HashiCorp · Capability

HashiCorp Vault API — Identity

HashiCorp Vault API — Identity. 80 operations. Lead operation: HashiCorp Create a new alias.. Self-contained Naftiko capability covering one Hashicorp business surface.

Run with Naftiko HashicorpIdentity

What You Can Do

POST
Postidentityalias — HashiCorp Create a new alias.
/v1/identity/alias
GET
Getidentityaliasid — HashiCorp List all the alias IDs.
/v1/identity/alias/id
GET
Getidentityaliasidid — HashiCorp Update, read or delete an alias ID.
/v1/identity/alias/id/{id}
POST
Postidentityaliasidid — HashiCorp Update, read or delete an alias ID.
/v1/identity/alias/id/{id}
DELETE
Deleteidentityaliasidid — HashiCorp Update, read or delete an alias ID.
/v1/identity/alias/id/{id}
POST
Postidentityentity — HashiCorp Create a new entity
/v1/identity/entity
POST
Postidentityentityalias — HashiCorp Create a new alias.
/v1/identity/entity-alias
GET
Getidentityentityaliasid — HashiCorp List all the alias IDs.
/v1/identity/entity-alias/id
GET
Getidentityentityaliasidid — HashiCorp Update, read or delete an alias ID.
/v1/identity/entity-alias/id/{id}
POST
Postidentityentityaliasidid — HashiCorp Update, read or delete an alias ID.
/v1/identity/entity-alias/id/{id}
DELETE
Deleteidentityentityaliasidid — HashiCorp Update, read or delete an alias ID.
/v1/identity/entity-alias/id/{id}
POST
Postidentityentitybatchdelete — HashiCorp Delete all of the entities provided
/v1/identity/entity/batch-delete
GET
Getidentityentityid — HashiCorp List all the entity IDs
/v1/identity/entity/id
GET
Getidentityentityidid — HashiCorp Update, read or delete an entity using entity ID
/v1/identity/entity/id/{id}
POST
Postidentityentityidid — HashiCorp Update, read or delete an entity using entity ID
/v1/identity/entity/id/{id}
DELETE
Deleteidentityentityidid — HashiCorp Update, read or delete an entity using entity ID
/v1/identity/entity/id/{id}
POST
Postidentityentitymerge — HashiCorp Merge two or more entities together
/v1/identity/entity/merge
GET
Getidentityentityname — HashiCorp List all the entity names
/v1/identity/entity/name
GET
Getidentityentitynamename — HashiCorp Update, read or delete an entity using entity name
/v1/identity/entity/name/{name}
POST
Postidentityentitynamename — HashiCorp Update, read or delete an entity using entity name
/v1/identity/entity/name/{name}
DELETE
Deleteidentityentitynamename — HashiCorp Update, read or delete an entity using entity name
/v1/identity/entity/name/{name}
POST
Postidentitygroup — HashiCorp Create a new group.
/v1/identity/group
POST
Postidentitygroupalias — HashiCorp Creates a new group alias, or updates an existing one.
/v1/identity/group-alias
GET
Getidentitygroupaliasid — HashiCorp List all the group alias IDs.
/v1/identity/group-alias/id
GET
Getidentitygroupaliasidid — getidentitygroupaliasidid
/v1/identity/group-alias/id/{id}
POST
Postidentitygroupaliasidid — postidentitygroupaliasidid
/v1/identity/group-alias/id/{id}
DELETE
Deleteidentitygroupaliasidid — deleteidentitygroupaliasidid
/v1/identity/group-alias/id/{id}
GET
Getidentitygroupid — HashiCorp List all the group IDs.
/v1/identity/group/id
GET
Getidentitygroupidid — HashiCorp Update or delete an existing group using its ID.
/v1/identity/group/id/{id}
POST
Postidentitygroupidid — HashiCorp Update or delete an existing group using its ID.
/v1/identity/group/id/{id}
DELETE
Deleteidentitygroupidid — HashiCorp Update or delete an existing group using its ID.
/v1/identity/group/id/{id}
GET
Getidentitygroupname — getidentitygroupname
/v1/identity/group/name
GET
Getidentitygroupnamename — getidentitygroupnamename
/v1/identity/group/name/{name}
POST
Postidentitygroupnamename — postidentitygroupnamename
/v1/identity/group/name/{name}
DELETE
Deleteidentitygroupnamename — deleteidentitygroupnamename
/v1/identity/group/name/{name}
POST
Postidentitylookupentity — HashiCorp Query entities based on various properties.
/v1/identity/lookup/entity
POST
Postidentitylookupgroup — HashiCorp Query groups based on various properties.
/v1/identity/lookup/group
GET
Getidentityoidcwellknownkeys — HashiCorp Retrieve public keys
/v1/identity/oidc/well-known/keys
GET
Getidentityoidcwellknownopenidconfiguration — HashiCorp Query OIDC configurations
