HashiCorp · Capability

HashiCorp Vault API — Auth

HashiCorp Vault API — Auth. 21 operations. Lead operation: HashiCorp List token accessors, which can then be be used to iterate and discover their properties or revoke them. Because this can be used to cause a denial of service, this endpoint requires 'sudo' capability in addition to 'list'.. Self-contained Naftiko capability covering one Hashicorp business surface.

Run with Naftiko HashicorpAuth

What You Can Do

GET
Getauthtokenaccessors — HashiCorp List token accessors, which can then be
/v1/auth/token/accessors
POST
Postauthtokencreate — HashiCorp The token create path is used to create new tokens.
/v1/auth/token/create
POST
Postauthtokencreateorphan — HashiCorp The token create path is used to create new orphan tokens.
/v1/auth/token/create-orphan
POST
Postauthtokencreaterolename — HashiCorp This token create path is used to create new tokens adhering to the given role.
/v1/auth/token/create/{role-name}
GET
Getauthtokenlookup — HashiCorp This endpoint will lookup a token and its properties.
/v1/auth/token/lookup
POST
Postauthtokenlookup — HashiCorp This endpoint will lookup a token and its properties.
/v1/auth/token/lookup
POST
Postauthtokenlookupaccessor — HashiCorp This endpoint will lookup a token associated with the given accessor and its properties. Response will not contain the token ID.
/v1/auth/token/lookup-accessor
GET
Getauthtokenlookupself — HashiCorp This endpoint will lookup a token and its properties.
/v1/auth/token/lookup-self
POST
Postauthtokenlookupself — HashiCorp This endpoint will lookup a token and its properties.
/v1/auth/token/lookup-self
POST
Postauthtokenrenew — HashiCorp This endpoint will renew the given token and prevent expiration.
/v1/auth/token/renew
POST
Postauthtokenrenewaccessor — HashiCorp This endpoint will renew a token associated with the given accessor and its properties. Response will not contain the token ID.
/v1/auth/token/renew-accessor
POST
Postauthtokenrenewself — HashiCorp This endpoint will renew the token used to call it and prevent expiration.
/v1/auth/token/renew-self
POST
Postauthtokenrevoke — HashiCorp This endpoint will delete the given token and all of its child tokens.
/v1/auth/token/revoke
POST
Postauthtokenrevokeaccessor — HashiCorp This endpoint will delete the token associated with the accessor and all of its child tokens.
/v1/auth/token/revoke-accessor
POST
Postauthtokenrevokeorphan — HashiCorp This endpoint will delete the token and orphan its child tokens.
/v1/auth/token/revoke-orphan
POST
Postauthtokenrevokeself — HashiCorp This endpoint will delete the token used to call it and all of its child tokens.
/v1/auth/token/revoke-self
GET
Getauthtokenroles — HashiCorp This endpoint lists configured roles.
/v1/auth/token/roles
GET
Getauthtokenrolesrolename — getauthtokenrolesrolename
/v1/auth/token/roles/{role-name}
POST
Postauthtokenrolesrolename — postauthtokenrolesrolename
/v1/auth/token/roles/{role-name}
DELETE
Deleteauthtokenrolesrolename — deleteauthtokenrolesrolename
/v1/auth/token/roles/{role-name}
POST
Postauthtokentidy — HashiCorp This endpoint performs cleanup tasks that can be run if certain error
/v1/auth/token/tidy

MCP Tools

hashicorp-list-token-accessors-which

HashiCorp List token accessors, which can then be

read-only idempotent
hashicorp-token-create-path-is

HashiCorp The token create path is used to create new tokens.

hashicorp-token-create-path-is-2

HashiCorp The token create path is used to create new orphan tokens.

hashicorp-this-token-create-path

HashiCorp This token create path is used to create new tokens adhering to the given role.

hashicorp-this-endpoint-will-lookup

HashiCorp This endpoint will lookup a token and its properties.

read-only idempotent
hashicorp-this-endpoint-will-lookup-2

HashiCorp This endpoint will lookup a token and its properties.

read-only
hashicorp-this-endpoint-will-lookup-3

HashiCorp This endpoint will lookup a token associated with the given accessor and its properties. Response will not contain the token ID.

read-only
hashicorp-this-endpoint-will-lookup-4

HashiCorp This endpoint will lookup a token and its properties.

read-only idempotent
hashicorp-this-endpoint-will-lookup-5

HashiCorp This endpoint will lookup a token and its properties.

read-only
hashicorp-this-endpoint-will-renew

HashiCorp This endpoint will renew the given token and prevent expiration.

hashicorp-this-endpoint-will-renew-2

HashiCorp This endpoint will renew a token associated with the given accessor and its properties. Response will not contain the token ID.

