HashiCorp Vault v5.10.0, Mar 21 23

vault.transit.getDecrypt

This is a data source which can be used to decrypt ciphertext using a Vault Transit key.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var test = Vault.Transit.GetDecrypt.Invoke(new()
    {
        Backend = "transit",
        Ciphertext = "vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
        Key = "test",
    });

});

package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v5/go/vault/transit"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := transit.GetDecrypt(ctx, &transit.GetDecryptArgs{
			Backend:    "transit",
			Ciphertext: "vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
			Key:        "test",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.transit.TransitFunctions;
import com.pulumi.vault.transit.inputs.GetDecryptArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = TransitFunctions.getDecrypt(GetDecryptArgs.builder()
            .backend("transit")
            .ciphertext("vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==")
            .key("test")
            .build());

    }
}

import pulumi
import pulumi_vault as vault

test = vault.transit.get_decrypt(backend="transit",
    ciphertext="vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
    key="test")

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const test = pulumi.output(vault.transit.getDecrypt({
    backend: "transit",
    ciphertext: "vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==",
    key: "test",
}));

variables:
  test:
    Fn::Invoke:
      Function: vault:transit:getDecrypt
      Arguments:
        backend: transit
        ciphertext: vault:v1:S3GtnJ5GUNCWV+/pdL9+g1Feu/nzAv+RlmTmE91Tu0rBkeIU8MEb2nSspC/1IQ==
        key: test

Using getDecrypt

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getDecrypt(args: GetDecryptArgs, opts?: InvokeOptions): Promise<GetDecryptResult>
function getDecryptOutput(args: GetDecryptOutputArgs, opts?: InvokeOptions): Output<GetDecryptResult>

def get_decrypt(backend: Optional[str] = None,
                ciphertext: Optional[str] = None,
                context: Optional[str] = None,
                key: Optional[str] = None,
                namespace: Optional[str] = None,
                opts: Optional[InvokeOptions] = None) -> GetDecryptResult
def get_decrypt_output(backend: Optional[pulumi.Input[str]] = None,
                ciphertext: Optional[pulumi.Input[str]] = None,
                context: Optional[pulumi.Input[str]] = None,
                key: Optional[pulumi.Input[str]] = None,
                namespace: Optional[pulumi.Input[str]] = None,
                opts: Optional[InvokeOptions] = None) -> Output[GetDecryptResult]

func GetDecrypt(ctx *Context, args *GetDecryptArgs, opts ...InvokeOption) (*GetDecryptResult, error)
func GetDecryptOutput(ctx *Context, args *GetDecryptOutputArgs, opts ...InvokeOption) GetDecryptResultOutput

> Note: This function is named GetDecrypt in the Go SDK.

public static class GetDecrypt 
{
    public static Task<GetDecryptResult> InvokeAsync(GetDecryptArgs args, InvokeOptions? opts = null)
    public static Output<GetDecryptResult> Invoke(GetDecryptInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetDecryptResult> getDecrypt(GetDecryptArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: vault:transit/getDecrypt:getDecrypt
  arguments:
    # arguments dictionary

The following arguments are supported:

Backend string: The path the transit secret backend is mounted at, with no leading or trailing /.
Ciphertext string: Ciphertext to be decoded.
Key string: Specifies the name of the transit key to decrypt against.
Context string: Context for key derivation. This is required if key derivation is enabled for this key.
Namespace string

Backend string: The path the transit secret backend is mounted at, with no leading or trailing /.
Ciphertext string: Ciphertext to be decoded.
Key string: Specifies the name of the transit key to decrypt against.
Context string: Context for key derivation. This is required if key derivation is enabled for this key.
Namespace string

backend String: The path the transit secret backend is mounted at, with no leading or trailing /.
ciphertext String: Ciphertext to be decoded.
key String: Specifies the name of the transit key to decrypt against.
context String: Context for key derivation. This is required if key derivation is enabled for this key.
namespace String

backend string: The path the transit secret backend is mounted at, with no leading or trailing /.
ciphertext string: Ciphertext to be decoded.
key string: Specifies the name of the transit key to decrypt against.
context string: Context for key derivation. This is required if key derivation is enabled for this key.
namespace string

backend str: The path the transit secret backend is mounted at, with no leading or trailing /.
ciphertext str: Ciphertext to be decoded.
key str: Specifies the name of the transit key to decrypt against.
context str: Context for key derivation. This is required if key derivation is enabled for this key.
namespace str

backend String: The path the transit secret backend is mounted at, with no leading or trailing /.
ciphertext String: Ciphertext to be decoded.
key String: Specifies the name of the transit key to decrypt against.
context String: Context for key derivation. This is required if key derivation is enabled for this key.
namespace String

getDecrypt Result

The following output properties are available:

Backend string
Ciphertext string
Id string: The provider-assigned unique ID for this managed resource.
Key string
Plaintext string: Decrypted plaintext returned from Vault
Context string
Namespace string

Backend string
Ciphertext string
Id string: The provider-assigned unique ID for this managed resource.
Key string
Plaintext string: Decrypted plaintext returned from Vault
Context string
Namespace string

backend String
ciphertext String
id String: The provider-assigned unique ID for this managed resource.
key String
plaintext String: Decrypted plaintext returned from Vault
context String
namespace String

backend string
ciphertext string
id string: The provider-assigned unique ID for this managed resource.
key string
plaintext string: Decrypted plaintext returned from Vault
context string
namespace string

backend str
ciphertext str
id str: The provider-assigned unique ID for this managed resource.
key str
plaintext str: Decrypted plaintext returned from Vault
context str
namespace str

backend String
ciphertext String
id String: The provider-assigned unique ID for this managed resource.
key String
plaintext String: Decrypted plaintext returned from Vault
context String
namespace String

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

vault.transit.getDecrypt

Example Usage

Using getDecrypt

getDecrypt Result

Package Details

Contents