mattray
commented
10 years ago I've added testing for this in the 2.8 branch, but the more I think about this I'm not sure it's a Spiceweasel bug. I'm assuming you mean that when you put the secret in your knife.rb everything gets encrypted, I don't see a flag to not encrypt. If this is still an issue, you might need to open a bug against Chef.
We are using knife.rb to pass the path of our secret files, but this cause spiceweasel to encrypt all of our data bags, even if we didn't use secret: . The configuration in knife.rb should only be used to allow not to write the path. The data bag should be encrypted only if there is the secret: flag.