HashiCorp Vault · Capability

HashiCorp Vault HTTP API — System

HashiCorp Vault HTTP API — System. 21 operations. Lead operation: List audit devices. Self-contained Naftiko capability covering one Hashicorp Vault business surface.

Run with Naftiko Hashicorp VaultSystem

What You Can Do

GET
Listauditdevices — List audit devices
/v1/sys/audit
PUT
Enableauditdevice — Enable an audit device
/v1/sys/audit/{path}
DELETE
Disableauditdevice — Disable an audit device
/v1/sys/audit/{path}
GET
Listauthmethods — List auth methods
/v1/sys/auth
POST
Enableauthmethod — Enable an auth method
/v1/sys/auth/{path}
DELETE
Disableauthmethod — Disable an auth method
/v1/sys/auth/{path}
GET
Getrootgenerationprogress — Read root generation progress
/v1/sys/generate-root/attempt
PUT
Startrootgeneration — Start root token generation
/v1/sys/generate-root/attempt
DELETE
Cancelrootgeneration — Cancel root token generation
/v1/sys/generate-root/attempt
GET
Gethealth — Health status
/v1/sys/health
GET
Getinitstatus — Check initialization status
/v1/sys/init
PUT
Initialize — Initialize Vault
/v1/sys/init
GET
Getleader — Get leader information
/v1/sys/leader
GET
Listsecretengines — List mounted secrets engines
/v1/sys/mounts
POST
Enablesecretengine — Enable a secrets engine
/v1/sys/mounts/{path}
DELETE
Disablesecretengine — Disable a secrets engine
/v1/sys/mounts/{path}
PUT
Seal — Seal the Vault
/v1/sys/seal
GET
Getsealstatus — Check seal status
/v1/sys/seal-status
PUT
Unseal — Submit an unseal key
/v1/sys/unseal
POST
Unwrap — Unwrap data
/v1/sys/wrapping/unwrap
POST
Wrap — Wrap data
/v1/sys/wrapping/wrap

