I thought that the way to go would be encrypted data-bags but when I finally got them to work on chef-solo I found out that chef looks for a AES key on the machine that I'm provisioning.
In addition though I had to create a new private key in order for chef to encrypt the data, I'm not requested to enter the key's passphrase when decrypting so I assume it isn't actually being used.
So, am I forced to copy an AES key manually to each machine before running "knife cook" on it or did I do something wrong along the way and chef was supposed to copy the key by itself?