/v1/identity/oidc/well-known/openid-configuration
GET
Getidentityoidcassignment — getidentityoidcassignment
/v1/identity/oidc/assignment
GET
Getidentityoidcassignmentname — getidentityoidcassignmentname
/v1/identity/oidc/assignment/{name}
POST
Postidentityoidcassignmentname — postidentityoidcassignmentname
/v1/identity/oidc/assignment/{name}
DELETE
Deleteidentityoidcassignmentname — deleteidentityoidcassignmentname
/v1/identity/oidc/assignment/{name}
GET
Getidentityoidcclient — getidentityoidcclient
/v1/identity/oidc/client
GET
Getidentityoidcclientname — getidentityoidcclientname
/v1/identity/oidc/client/{name}
POST
Postidentityoidcclientname — postidentityoidcclientname
/v1/identity/oidc/client/{name}
DELETE
Deleteidentityoidcclientname — deleteidentityoidcclientname
/v1/identity/oidc/client/{name}
GET
Getidentityoidcconfig — HashiCorp OIDC configuration
/v1/identity/oidc/config
POST
Postidentityoidcconfig — HashiCorp OIDC configuration
/v1/identity/oidc/config
POST
Postidentityoidcintrospect — HashiCorp Verify the authenticity of an OIDC token
/v1/identity/oidc/introspect
GET
Getidentityoidckey — HashiCorp List OIDC keys
/v1/identity/oidc/key
GET
Getidentityoidckeyname — HashiCorp CRUD operations for OIDC keys.
/v1/identity/oidc/key/{name}
POST
Postidentityoidckeyname — HashiCorp CRUD operations for OIDC keys.
/v1/identity/oidc/key/{name}
DELETE
Deleteidentityoidckeyname — HashiCorp CRUD operations for OIDC keys.
/v1/identity/oidc/key/{name}
POST
Postidentityoidckeynamerotate — HashiCorp Rotate a named OIDC key.
/v1/identity/oidc/key/{name}/rotate
GET
Getidentityoidcprovider — getidentityoidcprovider
/v1/identity/oidc/provider
GET
Getidentityoidcprovidername — getidentityoidcprovidername
/v1/identity/oidc/provider/{name}
POST
Postidentityoidcprovidername — postidentityoidcprovidername
/v1/identity/oidc/provider/{name}
DELETE
Deleteidentityoidcprovidername — deleteidentityoidcprovidername
/v1/identity/oidc/provider/{name}
GET
Getidentityoidcprovidernamewellknownkeys — getidentityoidcprovidernamewellknownkeys
/v1/identity/oidc/provider/{name}/well-known/keys
GET
Getidentityoidcprovidernamewellknownopenidconfiguration — getidentityoidcprovidernamewellknownopenidconfiguration
/v1/identity/oidc/provider/{name}/well-known/openid-configuration
GET
Getidentityoidcprovidernameauthorize — getidentityoidcprovidernameauthorize
/v1/identity/oidc/provider/{name}/authorize
POST
Postidentityoidcprovidernameauthorize — postidentityoidcprovidernameauthorize
/v1/identity/oidc/provider/{name}/authorize
POST
Postidentityoidcprovidernametoken — postidentityoidcprovidernametoken
/v1/identity/oidc/provider/{name}/token
GET
Getidentityoidcprovidernameuserinfo — getidentityoidcprovidernameuserinfo
/v1/identity/oidc/provider/{name}/userinfo
POST
Postidentityoidcprovidernameuserinfo — postidentityoidcprovidernameuserinfo
/v1/identity/oidc/provider/{name}/userinfo
GET
Getidentityoidcrole — HashiCorp List configured OIDC roles
/v1/identity/oidc/role
GET
Getidentityoidcrolename — HashiCorp CRUD operations on OIDC Roles
/v1/identity/oidc/role/{name}
POST
Postidentityoidcrolename — HashiCorp CRUD operations on OIDC Roles
/v1/identity/oidc/role/{name}
DELETE
Deleteidentityoidcrolename — HashiCorp CRUD operations on OIDC Roles
/v1/identity/oidc/role/{name}
GET
Getidentityoidcscope — getidentityoidcscope
/v1/identity/oidc/scope
GET
Getidentityoidcscopename — getidentityoidcscopename
/v1/identity/oidc/scope/{name}
POST
Postidentityoidcscopename — postidentityoidcscopename
/v1/identity/oidc/scope/{name}
DELETE
Deleteidentityoidcscopename — deleteidentityoidcscopename
/v1/identity/oidc/scope/{name}
GET
Getidentityoidctokenname — HashiCorp Generate an OIDC token
/v1/identity/oidc/token/{name}
POST
Postidentitypersona — HashiCorp Create a new alias.
/v1/identity/persona
GET
Getidentitypersonaid — HashiCorp List all the alias IDs.
/v1/identity/persona/id
GET
Getidentitypersonaidid — HashiCorp Update, read or delete an alias ID.
/v1/identity/persona/id/{id}
POST
Postidentitypersonaidid — HashiCorp Update, read or delete an alias ID.
/v1/identity/persona/id/{id}
DELETE
Deleteidentitypersonaidid — HashiCorp Update, read or delete an alias ID.
/v1/identity/persona/id/{id}

