From 27c83aef16cf8aa6f829e6e4fcb39d2fdfad7827 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Wed, 30 Nov 2011 14:26:13 -0800
Subject: [PATCH] Make the default path to encrypted data bags `/tmp` [GH-512]

---
 CHANGELOG.md                            | 2 ++
 lib/vagrant/provisioners/chef_client.rb | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 399bb6aa1..9149f4bfc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,8 @@
     `vi` and `emacs`. [GH-515]
   - More correct guest addition version checking. [GH-514]
   - Chef solo support on Windows is improved. [GH-542]
+  - Put encrypted data bag secret into `/tmp` by default so that
+    permissions are almost certainly guaranteed. [GH-512]
 
 ## 0.8.7 (September 13, 2011)
 
diff --git a/lib/vagrant/provisioners/chef_client.rb b/lib/vagrant/provisioners/chef_client.rb
index b7f0136a9..35ccdc71a 100644
--- a/lib/vagrant/provisioners/chef_client.rb
+++ b/lib/vagrant/provisioners/chef_client.rb
@@ -26,7 +26,7 @@ module Vagrant
           @file_cache_path = "/srv/chef/file_store"
           @file_backup_path = "/srv/chef/cache"
           @encrypted_data_bag_secret_key_path = nil
-          @encrypted_data_bag_secret = "/etc/chef/encrypted_data_bag_secret"
+          @encrypted_data_bag_secret = "/tmp/encrypted_data_bag_secret"
         end
 
         def validate(errors)