-one description: Update Encryption at Rest Configuration in One Project hints: readOnly: false destructive: false idempotent: true call: atlas-encryption-at-rest-using-customer-key-management.updategroupencryptionatrest with: body: tools.body outputParameters: - type: object mapping: $. - name: return-private-endpoints-encryption-rest description: Return Private Endpoints for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project hints: readOnly: true destructive: false idempotent: true call: atlas-encryption-at-rest-using-customer-key-management.listgroupencryptionatrestprivateendpoints with: cloudProvider: tools.cloudProvider outputParameters: - type: object mapping: $. - name: create-one-private-endpoint-encryption description: Create One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project hints: readOnly: false destructive: false idempotent: false call: atlas-encryption-at-rest-using-customer-key-management.creategroupencryptionatrestprivateendpoint with: cloudProvider: tools.cloudProvider body: tools.body outputParameters: - type: object mapping: $. - name: delete-one-private-endpoint-encryption description: Delete One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider from One Project hints: readOnly: false destructive: true idempotent: true call: atlas-encryption-at-rest-using-customer-key-management.requestgroupencryptionatrestprivateendpointdeletion with: cloudProvider: tools.cloudProvider endpointId: tools.endpointId outputParameters: - type: object mapping: $. - name: return-one-private-endpoint-encryption description: Return One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project hints: readOnly: true destructive: false idempotent: true call: atlas-encryption-at-rest-using-customer-key-management.getgroupencryptionatrestprivateendpoint with: cloudProvider: tools.cloudProvider endpointId: tools.endpointId outputParameters: - type: object mapping: $.