Azure Key Vault · Capability

Azure Key Vault Data Plane API — Keys

Azure Key Vault Data Plane API — Keys. 11 operations. Lead operation: Azure Key Vault List Keys. Self-contained Naftiko capability covering one Microsoft Azure Key Vault business surface.

Run with Naftiko Microsoft Azure Key VaultKeys

What You Can Do

GET
Keysgetkeys — Azure Key Vault List Keys
/v1/keys
DELETE
Keysdeletekey — Azure Key Vault Delete Key
/v1/keys/{key-name}
POST
Keyscreatekey — Azure Key Vault Create Key
/v1/keys/{key-name}/create
GET
Keysgetkey — Azure Key Vault Get Key
/v1/keys/{key-name}/{key-version}
PATCH
Keysupdatekey — Azure Key Vault Update Key
/v1/keys/{key-name}/{key-version}
POST
Keysdecrypt — Azure Key Vault Decrypt
/v1/keys/{key-name}/{key-version}/decrypt
POST
Keysencrypt — Azure Key Vault Encrypt
/v1/keys/{key-name}/{key-version}/encrypt
POST
Keyssign — Azure Key Vault Sign
/v1/keys/{key-name}/{key-version}/sign
POST
Keysunwrapkey — Azure Key Vault Unwrap Key
/v1/keys/{key-name}/{key-version}/unwrapkey
POST
Keysverify — Azure Key Vault Verify
/v1/keys/{key-name}/{key-version}/verify
POST
Keyswrapkey — Azure Key Vault Wrap Key
/v1/keys/{key-name}/{key-version}/wrapkey

