Ansible keeper_get throwing Exception: Cannot get record: Incorrect padding

[Spazzy757]

When running keeper_get I'm getting an error:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Exception: Cannot get record: Incorrect padding
fatal: [edge_arm]: FAILED! => {"msg": "Unexpected failure during module execution: Cannot get record: Incorrect padding", "stdout": ""}

System Info:

ansible-playbook [core 2.17.3]
  python version = 3.12.5 (main, Aug 13 2024, 01:30:38) [GCC 12.2.0] (/usr/local/bin/python)
  jinja version = 3.1.4
  libyaml = True

keeper module version: 1.2.4
OS: linux

i've also tried on on pythons version 3.10 and 3.11 with the exact same error

Example setup:

- name: 'Example'
  keeper_get:
    uid: "XXXXXXXXXXX"
    field: note
  register: secret
  tags:
    - pull_secrets

Error stack trace

2024-10-08 13:24:14,883 | ksm | DEBUG | Public key id NN does not exists, set to default : 10
2024-10-08 13:24:14,883 | ksm | DEBUG | Already bound
2024-10-08 13:24:14,884 | ksm | DEBUG | Keeper hostname keepersecurity.eu
Keeper Secrets Manager is not using a DR file cache.
Loading keeper config from Ansible vars.
The full traceback is:
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 416, in get_records_from_vault
    records = self.client.get_secrets(uids)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 821, in get_secrets
    return self.get_secrets_with_options(query_options, full_response)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 829, in get_secrets_with_options
    records_resp = self.fetch_and_decrypt_secrets(query_options)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 722, in fetch_and_decrypt_secrets
    decrypted_response_bytes = self._post_query(
                               ^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 550, in _post_query
    encrypted_payload_and_signature = self.encrypt_and_sign_payload(self.config, transmission_key, payload)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 308, in encrypt_and_sign_payload
    pk = CryptoUtils.der_base64_private_key_to_private_key(private_key)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/crypto.py", line 250, in der_base64_private_key_to_private_key
    private_key_der_base64 = utils.base64_to_bytes(private_key_der_base64)
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/utils.py", line 80, in base64_to_bytes
    return base64.urlsafe_b64decode(s)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/base64.py", line 134, in urlsafe_b64decode
    return b64decode(s)
           ^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/base64.py", line 88, in b64decode
    return binascii.a2b_base64(s, strict_mode=validate)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
binascii.Error: Incorrect padding

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/ansible/executor/task_executor.py", line 164, in run
    res = self._execute()
          ^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/ansible/executor/task_executor.py", line 636, in _execute
    result = self._handler.run(task_vars=vars_copy)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/plugins/action_plugins/keeper_get.py", line 175, in run
    value = keeper.get_value(uid=uid, title=title, field_type=field_type_enum, key=field_key,
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 527, in get_value
    record = self.get_record(uids=uid, titles=title, cache=cache)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 464, in get_record
    records = self.get_records(cache=cache, uids=uids, titles=titles)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 456, in get_records
    records = self.get_records_from_vault(uids=uids, titles=titles, encrypt=encrypt)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 418, in get_records_from_vault
    raise Exception("Cannot get record: {}".format(err))
Exception: Cannot get record: Incorrect padding
fatal: [edge158]: FAILED! => {
    "msg": "Unexpected failure during module execution: Cannot get record: Incorrect padding",
    "stdout": ""
}
The full traceback is:
Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 416, in get_records_from_vault
    records = self.client.get_secrets(uids)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 821, in get_secrets
    return self.get_secrets_with_options(query_options, full_response)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 829, in get_secrets_with_options
    records_resp = self.fetch_and_decrypt_secrets(query_options)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 722, in fetch_and_decrypt_secrets
    decrypted_response_bytes = self._post_query(
                               ^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 550, in _post_query
    encrypted_payload_and_signature = self.encrypt_and_sign_payload(self.config, transmission_key, payload)
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/core.py", line 308, in encrypt_and_sign_payload
    pk = CryptoUtils.der_base64_private_key_to_private_key(private_key)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/crypto.py", line 250, in der_base64_private_key_to_private_key
    private_key_der_base64 = utils.base64_to_bytes(private_key_der_base64)
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_core/utils.py", line 80, in base64_to_bytes
    return base64.urlsafe_b64decode(s)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/base64.py", line 134, in urlsafe_b64decode
    return b64decode(s)
           ^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/base64.py", line 88, in b64decode
    return binascii.a2b_base64(s, strict_mode=validate)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
binascii.Error: Incorrect padding

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/ansible/executor/task_executor.py", line 164, in run
    res = self._execute()
          ^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/ansible/executor/task_executor.py", line 636, in _execute
    result = self._handler.run(task_vars=vars_copy)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/plugins/action_plugins/keeper_get.py", line 175, in run
    value = keeper.get_value(uid=uid, title=title, field_type=field_type_enum, key=field_key,
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 527, in get_value
    record = self.get_record(uids=uid, titles=title, cache=cache)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 464, in get_record
    records = self.get_records(cache=cache, uids=uids, titles=titles)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 456, in get_records
    records = self.get_records_from_vault(uids=uids, titles=titles, encrypt=encrypt)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/keeper_secrets_manager_ansible/__init__.py", line 418, in get_records_from_vault
    raise Exception("Cannot get record: {}".format(err))
Exception: Cannot get record: Incorrect padding
fatal: [edge159]: FAILED! => {
    "msg": "Unexpected failure during module execution: Cannot get record: Incorrect padding",
    "stdout": ""
}

[Spazzy757]

Seems to be due to a config error on credentials, however it might be nice to add some validation on credentials and possibly a better message on what the problem is