MCP Tools

hashicorp-create-new-alias

HashiCorp Create a new alias.

hashicorp-list-all-alias-ids

HashiCorp List all the alias IDs.

read-only idempotent
hashicorp-update-read-delete-alias

HashiCorp Update, read or delete an alias ID.

read-only idempotent
hashicorp-update-read-delete-alias-2

HashiCorp Update, read or delete an alias ID.

hashicorp-update-read-delete-alias-3

HashiCorp Update, read or delete an alias ID.

idempotent
hashicorp-create-new-entity

HashiCorp Create a new entity

hashicorp-create-new-alias-2

HashiCorp Create a new alias.

hashicorp-list-all-alias-ids-2

HashiCorp List all the alias IDs.

read-only idempotent
hashicorp-update-read-delete-alias-4

HashiCorp Update, read or delete an alias ID.

read-only idempotent
hashicorp-update-read-delete-alias-5

HashiCorp Update, read or delete an alias ID.

hashicorp-update-read-delete-alias-6

HashiCorp Update, read or delete an alias ID.

idempotent
hashicorp-delete-all-entities-provided

HashiCorp Delete all of the entities provided

hashicorp-list-all-entity-ids

HashiCorp List all the entity IDs

read-only idempotent
hashicorp-update-read-delete-entity

HashiCorp Update, read or delete an entity using entity ID

read-only idempotent
hashicorp-update-read-delete-entity-2

HashiCorp Update, read or delete an entity using entity ID

hashicorp-update-read-delete-entity-3

HashiCorp Update, read or delete an entity using entity ID

idempotent
hashicorp-merge-two-more-entities

HashiCorp Merge two or more entities together

hashicorp-list-all-entity-names

HashiCorp List all the entity names

read-only idempotent
hashicorp-update-read-delete-entity-4

HashiCorp Update, read or delete an entity using entity name

read-only idempotent
hashicorp-update-read-delete-entity-5

HashiCorp Update, read or delete an entity using entity name

hashicorp-update-read-delete-entity-6

HashiCorp Update, read or delete an entity using entity name

idempotent
hashicorp-create-new-group

HashiCorp Create a new group.

hashicorp-creates-new-group-alias

HashiCorp Creates a new group alias, or updates an existing one.

hashicorp-list-all-group-alias

HashiCorp List all the group alias IDs.

read-only idempotent
getidentitygroupaliasidid

getidentitygroupaliasidid

read-only idempotent
postidentitygroupaliasidid

postidentitygroupaliasidid

deleteidentitygroupaliasidid

deleteidentitygroupaliasidid

idempotent
hashicorp-list-all-group-ids

HashiCorp List all the group IDs.

