We enable encryption by using the output_filter method to our lookup in our policy:
policy :default do
lookup :default do
datasource :file, {
:format => :yaml,
:docroot => "/var/lib/jerakia",
:searchpath => [
"hostname/#{scope[:fqdn]}",
"environment/#{scope[:environment]}",
"common",
],
}
output_filter :encryption
end
end
This instructs Jerakia to pass everything to the encryption filter and to match all the retrieved values against the signature of the encryption provider. If a match is made, the encryption provider will be used to decrypt the value before it is returned.