Scaleway · Capability

Scaleway Identity and Access

Unified workflow capability for managing Scaleway identity and access management, combining IAM policies, API keys, users, groups, applications, and secret storage. Used by platform administrators and security teams to control access to Scaleway resources and manage credentials securely.

Run with Naftiko Access ControlAPI KeysIAMIdentityPermissionsPoliciesScalewaySecurity

What You Can Do

GET
List api keys — List IAM API keys
/v1/api-keys
POST
Create api key — Create an IAM API key
/v1/api-keys
GET
Get api key — Get API key details
/v1/api-keys/{access_key}
DELETE
Delete api key — Delete an API key
/v1/api-keys/{access_key}
GET
List users — List IAM users
/v1/users
GET
List groups — List IAM groups
/v1/groups
POST
Create group — Create an IAM group
/v1/groups
GET
List policies — List IAM policies
/v1/policies
POST
Create policy — Create an IAM policy
/v1/policies
GET
List secrets — List secrets
/v1/secrets
POST
Create secret — Create a secret
/v1/secrets
GET
Get secret — Get secret details
/v1/secrets/{id}
DELETE
Delete secret — Delete a secret
/v1/secrets/{id}

MCP Tools

list-api-keys

List Scaleway IAM API keys

read-only
create-api-key

Create a new IAM API key

delete-api-key

Delete an IAM API key

idempotent
list-users

List IAM users in the organization

read-only
list-groups

List IAM groups

read-only
list-policies

List IAM policies

read-only
list-secrets

List secrets in Secret Manager

read-only
create-secret

Create a new secret in Secret Manager

get-secret

Get a secret from Secret Manager

read-only
delete-secret

Delete a secret from Secret Manager

idempotent

APIs Used

scaleway-iam scaleway-secrets

Capability Spec

identity-and-access.yaml Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Scaleway Identity and Access"
  description: >-
    Unified workflow capability for managing Scaleway identity and access management,
    combining IAM policies, API keys, users, groups, applications, and secret storage.
    Used by platform administrators and security teams to control access to Scaleway
    resources and manage credentials securely.
  tags:
    - Access Control
    - API Keys
    - IAM
    - Identity
    - Permissions
    - Policies
    - Scaleway
    - Security
  created: "2026-05-02"
  modified: "2026-05-02"

binds:
  - namespace: env
    keys:
      SCALEWAY_API_KEY: SCALEWAY_API_KEY

capability:
  consumes:
    - import: scaleway-iam
      location: ./shared/iam.yaml
    - import: scaleway-secrets
      location: ./shared/secret-manager.yaml

  exposes:
    - type: rest
      port: 8083
      namespace: scaleway-identity-api
      description: "Unified REST API for Scaleway identity, access management, and secret storage."
      resources:
        - path: /v1/api-keys
          name: api-keys
          description: "API key management"
          operations:
            - method: GET
              name: list-api-keys
              description: "List IAM API keys"
              call: "scaleway-iam.list-api-keys"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-api-key
              description: "Create an IAM API key"
              call: "scaleway-iam.create-api-key"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/api-keys/{access_key}
          name: api-key
          description: "Manage a specific API key"
          operations:
            - method: GET
              name: get-api-key
              description: "Get API key details"
              call: "scaleway-iam.get-api-key"
              with:
                access_key: "rest.access_key"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: DELETE
              name: delete-api-key
              description: "Delete an API key"
              call: "scaleway-iam.delete-api-key"
              with:
                access_key: "rest.access_key"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/users
          name: users
          description: "User management"
          operations:
            - method: GET
              name: list-users
              description: "List IAM users"
              call: "scaleway-iam.list-users"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/groups
          name: groups
          description: "Group management"
          operations:
            - method: GET
              name: list-groups
              description: "List IAM groups"
              call: "scaleway-iam.list-groups"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-group
              description: "Create an IAM group"
              call: "scaleway-iam.create-group"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/policies
          name: policies
          description: "Access policy management"
          operations:
            - method: GET
              name: list-policies
              description: "List IAM policies"
              call: "scaleway-iam.list-policies"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-policy
              description: "Create an IAM policy"
              call: "scaleway-iam.create-policy"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/secrets
          name: secrets
          description: "Secret management"
          operations:
            - method: GET
              name: list-secrets
              description: "List secrets"
              call: "scaleway-secrets.list-secrets"
              with:
                region: "rest.region"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-secret
              description: "Create a secret"
              call: "scaleway-secrets.create-secret"
              with:
                region: "rest.region"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/secrets/{id}
          name: secret
          description: "Manage a specific secret"
          operations:
            - method: GET
              name: get-secret
              description: "Get secret details"
              call: "scaleway-secrets.get-secret"
              with:
                region: "rest.region"
                secret_id: "rest.id"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: DELETE
              name: delete-secret
              description: "Delete a secret"
              call: "scaleway-secrets.delete-secret"
              with:
                region: "rest.region"
                secret_id: "rest.id"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9093
      namespace: scaleway-identity-mcp
      transport: http
      description: "MCP server for AI-assisted Scaleway identity, access, and secrets management."
      tools:
        - name: list-api-keys
          description: "List Scaleway IAM API keys"
          hints:
            readOnly: true
            openWorld: true
          call: "scaleway-iam.list-api-keys"
          outputParameters:
            - type: object
              mapping: "$."
        - name: create-api-key
          description: "Create a new IAM API key"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "scaleway-iam.create-api-key"
          outputParameters:
            - type: object
              mapping: "$."
        - name: delete-api-key
          description: "Delete an IAM API key"
          hints:
            readOnly: false
            destructive: true
            idempotent: true
          call: "scaleway-iam.delete-api-key"
          with:
            access_key: "tools.access_key"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-users
          description: "List IAM users in the organization"
          hints:
            readOnly: true
            openWorld: true
          call: "scaleway-iam.list-users"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-groups
          description: "List IAM groups"
          hints:
            readOnly: true
            openWorld: true
          call: "scaleway-iam.list-groups"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-policies
          description: "List IAM policies"
          hints:
            readOnly: true
            openWorld: true
          call: "scaleway-iam.list-policies"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-secrets
          description: "List secrets in Secret Manager"
          hints:
            readOnly: true
            openWorld: true
          call: "scaleway-secrets.list-secrets"
          with:
            region: "tools.region"
          outputParameters:
            - type: object
              mapping: "$."
        - name: create-secret
          description: "Create a new secret in Secret Manager"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "scaleway-secrets.create-secret"
          with:
            region: "tools.region"
          outputParameters:
            - type: object
              mapping: "$."
        - name: get-secret
          description: "Get a secret from Secret Manager"
          hints:
            readOnly: true
            openWorld: false
          call: "scaleway-secrets.get-secret"
          with:
            region: "tools.region"
            secret_id: "tools.secret_id"
          outputParameters:
            - type: object
              mapping: "$."
        - name: delete-secret
          description: "Delete a secret from Secret Manager"
          hints:
            readOnly: false
            destructive: true
            idempotent: true
          call: "scaleway-secrets.delete-secret"
          with:
            region: "tools.region"
            secret_id: "tools.secret_id"
          outputParameters:
            - type: object
              mapping: "$."