vault decrypt is a tabli command of the Vault Module that supports the decryption of a cipher that was encrypted with the encrypt command or automatically.
Every ciphertext (text encrypted) starts with the vault prefix. This cipher comes from the vault encrypt example
tabli --passphrase hardToGuess vault decrypt vaultQVE9PT4vRUloRGI4cU83c1cvS0orOGU0cmJnPT0+UTc4NVFqWWdDZ3hoTmp3WXRPNjJsMmJhWS9lb2dSNE8wNllHM29WYjFVWT0+eGp5aUcxdnA0RkZ6TkhwQWU3Y3B1UT09
The cipher decryption:
plaintext ciphertext
--------- -----------------------------------------------------------------------------------------------------------------------------------------
secret vaultQVE9PT4vRUloRGI4cU83c1cvS0orOGU0cmJnPT0+UTc4NVFqWWdDZ3hoTmp3WXRPNjJsMmJhWS9lb2dSNE8wNllHM29WYjFVWT0+eGp5aUcxdnA0RkZ6TkhwQWU3Y3B1UT09
tabli vault decrypt -h
Tabli vault decrypt
===================
Decrypt ciphertext into plaintext
Example
-------
1 - To decrypt, you would execute
tabli vault decrypt --passphrase difficultToGuessPassPhrase! "vaultQVE9PT5KeU1OK1RXNWNSVDJCcVRq"
Syntax
------
tabli vault decrypt <ciphertext...>
where:
Arguments:
<ciphertext...> One or more ciphertext to decrypt
Global Options:
-cf,--conf <path> The path to a configuration file
-cv,--connection-vault <path> The path where the connection vault is located
-h,--help Print this help
-l,--log-level <error|warning|tip|info|fine> Set the log level
-ns,--not-strict A minor error will not stop the process.
-odu,--output-data-uri <outputDataUri> defines the output data uri for the feedback data (default: console)
-oo,--output-operation <dataOperation> defines the data operations (replace, truncate) on an existing output resource before transfer.
-oop,--output-transfer-operation <transferOperation> defines the output transfer operation (insert, update, merge, copy). Default to `copy` for a file system and `insert` for a database.
-pp,--passphrase <passphrase> A passphrase (master password) to decrypt the encrypted values