Expand description
encryption:decrypt(value: string) -> string
Reverses encryption:encrypt: base64-decodes, splits the 12-byte nonce
from the ciphertext+tag, decrypts with AES-256-GCM, and returns the
original plaintext string. Returns an empty string on any failure so the
workbench treats a corrupt blob as “no stored secret” rather than crashing.