Quick Guide to Chef-Vault
1) Create a cleartext JSON file to be encrypted
2) Create a vault from the file
knife vault create myvault mysecrets -J /path/to/secrets.json
Note: This only creates the vault locally. You’ll still need to upload the databag items (the encrypted content and the corresponding keys) to the Chef Server - outlined in the the last step.
3) Specify who gets to access the vault (can be users or nodes)
knife vault update myvault mysecrets -A "mynode.fqdn.com,mynode2.fqdn.com,user2,user3"
4) Upload the newly created vault
cd /to/chef-repo/dir knife upload data_bags/myvault