hashicorp-this-endpoint-will-renew-3

HashiCorp This endpoint will renew the token used to call it and prevent expiration.

hashicorp-this-endpoint-will-delete

HashiCorp This endpoint will delete the given token and all of its child tokens.

hashicorp-this-endpoint-will-delete-2

HashiCorp This endpoint will delete the token associated with the accessor and all of its child tokens.

hashicorp-this-endpoint-will-delete-3

HashiCorp This endpoint will delete the token and orphan its child tokens.

hashicorp-this-endpoint-will-delete-4

HashiCorp This endpoint will delete the token used to call it and all of its child tokens.

hashicorp-this-endpoint-lists-configured

HashiCorp This endpoint lists configured roles.

read-only idempotent
getauthtokenrolesrolename

getauthtokenrolesrolename

read-only idempotent
postauthtokenrolesrolename

postauthtokenrolesrolename

deleteauthtokenrolesrolename

deleteauthtokenrolesrolename

idempotent
hashicorp-this-endpoint-performs-cleanup

HashiCorp This endpoint performs cleanup tasks that can be run if certain error

Capability Spec

vault-auth.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: HashiCorp Vault API — Auth
  description: 'HashiCorp Vault API — Auth. 21 operations. Lead operation: HashiCorp List token accessors, which can then
    be

