gistfile1.rb

# cookbooks/keymaster/libraries/decrypt.rb
module Keymaster
  module_function

  def decrypt_data_bag_item(item)
    Chef::Log.info("yeah !")
  end
end

# cookbooks/whatever/metadata.rb
depends "keymaster"

# cookbooks/whatever/recipes/default.rb
item = data_bag_item("some-bag", "some-item")
Keymaster.decrypt_data_bag_item(item)

# cookbooks/keymaster/libraries/decrypt.rb

#class Chef::Recipe::Keymaster
module Keymaster
  module_function

  def decrypt_data_bag_item(databag, item, key_location)
    Chef::Log.info("Decrypting '#{databag}::#{item}' with '#{key_location}'")
    if not File.exists?(key_location)
      raise IOError, "No such file '#{key_location}'"
    end
    decryption_key = Chef::EncryptedDataBagItem.load_secret(key_location)
    content = Chef::EncryptedDataBagItem.load(databag, item,
                                              decryption_key).to_hash
    return content
  end
end

# cookbooks/whatever/metadata.rb
depends "keymaster"

# cookbooks/whatever/recipes/default.rb
dbag_data = Keymaster.decrypt_data_bag_item('credentials',
                                            'securestuff',
                                            '/etc/keys/key.sec')