In an excellent write-up on [using Chef to provision a Rails/Postgres server][chefwriteup], I ran across this a [code comment][deployuser] with a suggested use of OpenSSL:
{
"id": "deploy",
// generate this with: openssl passwd -1 "plaintextpassword"
"password": "",
// the below should contain a list of ssh public keys which should
// be able to login as deploy