{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "/schemas/machine-identity-manifest.schema.json", "title": "Machine Identity Manifest", "description": "Declarative inventory of non-human identities for API and agent planes. Never include raw secrets — use secret_fingerprint only.", "type": "object", "additionalProperties": false, "required": ["version", "identities"], "properties": { "version": { "type": "string", "pattern": "^1\\.[0-9]+$", "description": "Manifest format version (semver minor)." }, "generated_at": { "type": "string", "format": "date-time", "description": "When this file was generated (ISO 8601)." }, "environment": { "type": "string", "enum": ["production", "staging", "development", "other"], "description": "Deployment scope for this inventory." }, "identities": { "type": "array", "minItems": 0, "items": { "type": "object", "additionalProperties": false, "required": ["id", "kind", "name"], "properties": { "id": { "type": "string", "minLength": 1, "description": "Stable identifier within your org (not the raw secret)." }, "kind": { "type": "string", "enum": [ "api_key", "service_account", "agent_token", "webhook", "automation", "oauth_client", "other" ] }, "name": { "type": "string", "minLength": 1 }, "owner": { "type": "string", "description": "Owning team or role label." }, "owner_email": { "type": "string", "format": "email" }, "created_at": { "type": "string", "format": "date-time" }, "last_reviewed_at": { "type": "string", "format": "date-time" }, "resources": { "type": "array", "items": { "type": "object", "additionalProperties": false, "properties": { "type": { "type": "string" }, "id": { "type": "string" }, "path_prefix": { "type": "string", "description": "HTTP path prefix this identity may use." } } } }, "secret_fingerprint": { "type": "string", "pattern": "^[a-fA-F0-9]{16,64}$", "description": "Hex prefix or hash of secret material. Do not paste cleartext keys." }, "notes": { "type": "string", "maxLength": 4000 } } } } } }