Azure Key Vault · Capability

Azure Key Vault Data Plane API — Secrets

Azure Key Vault Data Plane API — Secrets. 8 operations. Lead operation: Azure Key Vault List Secrets. Self-contained Naftiko capability covering one Microsoft Azure Key Vault business surface.

Run with Naftiko Microsoft Azure Key VaultSecrets

What You Can Do

GET
Secretsgetsecrets — Azure Key Vault List Secrets
/v1/secrets
POST
Secretsrestoresecret — Azure Key Vault Restore Secret
/v1/secrets/restore
PUT
Secretssetsecret — Azure Key Vault Set Secret
/v1/secrets/{secret-name}
DELETE
Secretsdeletesecret — Azure Key Vault Delete Secret
/v1/secrets/{secret-name}
POST
Secretsbackupsecret — Azure Key Vault Backup Secret
/v1/secrets/{secret-name}/backup
GET
Secretsgetsecretversions — Azure Key Vault List Secret Versions
/v1/secrets/{secret-name}/versions
GET
Secretsgetsecret — Azure Key Vault Get Secret
/v1/secrets/{secret-name}/{secret-version}
PATCH
Secretsupdatesecret — Azure Key Vault Update Secret
/v1/secrets/{secret-name}/{secret-version}

MCP Tools

azure-key-vault-list-secrets

Azure Key Vault List Secrets

read-only idempotent
azure-key-vault-restore-secret

Azure Key Vault Restore Secret

azure-key-vault-set-secret

Azure Key Vault Set Secret

idempotent
azure-key-vault-delete-secret

Azure Key Vault Delete Secret

idempotent
azure-key-vault-backup-secret

Azure Key Vault Backup Secret

azure-key-vault-list-secret

Azure Key Vault List Secret Versions

read-only idempotent
azure-key-vault-get-secret

Azure Key Vault Get Secret

read-only idempotent
azure-key-vault-update-secret

Azure Key Vault Update Secret

idempotent

Capability Spec

azure-key-vault-data-plane-secrets.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Azure Key Vault Data Plane API — Secrets
  description: 'Azure Key Vault Data Plane API — Secrets. 8 operations. Lead operation: Azure Key Vault List Secrets. Self-contained
    Naftiko capability covering one Microsoft Azure Key Vault business surface.'
  tags:
  - Microsoft Azure Key Vault
  - Secrets
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MICROSOFT_AZURE_KEY_VAULT_API_KEY: MICROSOFT_AZURE_KEY_VAULT_API_KEY
capability:
  consumes:
  - type: http
    namespace: azure-key-vault-data-plane-secrets
    baseUri: https://{vaultName}.vault.azure.net
    description: Azure Key Vault Data Plane API — Secrets business capability. Self-contained, no shared references.
    resources:
    - name: secrets
      path: /secrets
      operations:
      - name: secretsgetsecrets
        method: GET
        description: Azure Key Vault List Secrets
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: secrets-restore
      path: /secrets/restore
      operations:
      - name: secretsrestoresecret
        method: POST
        description: Azure Key Vault Restore Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: secrets-secret-name
      path: /secrets/{secret-name}
      operations:
      - name: secretssetsecret
        method: PUT
        description: Azure Key Vault Set Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: secretsdeletesecret
        method: DELETE
        description: Azure Key Vault Delete Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: secrets-secret-name-backup
      path: /secrets/{secret-name}/backup
      operations:
      - name: secretsbackupsecret
        method: POST
        description: Azure Key Vault Backup Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: secrets-secret-name-versions
      path: /secrets/{secret-name}/versions
      operations:
      - name: secretsgetsecretversions
        method: GET
        description: Azure Key Vault List Secret Versions
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: secrets-secret-name-secret-version
      path: /secrets/{secret-name}/{secret-version}
      operations:
      - name: secretsgetsecret
        method: GET
        description: Azure Key Vault Get Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: secretsupdatesecret
        method: PATCH
        description: Azure Key Vault Update Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.MICROSOFT_AZURE_KEY_VAULT_API_KEY}}'
  exposes:
  - type: rest
    namespace: azure-key-vault-data-plane-secrets-rest
    port: 8080
    description: REST adapter for Azure Key Vault Data Plane API — Secrets. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/secrets
      name: secrets
      description: REST surface for secrets.
      operations:
      - method: GET
        name: secretsgetsecrets
        description: Azure Key Vault List Secrets
        call: azure-key-vault-data-plane-secrets.secretsgetsecrets
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/restore
      name: secrets-restore
      description: REST surface for secrets-restore.
      operations:
      - method: POST
        name: secretsrestoresecret
        description: Azure Key Vault Restore Secret
        call: azure-key-vault-data-plane-secrets.secretsrestoresecret
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/{secret-name}
      name: secrets-secret-name
      description: REST surface for secrets-secret-name.
      operations:
      - method: PUT
        name: secretssetsecret
        description: Azure Key Vault Set Secret
        call: azure-key-vault-data-plane-secrets.secretssetsecret
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: secretsdeletesecret
        description: Azure Key Vault Delete Secret
        call: azure-key-vault-data-plane-secrets.secretsdeletesecret
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/{secret-name}/backup
      name: secrets-secret-name-backup
      description: REST surface for secrets-secret-name-backup.
      operations:
      - method: POST
        name: secretsbackupsecret
        description: Azure Key Vault Backup Secret
        call: azure-key-vault-data-plane-secrets.secretsbackupsecret
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/{secret-name}/versions
      name: secrets-secret-name-versions
      description: REST surface for secrets-secret-name-versions.
      operations:
      - method: GET
        name: secretsgetsecretversions
        description: Azure Key Vault List Secret Versions
        call: azure-key-vault-data-plane-secrets.secretsgetsecretversions
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets/{secret-name}/{secret-version}
      name: secrets-secret-name-secret-version
      description: REST surface for secrets-secret-name-secret-version.
      operations:
      - method: GET
        name: secretsgetsecret
        description: Azure Key Vault Get Secret
        call: azure-key-vault-data-plane-secrets.secretsgetsecret
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: secretsupdatesecret
        description: Azure Key Vault Update Secret
        call: azure-key-vault-data-plane-secrets.secretsupdatesecret
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: azure-key-vault-data-plane-secrets-mcp
    port: 9090
    transport: http
    description: MCP adapter for Azure Key Vault Data Plane API — Secrets. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: azure-key-vault-list-secrets
      description: Azure Key Vault List Secrets
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: azure-key-vault-data-plane-secrets.secretsgetsecrets
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-restore-secret
      description: Azure Key Vault Restore Secret
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: azure-key-vault-data-plane-secrets.secretsrestoresecret
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-set-secret
      description: Azure Key Vault Set Secret
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: azure-key-vault-data-plane-secrets.secretssetsecret
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-delete-secret
      description: Azure Key Vault Delete Secret
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: azure-key-vault-data-plane-secrets.secretsdeletesecret
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-backup-secret
      description: Azure Key Vault Backup Secret
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: azure-key-vault-data-plane-secrets.secretsbackupsecret
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-list-secret
      description: Azure Key Vault List Secret Versions
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: azure-key-vault-data-plane-secrets.secretsgetsecretversions
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-get-secret
      description: Azure Key Vault Get Secret
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: azure-key-vault-data-plane-secrets.secretsgetsecret
      outputParameters:
      - type: object
        mapping: $.
    - name: azure-key-vault-update-secret
      description: Azure Key Vault Update Secret
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: azure-key-vault-data-plane-secrets.secretsupdatesecret
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.