Decrypt plain text using KeyID (Access Token-Based Authentication)
KeyIDs are used to encrypt objects that can be moved between VMs within a single Cloud VM Set.
You can use the KeyID to decrypt cipher text that was encrypted with a KeyID. The following example uses access token based authentication.
Request
|
Method |
URI |
|---|---|
|
POST |
v5/symm_keyid/op/decrypt/ |
Content Type
application/json
Authentication Type
Access Token
Privileges Required
Any valid KeyControl user account with CLOUD_ADMIN privileges can decrypt plain text using KeyIDs for any Cloud VM Set to which they have access. In order to access a Cloud VM Set, the user must be a member of the Cloud Admin Group to which the Cloud VM Set belongs.
Parameters
|
Name |
Type |
Example |
|---|---|---|
|
cipher_text |
string |
"SFRXUAEAx6GPafdafacxcv==" Cipher text to be decrypted. This includes metadata. |
|
cvmset |
string |
my-cloud-vm-set Required if you are using access token based authentication. |
|
keyid |
string |
"78a7e865947a11e3b4ed080027cbdf2a" Optional. Specify a keyid if the keyid was used to encrypt the cipher text. If the keyid was not used for encryption, then the decryption will fail. |
|
keyid_name |
string |
aws_keyid Optional. Specify a keyid_name if the keyid_name was used to encrypt the cipher text. If the keyid_name was not used for encryption, then the decryption will fail. |
Response
|
Name |
Type |
Example |
|---|---|---|
|
plain_text |
string |
"plain_text" |
|
keyid |
string |
"78a7e865947a11e3b4ed080027cbdf2a" |
|
keyid_name |
string |
aws_keyid |
|
result |
string |
success |
Errors
|
Reason |
Example |
|---|---|
|
Invalid KeyID |
KeyID not found |
|
Decryption Failed |
Failed to decrypt cipher text |