read-only idempotent
hashicorp-update-delete-existing-group

HashiCorp Update or delete an existing group using its ID.

read-only idempotent
hashicorp-update-delete-existing-group-2

HashiCorp Update or delete an existing group using its ID.

hashicorp-update-delete-existing-group-3

HashiCorp Update or delete an existing group using its ID.

idempotent
getidentitygroupname

getidentitygroupname

read-only idempotent
getidentitygroupnamename

getidentitygroupnamename

read-only idempotent
postidentitygroupnamename

postidentitygroupnamename

deleteidentitygroupnamename

deleteidentitygroupnamename

idempotent
hashicorp-query-entities-based-various

HashiCorp Query entities based on various properties.

read-only
hashicorp-query-groups-based-various

HashiCorp Query groups based on various properties.

read-only
hashicorp-retrieve-public-keys

HashiCorp Retrieve public keys

read-only idempotent
hashicorp-query-oidc-configurations

HashiCorp Query OIDC configurations

read-only idempotent
getidentityoidcassignment

getidentityoidcassignment

read-only idempotent
getidentityoidcassignmentname

getidentityoidcassignmentname

read-only idempotent
postidentityoidcassignmentname

postidentityoidcassignmentname

deleteidentityoidcassignmentname

deleteidentityoidcassignmentname

idempotent
getidentityoidcclient

getidentityoidcclient

read-only idempotent
getidentityoidcclientname

getidentityoidcclientname

read-only idempotent
postidentityoidcclientname

postidentityoidcclientname

deleteidentityoidcclientname

deleteidentityoidcclientname

idempotent
hashicorp-oidc-configuration

HashiCorp OIDC configuration

read-only idempotent
hashicorp-oidc-configuration-2

HashiCorp OIDC configuration

hashicorp-verify-authenticity-oidc-token

HashiCorp Verify the authenticity of an OIDC token

hashicorp-list-oidc-keys

HashiCorp List OIDC keys

read-only idempotent
hashicorp-crud-operations-oidc-keys

HashiCorp CRUD operations for OIDC keys.

read-only idempotent
hashicorp-crud-operations-oidc-keys-2

HashiCorp CRUD operations for OIDC keys.

hashicorp-crud-operations-oidc-keys-3

HashiCorp CRUD operations for OIDC keys.

idempotent
hashicorp-rotate-named-oidc-key

HashiCorp Rotate a named OIDC key.

getidentityoidcprovider

getidentityoidcprovider

read-only idempotent
getidentityoidcprovidername

getidentityoidcprovidername

read-only idempotent
postidentityoidcprovidername

postidentityoidcprovidername

deleteidentityoidcprovidername

deleteidentityoidcprovidername

idempotent
getidentityoidcprovidernamewellknownkeys

getidentityoidcprovidernamewellknownkeys

read-only idempotent
getidentityoidcprovidernamewellknownopenidconfiguration

getidentityoidcprovidernamewellknownopenidconfiguration

read-only idempotent
getidentityoidcprovidernameauthorize

getidentityoidcprovidernameauthorize

read-only idempotent
postidentityoidcprovidernameauthorize

postidentityoidcprovidernameauthorize

postidentityoidcprovidernametoken

postidentityoidcprovidernametoken

getidentityoidcprovidernameuserinfo

getidentityoidcprovidernameuserinfo

read-only idempotent
postidentityoidcprovidernameuserinfo

postidentityoidcprovidernameuserinfo

hashicorp-list-configured-oidc-roles

HashiCorp List configured OIDC roles

read-only idempotent
hashicorp-crud-operations-oidc-roles

HashiCorp CRUD operations on OIDC Roles

read-only idempotent
hashicorp-crud-operations-oidc-roles-2

HashiCorp CRUD operations on OIDC Roles

hashicorp-crud-operations-oidc-roles-3

HashiCorp CRUD operations on OIDC Roles

idempotent
getidentityoidcscope

getidentityoidcscope

read-only idempotent
getidentityoidcscopename

getidentityoidcscopename

read-only idempotent
postidentityoidcscopename

postidentityoidcscopename

deleteidentityoidcscopename

deleteidentityoidcscopename

idempotent
hashicorp-generate-oidc-token

HashiCorp Generate an OIDC token

read-only idempotent
hashicorp-create-new-alias-3

HashiCorp Create a new alias.

