diff --git a/lib/asm/asm_cipher.rb b/lib/asm/asm_cipher.rb
new file mode 100644
index 00000000..c11dda6b
--- /dev/null
+++ b/lib/asm/asm_cipher.rb
@@ -0,0 +1,29 @@
+require "asm"
+require "asm/util"
+require "sequel"
+require "aescrypt"
+db_conf = YAML.load_file(ASM::Util::DATABASE_CONF)
+if RUBY_PLATFORM == "java"
+  require 'jdbc/postgres'
+  Jdbc::Postgres.load_driver
+  DB = Sequel.connect("jdbc:postgresql://#{db_conf['host']}/encryptionmgr?user=#{db_conf['username']}&password=#{db_conf['password']}")
+else
+  require "pg"
+  DB = Sequel.connect("postgres://#{db_conf['username']}:#{db_conf['password']}@#{db_conf['host']}:#{db_conf['port']}/encryptionmgr")
+end
+
+module ASM::Cipher
+  def self.decrypt_string(id)
+    e_string = get_string(id)
+    e_key    = get_key(e_string[:encryptionmethodid])
+    d_string = AESCrypt.decrypt_data(Base64.decode64(e_string[:encrypteddata]),Base64.decode64(e_key[:bytes]),nil,"AES-128-CBC")
+    d_string.slice!(0,16)
+    d_string
+  end
+  def self.get_string(id)
+    DB["SELECT * FROM encryptedstring WHERE id = ?", id].first
+  end
+  def self.get_key(key_id)
+    DB["SELECT bytes FROM encryptionkey WHERE id = (SELECT key_id FROM encryptionmethod WHERE id = ?)", key_id].first
+  end
+end
diff --git a/lib/asm/util.rb b/lib/asm/util.rb
index 6e2254f2..5f6a2e0e 100644
--- a/lib/asm/util.rb
+++ b/lib/asm/util.rb
@@ -14,7 +14,9 @@ module Util
     NETWORKS_RA_URL='http://localhost:9080/VirtualServices/Network'
     CHASSIS_RA_URL='http://localhost:9080/ChassisRA/Chassis'
     # TODO: give razor user access to this directory
-    DEVICE_CONF_DIR='/etc/puppetlabs/puppet/devices'
+    PUPPET_CONF_DIR='/etc/puppetlabs/puppet'
+    DEVICE_CONF_DIR="#{PUPPET_CONF_DIR}/devices"
+    DATABASE_CONF="#{PUPPET_CONF_DIR}/database.yaml"
     # See spec/fixtures/asm_server_m620.json for sample response
     #
     # cert_name is in format devicetype-servicetag