Chef-vault: Cannot decrypt passwords

2.1k Views Asked by StephenKing At 05 November 2025 at 23:29

I'm using chef-vault for securely storing password data in Chef Server.

Encrypting passwords works fine, but decrypting does not work.

$ knife encrypt create secrets test '{"test":"foo"}' --admins user1 --mode client
$ knife encrypt update secrets test '{"test":"foo"}' --admins user1,user2 --mode client
ERROR: OpenSSL::PKey::RSAError: padding check failed
$ knife decrypt secrets test 'test' --mode client
ERROR: OpenSSL::PKey::RSAError: padding check failed

Any idea, what's going wrong?

Original Q&A

There are 1 best solutions below

StephenKing On 02 December 2013 at 19:56 BEST ANSWER

The problem was that we had for us admins always a user and a client. Chef-vault uses the user to encrypt the password, thus I was not able to decrypt it with my client certificate (to precise, with the private key of the user user1, while there was also a client admin1).

This was answered by Kevin Moser on GitHub.

Chef-vault: Cannot decrypt passwords

There are 1 best solutions below

Related Questions in CHEF-INFRA

Related Questions in KNIFE

Trending Questions

Popular # Hahtags

Popular Questions