    be used to iterate and discover their properties

    or revoke them. Because this can be used to

    cause a denial of service, this endpoint

    requires ''sudo'' capability in addition to

    ''list''.. Self-contained Naftiko capability covering one Hashicorp business surface.'
  tags:
  - Hashicorp
  - Auth
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    HASHICORP_API_KEY: HASHICORP_API_KEY
capability:
  consumes:
  - type: http
    namespace: vault-auth
    baseUri: ''
    description: HashiCorp Vault API — Auth business capability. Self-contained, no shared references.
    resources:
    - name: auth-token-accessors
      path: /auth/token/accessors/
      operations:
      - name: getauthtokenaccessors
        method: GET
        description: HashiCorp List token accessors, which can then be
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: auth-token-create
      path: /auth/token/create
      operations:
      - name: postauthtokencreate
        method: POST
        description: HashiCorp The token create path is used to create new tokens.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-token-create-orphan
      path: /auth/token/create-orphan
      operations:
      - name: postauthtokencreateorphan
        method: POST
        description: HashiCorp The token create path is used to create new orphan tokens.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-token-create-role_name
      path: /auth/token/create/{role_name}
      operations:
      - name: postauthtokencreaterolename
        method: POST
        description: HashiCorp This token create path is used to create new tokens adhering to the given role.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-token-lookup
      path: /auth/token/lookup
      operations:
      - name: getauthtokenlookup
        method: GET
        description: HashiCorp This endpoint will lookup a token and its properties.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postauthtokenlookup
        method: POST
        description: HashiCorp This endpoint will lookup a token and its properties.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-lookup-accessor
      path: /auth/token/lookup-accessor
      operations:
      - name: postauthtokenlookupaccessor
        method: POST
        description: HashiCorp This endpoint will lookup a token associated with the given accessor and its properties. Response
          will not contain the token ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-lookup-self
      path: /auth/token/lookup-self
      operations:
      - name: getauthtokenlookupself
        method: GET
        description: HashiCorp This endpoint will lookup a token and its properties.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postauthtokenlookupself
        method: POST
        description: HashiCorp This endpoint will lookup a token and its properties.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-renew
      path: /auth/token/renew
      operations:
      - name: postauthtokenrenew
        method: POST
        description: HashiCorp This endpoint will renew the given token and prevent expiration.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-renew-accessor
      path: /auth/token/renew-accessor
      operations:
      - name: postauthtokenrenewaccessor
        method: POST
        description: HashiCorp This endpoint will renew a token associated with the given accessor and its properties. Response
          will not contain the token ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-renew-self
      path: /auth/token/renew-self
      operations:
      - name: postauthtokenrenewself
        method: POST
        description: HashiCorp This endpoint will renew the token used to call it and prevent expiration.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-revoke
      path: /auth/token/revoke
      operations:
      - name: postauthtokenrevoke
        method: POST
        description: HashiCorp This endpoint will delete the given token and all of its child tokens.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-revoke-accessor
      path: /auth/token/revoke-accessor
      operations:
      - name: postauthtokenrevokeaccessor
        method: POST
        description: HashiCorp This endpoint will delete the token associated with the accessor and all of its child tokens.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-revoke-orphan
      path: /auth/token/revoke-orphan
      operations:
      - name: postauthtokenrevokeorphan
        method: POST
        description: HashiCorp This endpoint will delete the token and orphan its child tokens.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: auth-token-revoke-self
      path: /auth/token/revoke-self
      operations:
      - name: postauthtokenrevokeself
        method: POST
        description: HashiCorp This endpoint will delete the token used to call it and all of its child tokens.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-token-roles
      path: /auth/token/roles
      operations:
      - name: getauthtokenroles
        method: GET
        description: HashiCorp This endpoint lists configured roles.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: auth-token-roles-role_name
      path: /auth/token/roles/{role_name}
      operations:
      - name: getauthtokenrolesrolename
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postauthtokenrolesrolename
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteauthtokenrolesrolename
        method: DELETE
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-token-tidy
      path: /auth/token/tidy
      operations:
      - name: postauthtokentidy
        method: POST
        description: HashiCorp This endpoint performs cleanup tasks that can be run if certain error
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    namespace: vault-auth-rest
    port: 8080
    description: REST adapter for HashiCorp Vault API — Auth. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/auth/token/accessors
      name: auth-token-accessors
      description: REST surface for auth-token-accessors.
      operations:
      - method: GET
        name: getauthtokenaccessors
        description: HashiCorp List token accessors, which can then be
        call: vault-auth.getauthtokenaccessors
        with:
          list: rest.list
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/create
      name: auth-token-create
      description: REST surface for auth-token-create.
      operations:
      - method: POST
        name: postauthtokencreate
        description: HashiCorp The token create path is used to create new tokens.
        call: vault-auth.postauthtokencreate
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/create-orphan
      name: auth-token-create-orphan
      description: REST surface for auth-token-create-orphan.
      operations:
      - method: POST
        name: postauthtokencreateorphan
        description: HashiCorp The token create path is used to create new orphan tokens.
        call: vault-auth.postauthtokencreateorphan
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/create/{role-name}
      name: auth-token-create-role-name
      description: REST surface for auth-token-create-role_name.
      operations:
      - method: POST
        name: postauthtokencreaterolename
        description: HashiCorp This token create path is used to create new tokens adhering to the given role.
        call: vault-auth.postauthtokencreaterolename
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/lookup
      name: auth-token-lookup
      description: REST surface for auth-token-lookup.
      operations:
      - method: GET
        name: getauthtokenlookup
        description: HashiCorp This endpoint will lookup a token and its properties.
        call: vault-auth.getauthtokenlookup
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: postauthtokenlookup
        description: HashiCorp This endpoint will lookup a token and its properties.
        call: vault-auth.postauthtokenlookup
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/lookup-accessor
      name: auth-token-lookup-accessor
      description: REST surface for auth-token-lookup-accessor.
      operations:
      - method: POST
        name: postauthtokenlookupaccessor
        description: HashiCorp This endpoint will lookup a token associated with the given accessor and its properties. Response
          will not contain the token ID.
        call: vault-auth.postauthtokenlookupaccessor
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/lookup-self
      name: auth-token-lookup-self
      description: REST surface for auth-token-lookup-self.
      operations:
      - method: GET
        name: getauthtokenlookupself
        description: HashiCorp This endpoint will lookup a token and its properties.
        call: vault-auth.getauthtokenlookupself
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: postauthtokenlookupself
        description: HashiCorp This endpoint will lookup a token and its properties.
        call: vault-auth.postauthtokenlookupself
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/renew
      name: auth-token-renew
      description: REST surface for auth-token-renew.
      operations:
      - method: POST
        name: postauthtokenrenew
