Hi, thanks for this tool. If passwords are read from files \n characters are not stripped (which --vault-password-file seems to do, so after rekeying everything with the same file, it does not match.

A splitlines()[0] fixes this (line 373, vault2vault.py):

return VaultSecret(infile.read().splitlines()[0])