In my case the process was interrupted by OOM kill:
vyos@vyos:~$ encryption enable Automatically generate a recovery key? [Y/n] Enter size of encrypted config partition (MB): (Default: 512) [ 709.505455] Out of memory: Killed process 3512 (cryptsetup) total-vm:179512kB, anon-rss:146652kB, file-rss:1920kB, shmem-rss:0kB, UID:0 pgtables:356kB0 Failed to encrypt config: [Errno -9] failed to run command: None cryptsetup -q luksAddKey /lib/live/mount/persistence/luks/2025.08.02-1144-integration /d8 returned: exit code: -9
Seems like the interrupted process applying necessary changes only partially causing config errors:
vyos@vyos:~$ encryption disable Moving existing /config folder to /config.old Failed to decrypt config: [Errno 32] failed to run command: None mount /dev/mapper/vyos_config /tmp/tmpigeaghdc returned: exit code: 32
On system load:
[ 171.902150] vyos-router[1424]: mount: /config: wrong fs type, bad option, bad superblock on /dev/mapper/vyos_config, missingr [ 172.039630] vyos-router[1424]: dmesg(1) may have more information after failed mount system call. [ 172.300137] vyos-router[1425]: mount: /opt/vyatta/etc/config: wrong fs type, bad option, bad superblock on /dev/mapper/vyos_r [ 172.421024] vyos-router[1425]: dmesg(1) may have more information after failed mount system call.
Probably some failed encryption recovery is required for encryption processes