From 7f5c85cf2070d18852f602e4d3787b411034cdc9 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Tue, 31 Dec 2013 10:44:08 -0800
Subject: [PATCH] provisioners/chef-solo: delete data bag secret [GH-2712]

---
 CHANGELOG.md                                       | 2 ++
 plugins/provisioners/chef/provisioner/chef_solo.rb | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4d3e00027..6f1780f88 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,8 @@
 IMPROVEMENTS:
 
   - guests/linux: emit upstart event when NFS folders are mounted. [GH-2705]
+  - provisioners/chef-solo: Encrypted data bag secret is removed from the
+    machine after provisioning. [GH-2712]
 
 BUG FIXES:
 
diff --git a/plugins/provisioners/chef/provisioner/chef_solo.rb b/plugins/provisioners/chef/provisioner/chef_solo.rb
index 3e2853325..4fd2930bd 100644
--- a/plugins/provisioners/chef/provisioner/chef_solo.rb
+++ b/plugins/provisioners/chef/provisioner/chef_solo.rb
@@ -52,6 +52,7 @@ module VagrantPlugins
           setup_json
           setup_solo_config
           run_chef_solo
+          delete_encrypted_data_bag_secret
         end
 
         # Converts paths to a list of properly expanded paths with types.
@@ -113,6 +114,12 @@ module VagrantPlugins
           end
         end
 
+        def delete_encrypted_data_bag_secret
+          @machine.communicate.tap do |comm|
+            comm.sudo("rm -f #{@config.encrypted_data_bag_secret}", error_check: false)
+          end
+        end
+
         def upload_encrypted_data_bag_secret
           @machine.env.ui.info I18n.t("vagrant.provisioners.chef.upload_encrypted_data_bag_secret_key")
           @machine.communicate.tap do |comm|