Keyvault Error - Failed to Decrypt

If you encounter errors like the following after a PrivX upgrade:

KEYVAULT [ERROR]  failed to decrypt: decrypt failed
KEYVAULT [DEBUG]  400 BAD_REQUEST failed to decrypt: decrypt failed

This likely results from running postinstall.sh with the --clean option, which should not be done in a PrivX-upgrade scenario.

The --clean option removes and regenerates all PrivX configuration files, keys, and related files. As a result, after PrivX is upgraded and started, it tries to use the new configuration files and settings, which leads to failures.

To recover from this scenario, you must restore PrivX back to pre-upgrade stage:

  • Restore the database state.
  • Downgrade PrivX back to the previous version.
  • Restore all PrivX files from backup.
  • Restart PrivX services.

You may then try to upgrade again. If you encounter errors during upgrade, check the installation logs /var/logs/privx-install.log. Fix any issues described in the logs, then retry postinstall.sh . Do not use the --clean option.

Was this page helpful?