Decrypting Secrets Returned by Zoho Vault API

Decrypting Secrets Returned by Zoho Vault API

Hello,

I've been able to follow the documentation here: Zoho Vault | API Reference and successfully call the GET_LOGIN operation with my token. I get back a response containing/similar to this:

"name": "GET_LOGIN",
        "details": {
            "PASSPHRASE": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxABCDEFG==",
            "SALT": "xxxxxxxxxxxxxxxxxxxxxxxxxx5423",
            "ITERATION": 123456,
... etc.

There is a bit of documentation on using a passphrase, with javascript code:

var masterKey = null;
 var passphrase = "user_passphrase"; if(LOGINTYPE == "PBKDF2_AES"){
 var masterKey = Vault.PBKDF2_key(passphrase, SALT, ITERATION); }else{
 var masterKey = Vault.hash(passphrase);
 var passAuth = Vault.hash(passphrase+SALT); }

But, there is then no documentation or example on actually using this masterKey to decrypt a secret. From what I can gather online with PBKDF2 and AES, I need to use the masterKey to actually decrypt. But with AES, you also seem to need an initialization vector, or nonce (number used only once), and that is not mentioned at all. 

My question is, what would an example decryption look like with the master key?


      • Sticky Posts

      • Free webinar—Redefining workforce security with Zoho Vault: Passwords, passkeys, and multi-factor authentication

        Hi everyone! Did you know that in Q2 alone, 94 million data records were leaked globally? Behind every breach is a combination of poor password habits, phishing attacks, privilege misuse, and simple human error. The fallout—including reputational damage,

      • Introducing SecureForms in Zoho Vault

        Hey everyone, Let’s face it—asking someone to send over a password or other sensitive data is rarely straightforward. You wait. You nudge. You follow up once, twice—maybe more. And when the information finally arrives, it shows up in the worst possible

      • Join our World Password and Passkey Day expert Q&A 2025

        Hey everyone! World Password and Passkey Day is almost here, and there's no better time to talk about something we all rely on daily—secure authentication. Did you know that a staggering 60% of hacking-related breaches are tied to weak or stolen passwords?

      • Zoho Vault: A look at what's new for iOS, iPadOS, and macOS

        Hi everyone, At Zoho Vault, we constantly aim to improve your security experience. Based on both internal and external feedback, we have recently rolled out updates across our iOS, iPadOS, and support for macOS platforms. Introducing the desktop app for

      • iOS 12 update: Introducing autofill passwords and Siri Shortcuts in Zoho Vault

        With this iOS 12 release, Zoho Vault users can now autofill usernames and passwords on Safari and other third-party apps. Users can enjoy a seamless login experience to their everyday apps without compromising security and also access passwords stored in Zoho vault with Siri Shortcuts by adding personalized phrases. How to enable autofill password on your iOS device? First, you need to update your device to iOS 12.  Apple recommends you to take a backup before you update your device to the latest

        • Recent Topics

        • Kaizen #157: Flyouts in Client Script

          Hello everyone! Welcome back to another exciting edition of our Kaizen series, where we explore fresh insights and innovative ideas to help you discover more and expand your knowledge!In this post, we'll walk through how to display Flyouts in Client Script

        • Customize User Invites with Invitation Templates

          Invitation Templates help streamline the invitation process by allowing users to create customized email formats instead of sending a one-size-fits-all email. Different invitation templates can be created for portal users and client users to align with

        • Admin Control Over Profile Picture Visibility in Zoho One

          Hello Zoho Team, We hope you are doing well. Currently, as per Zoho’s design, each user can manage the visibility of their profile picture from their own Zoho Accounts page: accounts.zoho.com → Personal Information → Profile Picture → Profile Picture

        • Published Course Not Reflecting In Hub

          Hi! I am trying to create micro-learning courses for our team to be available for self-guided learning. I have published the courses with enrollment settings open to all users of the hub, but they don't appear to be available for enrollment. Am I missing

        • Unlock Locked Users via Zoho One Mobile App

          Hello Zoho One Team, We have noticed that in the Zoho One web admin panel, we can unlock a locked user when needed. However, when using the Zoho One mobile app, there is no indication that a user is locked, nor is there an unlock button similar to what

        • Tip #47- Stay Ahead with Automated Scheduled Reports in Zoho Assist- 'Insider Insights'

          We’ve made it easier for you to stay informed, even when you’re busy managing remote sessions! With Scheduled Reports in Zoho Assist, you can now automatically receive detailed insights about your remote support and unattended access activities directly

        • Colour Coded Flags in Tasks Module List View

          I really like the colour coded flags indicating the status of the tasks assigned to a Contact/Deal in the module list view. It would be a great addition to have this feature available in the list view of activities/tasks. I understand you have the Due

