Chef-vault: Cannot decrypt passwords

I'm using chef-vault for securely storing password data in Chef Server.

Encrypting passwords works fine, but decrypting does not work.

$ knife encrypt create secrets test '{"test":"foo"}' --admins user1 --mode client
$ knife encrypt update secrets test '{"test":"foo"}' --admins user1,user2 --mode client
ERROR: OpenSSL::PKey::RSAError: padding check failed
$ knife decrypt secrets test 'test' --mode client
ERROR: OpenSSL::PKey::RSAError: padding check failed

Any idea, what's going wrong?

Solution

The problem was that we had for us admins always a user and a client. Chef-vault uses the user to encrypt the password, thus I was not able to decrypt it with my client certificate (to precise, with the private key of the user user1, while there was also a client admin1).

This was answered by Kevin Moser on GitHub.

Is this declaration UB?
Calling an external C function (in a shared lib) from Perl with Inline/C does not work
Eclipse C/C++ how to find variable belongs to which struct quickly
Is this truly best way to delete last element in C?
Why do we need address virtualization in an operating system?
Can a real floating-point type alias a complex floating-point type in C?
Shadowing an iterator inside a for loop has undefined (?) behaviour in C
Can a C program execute successfully if main() is defined as a macro?
Ambiguity in scope of for loop declaration versus body
Understanding the difference in timing of two functions that increment each element of an integer array
Why MSVC generates warning C4127 when constant is used in "while" - C
Executing a user-space function from the kernel space
Why must the variable used to hold getchar's return value be declared as int?
mpirun -np 4 ./a.out doesn't use all my cores (ubuntu 24.04LTS)
Sleep for N seconds and wait for keypress
Dereference twice in gdb
Is it safe to cast a struct pointer to a different struct pointer having a prefix of elements?
Can a C compiler legally reject a program if its call stack depth exceeds a fixed limit at compile time?
return type defaults to 'int' [-Wimplicit-int]
What is the scope of `fesetround()`?
Which specific optimization flag causes libm functions to be treated as pure?
How to render text in SDL2?
Why would you use 'extern "C++"'?
Strange Behavior Compiler Ignoring NULL Check Unless I Print Something in the if Statement
Fast inverse square root using fixed point instead of floating point
What is the const qualifier attached to in C: the memory area or the pointer?
GCC options for strictest C code?
How to do an explicit fall-through in C
How do compilers treat CONST qualifier when the pointer points to a memory location obtained with malloc()?
C: cmocka headers - how to unittest?