Save 10-15% Register for HashiConf and save big when you buy 2+ tickets Get your passes
Terraform
Terraform Home

rsadecrypt Function

⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️

[!IMPORTANT]
Documentation Update: Product documentation previously located in /website has moved to the hashicorp/web-unified-docs repository, where all product documentation is now centralized. Please make contributions directly to web-unified-docs, since changes to /website in this repository will not appear on developer.hashicorp.com. ⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️

rsadecrypt decrypts an RSA-encrypted ciphertext, returning the corresponding cleartext.

rsadecrypt(ciphertext, privatekey)

ciphertext must be a base64-encoded representation of the ciphertext, using the PKCS #1 v1.5 padding scheme. Terraform uses the "standard" Base64 alphabet as defined in RFC 4648 section 4.

privatekey must be a PEM-encoded RSA private key that is not itself encrypted.

Terraform has no corresponding function for encrypting a message. Use this function to decrypt ciphertexts returned by remote services using a keypair negotiated out-of-band.

Examples

> rsadecrypt(filebase64("${path.module}/ciphertext"), file("privatekey.pem"))
Hello, world!
Edit this page on GitHub