chef12 encrypted data bags - any changes / benefits against chef11?

Hi chef folks!

I know what chef11 data bags are. I wonder if there are any changes / updates / improvements for data bags in chef12?

To be precise I know as with chef11 one should provide so called encrypted key on a side of node being converged.
We have a hundreds of nodes on our environment and a lot of plain text data bags, moving our data bags to encrypted ones means we have to ensure some how that encrypted key file will be at every node which is very tedious.

I wonder if chef12 help me from necessity of deliver such a file on every node out of hundreds as I said? May be chef12 has more convenient way to ensure that encrypted data bag gets de-cryped on node side?

Thanks in advance.

There are options that make this better - if you’re not in a cloud environment and have to deal with autoscaling you should check out this blog post on chef-vault.

Hi Thom! Thanks, will look at this then …