HashiCorp Vault · Capability

HashiCorp Vault HTTP API — Auth - Token

HashiCorp Vault HTTP API — Auth - Token. 7 operations. Lead operation: Create a token. Self-contained Naftiko capability covering one Hashicorp Vault business surface.

Run with Naftiko Hashicorp VaultAuth - Token

What You Can Do

POST
Createtoken — Create a token
/v1/auth/token/create
POST
Lookuptoken — Lookup a token
/v1/auth/token/lookup
GET
Lookupselftoken — Lookup own token
/v1/auth/token/lookup-self
POST
Renewtoken — Renew a token
/v1/auth/token/renew
POST
Renewselftoken — Renew own token
/v1/auth/token/renew-self
POST
Revoketoken — Revoke a token
/v1/auth/token/revoke
POST
Revokeselftoken — Revoke own token
/v1/auth/token/revoke-self

MCP Tools

create-token

Create a token

lookup-token

Lookup a token

read-only
lookup-own-token

Lookup own token

read-only idempotent
renew-token

Renew a token

renew-own-token

Renew own token

revoke-token

Revoke a token

revoke-own-token

Revoke own token

Capability Spec

hashicorp-vault-auth-token.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: HashiCorp Vault HTTP API — Auth - Token
  description: 'HashiCorp Vault HTTP API — Auth - Token. 7 operations. Lead operation: Create a token. Self-contained Naftiko
    capability covering one Hashicorp Vault business surface.'
  tags:
  - Hashicorp Vault
  - Auth - Token
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    HASHICORP_VAULT_API_KEY: HASHICORP_VAULT_API_KEY
capability:
  consumes:
  - type: http
    namespace: hashicorp-vault-auth-token
    baseUri: https://127.0.0.1:8200/v1
    description: HashiCorp Vault HTTP API — Auth - Token business capability. Self-contained, no shared references.
    resources:
    - name: auth-token-create
      path: /auth/token/create
      operations:
      - name: createtoken
        method: POST
        description: Create a token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-lookup
      path: /auth/token/lookup
      operations:
      - name: lookuptoken
        method: POST
        description: Lookup a token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-token-lookup-self
      path: /auth/token/lookup-self
      operations:
      - name: lookupselftoken
        method: GET
        description: Lookup own token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-token-renew
      path: /auth/token/renew
      operations:
      - name: renewtoken
        method: POST
        description: Renew a token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-token-renew-self
      path: /auth/token/renew-self
      operations:
      - name: renewselftoken
        method: POST
        description: Renew own token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-revoke
      path: /auth/token/revoke
      operations:
      - name: revoketoken
        method: POST
        description: Revoke a token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-token-revoke-self
      path: /auth/token/revoke-self
      operations:
      - name: revokeselftoken
        method: POST
        description: Revoke own token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: X-Vault-Token
      value: '{{env.HASHICORP_VAULT_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: hashicorp-vault-auth-token-rest
    port: 8080
    description: REST adapter for HashiCorp Vault HTTP API — Auth - Token. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/auth/token/create
      name: auth-token-create
      description: REST surface for auth-token-create.
      operations:
      - method: POST
        name: createtoken
        description: Create a token
        call: hashicorp-vault-auth-token.createtoken
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/lookup
      name: auth-token-lookup
      description: REST surface for auth-token-lookup.
      operations:
      - method: POST
        name: lookuptoken
        description: Lookup a token
        call: hashicorp-vault-auth-token.lookuptoken
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/lookup-self
      name: auth-token-lookup-self
      description: REST surface for auth-token-lookup-self.
      operations:
      - method: GET
        name: lookupselftoken
        description: Lookup own token
        call: hashicorp-vault-auth-token.lookupselftoken
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/renew
      name: auth-token-renew
      description: REST surface for auth-token-renew.
      operations:
      - method: POST
        name: renewtoken
        description: Renew a token
        call: hashicorp-vault-auth-token.renewtoken
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/renew-self
      name: auth-token-renew-self
      description: REST surface for auth-token-renew-self.
      operations:
      - method: POST
        name: renewselftoken
        description: Renew own token
        call: hashicorp-vault-auth-token.renewselftoken
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/revoke
      name: auth-token-revoke
      description: REST surface for auth-token-revoke.
      operations:
      - method: POST
        name: revoketoken
        description: Revoke a token
        call: hashicorp-vault-auth-token.revoketoken
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/revoke-self
      name: auth-token-revoke-self
      description: REST surface for auth-token-revoke-self.
      operations:
      - method: POST
        name: revokeselftoken
        description: Revoke own token
        call: hashicorp-vault-auth-token.revokeselftoken
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: hashicorp-vault-auth-token-mcp
    port: 9090
    transport: http
    description: MCP adapter for HashiCorp Vault HTTP API — Auth - Token. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: create-token
      description: Create a token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hashicorp-vault-auth-token.createtoken
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: lookup-token
      description: Lookup a token
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: hashicorp-vault-auth-token.lookuptoken
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: lookup-own-token
      description: Lookup own token
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hashicorp-vault-auth-token.lookupselftoken
      outputParameters:
      - type: object
        mapping: $.
    - name: renew-token
      description: Renew a token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hashicorp-vault-auth-token.renewtoken
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: renew-own-token
      description: Renew own token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hashicorp-vault-auth-token.renewselftoken
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: revoke-token
      description: Revoke a token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hashicorp-vault-auth-token.revoketoken
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: revoke-own-token
      description: Revoke own token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hashicorp-vault-auth-token.revokeselftoken
      outputParameters:
      - type: object
        mapping: $.