Comment 0 for bug 1817082

This is a request to add support for the client configuration option "encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef` configuration block.

Use Case:

Enable cloud-init to manage Chef deployments where encrypted data bags are in use. The path to the secrets can be configured with Cloud init, while the secrets files themselves can be supplied via an external facility (e.g., Barbican, Vault).

Example:

# cloud-init
chef:
   install_type: "packages"
   server_url: https://api.opscode.com/organizations/myorg
   environment: dev
   validation_name: dev-validator
   validation_cert: dev-validator.pem
   run_list: role[db]
   encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret

=>

# /etc/chef/client.rb
log_level :info
log_location "/var/log/chef/client.log"
ssl_verify_mode :verify_none
validation_client_name "dev-validator"
validation_key "/etc/chef/validation.pem"
client_key "/etc/chef/client.pem"
chef_server_url "https://api.opscode.com/organizations/myorg"
environment "dev"
node_name "5a2f89c3-da3a-4c83-85d8-cbc8fa63f429"
json_attribs "/etc/chef/firstboot.json"
file_cache_path "/var/cache/chef"
file_backup_path "/var/backups/chef"
pid_file "/var/run/chef/client.pid"
Chef::Log::Formatter.show_time = true
encrypted_data_bag_secret "encrypted_data_bag_secret"

Thanks,
Eric