Docker · Capability

Docker Engine API — Secret

Docker Engine API — Secret. 5 operations. Lead operation: List secrets. Self-contained Naftiko capability covering one Docker business surface.

Run with Naftiko DockerSecret

What You Can Do

GET
Secretlist — List secrets
/v1/secrets
POST
Secretcreate — Create a secret
/v1/secrets/create
GET
Secretinspect — Inspect a secret
/v1/secrets/{id}
DELETE
Secretdelete — Delete a secret
/v1/secrets/{id}
POST
Secretupdate — Update a Secret
/v1/secrets/{id}/update

MCP Tools

list-secrets

List secrets

read-only idempotent
create-secret

Create a secret

inspect-secret

Inspect a secret

read-only idempotent
delete-secret

Delete a secret

idempotent
update-secret

Update a Secret

Capability Spec

docker-secret.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Docker Engine API — Secret
  description: 'Docker Engine API — Secret. 5 operations. Lead operation: List secrets. Self-contained Naftiko capability
    covering one Docker business surface.'
  tags:
  - Docker
  - Secret
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    DOCKER_API_KEY: DOCKER_API_KEY
capability:
  consumes:
  - type: http
    namespace: docker-secret
    baseUri: ''
    description: Docker Engine API — Secret business capability. Self-contained, no shared references.
    resources:
    - name: secrets
      path: /secrets
      operations:
      - name: secretlist
        method: GET
        description: List secrets
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: filters
          in: query
          type: string
          description: A JSON encoded value of the filters (a `map[string][]string`) to
    - name: secrets-create
      path: /secrets/create
      operations:
      - name: secretcreate
        method: POST
        description: Create a secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: string
    - name: secrets-id
      path: /secrets/{id}
      operations:
      - name: secretinspect
        method: GET
        description: Inspect a secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: ID of the secret
          required: true
      - name: secretdelete
        method: DELETE
        description: Delete a secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: ID of the secret
          required: true
    - name: secrets-id-update
      path: /secrets/{id}/update
      operations:
      - name: secretupdate
        method: POST
        description: Update a Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The ID or name of the secret
          required: true
        - name: body
          in: body
          type: string
          description: The spec of the secret to update. Currently, only the Labels field
        - name: version
          in: query
          type: integer
          description: The version number of the secret object being updated. This is
          required: true
  exposes:
  - type: rest
    namespace: docker-secret-rest
    port: 8080
    description: REST adapter for Docker Engine API — Secret. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/secrets
      name: secrets
      description: REST surface for secrets.
      operations:
      - method: GET
        name: secretlist
        description: List secrets
        call: docker-secret.secretlist
        with:
          filters: rest.filters
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/create
      name: secrets-create
      description: REST surface for secrets-create.
      operations:
      - method: POST
        name: secretcreate
        description: Create a secret
        call: docker-secret.secretcreate
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/{id}
      name: secrets-id
      description: REST surface for secrets-id.
      operations:
      - method: GET
        name: secretinspect
        description: Inspect a secret
        call: docker-secret.secretinspect
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: secretdelete
        description: Delete a secret
        call: docker-secret.secretdelete
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/{id}/update
      name: secrets-id-update
      description: REST surface for secrets-id-update.
      operations:
      - method: POST
        name: secretupdate
        description: Update a Secret
        call: docker-secret.secretupdate
        with:
          id: rest.id
          body: rest.body
          version: rest.version
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: docker-secret-mcp
    port: 9090
    transport: http
    description: MCP adapter for Docker Engine API — Secret. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: list-secrets
      description: List secrets
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: docker-secret.secretlist
      with:
        filters: tools.filters
      outputParameters:
      - type: object
        mapping: $.
    - name: create-secret
      description: Create a secret
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: docker-secret.secretcreate
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: inspect-secret
      description: Inspect a secret
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: docker-secret.secretinspect
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-secret
      description: Delete a secret
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: docker-secret.secretdelete
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: update-secret
      description: Update a Secret
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: docker-secret.secretupdate
      with:
        id: tools.id
        body: tools.body
        version: tools.version
      outputParameters:
      - type: object
        mapping: $.