Data Bags - Secrets should not be read with IO.read() for Encrytped Data Bags

[alexs77]

Follow up to thread at https://discourse.chef.io/t/reading-secret-for-encrypted-data-bag/11414/3

According to the data bags documentation, it should be possible to do this:

data_bag_item('bag', 'item', IO.read('secret_file'))

If the secret in the file secret_file contains trailing whitespace (ie. space or even just a simple new line '\n'!), then Chef (at least version 12.21.4 on Ubuntu 16.04) cannot decode. The encrypted data bag has been created like so:

$ knife data bag create my-data-bag secret_item --local-mode --config-option data_bag_path=./data_bags --secret-file ./.data_bags/secret_file

If the secret has been read with Chef::EncryptedDataBagItem.load_secret('secret_file') or IO.read('secret_file').strip, then it's possible for Chef to decode.

Thus: please change the data bags documentation to show only Chef::EncryptedDataBagItem.load_secret('secret_file').