public string Decrypt(string tenant, string input, string output)
{
var securityKeySource = _secretManager.AcquireKeys(tenant);
var inputStream = File.Open(input, FileMode.Open, FileAccess.ReadWrite);
var outStream = new MemoryStream();
var privateKeyStream = new MemoryStream(Encoding.UTF8.GetBytes(Regex.Unescape(securityKeySource.PrivateKeySource)));
securityKeySource.PassPhrase = securityKeySource.PassPhrase == "0" ? null : securityKeySource.PassPhrase; // signify it's null/empty in Azure (we can't store null values)
_pgp.DecryptStream(inputStream, outStream, privateKeyStream, "");
inputStream.Dispose();
using (var outputStream = File.Open(output, FileMode.Create, FileAccess.Write))
outStream.WriteTo(outputStream);
outStream.Dispose();
return(output);
}