        • Uploading data to S3

          Has anyone successfully uploaded data from Creator to S3 using the InvokeURL command or any other method in Deluge? (keywords: S3, AWS, Amazon, bucket)

        • UPS Label size when generated via Zoho

          We've integrated UPS with Zoho inventory. When creating and downloading the shipping labels they are created in a larger paper size. I'd like them to be generated to print on a 4x6 printer. Zoho have told me I need to do this within our UPS portal. UPS

        • Credit Management: #4 Credits on Unused Period

          Recall a familiar situation. You sign up for a monthly gym membership. You pay the subscription fee upfront, get motivated, and show up consistently for the first week. Then, suddenly, you get caught up in work deadlines, travel plans, or a dip in motivation.

        • Zoho Analytics Automatically Deletes Queries and Reports When a Synced CRM Field Is Removed

          We’ve encountered a serious and recurring issue that poses a massive data integrity risk for any Zoho Analytics customer using Zoho CRM integration. When a field is deleted in Zoho CRM — even an unused one — Zoho Analytics automatically deletes every

        • Prevent new Record Association

          Hello all, We have a small sales organization therefore, it's helpful for everyone on the sales team to be able to view the full list of accounts to assist in preventing duplicate accounts from being created. However we want to prevent people from creating

        • Tip of the Week #73– Automate workflow with Make integration.

          Make is a no-code workflow automation platform designed to connect your favorite apps and automate repetitive tasks across services. By integrating Make with Zoho TeamInbox, you can streamline everyday inbox management and save valuable time. With this

        • Viewing attachments

          I'm using a Web Form integrated in my web site to collect Leads several info, including a image upload. In order to to approve each lead, we have to view the image uploaded. Unfortunately, in the Leads view, the Attachments can only be downloaded, not

        • Kaizen #89 - Color Coding using Client Script

          Hello everyone! Welcome back to another exciting Kaizen post. Today let us see how you can apply color codes to the List and Detail Pages of Zoho CRM using Client Script. Need for color code in Zoho CRM When you mark things with different colors as a

        • Instant Sync of Zoho CRM Data?

          With how valuable Zoho Analytics is to actually creating data driven dashboards/reports, we are surprised that there is no instant or near instant sync between Zoho CRM and Zoho Analytics. Waiting 3 hours is okay for most of our reports, but there are

        • Is it possibly to directly set the tax amount on order instead of indirectly via tax rates?

          We own an eCommerce application and want to funnel submitted orders from that system into Zoho. We're already calculating tax in our application and just need a way to set it in Zoho. We tried to use Zoho's tax objects for tax by setting the rates to

        • Zoho account sign in with passkey

          Hello, I am trying to sign in using passkey, but the option doesn't show up in the web and is disabled in Oneauth on mobile, saying the admin has restricted the use. On the Admin page in Security MFA I can find no option for passkey. Help would be greatly

        • Nouveauté dans Zoho Writer - Création de documents et de modèles assistée par l'IA

          Zia, l’assistant IA de Zoho Writer, soutient les utilisateurs dans l’amélioration de leur écriture et la création de contenus : correction orthographique et grammaticale en temps réel, suggestions adaptées au contexte, détection du plagiat, révisions

        • Rescheduled US meetups: Zoho Desk user meetups are coming to seven U.S. cities in October and November, 2025

          Hello to our Zoho Desk users in the United States, We're excited to share the revised dates for the upcoming Zoho User Groups happening across the US this summer. Our product experts are heading to seven cities throughout the country, and for the first

        • Checklists as templates

          Is it possible to save checklists as templates to reuse them in other tasks? Example: I have a web project. I maintain individual web URLs as tasks. Within the tasks the same checklist should be used again and again: - Page created in CMS - Properties

        • Send mass email using my secondary email

          Hello, When I send an email to just one person from Zoho CRM, a complete email editor appears, where I can choose which of my email addresses I want to use in the From field. When I send a mass email, there is not such option. I can only select the email

        • Add the same FROM email to multiple department

          Hi, We have several agents who work with multiple departments and we'd like to be able to select their names on the FROM field (sender), but apparently it's not possible to add a FROM address to multiple departments. Is there any way around this? Thanks.