MCP Tools

azure-key-vault-list-keys

Azure Key Vault List Keys

read-only idempotent
azure-key-vault-delete-key

Azure Key Vault Delete Key

idempotent
azure-key-vault-create-key

Azure Key Vault Create Key

azure-key-vault-get-key

Azure Key Vault Get Key

read-only idempotent
azure-key-vault-update-key

Azure Key Vault Update Key

idempotent
azure-key-vault-decrypt

Azure Key Vault Decrypt

azure-key-vault-encrypt

Azure Key Vault Encrypt

azure-key-vault-sign

Azure Key Vault Sign

azure-key-vault-unwrap-key

Azure Key Vault Unwrap Key

azure-key-vault-verify

Azure Key Vault Verify

azure-key-vault-wrap-key

Azure Key Vault Wrap Key

Capability Spec

azure-key-vault-data-plane-keys.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Azure Key Vault Data Plane API — Keys
  description: 'Azure Key Vault Data Plane API — Keys. 11 operations. Lead operation: Azure Key Vault List Keys. Self-contained
    Naftiko capability covering one Microsoft Azure Key Vault business surface.'
  tags:
  - Microsoft Azure Key Vault
  - Keys
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MICROSOFT_AZURE_KEY_VAULT_API_KEY: MICROSOFT_AZURE_KEY_VAULT_API_KEY
capability:
  consumes:
  - type: http
    namespace: azure-key-vault-data-plane-keys
    baseUri: https://{vaultName}.vault.azure.net
    description: Azure Key Vault Data Plane API — Keys business capability. Self-contained, no shared references.
    resources:
    - name: keys
      path: /keys
      operations:
      - name: keysgetkeys
        method: GET
        description: Azure Key Vault List Keys
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: keys-key-name
      path: /keys/{key-name}
      operations:
      - name: keysdeletekey
        method: DELETE
        description: Azure Key Vault Delete Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: keys-key-name-create
      path: /keys/{key-name}/create
      operations:
      - name: keyscreatekey
        method: POST
        description: Azure Key Vault Create Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: keys-key-name-key-version
      path: /keys/{key-name}/{key-version}
      operations:
      - name: keysgetkey
        method: GET
        description: Azure Key Vault Get Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: keysupdatekey
        method: PATCH
        description: Azure Key Vault Update Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: keys-key-name-key-version-decrypt
      path: /keys/{key-name}/{key-version}/decrypt
      operations:
      - name: keysdecrypt
        method: POST
        description: Azure Key Vault Decrypt
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: keys-key-name-key-version-encrypt
      path: /keys/{key-name}/{key-version}/encrypt
      operations:
      - name: keysencrypt
        method: POST
        description: Azure Key Vault Encrypt
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: keys-key-name-key-version-sign
      path: /keys/{key-name}/{key-version}/sign
      operations:
      - name: keyssign
        method: POST
        description: Azure Key Vault Sign
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: keys-key-name-key-version-unwrapkey
      path: /keys/{key-name}/{key-version}/unwrapkey
      operations:
      - name: keysunwrapkey
        method: POST
        description: Azure Key Vault Unwrap Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: keys-key-name-key-version-verify
      path: /keys/{key-name}/{key-version}/verify
      operations:
      - name: keysverify
        method: POST
        description: Azure Key Vault Verify
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: keys-key-name-key-version-wrapkey
      path: /keys/{key-name}/{key-version}/wrapkey
      operations:
      - name: keyswrapkey
        method: POST
        description: Azure Key Vault Wrap Key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.MICROSOFT_AZURE_KEY_VAULT_API_KEY}}'
  exposes:
  - type: rest
    namespace: azure-key-vault-data-plane-keys-rest
    port: 8080
    description: REST adapter for Azure Key Vault Data Plane API — Keys. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/keys
      name: keys
      description: REST surface for keys.
      operations:
      - method: GET
        name: keysgetkeys
        description: Azure Key Vault List Keys
        call: azure-key-vault-data-plane-keys.keysgetkeys
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/keys/{key-name}
      name: keys-key-name
      description: REST surface for keys-key-name.
      operations:
      - method: DELETE
        name: keysdeletekey
        description: Azure Key Vault Delete Key
        call: azure-key-vault-data-plane-keys.keysdeletekey
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/keys/{key-name}/create
      name: keys-key-name-create
      description: REST surface for keys-key-name-create.
      operations:
      - method: POST
        name: keyscreatekey
        description: Azure Key Vault Create Key
        call: azure-key-vault-data-plane-keys.keyscreatekey
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/keys/{key-name}/{key-version}
      name: keys-key-name-key-version
      description: REST surface for keys-key-name-key-version.
      operations:
      - method: GET
        name: keysgetkey
        description: Azure Key Vault Get Key
        call: azure-key-vault-data-plane-keys.keysgetkey
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: keysupdatekey
        description: Azure Key Vault Update Key
        call: azure-key-vault-data-plane-keys.keysupdatekey
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/keys/{key-name}/{key-version}/decrypt
      name: keys-key-name-key-version-decrypt
      description: REST surface for keys-key-name-key-version-decrypt.
      operations:
      - method: POST
        name: keysdecrypt
        description: Azure Key Vault Decrypt
        call: azure-key-vault-data-plane-keys.keysdecrypt
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/keys/{key-name}/{key-version}/encrypt
      name: keys-key-name-key-version-encrypt
      description: REST surface for keys-key-name-key-version-encrypt.
      operations:
      - method: POST
        name: keysencrypt
        description: Azure Key Vault Encrypt
        call: azure-key-vault-data-plane-keys.keysencrypt
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/keys/{key-name}/{key-version}/sign
      name: keys-key-name-key-version-sign
      description: REST surface for keys-key-name-key-version-sign.
      operations:
      - method: POST
        name: keyssign
        description: Azure Key Vault Sign
        call: azure-key-vault-data-plane-keys.keyssign
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/keys/{key-name}/{key-version}/unwrapkey
      name: keys-key-name-key-version-unwrapkey
      description: REST surface for keys-key-name-key-version-unwrapkey.
      operations:
      - method: POST
        name: keysunwrapkey
        description: Azure Key Vault Unwrap Key
        call: azure-key-vault-data-plane-keys.keysunwrapkey
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/keys/{key-name}/{key-version}/verify
      name: keys-key-name-key-version-verify
      description: REST surface for keys-key-name-key-version-verify.
      operations:
      - method: POST
        name: keysverify
        description: Azure Key Vault Verify
        call: azure-key-vault-data-plane-keys.keysverify
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/keys/{key-name}/{key-version}/wrapkey
      name: keys-key-name-key-version-wrapkey
      description: REST surface for keys-key-name-key-version-wrapkey.
      operations:
      - method: POST
        name: keyswrapkey
        description: Azure Key Vault Wrap Key
        call: azure-key-vault-data-plane-keys.keyswrapkey
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: azure-key-vault-data-plane-keys-mcp
    port: 9090
    transport: http
    description: MCP adapter for Azure Key Vault Data Plane API — Keys. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: azure-key-vault-list-keys
      description: Azure Key Vault List Keys
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: azure-key-vault-data-plane-keys.keysgetkeys
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-delete-key
      description: Azure Key Vault Delete Key
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: azure-key-vault-data-plane-keys.keysdeletekey
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-create-key
      description: Azure Key Vault Create Key
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: azure-key-vault-data-plane-keys.keyscreatekey
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-get-key
      description: Azure Key Vault Get Key
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: azure-key-vault-data-plane-keys.keysgetkey
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-update-key
      description: Azure Key Vault Update Key
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: azure-key-vault-data-plane-keys.keysupdatekey
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-decrypt
      description: Azure Key Vault Decrypt
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: azure-key-vault-data-plane-keys.keysdecrypt
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-encrypt
      description: Azure Key Vault Encrypt
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: azure-key-vault-data-plane-keys.keysencrypt
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-sign
      description: Azure Key Vault Sign
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: azure-key-vault-data-plane-keys.keyssign
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-unwrap-key
      description: Azure Key Vault Unwrap Key
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: azure-key-vault-data-plane-keys.keysunwrapkey
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-verify
      description: Azure Key Vault Verify
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: azure-key-vault-data-plane-keys.keysverify
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-wrap-key
      description: Azure Key Vault Wrap Key
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: azure-key-vault-data-plane-keys.keyswrapkey
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.