hashicorp-list-all-alias-ids-3

HashiCorp List all the alias IDs.

read-only idempotent
hashicorp-update-read-delete-alias-7

HashiCorp Update, read or delete an alias ID.

read-only idempotent
hashicorp-update-read-delete-alias-8

HashiCorp Update, read or delete an alias ID.

hashicorp-update-read-delete-alias-9

HashiCorp Update, read or delete an alias ID.

idempotent

Capability Spec

vault-identity.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: HashiCorp Vault API — Identity
  description: 'HashiCorp Vault API — Identity. 80 operations. Lead operation: HashiCorp Create a new alias.. Self-contained
    Naftiko capability covering one Hashicorp business surface.'
  tags:
  - Hashicorp
  - Identity
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    HASHICORP_API_KEY: HASHICORP_API_KEY
capability:
  consumes:
  - type: http
    namespace: vault-identity
    baseUri: ''
    description: HashiCorp Vault API — Identity business capability. Self-contained, no shared references.
    resources:
    - name: identity-alias
      path: /identity/alias
      operations:
      - name: postidentityalias
        method: POST
        description: HashiCorp Create a new alias.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-alias-id
      path: /identity/alias/id
      operations:
      - name: getidentityaliasid
        method: GET
        description: HashiCorp List all the alias IDs.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-alias-id-id
      path: /identity/alias/id/{id}
      operations:
      - name: getidentityaliasidid
        method: GET
        description: HashiCorp Update, read or delete an alias ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityaliasidid
        method: POST
        description: HashiCorp Update, read or delete an alias ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityaliasidid
        method: DELETE
        description: HashiCorp Update, read or delete an alias ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-entity
      path: /identity/entity
      operations:
      - name: postidentityentity
        method: POST
        description: HashiCorp Create a new entity
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-entity-alias
      path: /identity/entity-alias
      operations:
      - name: postidentityentityalias
        method: POST
        description: HashiCorp Create a new alias.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-entity-alias-id
      path: /identity/entity-alias/id
      operations:
      - name: getidentityentityaliasid
        method: GET
        description: HashiCorp List all the alias IDs.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-entity-alias-id-id
      path: /identity/entity-alias/id/{id}
      operations:
      - name: getidentityentityaliasidid
        method: GET
        description: HashiCorp Update, read or delete an alias ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityentityaliasidid
        method: POST
        description: HashiCorp Update, read or delete an alias ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityentityaliasidid
        method: DELETE
        description: HashiCorp Update, read or delete an alias ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-entity-batch-delete
      path: /identity/entity/batch-delete
      operations:
      - name: postidentityentitybatchdelete
        method: POST
        description: HashiCorp Delete all of the entities provided
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-entity-id
      path: /identity/entity/id
      operations:
      - name: getidentityentityid
        method: GET
        description: HashiCorp List all the entity IDs
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-entity-id-id
      path: /identity/entity/id/{id}
      operations:
      - name: getidentityentityidid
        method: GET
        description: HashiCorp Update, read or delete an entity using entity ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityentityidid
        method: POST
        description: HashiCorp Update, read or delete an entity using entity ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityentityidid
        method: DELETE
        description: HashiCorp Update, read or delete an entity using entity ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-entity-merge
      path: /identity/entity/merge
      operations:
      - name: postidentityentitymerge
        method: POST
        description: HashiCorp Merge two or more entities together
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-entity-name
      path: /identity/entity/name
      operations:
      - name: getidentityentityname
        method: GET
        description: HashiCorp List all the entity names
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-entity-name-name
      path: /identity/entity/name/{name}
      operations:
      - name: getidentityentitynamename
        method: GET
        description: HashiCorp Update, read or delete an entity using entity name
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityentitynamename
        method: POST
        description: HashiCorp Update, read or delete an entity using entity name
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityentitynamename
        method: DELETE
        description: HashiCorp Update, read or delete an entity using entity name
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-group
      path: /identity/group
      operations:
      - name: postidentitygroup
        method: POST
        description: HashiCorp Create a new group.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-group-alias
      path: /identity/group-alias
      operations:
      - name: postidentitygroupalias
        method: POST
        description: HashiCorp Creates a new group alias, or updates an existing one.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-group-alias-id
      path: /identity/group-alias/id
      operations:
      - name: getidentitygroupaliasid