        • ZOHO TEAM INBOX Calendar Integration

          The Problem: Clients send meeting invitations to our TeamInbox address. TeamInbox receives these invites, but we cannot accept them. We do not use individual inboxes for transparency purposes. Ideal Solution: A way to accept calendar invites sent to our

        • Need Help Mapping GST Registration Number Field Between Zoho Books & Zoho CRM + Slow Sync Issues

          am facing an issue with field mapping between Zoho Books and Zoho CRM. I want to map the GST Registration Number field from the Customer module in Zoho Books to a custom GST field inside the Accounts module in Zoho CRM. However, I am getting a warning

        • Unearned / Deferred Revenue Automatic Calculation for Subscriptions

          As a SaaS business, we have multiple active subscriptions with varying dates and amounts. Is there a way to have a monthly automatic calculation for all of them that debits or credits the unearned revenue and revenue accounts accordingly? Alternatively,

        • Zoho Desk Limit for Comma Separated Queries

          Hi, I have just discovered a limit that I believed is not mentioned in any of Zoho's documentations. My search query looks like so: "query: {"accountId":"786050000091629966,786050000163589273,786050000163589427,786050000162753705,786050000162112971,786050000161987643,786050000160752868,786050000167089504,786050000167089378,786050000167089024,786050000167070005,786050000166295256,786050000128153693,786050000110560021,786050000046594575,786050000039106461,786050000002225356,786050000076889093,786050000047895103,786050000043365354,786050000044765191,786050000041790249,786050000040359116,786050000037945198,786050000024605077,786050000000525015,786050000155333895,786050000157741437,786050000000718125,786050000011574353,","departmentId":"786050000042648070","status":"Finished","sortBy":"createdTime","customField2":"cf_completion_date:2025-01-28T03:00:00.000Z,2025-10-28T03:00:00.000Z","customField3":"cf_billed:false"}"

        • Module Name doesn't exist

          I am trying to create a module named Activity, with plural Activities, but I have an error that module name already exists. This module is doesn't exist, and I don't have a single field called Activity or Activities.

        • Zoho Desk iOS and Android app update: AI powered: Reply Assistance and Refine Messages on IM module.

          Hello everyone! We are excited to introduce new AI powered features on the IM module of the Zoho Desk app. Reply Assistance: Reply Assistance generates suggested responses for incoming chat messages, which you can directly insert into the conversation

        • Unify All Zoho Video Meeting Experiences into One Standardized Platform

          Hi Zoho Team, We would like to share an important user experience concern regarding the current state of video meeting functionality across the Zoho ecosystem. The Problem Within Zoho, there are multiple ways to initiate or schedule a video meeting: Zoho

        • Is it possible to embed Youtube shorts?

          Hi Zoho desk support, This is Ryan from Accuver America. While I'm trying to create a knowledge base article with embed video, I ran into this issue. "www.youtube.com refuse to connect" A little bit background is that because this video is recorded on

        • Zoho Inventory - Move Orders

          Quick question about Move Orders... Why is there no status to say something like "Draft", "In Progress" and "Completed", similar to Transfer Orders? I'm assuming that when something needs to be moved it should be planned in Inventory, executed and then

        • Kaizen #8 - Handling Recurrence and Participants in the Events Module via API

          Hello everyone! We are back this week with an exciting post—Handling recurrence and participants in the Events module through API. First things first—What is the Events module? "Events" is a part of the Activities module in Zoho CRM.  An event is an activity that happens at a given place and time. You can find Events on the user's Zoho CRM's home page, Activities home page, Calendar, and in other related records. What are the types of Events? Events are of two types—Recurring and non-recurring events.

        • Split functionality - Admins need ability to do this

          Admins should be able to split an expense at any point of the process prior to approval. The split is very helpful for our account coding, but to have to go back to a user and ask them to split an invoice that they simply want paid is a bit of an in

        • Delegates - Access to approved reports

          We realized that delegates do not have access to reports after they are approved. Many users ask questions of their delegates about past expense reports and the delegates can't see this information. Please allow delegates see all expense report activity,

        • How to include total km for multiple trips in expense report.

          Whenever I create a mileage report it only shows the total dollar amount to be reimbursed. The mileage for each individual trip is included but I also need to see the total distance for all trips in a report? How do I do this?

        • Get logged in user ID in Deluge script

          Hello all, How do I get the id of the logged-in user in a deluge script? the "zoho.loginuserid" function actually returns the users email address or whatever the user id they use to login to zoho with and not the id of the user record, and given that

        • Item Details Field - New Barcode / Document option?

          Is this a new feature??? its in both books and inventory.

        • Super Admin Logging in as another User

          How can a Super Admin login as another user. For example, I have a sales rep that is having issues with their Accounts and I want to view their Zoho Account with out having to do a GTM and sharing screens. Moderation Update (8th Aug 2025): We are working

        • Shared Mailbox - Mark as read for all users

          Hi all, Maybe someone can help me out. At the moment we have a shared mailbox without streams. When a users reads an mail or marks it as read other users will not see this. How can we resolve this? We now archive the mails when read and followed up. However

        • Next Page