hi! i'm using the Pulumi REST API to get the state of my stack in another application. Now i need to be able to decrypt secrets too. I am using the default secret provider but i can't seem to find any docs on how to actually reverse the cipher or what cipher is used. Where can i find info on this?

You can't use the API to decrypt secrets. Only the CLI will do that (since you can use the console, but a different secret provider). You can however build your own API that uses the automation API to get secret values and use that

I actually went through the cli source and followed the code path until i found what is was looking for. backend/httpstate/client/client.go:368 is exactly what i was looking for. Got it working 🙂 thanks anyway 🙂