MongoDB · Capability

MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management

MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management. 6 operations. Lead operation: Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project. Self-contained Naftiko capability covering one Mongodb business surface.

Run with Naftiko MongodbEncryption at Rest using Customer Key Management

What You Can Do

GET
Getgroupencryptionatrest — Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project
/v1/api/atlas/v2/groups/{groupid}/encryptionatrest
PATCH
Updategroupencryptionatrest — Update Encryption at Rest Configuration in One Project
/v1/api/atlas/v2/groups/{groupid}/encryptionatrest
GET
Listgroupencryptionatrestprivateendpoints — Return Private Endpoints for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project
/v1/api/atlas/v2/groups/{groupid}/encryptionatrest/{cloudprovider}/privateendpoints
POST
Creategroupencryptionatrestprivateendpoint — Create One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project
/v1/api/atlas/v2/groups/{groupid}/encryptionatrest/{cloudprovider}/privateendpoints
DELETE
Requestgroupencryptionatrestprivateendpointdeletion — Delete One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider from One Project
/v1/api/atlas/v2/groups/{groupid}/encryptionatrest/{cloudprovider}/privateendpoints/{endpointid}
GET
Getgroupencryptionatrestprivateendpoint — Return One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project
/v1/api/atlas/v2/groups/{groupid}/encryptionatrest/{cloudprovider}/privateendpoints/{endpointid}

MCP Tools

return-one-configuration-encryption-rest

Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project

read-only idempotent
update-encryption-rest-configuration-one

Update Encryption at Rest Configuration in One Project

idempotent
return-private-endpoints-encryption-rest

Return Private Endpoints for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project

read-only idempotent
create-one-private-endpoint-encryption

Create One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project

delete-one-private-endpoint-encryption

Delete One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider from One Project

idempotent
return-one-private-endpoint-encryption

Return One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider in One Project

