HCP Vault Secrets API — Secrets

naftiko: 1.0.0-alpha2
info:
  label: HCP Vault Secrets API — Secrets
  description: 'HCP Vault Secrets API — Secrets. 4 operations. Lead operation: List secrets. Self-contained Naftiko capability
    covering one Hcp business surface.'
  tags:
  - Hcp
  - Secrets
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    HCP_API_KEY: HCP_API_KEY
capability:
  consumes:
  - type: http
    namespace: hcp-secrets
    baseUri: https://api.cloud.hashicorp.com
    description: HCP Vault Secrets API — Secrets business capability. Self-contained, no shared references.
    resources:
    - name: secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret
      path: /secrets/2023-11-28/organizations/{org_id}/projects/{project_id}/apps/{app_name}/secrets
      operations:
      - name: listsecrets
        method: GET
        description: List secrets
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: org_id
          in: path
          type: string
          required: true
        - name: project_id
          in: path
          type: string
          required: true
        - name: app_name
          in: path
          type: string
          required: true
    - name: secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret
      path: /secrets/2023-11-28/organizations/{org_id}/projects/{project_id}/apps/{app_name}/secrets/{name}
      operations:
      - name: getsecret
        method: GET
        description: Get secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: org_id
          in: path
          type: string
          required: true
        - name: project_id
          in: path
          type: string
          required: true
        - name: app_name
          in: path
          type: string
          required: true
        - name: name
          in: path
          type: string
          required: true
      - name: deletesecret
        method: DELETE
        description: Delete secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: org_id
          in: path
          type: string
          required: true
        - name: project_id
          in: path
          type: string
          required: true
        - name: app_name
          in: path
          type: string
          required: true
        - name: name
          in: path
          type: string
          required: true
    - name: secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret
      path: /secrets/2023-11-28/organizations/{org_id}/projects/{project_id}/apps/{app_name}/secrets/{name}:open
      operations:
      - name: opensecret
        method: GET
        description: Open (read) a secret value
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: org_id
          in: path
          type: string
          required: true
        - name: project_id
          in: path
          type: string
          required: true
        - name: app_name
          in: path
          type: string
          required: true
        - name: name
          in: path
          type: string
          required: true
    authentication:
      type: bearer
      token: '{{env.HCP_API_KEY}}'
  exposes:
  - type: rest
    namespace: hcp-secrets-rest
    port: 8080
    description: REST adapter for HCP Vault Secrets API — Secrets. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/secrets/2023-11-28/organizations/{org-id}/projects/{project-id}/apps/{app-name}/secrets
      name: secrets-2023-11-28-organizations-org-id-projects-project-id-apps-app-name-secret
      description: REST surface for secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret.
      operations:
      - method: GET
        name: listsecrets
        description: List secrets
        call: hcp-secrets.listsecrets
        with:
          org_id: rest.org_id
          project_id: rest.project_id
          app_name: rest.app_name
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/2023-11-28/organizations/{org-id}/projects/{project-id}/apps/{app-name}/secrets/{name}
      name: secrets-2023-11-28-organizations-org-id-projects-project-id-apps-app-name-secret
      description: REST surface for secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret.
      operations:
      - method: GET
        name: getsecret
        description: Get secret
        call: hcp-secrets.getsecret
        with:
          org_id: rest.org_id
          project_id: rest.project_id
          app_name: rest.app_name
          name: rest.name
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletesecret
        description: Delete secret
        call: hcp-secrets.deletesecret
        with:
          org_id: rest.org_id
          project_id: rest.project_id
          app_name: rest.app_name
          name: rest.name
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/2023-11-28/organizations/{org-id}/projects/{project-id}/apps/{app-name}/secrets/name-open
      name: secrets-2023-11-28-organizations-org-id-projects-project-id-apps-app-name-secret
      description: REST surface for secrets-2023-11-28-organizations-org_id-projects-project_id-apps-app_name-secret.
      operations:
      - method: GET
        name: opensecret
        description: Open (read) a secret value
        call: hcp-secrets.opensecret
        with:
          org_id: rest.org_id
          project_id: rest.project_id
          app_name: rest.app_name
          name: rest.name
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: hcp-secrets-mcp
    port: 9090
    transport: http
    description: MCP adapter for HCP Vault Secrets API — Secrets. One tool per consumed operation, routed inline through this
      capability's consumes block.
    tools:
    - name: list-secrets
      description: List secrets
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hcp-secrets.listsecrets
      with:
        org_id: tools.org_id
        project_id: tools.project_id
        app_name: tools.app_name
      outputParameters:
      - type: object
        mapping: $.
    - name: get-secret
      description: Get secret
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hcp-secrets.getsecret
      with:
        org_id: tools.org_id
        project_id: tools.project_id
        app_name: tools.app_name
        name: tools.name
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-secret
      description: Delete secret
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: hcp-secrets.deletesecret
      with:
        org_id: tools.org_id
        project_id: tools.project_id
        app_name: tools.app_name
        name: tools.name
      outputParameters:
      - type: object
        mapping: $.
    - name: open-read-secret-value
      description: Open (read) a secret value
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hcp-secrets.opensecret
      with:
        org_id: tools.org_id
        project_id: tools.project_id
        app_name: tools.app_name
        name: tools.name
      outputParameters:
      - type: object
        mapping: $.