> For the complete documentation index, see [llms.txt](https://help.ppgg.in/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.ppgg.in/docs/secrets-manager/your-secrets/secret-decryption.md). # 机密解密 {% hint style="success" %} 对应的[官方文档地址](https://bitwarden.com/help/secret-decryption/) {% endhint %} 除了主密码之外,Secrets Manager 还可以使用访问令牌来来解密、编辑和创建机密。具体来说,是在像[这里](/docs/secrets-manager/get-started/developer-quick-start.md)的示例这样的机密注入场景中完成的。 从概念上讲,访问令牌由两部分组成: * **一个 API 密钥**,包含用于与 Bitwarden 服务器进行身份验证的客户端 ID 和密码。 * **一个唯一的加密密钥**,用于解密包含您的组织对称加密密钥的加密有效载荷。 当使用访问令牌时,例如在验证 `bws get secret` 之类的 CLI 命令时: 1. 请求被发送到 Bitwarden 服务器,其中包含 API 密钥的客户端 ID 和客户端密码。 2. Bitwarden 服务器使用这些凭据对客户端会话进行身份验证,并发送包含加密载荷的响应。此加密载荷包含组织的对称密钥。 3. 收到后,将使用访问令牌的唯一加密密钥在本地解密组织的对称密钥。 4. 后续请求将发送到 Bitwarden API,以获取 `bws` 命令中要求的数据,例如机密。 5. Bitwarden 根据请求中的服务账户标识符确定是否可以提供所调用的数据。如果是,则使用加密数据向客户端发送响应。 6. 使用组织对称密钥在本地解密数据。无论您是否使用 Secrets Manager,都会使用相关值,例如将已解密的 `"key": ""` 值保存到环境变量。 --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://help.ppgg.in/docs/secrets-manager/your-secrets/secret-decryption.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.