How can I retrieve the unencrypted value of data that is encrypted in a Configuration Parameter?

I have a script that needs to retrieve sensitive information encrypted within a configuration parameter. However, I am unable to decrypt it. How can I decrypt the parameter to access its original value?

  • Hi Nicholas,

    As far as I know, it is only possible to decrypt an encrypted value within a script so that it can be used again to a limited extent. An alternative would be not to encrypt the value at all, for example...

    It may be possible to solve the problem directly via SQL.

    What exactly is your use case?

    Best regards

    Marco

  • I am using a script to call an API, and to do so, I need to send a secret value stored in the configuration parameters to the API.

  • By design only the Jobserver processes (viNetworkService) have access to the private key of the environmnt. So this process is the only one able to decrypt encrpted values. This means scripts, which are run by a differnt EXTERNAL process (stdIOProcessor), are unable to decrypt.

    Normaly you pass the encrpted value as parameter to the script from the process, i.e. have "ParameterX-Value = GetConfigParam()" and mark this parameter as encrpted or partially encrpted in the process. The jobservice will decrypt it and pass it as cleartext-parameter to the script, where you then have the unencrpted value to work with.

    Note: I think the Sychronization components also access the private key, despite running as external process. I am also somewhat sure that you can get the private key from the script using the MS-crypto-API, but that is definitely not recommended, nor would I expect it to be supported.