We enable encryption by using the output_filter method to our lookup in our policy:
policy :default do lookup :default do datasource :file, { :format => :yaml, :docroot => "/var/lib/jerakia", :searchpath => [ "hostname/#{scope[:fqdn]}", "environment/#{scope[:environment]}", "common", ], } output_filter :encryption end end
This instructs Jerakia to pass everything to the encryption filter and to match all the retrieved values against the signature of the encryption provider. If a match is made, the encryption provider will be used to decrypt the value before it is returned.