Primitive
secret.reveal
BETAShort name: reveal
Version: 1.0.0
Authorizes and decrypts a single sensitive field on a single atom. Emits a `secret.revealed` audit event.
Back to primitive libraryInputs
| Key | Type | Required | Description |
|---|---|---|---|
| atomId | objectId | true | Atom whose sensitive field is being revealed. |
| fieldPath | string | true | Dotted path to the envelope (must start with 'data.'). Example: 'data.ssn.value'. |
Outputs
| Key | Type | Required | Description |
|---|---|---|---|
| grantId | string|undefined | false | Grant atom id, present when via === 'grant'. |
| value | any | false | Decrypted JSON value. Transient — not persisted. |
| via | string | false | Authorization channel: 'owner' or 'grant'. |