How can I retrieve the unencrypted value of data that is encrypted in a Configuration Parameter?

I have a script that needs to retrieve sensitive information encrypted within a configuration parameter. However, I am unable to decrypt it. How can I decrypt the parameter to access its original value?

Parents
  • By design only the Jobserver processes (viNetworkService) have access to the private key of the environmnt. So this process is the only one able to decrypt encrpted values. This means scripts, which are run by a differnt EXTERNAL process (stdIOProcessor), are unable to decrypt.

    Normaly you pass the encrpted value as parameter to the script from the process, i.e. have "ParameterX-Value = GetConfigParam()" and mark this parameter as encrpted or partially encrpted in the process. The jobservice will decrypt it and pass it as cleartext-parameter to the script, where you then have the unencrpted value to work with.

    Note: I think the Sychronization components also access the private key, despite running as external process. I am also somewhat sure that you can get the private key from the script using the MS-crypto-API, but that is definitely not recommended, nor would I expect it to be supported.

Reply
  • By design only the Jobserver processes (viNetworkService) have access to the private key of the environmnt. So this process is the only one able to decrypt encrpted values. This means scripts, which are run by a differnt EXTERNAL process (stdIOProcessor), are unable to decrypt.

    Normaly you pass the encrpted value as parameter to the script from the process, i.e. have "ParameterX-Value = GetConfigParam()" and mark this parameter as encrpted or partially encrpted in the process. The jobservice will decrypt it and pass it as cleartext-parameter to the script, where you then have the unencrpted value to work with.

    Note: I think the Sychronization components also access the private key, despite running as external process. I am also somewhat sure that you can get the private key from the script using the MS-crypto-API, but that is definitely not recommended, nor would I expect it to be supported.

Children
No Data