Scaleway · Capability
Secret Manager API — Secrets
Secret Manager API — Secrets. 10 operations. Lead operation: List secrets. Self-contained Naftiko capability covering one Scaleway business surface.
What You Can Do
GET
Listsecrets
— List secrets
/v1/secret-manager/v1beta1/regions/{region}/secrets
POST
Createsecret
— Create a secret
/v1/secret-manager/v1beta1/regions/{region}/secrets
GET
Getsecret
— Get metadata using the secret's ID
/v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}
PATCH
Updatesecret
— Update metadata of a secret
/v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}
DELETE
Deletesecret
— Delete a secret
/v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}
POST
Addsecretowner
— Allow a product to use the secret
/v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/add-owner
POST
Protectsecret
— Enable secret protection
/v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/protect
POST
Restoresecret
— Restore a secret
/v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/restore
POST
Unprotectsecret
— Disable secret protection
/v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/unprotect
POST
Restoresecretversion
— Restore a version
/v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/versions/{revision}/restore
MCP Tools
list-secrets
List secrets
read-only
idempotent
create-secret
Create a secret
get-metadata-using-secret-s-id
Get metadata using the secret's ID
read-only
idempotent
update-metadata-secret
Update metadata of a secret
idempotent
delete-secret
Delete a secret
idempotent
allow-product-use-secret
Allow a product to use the secret
enable-secret-protection
Enable secret protection
restore-secret
Restore a secret
disable-secret-protection
Disable secret protection
restore-version
Restore a version
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Secret Manager API — Secrets
description: 'Secret Manager API — Secrets. 10 operations. Lead operation: List secrets. Self-contained Naftiko capability
covering one Scaleway business surface.'
tags:
- Scaleway
- Secrets
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
SCALEWAY_API_KEY: SCALEWAY_API_KEY
capability:
consumes:
- type: http
namespace: secret-manager-secrets
baseUri: https://api.scaleway.com
description: Secret Manager API — Secrets business capability. Self-contained, no shared references.
resources:
- name: secret-manager-v1beta1-regions-region-secrets
path: /secret-manager/v1beta1/regions/{region}/secrets
operations:
- name: listsecrets
method: GET
description: List secrets
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: organization_id
in: query
type: string
description: Filter by Organization ID (optional). (UUID format)
- name: project_id
in: query
type: string
description: Filter by Project ID (optional). (UUID format)
- name: order_by
in: query
type: string
- name: page
in: query
type: string
- name: page_size
in: query
type: integer
- name: tags
in: query
type: array
description: List of tags to filter on (optional).
- name: name
in: query
type: string
description: Filter by secret name (optional).
- name: path
in: query
type: string
description: Filter by exact path (optional).
- name: ephemeral
in: query
type: boolean
description: Filter by ephemeral / not ephemeral (optional).
- name: type
in: query
type: string
description: Filter by secret type (optional).
- name: scheduled_for_deletion
in: query
type: boolean
description: Filter by whether the secret was scheduled for deletion / not scheduled for deletion. By default, it
will display only not scheduled for deletion secrets.
