Error listing in KV Secrets

I’m just getting started with Vault and have hit an interesting error that I can’t seem to figure out how to fix:

So, I have three secrets:

  • secret/a/b/c
  • secret/a/b/d
  • secret/a/b/e

If I run vault kv list secret/a/b it shows keys c, d and e.
If I run vault kv list secret/a/b/c I get the following error:

invalid ciphertext: version number could not be decoded

Is there a suitable way to fix this or prune the secrets below b and start again.

I’ve figured it out. I’m using the MySQL storage engine and the path’s were too long for the database field column. I’ve altered the size of the vault_key column to max I can (767 due to index limitations).

Then I had to delete the rows from the database that had a vault_key of the old field size (there was a couple). Having done that I could recreate the secrets that I’d lost.

I’ve turned on innodb_large_prefix and innodb_strict_mode in MySQL so hopefully I’ll avoid the issue in the future.