.. _decrypt: Method: Decrypt Data -------------------- Description ~~~~~~~~~~~ This endpoint decrypts the provided ciphertext using the named key in the specified vault. .. note:: This endpoint requires at least :ref:`Read` permission in the affected vault. URL Syntax ~~~~~~~~~~ /api/{version}/transparent/:vaultid/decrypt/:name HTTP Method ~~~~~~~~~~~ POST Successful HTTP Response ~~~~~~~~~~~~~~~~~~~~~~~~ 200 Parameters ~~~~~~~~~~ +----------------+------------------+----------------+--------+---------+-----------+------------------+ | Parameter name | Description | Parameter type | Type | Default | Mandatory | Comment | +================+==================+================+========+=========+===========+==================+ | X-Http-Token | StoredSafe token | HTTP Header | String | | :sup:`1)` | Preferred method | +----------------+------------------+----------------+--------+---------+-----------+------------------+ | token | StoredSafe token | JSON-encoded | String | | :sup:`1)` | Legacy method | +----------------+------------------+----------------+--------+---------+-----------+------------------+ | vaultid | Vault-ID | URL-encoded | String | | Yes | | +----------------+------------------+----------------+--------+---------+-----------+------------------+ | name | Key name | URL-encoded | String | | Yes | | +----------------+------------------+----------------+--------+---------+-----------+------------------+ | ciphertext | Ciphertext | JSON-encoded | String | | Yes | Base64 encoded | +----------------+------------------+----------------+--------+---------+-----------+------------------+ .. note:: :sup:`1)` One of the methods is required. Response Attributes ~~~~~~~~~~~~~~~~~~~ +----------------------+------------------------------------+---------+ | Attribute | Description | Type | +======================+====================================+=========+ | CALLINFO.errorcodes | Number of errors | Integer | +----------------------+------------------------------------+---------+ | CALLINFO.errors | Number of errors | Integer | +----------------------+------------------------------------+---------+ | CALLINFO.general | Information | Array | +----------------------+------------------------------------+---------+ | CALLINFO.handler | Handler used | String | +----------------------+------------------------------------+---------+ | CALLINFO.status | SUCCESS or FAIL | String | +----------------------+------------------------------------+---------+ | CALLINFO.token | Rotated StoredSafe token :sup:`1)` | String | +----------------------+------------------------------------+---------+ | CALLINFO.key_version | Key version | String | +----------------------+------------------------------------+---------+ | CALLINFO.plaintext | Plaintext (Base64 encoded) | String | +----------------------+------------------------------------+---------+ | DATA | Supplied data in prior API-call | String | +----------------------+------------------------------------+---------+ | HEADERS.(headers) | HTTP Headers | String | +----------------------+------------------------------------+---------+ | PARAMS | Route parameters (empty) | Array | +----------------------+------------------------------------+---------+ | ERRORCODES | Error code and text :sup:`2)` | Object | +----------------------+------------------------------------+---------+ | ERRORS | Error code and text :sup:`2)` | Array | +----------------------+------------------------------------+---------+ .. note:: | :sup:`1)` Token to be used in subsequent calls | :sup:`2`) Only present if errors Examples ~~~~~~~~ Decrypt the supplied ciphertext with the named decryption key in vault (vaultid) 179. **Request** :: POST /api/1.0/transparent/179/decrypt/my-new-key x-http-token: your_storedsafe_token { "ciphertext": "storedsafe:v1:fCC+8a3plkkEaveSGaC23i9grdhAioNXgXtQW09Dkes=", } **Response** :: HTTP/2 201 Content-type: application/json; charset=UTF-8 { "CALLINFO": { "errorcodes": 0, "errors": 0, "general": [], "handler": "EncryptionHandler", "status": "SUCCESS", "token": "rotated_storedsafe_token", "name": "my-new-key", "objectid": "8743", "plaintext": "c2Vuc2l0aXZlIGluZm9ybWF0aW9uCg==", key_"version": "1" }, "DATA": { "name": "my-new-key", "vaultid": "179", "ciphertext": "storedsafe:v1:fCC+8a3plkkEaveSGaC23i9grdhAioNXgXtQW09Dkes=", "token": "your_storedsafe_token" }, "HEADERS": { "Accept": "*/*", "Content-Length": "169", "Content-Type": "application/json", "Host": "safe.domain.cc", "User-Agent": "curl/7.64.1", "X-Http-Token": "your_storedsafe_token" }, "PARAMS": [] } $ base64 -d <<< "c2Vuc2l0aXZlIGluZm9ybWF0aW9uCg==" sensitive information