required: true
- name: createsecret
method: POST
description: Create a secret
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: secret-manager-v1beta1-regions-region-secrets-secret_id
path: /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}
operations:
- name: getsecret
method: GET
description: Get metadata using the secret's ID
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: secret_id
in: path
type: string
description: ID of the secret. (UUID format)
required: true
- name: updatesecret
method: PATCH
description: Update metadata of a secret
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: secret_id
in: path
type: string
description: ID of the secret. (UUID format)
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: deletesecret
method: DELETE
description: Delete a secret
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: secret_id
in: path
type: string
description: ID of the secret. (UUID format)
required: true
- name: secret-manager-v1beta1-regions-region-secrets-secret_id-add-owner
path: /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/add-owner
operations:
- name: addsecretowner
method: POST
description: Allow a product to use the secret
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: secret_id
in: path
type: string
description: ID of the secret. (UUID format)
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: secret-manager-v1beta1-regions-region-secrets-secret_id-protect
path: /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/protect
operations:
- name: protectsecret
method: POST
description: Enable secret protection
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: secret_id
in: path
type: string
description: ID of the secret to enable secret protection for. (UUID format)
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: secret-manager-v1beta1-regions-region-secrets-secret_id-restore
path: /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/restore
operations:
- name: restoresecret
method: POST
description: Restore a secret
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: secret_id
in: path
type: string
description: (UUID format)
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: secret-manager-v1beta1-regions-region-secrets-secret_id-unprotect
path: /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/unprotect
operations:
- name: unprotectsecret
method: POST
description: Disable secret protection
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: secret_id
in: path
type: string
description: ID of the secret to disable secret protection for. (UUID format)
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: secret-manager-v1beta1-regions-region-secrets-secret_id-versions-revision-restor
path: /secret-manager/v1beta1/regions/{region}/secrets/{secret_id}/versions/{revision}/restore
operations:
- name: restoresecretversion
method: POST
description: Restore a version
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: region
in: path
type: string
description: The region you want to target
required: true
- name: secret_id
in: path
type: string
description: (UUID format)
required: true
- name: revision
in: path
type: string
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
authentication:
type: apikey
key: X-Auth-Token
value: '{{env.SCALEWAY_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: secret-manager-secrets-rest
port: 8080
description: REST adapter for Secret Manager API — Secrets. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/secret-manager/v1beta1/regions/{region}/secrets
name: secret-manager-v1beta1-regions-region-secrets
description: REST surface for secret-manager-v1beta1-regions-region-secrets.
operations:
- method: GET
name: listsecrets
description: List secrets
call: secret-manager-secrets.listsecrets
with:
region: rest.region
organization_id: rest.organization_id
project_id: rest.project_id
order_by: rest.order_by
page: rest.page
page_size: rest.page_size
tags: rest.tags
name: rest.name
path: rest.path
ephemeral: rest.ephemeral
type: rest.type
scheduled_for_deletion: rest.scheduled_for_deletion
outputParameters:
- type: object
mapping: $.
- method: POST
name: createsecret
description: Create a secret
call: secret-manager-secrets.createsecret
with:
region: rest.region
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}
name: secret-manager-v1beta1-regions-region-secrets-secret-id
description: REST surface for secret-manager-v1beta1-regions-region-secrets-secret_id.
operations:
- method: GET
name: getsecret
description: Get metadata using the secret's ID
call: secret-manager-secrets.getsecret
with:
region: rest.region
secret_id: rest.secret_id
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: updatesecret
description: Update metadata of a secret
call: secret-manager-secrets.updatesecret
with:
region: rest.region
secret_id: rest.secret_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deletesecret
description: Delete a secret
call: secret-manager-secrets.deletesecret
with:
region: rest.region
secret_id: rest.secret_id
outputParameters:
- type: object
mapping: $.
- path: /v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/add-owner
name: secret-manager-v1beta1-regions-region-secrets-secret-id-add-owner
description: REST surface for secret-manager-v1beta1-regions-region-secrets-secret_id-add-owner.
operations:
- method: POST
name: addsecretowner
description: Allow a product to use the secret
call: secret-manager-secrets.addsecretowner
with:
region: rest.region
secret_id: rest.secret_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/protect
name: secret-manager-v1beta1-regions-region-secrets-secret-id-protect
description: REST surface for secret-manager-v1beta1-regions-region-secrets-secret_id-protect.
operations:
- method: POST
name: protectsecret
description: Enable secret protection
call: secret-manager-secrets.protectsecret
with:
region: rest.region
secret_id: rest.secret_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/restore
name: secret-manager-v1beta1-regions-region-secrets-secret-id-restore
description: REST surface for secret-manager-v1beta1-regions-region-secrets-secret_id-restore.
