• Troubleshooting
  • Installation and Upgrade Issues

Keyvault Decryption Fails

After a PrivX upgrade, you may see error messages like the following in your logs:

KEYVAULT [ERROR]  failed to decrypt: decrypt failed
KEYVAULT [DEBUG]  400 BAD_REQUEST failed to decrypt: decrypt failed

These errors typically occur when the upgrade was performed using the --clean option with postinstall.sh.

However, the --clean option must not be used during PrivX upgrades. It deletes and regenerates all PrivX configuration files, keys, and related data.

After such a reset, PrivX attempts to start with new keys and settings, which causes decryption failures due to mismatch with the original encrypted data.

Potential Solution

To recover from this state, you must restore PrivX back to its pre-upgrade state:

  • Restore the PrivX database state.
  • Downgrade PrivX to the previous working version.
  • Restore all configuration files and keys from backup.
  • Restart PrivX services.

Once recovery is complete, you may retry the upgrade again.

If you encounter issues during the upgrade, consult the installation logs located at /var/logs/privx-install.log.

Review and resolve any reported issues, then rerun postinstall.sh without the --clean option.

Was this page helpful?