        method: GET
        description: HashiCorp List all the group alias IDs.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-group-alias-id-id
      path: /identity/group-alias/id/{id}
      operations:
      - name: getidentitygroupaliasidid
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentitygroupaliasidid
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentitygroupaliasidid
        method: DELETE
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-group-id
      path: /identity/group/id
      operations:
      - name: getidentitygroupid
        method: GET
        description: HashiCorp List all the group IDs.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-group-id-id
      path: /identity/group/id/{id}
      operations:
      - name: getidentitygroupidid
        method: GET
        description: HashiCorp Update or delete an existing group using its ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentitygroupidid
        method: POST
        description: HashiCorp Update or delete an existing group using its ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentitygroupidid
        method: DELETE
        description: HashiCorp Update or delete an existing group using its ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-group-name
      path: /identity/group/name
      operations:
      - name: getidentitygroupname
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-group-name-name
      path: /identity/group/name/{name}
      operations:
      - name: getidentitygroupnamename
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentitygroupnamename
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentitygroupnamename
        method: DELETE
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-lookup-entity
      path: /identity/lookup/entity
      operations:
      - name: postidentitylookupentity
        method: POST
        description: HashiCorp Query entities based on various properties.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-lookup-group
      path: /identity/lookup/group
      operations:
      - name: postidentitylookupgroup
        method: POST
        description: HashiCorp Query groups based on various properties.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-oidc-.well-known-keys
      path: /identity/oidc/.well-known/keys
      operations:
      - name: getidentityoidcwellknownkeys
        method: GET
        description: HashiCorp Retrieve public keys
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-.well-known-openid-configuration
      path: /identity/oidc/.well-known/openid-configuration
      operations:
      - name: getidentityoidcwellknownopenidconfiguration
        method: GET
        description: HashiCorp Query OIDC configurations
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-assignment
      path: /identity/oidc/assignment
      operations:
      - name: getidentityoidcassignment
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-oidc-assignment-name
      path: /identity/oidc/assignment/{name}
      operations:
      - name: getidentityoidcassignmentname
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityoidcassignmentname
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityoidcassignmentname
        method: DELETE
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-client
      path: /identity/oidc/client
      operations:
      - name: getidentityoidcclient
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-oidc-client-name
      path: /identity/oidc/client/{name}
      operations:
      - name: getidentityoidcclientname
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityoidcclientname
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityoidcclientname
        method: DELETE
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-config
      path: /identity/oidc/config
      operations:
      - name: getidentityoidcconfig
        method: GET
        description: HashiCorp OIDC configuration
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityoidcconfig
        method: POST
        description: HashiCorp OIDC configuration
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-oidc-introspect
      path: /identity/oidc/introspect
      operations:
      - name: postidentityoidcintrospect
        method: POST
        description: HashiCorp Verify the authenticity of an OIDC token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-oidc-key
      path: /identity/oidc/key
      operations:
      - name: getidentityoidckey
        method: GET
        description: HashiCorp List OIDC keys
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-oidc-key-name
      path: /identity/oidc/key/{name}
      operations:
      - name: getidentityoidckeyname
        method: GET
        description: HashiCorp CRUD operations for OIDC keys.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityoidckeyname
        method: POST
        description: HashiCorp CRUD operations for OIDC keys.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityoidckeyname
        method: DELETE
        description: HashiCorp CRUD operations for OIDC keys.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-key-name-rotate
      path: /identity/oidc/key/{name}/rotate
      operations:
      - name: postidentityoidckeynamerotate
        method: POST
        description: HashiCorp Rotate a named OIDC key.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-oidc-provider
      path: /identity/oidc/provider
      operations:
      - name: getidentityoidcprovider
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-oidc-provider-name
      path: /identity/oidc/provider/{name}
      operations:
      - name: getidentityoidcprovidername
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityoidcprovidername
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityoidcprovidername
        method: DELETE
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-provider-name-.well-known-keys
