Dapr · Capability

Dapr Secrets API — Secrets

Dapr Secrets API — Secrets. 2 operations. Lead operation: Dapr Get Bulk Secrets. Self-contained Naftiko capability covering one Dapr business surface.

Run with Naftiko DaprSecrets

What You Can Do

GET
Getbulksecrets — Dapr Get Bulk Secrets
/v1/v1-0/secrets/{secret-store-name}/bulk
GET
Getsecret — Dapr Get Secret
/v1/v1-0/secrets/{secret-store-name}/{name}

MCP Tools

dapr-get-bulk-secrets

Dapr Get Bulk Secrets

read-only idempotent
dapr-get-secret

Dapr Get Secret

read-only idempotent

Capability Spec

secrets-secrets.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Dapr Secrets API — Secrets
  description: 'Dapr Secrets API — Secrets. 2 operations. Lead operation: Dapr Get Bulk Secrets. Self-contained Naftiko capability
    covering one Dapr business surface.'
  tags:
  - Dapr
  - Secrets
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    DAPR_API_KEY: DAPR_API_KEY
capability:
  consumes:
  - type: http
    namespace: secrets-secrets
    baseUri: http://localhost:3500
    description: Dapr Secrets API — Secrets business capability. Self-contained, no shared references.
    resources:
    - name: v1.0-secrets-secret-store-name-bulk
      path: /v1.0/secrets/{secret-store-name}/bulk
      operations:
      - name: getbulksecrets
        method: GET
        description: Dapr Get Bulk Secrets
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: secret-store-name
          in: path
          type: string
          description: The name of the secret store component.
          required: true
    - name: v1.0-secrets-secret-store-name-name
      path: /v1.0/secrets/{secret-store-name}/{name}
      operations:
      - name: getsecret
        method: GET
        description: Dapr Get Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: secret-store-name
          in: path
          type: string
          description: The name of the secret store component.
          required: true
        - name: name
          in: path
          type: string
          description: The name of the secret to retrieve.
          required: true
        - name: metadata.version_id
          in: query
          type: string
          description: Version identifier for the secret (supported by Hashicorp Vault, GCP Secret Manager, AWS Secret Manager).
        - name: metadata.version_stage
          in: query
          type: string
          description: Version stage for the secret (supported by AWS Secret Manager).
        - name: metadata.namespace
          in: query
          type: string
          description: Kubernetes namespace (supported by Kubernetes Secrets).
  exposes:
  - type: rest
    namespace: secrets-secrets-rest
    port: 8080
    description: REST adapter for Dapr Secrets API — Secrets. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/v1-0/secrets/{secret-store-name}/bulk
      name: v1-0-secrets-secret-store-name-bulk
      description: REST surface for v1.0-secrets-secret-store-name-bulk.
      operations:
      - method: GET
        name: getbulksecrets
        description: Dapr Get Bulk Secrets
        call: secrets-secrets.getbulksecrets
        with:
          secret-store-name: rest.secret-store-name
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1-0/secrets/{secret-store-name}/{name}
      name: v1-0-secrets-secret-store-name-name
      description: REST surface for v1.0-secrets-secret-store-name-name.
      operations:
      - method: GET
        name: getsecret
        description: Dapr Get Secret
        call: secrets-secrets.getsecret
        with:
          secret-store-name: rest.secret-store-name
          name: rest.name
          metadata.version_id: rest.metadata.version_id
          metadata.version_stage: rest.metadata.version_stage
          metadata.namespace: rest.metadata.namespace
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: secrets-secrets-mcp
    port: 9090
    transport: http
    description: MCP adapter for Dapr Secrets API — Secrets. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: dapr-get-bulk-secrets
      description: Dapr Get Bulk Secrets
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: secrets-secrets.getbulksecrets
      with:
        secret-store-name: tools.secret-store-name
      outputParameters:
      - type: object
        mapping: $.
    - name: dapr-get-secret
      description: Dapr Get Secret
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: secrets-secrets.getsecret
      with:
        secret-store-name: tools.secret-store-name
        name: tools.name
        metadata.version_id: tools.metadata.version_id
        metadata.version_stage: tools.metadata.version_stage
        metadata.namespace: tools.metadata.namespace
      outputParameters:
      - type: object
        mapping: $.