Encrypt/Decrypt chef data bags locally

decrypt.rb

#!/usr/bin/env ruby

require 'chef/encrypted_data_bag_item'
require 'json'

secret = Chef::EncryptedDataBagItem.load_secret ARGV[0]

to_decrypt = JSON.parse($stdin.read)

id = to_decrypt.delete('id')

decrypted_data = to_decrypt.reduce({}) do |h,(k,v)|
  decryptor = Chef::EncryptedDataBagItem::Decryptor.for(v, secret)
  h[k] = Chef::JSONCompat.parse(decryptor.decrypted_data)['json_wrapper']
  h
end

decrypted_data['id'] = id

puts JSON.dump decrypted_data

encrypt.rb

#!/usr/bin/env ruby

require 'chef/encrypted_data_bag_item'
require 'json'

secret = Chef::EncryptedDataBagItem.load_secret ARGV[0]

to_encrypt = JSON.parse($stdin.read)

encrypted_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item to_encrypt, secret

puts JSON.dump encrypted_data