No longer able to refresh when search_query is empty

[ineednewpajamas]

Version:

4.1.10

Scenario:

I rotated my default user key with

chef-server-ctl delete-user-key
chef-server-ctl add-user-key

and am no longer able to access vault items even if i'm an admin and i receive this message:

ERROR: ChefVault::Exceptions::SecretDecryption: vault/item is encrypted for you, but your private key failed to decrypt the contents.  (if you regenerated your client key, have an administrator of the vault run 'knife vault refresh')

When I use an administrator to run knife vault refresh vault item, i get:

ERROR: ChefVault::Exceptions::SearchNotFound: vault/item does not have a stored search_query, probably because it was created with an older version of chef-vault. Use 'knife vault update' to update the databag with the search query.

I've read the docs and it does not mandate that search_query is required when creating a vault item, we have items covering the following scenarios:

1. no client and no search_query (only admin access)
2. set clients (using -C) and no search_query
3. search_query

Expected Result:

Able to refresh (or another method) vault items that have no search_query so that my regenerated knife client key has access.