        description: HashiCorp This endpoint will renew the given token and prevent expiration.
        call: vault-auth.postauthtokenrenew
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/renew-accessor
      name: auth-token-renew-accessor
      description: REST surface for auth-token-renew-accessor.
      operations:
      - method: POST
        name: postauthtokenrenewaccessor
        description: HashiCorp This endpoint will renew a token associated with the given accessor and its properties. Response
          will not contain the token ID.
        call: vault-auth.postauthtokenrenewaccessor
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/renew-self
      name: auth-token-renew-self
      description: REST surface for auth-token-renew-self.
      operations:
      - method: POST
        name: postauthtokenrenewself
        description: HashiCorp This endpoint will renew the token used to call it and prevent expiration.
        call: vault-auth.postauthtokenrenewself
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/revoke
      name: auth-token-revoke
      description: REST surface for auth-token-revoke.
      operations:
      - method: POST
        name: postauthtokenrevoke
        description: HashiCorp This endpoint will delete the given token and all of its child tokens.
        call: vault-auth.postauthtokenrevoke
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/revoke-accessor
      name: auth-token-revoke-accessor
      description: REST surface for auth-token-revoke-accessor.
      operations:
      - method: POST
        name: postauthtokenrevokeaccessor
        description: HashiCorp This endpoint will delete the token associated with the accessor and all of its child tokens.
        call: vault-auth.postauthtokenrevokeaccessor
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/revoke-orphan
      name: auth-token-revoke-orphan
      description: REST surface for auth-token-revoke-orphan.
      operations:
      - method: POST
        name: postauthtokenrevokeorphan
        description: HashiCorp This endpoint will delete the token and orphan its child tokens.
        call: vault-auth.postauthtokenrevokeorphan
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/revoke-self
      name: auth-token-revoke-self
      description: REST surface for auth-token-revoke-self.
      operations:
      - method: POST
        name: postauthtokenrevokeself
        description: HashiCorp This endpoint will delete the token used to call it and all of its child tokens.
        call: vault-auth.postauthtokenrevokeself
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/roles
      name: auth-token-roles
      description: REST surface for auth-token-roles.
      operations:
      - method: GET
        name: getauthtokenroles
        description: HashiCorp This endpoint lists configured roles.
        call: vault-auth.getauthtokenroles
        with:
          list: rest.list
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/roles/{role-name}
      name: auth-token-roles-role-name
      description: REST surface for auth-token-roles-role_name.
      operations:
      - method: GET
        name: getauthtokenrolesrolename
        description: getauthtokenrolesrolename
        call: vault-auth.getauthtokenrolesrolename
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: postauthtokenrolesrolename
        description: postauthtokenrolesrolename
        call: vault-auth.postauthtokenrolesrolename
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteauthtokenrolesrolename
        description: deleteauthtokenrolesrolename
        call: vault-auth.deleteauthtokenrolesrolename
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/token/tidy
      name: auth-token-tidy
      description: REST surface for auth-token-tidy.
      operations:
      - method: POST
        name: postauthtokentidy
        description: HashiCorp This endpoint performs cleanup tasks that can be run if certain error
        call: vault-auth.postauthtokentidy
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: vault-auth-mcp
    port: 9090
    transport: http
    description: MCP adapter for HashiCorp Vault API — Auth. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: hashicorp-list-token-accessors-which
      description: HashiCorp List token accessors, which can then be
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: vault-auth.getauthtokenaccessors
      with:
        list: tools.list
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-token-create-path-is
      description: HashiCorp The token create path is used to create new tokens.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokencreate
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-token-create-path-is-2
      description: HashiCorp The token create path is used to create new orphan tokens.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokencreateorphan
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-token-create-path
      description: HashiCorp This token create path is used to create new tokens adhering to the given role.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokencreaterolename
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-lookup
      description: HashiCorp This endpoint will lookup a token and its properties.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: vault-auth.getauthtokenlookup
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-lookup-2
      description: HashiCorp This endpoint will lookup a token and its properties.
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenlookup
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-lookup-3
      description: HashiCorp This endpoint will lookup a token associated with the given accessor and its properties. Response
        will not contain the token ID.
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenlookupaccessor
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-lookup-4
      description: HashiCorp This endpoint will lookup a token and its properties.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: vault-auth.getauthtokenlookupself
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-lookup-5
      description: HashiCorp This endpoint will lookup a token and its properties.
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenlookupself
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-renew
      description: HashiCorp This endpoint will renew the given token and prevent expiration.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenrenew
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-renew-2
      description: HashiCorp This endpoint will renew a token associated with the given accessor and its properties. Response
        will not contain the token ID.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenrenewaccessor
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-renew-3
      description: HashiCorp This endpoint will renew the token used to call it and prevent expiration.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenrenewself
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-delete
      description: HashiCorp This endpoint will delete the given token and all of its child tokens.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenrevoke
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-delete-2
      description: HashiCorp This endpoint will delete the token associated with the accessor and all of its child tokens.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenrevokeaccessor
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-delete-3
      description: HashiCorp This endpoint will delete the token and orphan its child tokens.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenrevokeorphan
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-will-delete-4
      description: HashiCorp This endpoint will delete the token used to call it and all of its child tokens.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenrevokeself
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-lists-configured
      description: HashiCorp This endpoint lists configured roles.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: vault-auth.getauthtokenroles
      with:
        list: tools.list
      outputParameters:
      - type: object
        mapping: $.
    - name: getauthtokenrolesrolename
      description: getauthtokenrolesrolename
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: vault-auth.getauthtokenrolesrolename
      outputParameters:
      - type: object
        mapping: $.
    - name: postauthtokenrolesrolename
      description: postauthtokenrolesrolename
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokenrolesrolename
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: deleteauthtokenrolesrolename
      description: deleteauthtokenrolesrolename
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: vault-auth.deleteauthtokenrolesrolename
      outputParameters:
      - type: object
        mapping: $.
    - name: hashicorp-this-endpoint-performs-cleanup
      description: HashiCorp This endpoint performs cleanup tasks that can be run if certain error
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: vault-auth.postauthtokentidy
      outputParameters:
      - type: object
        mapping: $.