Keyvault Error - Failed to Decrypt
If you encounter errors like the following after a PrivX upgrade:
KEYVAULT [ERROR] failed to decrypt: decrypt failed
KEYVAULT [DEBUG] 400 BAD_REQUEST failed to decrypt: decrypt failed
This likely results from running postinstall.sh
with the --clean
option, which should not be done in a PrivX-upgrade scenario.
The --clean
option removes and regenerates all PrivX configuration files, keys, and related files.
As a result, after PrivX is upgraded and started, it tries to use the
new configuration files and settings, which leads to failures.
To recover from this scenario, you must restore PrivX back to pre-upgrade stage:
- Restore the database state.
- Downgrade PrivX back to the previous version.
- Restore all PrivX files from backup.
- Restart PrivX services.
You may then try to upgrade again. If you encounter errors during upgrade, check the
installation logs /var/logs/privx-install.log
. Fix any issues described in the logs, then retry postinstall.sh
. Do not use the --clean
option.