- Built-in Functions
- rsadecrypt
rsadecrypt
Function
rsadecrypt
decrypts an RSA-encrypted ciphertext, returning the corresponding
cleartext.
ciphertext
must be a base64-encoded representation of the ciphertext, using
the PKCS #1 v1.5 padding scheme. OpenTofu uses the "standard" Base64 alphabet
as defined in RFC 4648 section 4.
privatekey
must be a PEM-encoded RSA private key that is not itself
encrypted.
OpenTofu has no corresponding function for encrypting a message. Use this function to decrypt ciphertexts returned by remote services using a keypair negotiated out-of-band.