Comment 1 for bug 1037753

Cool, so possible idea here.

Have the 'root' datasource expose a 'public' (readable) copy of itself with the following restrictions.

If there is any userdata:

If there is a config option 'encrypt_queryable_user_data' : false (default true), then just leave userdata alone.

Otherwise if true, attempt to encrpyt with ssh keys (generated by previous module).

- openssl rsautl -encrypt -inkey /tmp/public.pub -pubin -in /tmp/msg.txt -out /tmp/file.enc (or similar)
- if that fails, just remove the user-data (empty string)

Then write out that public copy to a file that can be used by this new cloud-init query tool.

The tool itself can be asked for certain datasource fields and show them back, more features here to inspect other files can be added later (?)