public string Decrypt(string tenant, string input, string output)
        {
            var securityKeySource = _secretManager.AcquireKeys(tenant);
            var inputStream       = File.Open(input, FileMode.Open, FileAccess.ReadWrite);
            var outStream         = new MemoryStream();
            var privateKeyStream  = new MemoryStream(Encoding.UTF8.GetBytes(Regex.Unescape(securityKeySource.PrivateKeySource)));

            securityKeySource.PassPhrase = securityKeySource.PassPhrase == "0" ? null : securityKeySource.PassPhrase; // signify it's null/empty in Azure (we can't store null values)
            _pgp.DecryptStream(inputStream, outStream, privateKeyStream, "");
            inputStream.Dispose();
            using (var outputStream = File.Open(output, FileMode.Create, FileAccess.Write))
                outStream.WriteTo(outputStream);
            outStream.Dispose();
            return(output);
        }