> For the complete documentation index, see [llms.txt](https://docs.onum.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.onum.com/the-workspace/pipelines/actions/transformation/field-transformation/field-transformation-operations/cryptography/aes-256-gcm-decrypt.md).
# AES-256-GCM decrypt
## Description
This operation decrypts a base64-encoded AES-256-GCM ciphertext using the provided encryption key. The input must be `base64(nonce || ciphertext)` as produced by AES-256-GCM encryption.
The **AES-256-GCM algorithm** encrypts the data so that malicious actors cannot read it, and generates an authentication tag that acts as a tamper-evident seal. If a hacker alters the encrypted data, the tag will immediately alert the receiving system, preventing the data from being used.
***
## Data types
These are the input/output expected data types for this operation:
### Input data
 - The base64-encoded ciphertext with the nonce prepended.
### Output data
 - The decrypted strings.
***
## Parameters
These are the parameters you need to configure to use this operation (mandatory parameters are marked with a **\***):
Encryption Key*
Choose your AES-256 encryption key, base64-encoded from your secrets. It must decode to exactly 32 bytes.
If you need to define a new encryption key, go to your **Organization settings** and click **Secrets**. Learn more in [this section](/administration/global-settings/organization-settings/secrets-management.md).
***
## Example
Suppose you want to **decrypt** a series of strings encrypted with the **AES-256-GCM** **algorithm**. To do it:
1. In your Pipeline, open the required [Action](/the-workspace/pipelines/actions.md) configuration and select the input **Field**.
2. In the **Operation** field, choose **AES-256-GCM Decrypt**.
3. Choose your **Encryption Key** from your list of secrets in Onum.
4. Give your **Output field** a name and click **Save**. You'll get your decrypted strings. For example:
```
Input data - "c3RhbmRhcmQgbm9uY2UxMjM0NTY3OGNpcGhlcnRleHRleGFtcGxl"
Encryption key - "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"
Output data - "Hello, World!"
```
{% hint style="warning" %}
These are illustrative placeholder values, do not use this key or input in any real configuration.
{% endhint %}
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.onum.com/the-workspace/pipelines/actions/transformation/field-transformation/field-transformation-operations/cryptography/aes-256-gcm-decrypt.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.