//! Invariant: decrypting a nonexistent secret returns SecretNotFound.
use crate::common;
use envseal::error::Error;
#[test]
fn decrypt_nonexistent() {
let (_dir, vault) = common::temp_vault();
let err = vault.decrypt("nope").unwrap_err();
assert!(
matches!(err, Error::SecretNotFound(ref name) if name == "nope"),
"Fix: decrypt of nonexistent secret must return SecretNotFound, got {err:?}"
);
}