`pgsodium_crypto_aead_det_decrypt_by_id: invalid ciphertext` when trying to read `vault.decrypted_secrets` with SQL libraries

[hkamran80]

Bug report

• [x] I confirm this is a bug with Supabase, not with my own application.
• [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I cannot retrieve any data from the vault.decrypted_secrets view when using any SQL library or psql. I can, however, retrieve data using clients such as DbVisualizer. I am using a Postgres database where I installed the Vault extension, and querying the database with the following:

SELECT * FROM vault.decrypted_secrets WHERE id = 'a9dd1165-0c49-4050-9ff5-e9ce7c2d3793';

psql throws the following error:

ERROR:  pgsodium_crypto_aead_det_decrypt_by_id: invalid ciphertext
CONTEXT:  PL/pgSQL function pgsodium.crypto_aead_det_decrypt(bytea,bytea,uuid,bytea) line 12 at RETURN

psycopg2 throws the following error:

psycopg2.errors.DataException: pgsodium_crypto_aead_det_decrypt_by_id: invalid ciphertext
CONTEXT:  PL/pgSQL function pgsodium.crypto_aead_det_decrypt(bytea,bytea,uuid,bytea) line 12 at RETURN

With Prisma, I have the multiSchema and views preview features enabled with the following schema (generated with prisma db pull):

model secrets {
  id          String   @id @default(dbgenerated("gen_random_uuid()")) @db.Uuid
  name        String?
  description String   @default("")
  secret      String
  key_id      String?  @default(dbgenerated("(pgsodium.create_key()).id")) @db.Uuid
  nonce       Bytes?   @default(dbgenerated("pgsodium.crypto_aead_det_noncegen()"))
  created_at  DateTime @default(now()) @db.Timestamptz(6)
  updated_at  DateTime @default(now()) @db.Timestamptz(6)
  users       users?

  @@schema("vault")
}

view decrypted_secrets {
  id               String   @id @db.Uuid
  name             String?
  description      String?
  secret           String
  decrypted_secret String
  key_id           String   @db.Uuid
  nonce            Bytes
  created_at       DateTime @db.Timestamptz(6)
  updated_at       DateTime @db.Timestamptz(6)

  @@schema("vault")
}

The query I am using to retrieve records is:

const token = await prisma.decrypted_secrets.findFirst({
    where: { id: "a9dd1165-0c49-4050-9ff5-e9ce7c2d3793" },
});
console.log(token);

Prisma throws the following error:

PrismaClientUnknownRequestError: 
Invalid `prisma.decrypted_secrets.findFirst()` invocation:

Error occurred during query execution:
ConnectorError(ConnectorError { user_facing_error: None, kind: QueryError(PostgresError { code: "22000", message: "pgsodium_crypto_aead_det_decrypt_by_id: invalid ciphertext", severity: "ERROR", detail: None, column: None, hint: None }), transient: false })

To Reproduce

Set up a Postgres database, install the Vault extension, and try querying the decrypted_secrets view from psql, Prisma, psycopg2, or something similar.

Expected behavior

I expected to receive a row with a decrypted_secret column.

Screenshots

N/A

System information

• OS: macOS
• Browser (if applies): N/A
• Version of supabase-js: N/A
• Version of Node.js: 19.0.1

Additional context

I'm only able to query the records through DbVisualizer right now.

[hkamran80]

Changing the name of the secret with vault.update_secret seemed to fix it.