A2A is used by administrators to retrieve secrets from PAM. For some of the secrets, the raw output is provided when the -x is given rather than the XML output that is expected. When the same command is called without the -x switch for that same secret, a "failed to decrypt" error occurs.

Example:

> cspmclient.exe "BadSecret" -x
{
   "key1": "value1",
   "key2": "value2"
}

> cspmclient.exe "BadSecret"
wbAesDecryptFixedVarFIPS,Failed to decrypt, code: 0x806
408 null null, system error, signal: 11 caught, call Xceedium

According to the Managing Secrets documentation page, PAM does not support a space in the secret name.

Remove any space(s) from the secret name or replace them with a dash/underscore.

Beginning with 4.3.2, PAM will give an error when trying to add or update a secret if there is a space in the name.