Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/rstudio/rskey/llms.txt

Use this file to discover all available pages before exploring further.

rskey decrypt takes a ciphertext string previously produced by rskey encrypt and recovers the original plaintext. Like its counterpart, it works both interactively (typing the ciphertext at the terminal prompt) and in batch mode (reading line-separated ciphertexts from stdin). Use this command to verify that encrypted values round-trip correctly, or to recover plaintext during debugging and key-rotation workflows.

Synopsis

rskey decrypt -f <keyfile> [--mode <mode>]

Flags

-f, --keyfile
string
required
Path to the key file that was used to encrypt the data. Required.
--mode
string
default:"default"
Decryption mode. One of default or workbench.
You do not need to pass --mode=fips to decrypt ciphertext that was encrypted in FIPS mode. The default mode automatically detects whether the ciphertext was produced by NaCl Secretbox or AES-256-GCM and selects the correct algorithm.

Examples

echo "G8QSoVOR936MjjMdjFqvXYqM+m1zwH0H/aX0fO5RGg0logwPOhME0Wz0sp9g4fMtYdw=" | \
  rskey decrypt -f /var/lib/rstudio-pm/rstudio-pm.key

Stdin (batch) usage

When stdin is a pipe, rskey decrypt reads one ciphertext per line and writes one plaintext per line to stdout. This mirrors the batch behavior of rskey encrypt and is useful for bulk verification or migration tasks.

Build docs developers (and LLMs) love

Get started for freeTalk to us