operations:
- method: POST
name: restoresecret
description: Restore a secret
call: secret-manager-secrets.restoresecret
with:
region: rest.region
secret_id: rest.secret_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/unprotect
name: secret-manager-v1beta1-regions-region-secrets-secret-id-unprotect
description: REST surface for secret-manager-v1beta1-regions-region-secrets-secret_id-unprotect.
operations:
- method: POST
name: unprotectsecret
description: Disable secret protection
call: secret-manager-secrets.unprotectsecret
with:
region: rest.region
secret_id: rest.secret_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/secret-manager/v1beta1/regions/{region}/secrets/{secret-id}/versions/{revision}/restore
name: secret-manager-v1beta1-regions-region-secrets-secret-id-versions-revision-restor
description: REST surface for secret-manager-v1beta1-regions-region-secrets-secret_id-versions-revision-restor.
operations:
- method: POST
name: restoresecretversion
description: Restore a version
call: secret-manager-secrets.restoresecretversion
with:
region: rest.region
secret_id: rest.secret_id
revision: rest.revision
body: rest.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: secret-manager-secrets-mcp
port: 9090
transport: http
description: MCP adapter for Secret Manager API — Secrets. One tool per consumed operation, routed inline through this
capability's consumes block.
tools:
- name: list-secrets
description: List secrets
hints:
readOnly: true
destructive: false
idempotent: true
call: secret-manager-secrets.listsecrets
with:
region: tools.region
organization_id: tools.organization_id
project_id: tools.project_id
order_by: tools.order_by
page: tools.page
page_size: tools.page_size
tags: tools.tags
name: tools.name
path: tools.path
ephemeral: tools.ephemeral
type: tools.type
scheduled_for_deletion: tools.scheduled_for_deletion
outputParameters:
- type: object
mapping: $.
- name: create-secret
description: Create a secret
hints:
readOnly: false
destructive: false
idempotent: false
call: secret-manager-secrets.createsecret
with:
region: tools.region
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-metadata-using-secret-s-id
description: Get metadata using the secret's ID
hints:
readOnly: true
destructive: false
idempotent: true
call: secret-manager-secrets.getsecret
with:
region: tools.region
secret_id: tools.secret_id
outputParameters:
- type: object
mapping: $.
- name: update-metadata-secret
description: Update metadata of a secret
hints:
readOnly: false
destructive: false
idempotent: true
call: secret-manager-secrets.updatesecret
with:
region: tools.region
secret_id: tools.secret_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-secret
description: Delete a secret
hints:
readOnly: false
destructive: true
idempotent: true
call: secret-manager-secrets.deletesecret
with:
region: tools.region
secret_id: tools.secret_id
outputParameters:
- type: object
mapping: $.
- name: allow-product-use-secret
description: Allow a product to use the secret
hints:
readOnly: false
destructive: false
idempotent: false
call: secret-manager-secrets.addsecretowner
with:
region: tools.region
secret_id: tools.secret_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: enable-secret-protection
description: Enable secret protection
hints:
readOnly: false
destructive: false
idempotent: false
call: secret-manager-secrets.protectsecret
with:
region: tools.region
secret_id: tools.secret_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: restore-secret
description: Restore a secret
hints:
readOnly: false
destructive: false
idempotent: false
call: secret-manager-secrets.restoresecret
with:
region: tools.region
secret_id: tools.secret_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: disable-secret-protection
description: Disable secret protection
hints:
readOnly: false
destructive: false
idempotent: false
call: secret-manager-secrets.unprotectsecret
with:
region: tools.region
secret_id: tools.secret_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: restore-version
description: Restore a version
hints:
readOnly: false
destructive: false
idempotent: false
call: secret-manager-secrets.restoresecretversion
with:
region: tools.region
secret_id: tools.secret_id
revision: tools.revision
body: tools.body
outputParameters:
- type: object
mapping: $.