This message was deleted.
# general
s
This message was deleted.
e
You can. api.pulumi.com/api/{org}/{project}/{stack}/decrypt , POST to that endpoint with a JSON object with one field "ciphertext" which has the base64 ciphertext to decrypt.
I'm hoping to get an openapi spec written up for the whole service to make things like this more discoverable
d
and that would make by wrapper/api stuff obsolete (which would be GREAT).
thank you! I'll try this out ...
so I know - is this documented somewhere?
e
no it's not documented anywhere right now (unless you count code as docs, in which case https://github.com/pulumi/pulumi/blob/master/pkg/backend/httpstate/client/client.go#L405-L413)
d
@echoing-dinner-19531 VERY good link - that helped me find my bug! The url is api.pulumi.com/api/stacks/{org}/{project}/{stack}/decrypt - thanks a bunch for the info - I'd not have found that on my own 🙂
e
ah yes sorry, forgot about the /stacks part
will all be much easier with an openapi spec 🙂
🎉 1
d
I'm trying that with a stack that has it's own encryption provider (key vault in this case); is it expected that the REST call will work in this case as well?
e
Nope, the SASS only deals with service encryption/decryption. If you want stack config decrypted from another secrets provider you'll need to query that provider (or just use
pulumi config get)