Chef vault and add new hosts to a role

Hi All,

I have added a new machine to my existing chef role and while trying to access the secrets i am getting this error message

somewhere/this-is-secret is not encrypted with your public key. Contact an administrator of the vault item to encrypt for you!

Does knife vault update somewhere this-is-a-secret --mode client encrypt the secret with ssh key of the new machine, added to the role?
Do I have to delete and re-create the secret everytime I add a new machine to an existing chef role?

knife vault refresh will reapply the search and pick up new nodes.

Thanks :slight_smile: