Google Cloud KMS API — Crypto Operations

naftiko: 1.0.0-alpha2
info:
  label: Google Cloud KMS API — Crypto Operations
  description: 'Google Cloud KMS API — Crypto Operations. 2 operations. Lead operation: Google Cloud KMS Decrypt data. Self-contained
    Naftiko capability covering one Google Cloud Kms business surface.'
  tags:
  - Google Cloud Kms
  - Crypto Operations
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    GOOGLE_CLOUD_KMS_API_KEY: GOOGLE_CLOUD_KMS_API_KEY
capability:
  consumes:
  - type: http
    namespace: openapi-crypto-operations
    baseUri: https://cloudkms.googleapis.com/v1
    description: Google Cloud KMS API — Crypto Operations business capability. Self-contained, no shared references.
    resources:
    - name: projects-projectId-locations-location-keyRings-keyRingId-cryptoKeys-cryptoKeyId}
      path: /projects/{projectId}/locations/{location}/keyRings/{keyRingId}/cryptoKeys/{cryptoKeyId}:decrypt
      operations:
      - name: decrypt
        method: POST
        description: Google Cloud KMS Decrypt data
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: projectId
          in: path
          type: string
          required: true
        - name: location
          in: path
          type: string
          required: true
        - name: keyRingId
          in: path
          type: string
          required: true
        - name: cryptoKeyId
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: projects-projectId-locations-location-keyRings-keyRingId-cryptoKeys-cryptoKeyId}
      path: /projects/{projectId}/locations/{location}/keyRings/{keyRingId}/cryptoKeys/{cryptoKeyId}:encrypt
      operations:
      - name: encrypt
        method: POST
        description: Google Cloud KMS Encrypt data
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: projectId
          in: path
          type: string
          required: true
        - name: location
          in: path
          type: string
          required: true
        - name: keyRingId
          in: path
          type: string
          required: true
        - name: cryptoKeyId
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.GOOGLE_CLOUD_KMS_API_KEY}}'
  exposes:
  - type: rest
    namespace: openapi-crypto-operations-rest
    port: 8080
    description: REST adapter for Google Cloud KMS API — Crypto Operations. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/projects/{projectid}/locations/{location}/keyrings/{keyringid}/cryptokeys/cryptokeyid-decrypt
      name: projects-projectid-locations-location-keyrings-keyringid-cryptokeys-cryptokeyid
      description: REST surface for projects-projectId-locations-location-keyRings-keyRingId-cryptoKeys-cryptoKeyId}.
      operations:
      - method: POST
        name: decrypt
        description: Google Cloud KMS Decrypt data
        call: openapi-crypto-operations.decrypt
        with:
          projectId: rest.projectId
          location: rest.location
          keyRingId: rest.keyRingId
          cryptoKeyId: rest.cryptoKeyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/projects/{projectid}/locations/{location}/keyrings/{keyringid}/cryptokeys/cryptokeyid-encrypt
      name: projects-projectid-locations-location-keyrings-keyringid-cryptokeys-cryptokeyid
      description: REST surface for projects-projectId-locations-location-keyRings-keyRingId-cryptoKeys-cryptoKeyId}.
      operations:
      - method: POST
        name: encrypt
        description: Google Cloud KMS Encrypt data
        call: openapi-crypto-operations.encrypt
        with:
          projectId: rest.projectId
          location: rest.location
          keyRingId: rest.keyRingId
          cryptoKeyId: rest.cryptoKeyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: openapi-crypto-operations-mcp
    port: 9090
    transport: http
    description: MCP adapter for Google Cloud KMS API — Crypto Operations. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: google-cloud-kms-decrypt-data
      description: Google Cloud KMS Decrypt data
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: openapi-crypto-operations.decrypt
      with:
        projectId: tools.projectId
        location: tools.location
        keyRingId: tools.keyRingId
        cryptoKeyId: tools.cryptoKeyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: google-cloud-kms-encrypt-data
      description: Google Cloud KMS Encrypt data
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: openapi-crypto-operations.encrypt
      with:
        projectId: tools.projectId
        location: tools.location
        keyRingId: tools.keyRingId
        cryptoKeyId: tools.cryptoKeyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.