      path: /identity/oidc/provider/{name}/.well-known/keys
      operations:
      - name: getidentityoidcprovidernamewellknownkeys
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-provider-name-.well-known-openid-configuration
      path: /identity/oidc/provider/{name}/.well-known/openid-configuration
      operations:
      - name: getidentityoidcprovidernamewellknownopenidconfiguration
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-provider-name-authorize
      path: /identity/oidc/provider/{name}/authorize
      operations:
      - name: getidentityoidcprovidernameauthorize
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityoidcprovidernameauthorize
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-oidc-provider-name-token
      path: /identity/oidc/provider/{name}/token
      operations:
      - name: postidentityoidcprovidernametoken
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-oidc-provider-name-userinfo
      path: /identity/oidc/provider/{name}/userinfo
      operations:
      - name: getidentityoidcprovidernameuserinfo
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityoidcprovidernameuserinfo
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-role
      path: /identity/oidc/role
      operations:
      - name: getidentityoidcrole
        method: GET
        description: HashiCorp List configured OIDC roles
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-oidc-role-name
      path: /identity/oidc/role/{name}
      operations:
      - name: getidentityoidcrolename
        method: GET
        description: HashiCorp CRUD operations on OIDC Roles
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityoidcrolename
        method: POST
        description: HashiCorp CRUD operations on OIDC Roles
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityoidcrolename
        method: DELETE
        description: HashiCorp CRUD operations on OIDC Roles
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-scope
      path: /identity/oidc/scope
      operations:
      - name: getidentityoidcscope
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-oidc-scope-name
      path: /identity/oidc/scope/{name}
      operations:
      - name: getidentityoidcscopename
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentityoidcscopename
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentityoidcscopename
        method: DELETE
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-oidc-token-name
      path: /identity/oidc/token/{name}
      operations:
      - name: getidentityoidctokenname
        method: GET
        description: HashiCorp Generate an OIDC token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: identity-persona
      path: /identity/persona
      operations:
      - name: postidentitypersona
        method: POST
        description: HashiCorp Create a new alias.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: identity-persona-id
      path: /identity/persona/id
      operations:
      - name: getidentitypersonaid
        method: GET
        description: HashiCorp List all the alias IDs.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: list
          in: query
          type: string
          description: Return a list if `true`
    - name: identity-persona-id-id
      path: /identity/persona/id/{id}
      operations:
      - name: getidentitypersonaidid
        method: GET
        description: HashiCorp Update, read or delete an alias ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: postidentitypersonaidid
        method: POST
        description: HashiCorp Update, read or delete an alias ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: deleteidentitypersonaidid
        method: DELETE
        description: HashiCorp Update, read or delete an alias ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    namespace: vault-identity-rest
    port: 8080
    description: REST adapter for HashiCorp Vault API — Identity. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/identity/alias
      name: identity-alias
      description: REST surface for identity-alias.
      operations:
      - method: POST
        name: postidentityalias
        description: HashiCorp Create a new alias.
        call: vault-identity.postidentityalias
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/identity/alias/id
      name: identity-alias-id
      description: REST surface for identity-alias-id.
      operations:
      - method: GET
        name: getidentityaliasid
        description: HashiCorp List all the alias IDs.
        call: vault-identity.getidentityaliasid
        with:
          list: rest.list
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/identity/alias/id/{id}
      name: identity-alias-id-id
      description: REST surface for identity-alias-id-id.
      operations:
      - method: GET
        name: getidentityaliasidid
        description: HashiCorp Update, read or delete an alias ID.
        call: vault-identity.getidentityaliasidid
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: postidentityaliasidid
        description: HashiCorp Update, read or delete an alias ID.
        call: vault-identity.postidentityaliasidid
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteidentityaliasidid
        description: HashiCorp Update, read or delete an alias ID.
        call: vault-identity.deleteidentityaliasidid
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/identity/entity
      name: identity-entity
      description: REST surface for identity-entity.
      operations:
      - method: POST
        name: postidentityentity
        description: HashiCorp Create a new entity
        call: vault-identity.postidentityentity
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/identity/entity-alias
      name: identity-entity-alias
      description:

# --- truncated at 32 KB (84 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/hashicorp/refs/heads/main/capabilities/vault-identity.yaml