Add support for Chef encrypted data bags: http://wiki.opscode.com/display/chef/Encrypted+Data+Bags

Add two configuration options to chef_server provision:
  encrypted_data_bag_secret_key_path - the location of your encrypted secret key on your local machine
  encrypted_data_bag_secret - the location you wish to place the key on the target machine and the value of Chef::Config[:encrypted_data_bag_secret]. Default value of "/etc/chef/encrypted_data_bag".

lib/vagrant/provisioners/chef_server.rb

@@ -15,6 +15,8 @@ module Vagrant
         attr_accessor :file_cache_path
         attr_accessor :file_backup_path
         attr_accessor :environment
+        attr_accessor :encrypted_data_bag_secret_key_path
+        attr_accessor :encrypted_data_bag_secret
 
         def initialize
           super
@@ -23,6 +25,8 @@ module Vagrant
           @client_key_path = "/etc/chef/client.pem"
           @file_cache_path = "/srv/chef/file_store"
           @file_backup_path = "/srv/chef/cache"
+          @encrypted_data_bag_secret_key_path = nil
+          @encrypted_data_bag_secret = "/etc/chef/encrypted_data_bag_secret"
         end
 
         def validate(errors)
@@ -45,6 +49,7 @@ module Vagrant
         chown_provisioning_folder
         create_client_key_folder
         upload_validation_key
+        upload_encrypted_data_bag_secret if config.encrypted_data_bag_secret_key_path
         setup_json
         setup_server_config
         run_chef_client
@@ -64,6 +69,11 @@ module Vagrant
         vm.ssh.upload!(validation_key_path, guest_validation_key_path)
       end
       
+      def upload_encrypted_data_bag_secret
+        env.ui.info I18n.t("vagrant.provisioners.chef.upload_encrypted_data_bag_secret_key")
+        vm.ssh.upload!(encrypted_data_bag_secret_key_path, config.encrypted_data_bag_secret)
+      end
+
       def setup_server_config
         setup_config("chef_server_client", "client.rb", {
           :node_name => config.node_name,
@@ -73,7 +83,8 @@ module Vagrant
           :client_key => config.client_key_path,
           :file_cache_path => config.file_cache_path,
           :file_backup_path => config.file_backup_path,
-          :environment => config.environment
+          :environment => config.environment,
+          :encrypted_data_bag_secret => config.encrypted_data_bag_secret
         })
       end
 
@@ -97,6 +108,10 @@ module Vagrant
         File.expand_path(config.validation_key_path, env.root_path)
       end
       
+      def encrypted_data_bag_secret_key_path
+        File.expand_path(config.encrypted_data_bag_secret_key_path, env.root_path)
+      end
+
       def guest_validation_key_path
         File.join(config.provisioning_path, "validation.pem")
       end

templates/chef_server_client.erb

@@ -10,6 +10,8 @@ validation_client_name "<%= validation_client_name %>"
 validation_key         "<%= validation_key %>"
 client_key             "<%= client_key %>"
 
+encrypted_data_bag_secret "<%= encrypted_data_bag_secret %>"
+
 <% unless environment.nil? %>
 environment        "<%= environment %>"
 <% end %>

templates/locales/en.yml

@@ -465,6 +465,7 @@ en:
         json: "Generating chef JSON and uploading..."
         client_key_folder: "Creating folder to hold client key..."
         upload_validation_key: "Uploading chef client validation key..."
+        upload_encrypted_data_bag_secret_key: "Uploading chef encrypted data bag secret key..."
         running_client: "Running chef-client..."
         running_solo: "Running chef-solo..."
         invalid_provisioner: "Vagrant::Provisioners::Chef is not a valid provisioner! Use ChefSolo or ChefServer instead."

test/vagrant/provisioners/chef_server_test.rb

@@ -162,7 +162,8 @@ class ChefServerProvisionerTest < Test::Unit::TestCase
         :client_key => @config.client_key_path,
         :file_cache_path => @config.file_cache_path,
         :file_backup_path => @config.file_backup_path,
-        :environment => @config.environment
+        :environment => @config.environment,
+        :encrypted_data_bag_secret => @config.encrypted_data_bag_secret
       })
 
       @action.setup_server_config