I'd like to point out that the command description doesn't very well point out, how the command really works for the less experienced user.
One important point is, that you do NOT pass a tag to openssl_encrypt. Any value in the tag variable will be overwritten by openssl_encrypt. It by itself will create a tag which you will need to store.
To be able to decrypt the encrypted secret with openssl_decrypt, you need to provide (at least) the secret, the cipher, the initialization vector, and the tag.