MCP Tools

list-audit-devices

List audit devices

read-only idempotent
enable-audit-device

Enable an audit device

idempotent
disable-audit-device

Disable an audit device

idempotent
list-auth-methods

List auth methods

read-only idempotent
enable-auth-method

Enable an auth method

disable-auth-method

Disable an auth method

idempotent
read-root-generation-progress

Read root generation progress

read-only idempotent
start-root-token-generation

Start root token generation

idempotent
cancel-root-token-generation

Cancel root token generation

idempotent
health-status

Health status

read-only idempotent
check-initialization-status

Check initialization status

read-only idempotent
initialize-vault

Initialize Vault

idempotent
get-leader-information

Get leader information

read-only idempotent
list-mounted-secrets-engines

List mounted secrets engines

read-only idempotent
enable-secrets-engine

Enable a secrets engine

disable-secrets-engine

Disable a secrets engine

idempotent
seal-vault

Seal the Vault

idempotent
check-seal-status

Check seal status

read-only idempotent
submit-unseal-key

Submit an unseal key

idempotent
unwrap-data

Unwrap data

wrap-data

Wrap data

Capability Spec

hashicorp-vault-system.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: HashiCorp Vault HTTP API — System
  description: 'HashiCorp Vault HTTP API — System. 21 operations. Lead operation: List audit devices. Self-contained Naftiko
    capability covering one Hashicorp Vault business surface.'
  tags:
  - Hashicorp Vault
  - System
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    HASHICORP_VAULT_API_KEY: HASHICORP_VAULT_API_KEY
capability:
  consumes:
  - type: http
    namespace: hashicorp-vault-system
    baseUri: https://127.0.0.1:8200/v1
    description: HashiCorp Vault HTTP API — System business capability. Self-contained, no shared references.
    resources:
    - name: sys-audit
      path: /sys/audit
      operations:
      - name: listauditdevices
        method: GET
        description: List audit devices
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: sys-audit-path
      path: /sys/audit/{path}
      operations:
      - name: enableauditdevice
        method: PUT
        description: Enable an audit device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: path
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: disableauditdevice
        method: DELETE
        description: Disable an audit device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: path
          in: path
          type: string
          required: true
    - name: sys-auth
      path: /sys/auth
      operations:
      - name: listauthmethods
        method: GET
        description: List auth methods
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: sys-auth-path
      path: /sys/auth/{path}
      operations:
      - name: enableauthmethod
        method: POST
        description: Enable an auth method
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: path
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: disableauthmethod
        method: DELETE
        description: Disable an auth method
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: path
          in: path
          type: string
          required: true
    - name: sys-generate-root-attempt
      path: /sys/generate-root/attempt
      operations:
      - name: getrootgenerationprogress
        method: GET
        description: Read root generation progress
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: startrootgeneration
        method: PUT
        description: Start root token generation
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: cancelrootgeneration
        method: DELETE
        description: Cancel root token generation
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: sys-health
      path: /sys/health
      operations:
      - name: gethealth
        method: GET
        description: Health status
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: standbyok
          in: query
          type: boolean
          description: Return 200 for standby nodes too
        - name: activecode
          in: query
          type: integer
          description: Custom status code for active node
        - name: standbycode
          in: query
          type: integer
          description: Custom status code for standby node
        - name: sealedcode
          in: query
          type: integer
          description: Custom status code for sealed node
        - name: uninitcode
          in: query
          type: integer
          description: Custom status code for uninitialized node
    - name: sys-init
      path: /sys/init
      operations:
      - name: getinitstatus
        method: GET
        description: Check initialization status
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: initialize
        method: PUT
        description: Initialize Vault
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: sys-leader
      path: /sys/leader
      operations:
      - name: getleader
        method: GET
        description: Get leader information
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: sys-mounts
      path: /sys/mounts
      operations:
      - name: listsecretengines
        method: GET
        description: List mounted secrets engines
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: sys-mounts-path
      path: /sys/mounts/{path}
      operations:
      - name: enablesecretengine
        method: POST
        description: Enable a secrets engine
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: path
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: disablesecretengine
        method: DELETE
        description: Disable a secrets engine
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: path
          in: path
          type: string
          required: true
    - name: sys-seal
      path: /sys/seal
      operations:
      - name: seal
        method: PUT
        description: Seal the Vault
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: sys-seal-status
      path: /sys/seal-status
      operations:
      - name: getsealstatus
        method: GET
        description: Check seal status
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: sys-unseal
      path: /sys/unseal
      operations:
      - name: unseal
        method: PUT
        description: Submit an unseal key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: sys-wrapping-unwrap
      path: /sys/wrapping/unwrap
      operations:
      - name: unwrap
        method: POST
        description: Unwrap data
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: sys-wrapping-wrap
      path: /sys/wrapping/wrap
      operations:
      - name: wrap
        method: POST
        description: Wrap data
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: X-Vault-Wrap-TTL
          in: header
          type: string
          description: TTL for the wrapping token
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: apikey
      key: X-Vault-Token
      value: '{{env.HASHICORP_VAULT_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: hashicorp-vault-system-rest
    port: 8080
    description: REST adapter for HashiCorp Vault HTTP API — System. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/sys/audit
      name: sys-audit
      description: REST surface for sys-audit.
      operations:
      - method: GET
        name: listauditdevices
        description: List audit devices
        call: hashicorp-vault-system.listauditdevices
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/audit/{path}
      name: sys-audit-path
      description: REST surface for sys-audit-path.
      operations:
      - method: PUT
        name: enableauditdevice
        description: Enable an audit device
        call: hashicorp-vault-system.enableauditdevice
        with:
          path: rest.path
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: disableauditdevice
        description: Disable an audit device
        call: hashicorp-vault-system.disableauditdevice
        with:
          path: rest.path
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/auth
      name: sys-auth
      description: REST surface for sys-auth.
      operations:
      - method: GET
        name: listauthmethods
        description: List auth methods
        call: hashicorp-vault-system.listauthmethods
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/auth/{path}
      name: sys-auth-path
      description: REST surface for sys-auth-path.
      operations:
      - method: POST
        name: enableauthmethod
        description: Enable an auth method
        call: hashicorp-vault-system.enableauthmethod
        with:
          path: rest.path
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: disableauthmethod
        description: Disable an auth method
        call: hashicorp-vault-system.disableauthmethod
        with:
          path: rest.path
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/generate-root/attempt
      name: sys-generate-root-attempt
      description: REST surface for sys-generate-root-attempt.
      operations:
      - method: GET