read-only idempotent

Capability Spec

atlas-encryption-at-rest-using-customer-key-management.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management
  description: 'MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management. 6 operations. Lead operation:
    Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project. Self-contained Naftiko capability
    covering one Mongodb business surface.'
  tags:
  - Mongodb
  - Encryption at Rest using Customer Key Management
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MONGODB_API_KEY: MONGODB_API_KEY
capability:
  consumes:
  - type: http
    namespace: atlas-encryption-at-rest-using-customer-key-management
    baseUri: https://cloud.mongodb.com
    description: MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management business capability.
      Self-contained, no shared references.
    resources:
    - name: api-atlas-v2-groups-groupId-encryptionAtRest
      path: /api/atlas/v2/groups/{groupId}/encryptionAtRest
      operations:
      - name: getgroupencryptionatrest
        method: GET
        description: Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updategroupencryptionatrest
        method: PATCH
        description: Update Encryption at Rest Configuration in One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-groups-groupId-encryptionAtRest-cloudProvider-privateEndpoints
      path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints
      operations:
      - name: listgroupencryptionatrestprivateendpoints
        method: GET
        description: Return Private Endpoints for Encryption at Rest Using Customer Key Management for One Cloud Provider
          in One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cloudProvider
          in: path
          type: string
          description: Human-readable label that identifies the cloud provider for the private endpoints to return.
          required: true
      - name: creategroupencryptionatrestprivateendpoint
        method: POST
        description: Create One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider
          in One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cloudProvider
          in: path
          type: string
          description: Human-readable label that identifies the cloud provider for the private endpoint to create.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-atlas-v2-groups-groupId-encryptionAtRest-cloudProvider-privateEndpoints-endp
      path: /api/atlas/v2/groups/{groupId}/encryptionAtRest/{cloudProvider}/privateEndpoints/{endpointId}
      operations:
      - name: requestgroupencryptionatrestprivateendpointdeletion
        method: DELETE
        description: Delete One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider
          from One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cloudProvider
          in: path
          type: string
          description: Human-readable label that identifies the cloud provider of the private endpoint to delete.
          required: true
        - name: endpointId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies the private endpoint to delete.
          required: true
      - name: getgroupencryptionatrestprivateendpoint
        method: GET
        description: Return One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider
          in One Project
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cloudProvider
          in: path
          type: string
          description: Human-readable label that identifies the cloud provider of the private endpoint.
          required: true
        - name: endpointId
          in: path
          type: string
          description: Unique 24-hexadecimal digit string that identifies the private endpoint.
          required: true
    authentication:
      type: bearer
      token: '{{env.MONGODB_API_KEY}}'
  exposes:
  - type: rest
    namespace: atlas-encryption-at-rest-using-customer-key-management-rest
    port: 8080
    description: REST adapter for MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management. One
      Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/api/atlas/v2/groups/{groupid}/encryptionatrest
      name: api-atlas-v2-groups-groupid-encryptionatrest
      description: REST surface for api-atlas-v2-groups-groupId-encryptionAtRest.
      operations:
      - method: GET
        name: getgroupencryptionatrest
        description: Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project
        call: atlas-encryption-at-rest-using-customer-key-management.getgroupencryptionatrest
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updategroupencryptionatrest
        description: Update Encryption at Rest Configuration in One Project
        call: atlas-encryption-at-rest-using-customer-key-management.updategroupencryptionatrest
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/groups/{groupid}/encryptionatrest/{cloudprovider}/privateendpoints
      name: api-atlas-v2-groups-groupid-encryptionatrest-cloudprovider-privateendpoints
      description: REST surface for api-atlas-v2-groups-groupId-encryptionAtRest-cloudProvider-privateEndpoints.
      operations:
      - method: GET
        name: listgroupencryptionatrestprivateendpoints
        description: Return Private Endpoints for Encryption at Rest Using Customer Key Management for One Cloud Provider
          in One Project
        call: atlas-encryption-at-rest-using-customer-key-management.listgroupencryptionatrestprivateendpoints
        with:
          cloudProvider: rest.cloudProvider
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: creategroupencryptionatrestprivateendpoint
        description: Create One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider
          in One Project
        call: atlas-encryption-at-rest-using-customer-key-management.creategroupencryptionatrestprivateendpoint
        with:
          cloudProvider: rest.cloudProvider
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/atlas/v2/groups/{groupid}/encryptionatrest/{cloudprovider}/privateendpoints/{endpointid}
      name: api-atlas-v2-groups-groupid-encryptionatrest-cloudprovider-privateendpoints-endp
      description: REST surface for api-atlas-v2-groups-groupId-encryptionAtRest-cloudProvider-privateEndpoints-endp.
      operations:
      - method: DELETE
        name: requestgroupencryptionatrestprivateendpointdeletion
        description: Delete One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider
          from One Project
        call: atlas-encryption-at-rest-using-customer-key-management.requestgroupencryptionatrestprivateendpointdeletion
        with:
          cloudProvider: rest.cloudProvider
          endpointId: rest.endpointId
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: getgroupencryptionatrestprivateendpoint
        description: Return One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider
          in One Project
        call: atlas-encryption-at-rest-using-customer-key-management.getgroupencryptionatrestprivateendpoint
        with:
          cloudProvider: rest.cloudProvider
          endpointId: rest.endpointId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: atlas-encryption-at-rest-using-customer-key-management-mcp
    port: 9090
    transport: http
    description: MCP adapter for MongoDB Atlas Administration API — Encryption at Rest using Customer Key Management. One
      tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: return-one-configuration-encryption-rest
      description: Return One Configuration for Encryption at Rest Using Customer-Managed Keys for One Project
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-encryption-at-rest-using-customer-key-management.getgroupencryptionatrest
      outputParameters:
      - type: object
        mapping: $.
    - name: update-encryption-rest-configuration-one
      description: Update Encryption at Rest Configuration in One Project
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: atlas-encryption-at-rest-using-customer-key-management.updategroupencryptionatrest
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: return-private-endpoints-encryption-rest
      description: Return Private Endpoints for Encryption at Rest Using Customer Key Management for One Cloud Provider in
        One Project
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-encryption-at-rest-using-customer-key-management.listgroupencryptionatrestprivateendpoints
      with:
        cloudProvider: tools.cloudProvider
      outputParameters:
      - type: object
        mapping: $.
    - name: create-one-private-endpoint-encryption
      description: Create One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider
        in One Project
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: atlas-encryption-at-rest-using-customer-key-management.creategroupencryptionatrestprivateendpoint
      with:
        cloudProvider: tools.cloudProvider
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-one-private-endpoint-encryption
      description: Delete One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider
        from One Project
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: atlas-encryption-at-rest-using-customer-key-management.requestgroupencryptionatrestprivateendpointdeletion
      with:
        cloudProvider: tools.cloudProvider
        endpointId: tools.endpointId
      outputParameters:
      - type: object
        mapping: $.
    - name: return-one-private-endpoint-encryption
      description: Return One Private Endpoint for Encryption at Rest Using Customer Key Management for One Cloud Provider
        in One Project
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: atlas-encryption-at-rest-using-customer-key-management.getgroupencryptionatrestprivateendpoint
      with:
        cloudProvider: tools.cloudProvider
        endpointId: tools.endpointId
      outputParameters:
      - type: object
        mapping: $.