HashiCorp Vault

v5.7.0 published on Thursday, Oct 13, 2022 by Pulumi

getDecrypt

This is a data source which can be used to decrypt ciphertext using a Vault Transit key.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var test = Vault.Transit.GetDecrypt.Invoke(new()
    {
        Backend = "transit",
        Ciphertext = "vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
        Key = "test",
    });

});
package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/transit"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transit.GetDecrypt(ctx, &transit.GetDecryptArgs{
			Backend:    "transit",
			Ciphertext: "vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
			Key:        "test",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.transit.TransitFunctions;
import com.pulumi.vault.transit.inputs.GetDecryptArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = TransitFunctions.getDecrypt(GetDecryptArgs.builder()
            .backend("transit")
            .ciphertext("vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==")
            .key("test")
            .build());

    }
}
import pulumi
import pulumi_vault as vault

test = vault.transit.get_decrypt(backend="transit",
    ciphertext="vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
    key="test")
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const test = pulumi.output(vault.transit.getDecrypt({
    backend: "transit",
    ciphertext: "vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
    key: "test",
}));
variables:
  test:
    Fn::Invoke:
      Function: vault:transit:getDecrypt
      Arguments:
        backend: transit
        ciphertext: vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==
        key: test

Using getDecrypt

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getDecrypt(args: GetDecryptArgs, opts?: InvokeOptions): Promise<GetDecryptResult>
function getDecryptOutput(args: GetDecryptOutputArgs, opts?: InvokeOptions): Output<GetDecryptResult>
def get_decrypt(backend: Optional[str] = None,
                ciphertext: Optional[str] = None,
                context: Optional[str] = None,
                key: Optional[str] = None,
                namespace: Optional[str] = None,
                opts: Optional[InvokeOptions] = None) -> GetDecryptResult
def get_decrypt_output(backend: Optional[pulumi.Input[str]] = None,
                ciphertext: Optional[pulumi.Input[str]] = None,
                context: Optional[pulumi.Input[str]] = None,
                key: Optional[pulumi.Input[str]] = None,
                namespace: Optional[pulumi.Input[str]] = None,
                opts: Optional[InvokeOptions] = None) -> Output[GetDecryptResult]
func GetDecrypt(ctx *Context, args *GetDecryptArgs, opts ...InvokeOption) (*GetDecryptResult, error)
func GetDecryptOutput(ctx *Context, args *GetDecryptOutputArgs, opts ...InvokeOption) GetDecryptResultOutput

> Note: This function is named GetDecrypt in the Go SDK.

public static class GetDecrypt 
{
    public static Task<GetDecryptResult> InvokeAsync(GetDecryptArgs args, InvokeOptions? opts = null)
    public static Output<GetDecryptResult> Invoke(GetDecryptInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetDecryptResult> getDecrypt(GetDecryptArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: vault:transit/getDecrypt:getDecrypt
  arguments:
    # arguments dictionary

The following arguments are supported:

Backend string

The path the transit secret backend is mounted at, with no leading or trailing /.

Ciphertext string

Ciphertext to be decoded.

Key string

Specifies the name of the transit key to decrypt against.

Context string

Context for key derivation. This is required if key derivation is enabled for this key.

Namespace string
Backend string

The path the transit secret backend is mounted at, with no leading or trailing /.

Ciphertext string

Ciphertext to be decoded.

Key string

Specifies the name of the transit key to decrypt against.

Context string

Context for key derivation. This is required if key derivation is enabled for this key.

Namespace string
backend String

The path the transit secret backend is mounted at, with no leading or trailing /.

ciphertext String

Ciphertext to be decoded.

key String

Specifies the name of the transit key to decrypt against.

context String

Context for key derivation. This is required if key derivation is enabled for this key.

namespace String
backend string

The path the transit secret backend is mounted at, with no leading or trailing /.

ciphertext string

Ciphertext to be decoded.

key string

Specifies the name of the transit key to decrypt against.

context string

Context for key derivation. This is required if key derivation is enabled for this key.

namespace string
backend str

The path the transit secret backend is mounted at, with no leading or trailing /.

ciphertext str

Ciphertext to be decoded.

key str

Specifies the name of the transit key to decrypt against.

context str

Context for key derivation. This is required if key derivation is enabled for this key.

namespace str
backend String

The path the transit secret backend is mounted at, with no leading or trailing /.

ciphertext String

Ciphertext to be decoded.

key String

Specifies the name of the transit key to decrypt against.

context String

Context for key derivation. This is required if key derivation is enabled for this key.

namespace String

getDecrypt Result

The following output properties are available:

Backend string
Ciphertext string
Id string

The provider-assigned unique ID for this managed resource.

Key string
Plaintext string

Decrypted plaintext returned from Vault

Context string
Namespace string
Backend string
Ciphertext string
Id string

The provider-assigned unique ID for this managed resource.

Key string
Plaintext string

Decrypted plaintext returned from Vault

Context string
Namespace string
backend String
ciphertext String
id String

The provider-assigned unique ID for this managed resource.

key String
plaintext String

Decrypted plaintext returned from Vault

context String
namespace String
backend string
ciphertext string
id string

The provider-assigned unique ID for this managed resource.

key string
plaintext string

Decrypted plaintext returned from Vault

context string
namespace string
backend str
ciphertext str
id str

The provider-assigned unique ID for this managed resource.

key str
plaintext str

Decrypted plaintext returned from Vault

context str
namespace str
backend String
ciphertext String
id String

The provider-assigned unique ID for this managed resource.

key String
plaintext String

Decrypted plaintext returned from Vault

context String
namespace String

Package Details

Repository
https://github.com/pulumi/pulumi-vault
License
Apache-2.0
Notes

This Pulumi package is based on the vault Terraform Provider.