        name: getrootgenerationprogress
        description: Read root generation progress
        call: hashicorp-vault-system.getrootgenerationprogress
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: startrootgeneration
        description: Start root token generation
        call: hashicorp-vault-system.startrootgeneration
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: cancelrootgeneration
        description: Cancel root token generation
        call: hashicorp-vault-system.cancelrootgeneration
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/health
      name: sys-health
      description: REST surface for sys-health.
      operations:
      - method: GET
        name: gethealth
        description: Health status
        call: hashicorp-vault-system.gethealth
        with:
          standbyok: rest.standbyok
          activecode: rest.activecode
          standbycode: rest.standbycode
          sealedcode: rest.sealedcode
          uninitcode: rest.uninitcode
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/init
      name: sys-init
      description: REST surface for sys-init.
      operations:
      - method: GET
        name: getinitstatus
        description: Check initialization status
        call: hashicorp-vault-system.getinitstatus
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: initialize
        description: Initialize Vault
        call: hashicorp-vault-system.initialize
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/leader
      name: sys-leader
      description: REST surface for sys-leader.
      operations:
      - method: GET
        name: getleader
        description: Get leader information
        call: hashicorp-vault-system.getleader
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/mounts
      name: sys-mounts
      description: REST surface for sys-mounts.
      operations:
      - method: GET
        name: listsecretengines
        description: List mounted secrets engines
        call: hashicorp-vault-system.listsecretengines
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/mounts/{path}
      name: sys-mounts-path
      description: REST surface for sys-mounts-path.
      operations:
      - method: POST
        name: enablesecretengine
        description: Enable a secrets engine
        call: hashicorp-vault-system.enablesecretengine
        with:
          path: rest.path
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: disablesecretengine
        description: Disable a secrets engine
        call: hashicorp-vault-system.disablesecretengine
        with:
          path: rest.path
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/seal
      name: sys-seal
      description: REST surface for sys-seal.
      operations:
      - method: PUT
        name: seal
        description: Seal the Vault
        call: hashicorp-vault-system.seal
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/seal-status
      name: sys-seal-status
      description: REST surface for sys-seal-status.
      operations:
      - method: GET
        name: getsealstatus
        description: Check seal status
        call: hashicorp-vault-system.getsealstatus
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/unseal
      name: sys-unseal
      description: REST surface for sys-unseal.
      operations:
      - method: PUT
        name: unseal
        description: Submit an unseal key
        call: hashicorp-vault-system.unseal
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/wrapping/unwrap
      name: sys-wrapping-unwrap
      description: REST surface for sys-wrapping-unwrap.
      operations:
      - method: POST
        name: unwrap
        description: Unwrap data
        call: hashicorp-vault-system.unwrap
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/sys/wrapping/wrap
      name: sys-wrapping-wrap
      description: REST surface for sys-wrapping-wrap.
      operations:
      - method: POST
        name: wrap
        description: Wrap data
        call: hashicorp-vault-system.wrap
        with:
          X-Vault-Wrap-TTL: rest.X-Vault-Wrap-TTL
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: hashicorp-vault-system-mcp
    port: 9090
    transport: http
    description: MCP adapter for HashiCorp Vault HTTP API — System. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: list-audit-devices
      description: List audit devices
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.listauditdevices
      outputParameters:
      - type: object
        mapping: $.
    - name: enable-audit-device
      description: Enable an audit device
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.enableauditdevice
      with:
        path: tools.path
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: disable-audit-device
      description: Disable an audit device
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: hashicorp-vault-system.disableauditdevice
      with:
        path: tools.path
      outputParameters:
      - type: object
        mapping: $.
    - name: list-auth-methods
      description: List auth methods
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.listauthmethods
      outputParameters:
      - type: object
        mapping: $.
    - name: enable-auth-method
      description: Enable an auth method
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hashicorp-vault-system.enableauthmethod
      with:
        path: tools.path
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: disable-auth-method
      description: Disable an auth method
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: hashicorp-vault-system.disableauthmethod
      with:
        path: tools.path
      outputParameters:
      - type: object
        mapping: $.
    - name: read-root-generation-progress
      description: Read root generation progress
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.getrootgenerationprogress
      outputParameters:
      - type: object
        mapping: $.
    - name: start-root-token-generation
      description: Start root token generation
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.startrootgeneration
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: cancel-root-token-generation
      description: Cancel root token generation
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: hashicorp-vault-system.cancelrootgeneration
      outputParameters:
      - type: object
        mapping: $.
    - name: health-status
      description: Health status
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.gethealth
      with:
        standbyok: tools.standbyok
        activecode: tools.activecode
        standbycode: tools.standbycode
        sealedcode: tools.sealedcode
        uninitcode: tools.uninitcode
      outputParameters:
      - type: object
        mapping: $.
    - name: check-initialization-status
      description: Check initialization status
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.getinitstatus
      outputParameters:
      - type: object
        mapping: $.
    - name: initialize-vault
      description: Initialize Vault
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.initialize
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-leader-information
      description: Get leader information
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.getleader
      outputParameters:
      - type: object
        mapping: $.
    - name: list-mounted-secrets-engines
      description: List mounted secrets engines
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.listsecretengines
      outputParameters:
      - type: object
        mapping: $.
    - name: enable-secrets-engine
      description: Enable a secrets engine
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hashicorp-vault-system.enablesecretengine
      with:
        path: tools.path
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: disable-secrets-engine
      description: Disable a secrets engine
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: hashicorp-vault-system.disablesecretengine
      with:
        path: tools.path
      outputParameters:
      - type: object
        mapping: $.
    - name: seal-vault
      description: Seal the Vault
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.seal
      outputParameters:
      - type: object
        mapping: $.
    - name: check-seal-status
      description: Check seal status
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.getsealstatus
      outputParameters:
      - type: object
        mapping: $.
    - name: submit-unseal-key
      description: Submit an unseal key
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: hashicorp-vault-system.unseal
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: unwrap-data
      description: Unwrap data
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hashicorp-vault-system.unwrap
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: wrap-data
      description: Wrap data
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hashicorp-vault-system.wrap
      with:
        X-Vault-Wrap-TTL: tools.X-Vault-Wrap-TTL
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.