Hmmf. If you have to manage one of your hosts entirely manually, especially for things like package management or security credentials, why are you bothering to use a configuration automation tool like Chef? Why not just write your own scripts for everything?
Part of the answer is that Chef has good cookbooks for doing well defined actions. Part of the risk is that you'll cut your own legs out from under yourself with firewall changes, or erroneous bootstrapping, and kill the Chef server you need to use to reset the chef server itself. One way around that is don't rely on the Chef service on that particular host. Use chef-zero, instead, with the git repository you should be using anyway to upload cookbooks and roles and databags. I've maintained a git repo for just that sort of use for years, at https://github.com/nkadel/nkadel-chef-local-wrapper .It's also very useful for testing chef cookbooks or roles in an environment with no communication with the chef server, such as on an isolated VM in a de-militarized zone of your local network.
That is a greate way to test out chef-server roles and playbooks if you need it, without corrupting cookbooks that live servers use. Enjoy.