I'm using chef-vault for securely storing password data in Chef Server.
Encrypting passwords works fine, but decrypting does not work.
$ knife encrypt create secrets test '{"test":"foo"}' --admins user1 --mode client
$ knife encrypt update secrets test '{"test":"foo"}' --admins user1,user2 --mode client
ERROR: OpenSSL::PKey::RSAError: padding check failed
$ knife decrypt secrets test 'test' --mode client
ERROR: OpenSSL::PKey::RSAError: padding check failed
Any idea, what's going wrong?
The problem was that we had for us admins always a
user
and aclient
. Chef-vault uses theuser
to encrypt the password, thus I was not able to decrypt it with myclient
certificate (to precise, with the private key of theuser
user1, while there was also aclient
admin1).This was answered by Kevin Moser on GitHub.