The problem was that we had for us admins always a user
and a client
. Chef-vault uses the user
to encrypt the password, thus I was not able to decrypt it with my client
certificate (to precise, with the private key of the user
user1, while there was also a client
admin1).
This was answered by Kevin Moser on GitHub.