HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Nomad
Nomad Home

rsadecrypt Function

Deprecated

This function is deprecated and may be removed in the future.

Warning

While it is possible to use safely, it encourages use of cryptographic primitives with known weaknesses. Nomad Variablesand HashiCorp Vault are the recommended ways to provide secrets to workloads.

rsadecrypt decrypts an RSA-encrypted ciphertext, returning the corresponding cleartext.

rsadecrypt(ciphertext, privatekey)

ciphertext must be a base64-encoded representation of the ciphertext, using the PKCS #1 v1.5 padding scheme. Nomad uses the "standard" Base64 alphabet as defined in RFC 4648 section 4.

privatekey must be a PEM-encoded RSA private key that is not itself encrypted.

Nomad has no corresponding function for encrypting a message. Use this function to decrypt ciphertexts returned by remote services using a keypair negotiated out-of-band.

Examples

> rsadecrypt(base64(file("${path.folder}/ciphertext")), file("privatekey.pem"))
Hello, world!
Edit this page on GitHub