naftiko: "1.0.0-alpha1" info: label: "Scaleway Identity and Access" description: >- Unified workflow capability for managing Scaleway identity and access management, combining IAM policies, API keys, users, groups, applications, and secret storage. Used by platform administrators and security teams to control access to Scaleway resources and manage credentials securely. tags: - Access Control - API Keys - IAM - Identity - Permissions - Policies - Scaleway - Security created: "2026-05-02" modified: "2026-05-02" binds: - namespace: env keys: SCALEWAY_API_KEY: SCALEWAY_API_KEY capability: consumes: - import: scaleway-iam location: ./shared/iam.yaml - import: scaleway-secrets location: ./shared/secret-manager.yaml exposes: - type: rest port: 8083 namespace: scaleway-identity-api description: "Unified REST API for Scaleway identity, access management, and secret storage." resources: - path: /v1/api-keys name: api-keys description: "API key management" operations: - method: GET name: list-api-keys description: "List IAM API keys" call: "scaleway-iam.list-api-keys" outputParameters: - type: object mapping: "$." - method: POST name: create-api-key description: "Create an IAM API key" call: "scaleway-iam.create-api-key" outputParameters: - type: object mapping: "$." - path: /v1/api-keys/{access_key} name: api-key description: "Manage a specific API key" operations: - method: GET name: get-api-key description: "Get API key details" call: "scaleway-iam.get-api-key" with: access_key: "rest.access_key" outputParameters: - type: object mapping: "$." - method: DELETE name: delete-api-key description: "Delete an API key" call: "scaleway-iam.delete-api-key" with: access_key: "rest.access_key" outputParameters: - type: object mapping: "$." - path: /v1/users name: users description: "User management" operations: - method: GET name: list-users description: "List IAM users" call: "scaleway-iam.list-users" outputParameters: - type: object mapping: "$." - path: /v1/groups name: groups description: "Group management" operations: - method: GET name: list-groups description: "List IAM groups" call: "scaleway-iam.list-groups" outputParameters: - type: object mapping: "$." - method: POST name: create-group description: "Create an IAM group" call: "scaleway-iam.create-group" outputParameters: - type: object mapping: "$." - path: /v1/policies name: policies description: "Access policy management" operations: - method: GET name: list-policies description: "List IAM policies" call: "scaleway-iam.list-policies" outputParameters: - type: object mapping: "$." - method: POST name: create-policy description: "Create an IAM policy" call: "scaleway-iam.create-policy" outputParameters: - type: object mapping: "$." - path: /v1/secrets name: secrets description: "Secret management" operations: - method: GET name: list-secrets description: "List secrets" call: "scaleway-secrets.list-secrets" with: region: "rest.region" outputParameters: - type: object mapping: "$." - method: POST name: create-secret description: "Create a secret" call: "scaleway-secrets.create-secret" with: region: "rest.region" outputParameters: - type: object mapping: "$." - path: /v1/secrets/{id} name: secret description: "Manage a specific secret" operations: - method: GET name: get-secret description: "Get secret details" call: "scaleway-secrets.get-secret" with: region: "rest.region" secret_id: "rest.id" outputParameters: - type: object mapping: "$." - method: DELETE name: delete-secret description: "Delete a secret" call: "scaleway-secrets.delete-secret" with: region: "rest.region" secret_id: "rest.id" outputParameters: - type: object mapping: "$." - type: mcp port: 9093 namespace: scaleway-identity-mcp transport: http description: "MCP server for AI-assisted Scaleway identity, access, and secrets management." tools: - name: list-api-keys description: "List Scaleway IAM API keys" hints: readOnly: true openWorld: true call: "scaleway-iam.list-api-keys" outputParameters: - type: object mapping: "$." - name: create-api-key description: "Create a new IAM API key" hints: readOnly: false destructive: false idempotent: false call: "scaleway-iam.create-api-key" outputParameters: - type: object mapping: "$." - name: delete-api-key description: "Delete an IAM API key" hints: readOnly: false destructive: true idempotent: true call: "scaleway-iam.delete-api-key" with: access_key: "tools.access_key" outputParameters: - type: object mapping: "$." - name: list-users description: "List IAM users in the organization" hints: readOnly: true openWorld: true call: "scaleway-iam.list-users" outputParameters: - type: object mapping: "$." - name: list-groups description: "List IAM groups" hints: readOnly: true openWorld: true call: "scaleway-iam.list-groups" outputParameters: - type: object mapping: "$." - name: list-policies description: "List IAM policies" hints: readOnly: true openWorld: true call: "scaleway-iam.list-policies" outputParameters: - type: object mapping: "$." - name: list-secrets description: "List secrets in Secret Manager" hints: readOnly: true openWorld: true call: "scaleway-secrets.list-secrets" with: region: "tools.region" outputParameters: - type: object mapping: "$." - name: create-secret description: "Create a new secret in Secret Manager" hints: readOnly: false destructive: false idempotent: false call: "scaleway-secrets.create-secret" with: region: "tools.region" outputParameters: - type: object mapping: "$." - name: get-secret description: "Get a secret from Secret Manager" hints: readOnly: true openWorld: false call: "scaleway-secrets.get-secret" with: region: "tools.region" secret_id: "tools.secret_id" outputParameters: - type: object mapping: "$." - name: delete-secret description: "Delete a secret from Secret Manager" hints: readOnly: false destructive: true idempotent: true call: "scaleway-secrets.delete-secret" with: region: "tools.region" secret_id: "tools.secret_id" outputParameters: - type: object mapping: "$."