create encrypted volume fails

stack with current devstack as of 8/3/2017 (Pike)

enable barbican in local.conf
[[local|localrc]]
enable_plugin barbican https://git.openstack.org/openstack/barbican

once devstack finishes and services are up you can see /etc/cinder/cinder.conf
...
[key_manager]
api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager

from cmdln
  master-vm  vagrant   master  ~  devstack  cinder list
cinder type+----+--------+------+------+-------------+----------+-------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+----+--------+------+------+-------------+----------+-------------+
+----+--------+------+------+-------------+----------+-------------+
-  master-vm  vagrant   master  ~  devstack  cinder type-list
+--------------------------------------+------+-------------+-----------+
| ID | Name | Description | Is_Public |
+--------------------------------------+------+-------------+-----------+
| 0be4eb35-7835-4a3b-89f8-fc71e9c303a2 | lvm | - | True |
| ba936fd6-d01a-40f9-82fc-933b9bd9da75 | nfs | - | True |
+--------------------------------------+------+-------------+-----------+
  master-vm  vagrant   master  ~  devstack  cinder type-create LUKS
+--------------------------------------+------+-------------+-----------+
| ID | Name | Description | Is_Public |
+--------------------------------------+------+-------------+-----------+
| d1e9a6bc-c2bf-4d57-b1c7-0b6440833606 | LUKS | - | True |
+--------------------------------------+------+-------------+-----------+
  master-vm  vagrant   master  ~  devstack  cinder type-key LUKS set volume_backend_name=lvm
  master-vm  vagrant   master  ~  devstack  cinder encryption-type-create --cipher aes-xts-plain64 --key_size 512 \
    --control_location front-end LUKS nova.volume.encryptors.luks.LuksEncryptor
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| Volume Type ID | Provider | Cipher | Key Size | Control Location |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
| d1e9a6bc-c2bf-4d57-b1c7-0b6440833606 | nova.volume.encryptors.luks.LuksEncryptor | aes-xts-plain64 | 512 | front-end |
+--------------------------------------+-------------------------------------------+-----------------+----------+------------------+
  master-vm  vagrant   master  ~  devstack 
  master-vm  vagrant   master  ~  devstack  cinder create --volume-type LUKS --name test 1
ERROR: Key manager error (HTTP 400) (Request-ID: req-b49e8300-5076-4c62-9831-9dbfec61e2ee)

cinder-api.log

Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR castellan.key_manager.barbican_key_manager [None req-b49e8300-5076-4c62-9831-9dbfec61e2ee admin admin] Order is in ERROR status - status code: 500, status reason: Process TypeOrder failure seen - please contact site administrator.
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume [None req-b49e8300-5076-4c62-9831-9dbfec61e2ee admin admin] Key manager error: KeyManagerError: Key manager error: Order is in ERROR status - status code: 500, status reason: Process TypeOrder failure seen - please contact site administrator.
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume Traceback (most recent call last):
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume File "/opt/stack/cinder/cinder/volume/flows/api/create_volume.py", line 400, in _get_encryption_key_id
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume length=length)
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume File "/usr/local/lib/python2.7/dist-packages/castellan/key_manager/barbican_key_manager.py", line 229, in create_key
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume order = self._get_active_order(barbican_client, order_ref)
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume File "/usr/local/lib/python2.7/dist-packages/castellan/key_manager/barbican_key_manager.py", line 388, in _get_active_order
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume raise exception.KeyManagerError(reason=msg)
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume KeyManagerError: Key manager error: Order is in ERROR status - status code: 500, status reason: Process TypeOrder failure seen - please contact site administrator.
Aug 03 17:56:47 master-vm <email address hidden>[13448]: ERROR cinder.volume.flows.api.create_volume