APISIX-MCP

Overview Schema Related Servers Score Discussions

update_secret

Modify specific attributes of an existing secret, including ID, manager type (Vault, AWS, GCP), and configuration details, within the APISIX-MCP server.

Instructions

Update specific attributes of an existing secret

Input Schema

TableJSON Schema

Name	Required	Description
`id`	No	secret id
`manager`	No	secret manager type
`secret`	No

Implementation Reference

src/tools/secret.ts:26-28 (handler)

Inline async handler for the 'update_secret' MCP tool. It performs a PATCH request to the Admin API endpoint `/secrets/{manager}/{id}` with the provided secret data.

server.tool("update_secret", "Update specific attributes of an existing secret", UpdateSecretSchema.shape, async (args) => {
  return await makeAdminAPIRequest(`/secrets/${args.manager}/${args.id}`, "PATCH",  args.secret);
});

src/schemas/secret.ts:59-63 (schema)
Zod schema defining the input structure for the 'update_secret' tool, including id, manager type, and secret object. Uses createNullablePatchSchema for partial updates.
```
export const UpdateSecretSchema = createNullablePatchSchema(z.object({
  id: z.string().describe("secret id"),
  manager: SecretTypeSchema.describe("secret manager type"),
  secret: SecretSchema,
}));
```

src/tools/secret.ts:26-28 (registration)

Registers the 'update_secret' tool on the MCP server with description, schema, and inline handler.

server.tool("update_secret", "Update specific attributes of an existing secret", UpdateSecretSchema.shape, async (args) => {
  return await makeAdminAPIRequest(`/secrets/${args.manager}/${args.id}`, "PATCH",  args.secret);
});

src/index.ts:32-32 (registration)
Top-level registration of secret tools (including 'update_secret') by calling the setup function on the MCP server instance.
```
setupSecretTools(server);
```

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It mentions 'update' which implies mutation, but doesn't specify whether this requires special permissions, if changes are reversible, what happens to unspecified attributes, or error conditions. For a mutation tool handling sensitive data like secrets, this is a significant gap.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that gets straight to the point with no wasted words. It's appropriately sized for a tool with a clear primary function.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a mutation tool handling sensitive secrets with 3 parameters, 67% schema coverage, no annotations, and no output schema, the description is inadequate. It doesn't address security implications, error handling, what constitutes a 'secret', or what the update operation returns. The context demands more comprehensive guidance.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 67%, and the description adds no parameter information beyond what's in the schema. It doesn't explain what 'specific attributes' can be updated or how the three parameters (id, manager, secret) relate to the update operation. The description provides no additional parameter semantics, so it meets the baseline for moderate schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Update') and the target ('specific attributes of an existing secret'), which is more specific than just the tool name. However, it doesn't differentiate this tool from its sibling 'create_secret' or other update tools like 'update_consumer_group' or 'update_service', which would require mentioning what makes secret updates unique.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives like 'create_secret' or 'delete_secret', nor does it mention prerequisites such as needing an existing secret ID. It only states what the tool does, not when or why to use it.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Related Tools

create_secretD
@api7/apisix-mcp
update_serviceC
@api7/apisix-mcp
delete_secretC
@api7/apisix-mcp
update_sslC
@api7/apisix-mcp
get_secret_by_idC
@api7/apisix-mcp
update_plugin_configC
@api7/apisix-mcp

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/api7/apisix-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server