chef-vault 3.4.0.pre.pre419 → 3.4.0.pre.pre420

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: afa80a19e69d16827eea4bb9e18dc068aee734ad
-  data.tar.gz: 6bdf3d1a38fa49ca0dbbc85b7de7ffc15ecab4e7
+  metadata.gz: 51f3fb6cdb7f73d0ed2ba9d209af4aeb06f3e778
+  data.tar.gz: 42a7cf0de7e754f2f1ac91c091e59f50db8ba3fe
 SHA512:
-  metadata.gz: 6a94f12bf17fa7460eae4cd1a682e52d0055c88486ac727b5fdf8ff0fa0d6dfa11b50b4cc775f7d3e307ed1d50d79c10150167643307e791866b6ec3b7291cbe
-  data.tar.gz: f2d35da47be2259f84a723b4a08572bf60a4281d2f636ebce876601391b107520e5e1dc5599553ee1d97faeb347f9d83334d5a13e1957de0db62f2a9dc2364eb
+  metadata.gz: fc02ff8d9a92aec76fd0fa2957590030872f2f788693dbe63b46d865960718ba082ba8e51d010f636d80d888cfec5625fd8321160bff1d62772329122c114865
+  data.tar.gz: 27bb77d62cd0d5349667399a5bb16c334e124a0076f8b481680ddedb1f1d500eac97f1dd625ce3ba30499477f0df6ef0111895dc1c56652a275e478b30213bd5

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 3.4.0.pre.pre419
+  version: 3.4.0.pre.pre420
 platform: ruby
 authors:
 - Thom May
@@ -102,43 +102,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/CODEOWNERS"
-- ".gitignore"
-- ".rspec"
-- ".rubocop.yml"
-- ".simplecov"
-- ".travis.yml"
-- Changelog.md
-- DEMO.md
-- Gemfile
-- KNIFE_EXAMPLES.md
 - LICENSE
-- README.md
-- Rakefile
-- THEORY.md
-- UPGRADE.md
-- appveyor.yml
 - bin/chef-vault
-- chef-vault.gemspec
-- features/clean.feature
-- features/clean_on_refresh.feature
-- features/clean_unknown_clients.feature
-- features/detect_and_warn_v1_vault.feature
-- features/isvault.feature
-- features/itemtype.feature
-- features/step_definitions/chef-databag.rb
-- features/step_definitions/chef-repo.rb
-- features/step_definitions/chef-vault.rb
-- features/step_definitions/chef_databagitem.rb
-- features/support/env.rb
-- features/vault_create.feature
-- features/vault_list.feature
-- features/vault_show.feature
-- features/vault_show_vaultname.feature
-- features/vault_update.feature
-- features/verify_id_matches.feature
-- features/wrong_private_key.feature
-- hooks/pre-commit
 - lib/chef-vault.rb
 - lib/chef-vault/actor.rb
 - lib/chef-vault/certificate.rb
@@ -166,15 +131,6 @@ files:
 - lib/chef/knife/vault_rotate_keys.rb
 - lib/chef/knife/vault_show.rb
 - lib/chef/knife/vault_update.rb
-- spec/chef-vault/actor_spec.rb
-- spec/chef-vault/certificate_spec.rb
-- spec/chef-vault/chef_api_spec.rb
-- spec/chef-vault/item_keys_spec.rb
-- spec/chef-vault/item_spec.rb
-- spec/chef-vault/user_spec.rb
-- spec/chef-vault_spec.rb
-- spec/spec_helper.rb
-- tasks/github_changelog_generator.rb
 homepage: https://github.com/chef/chef-vault
 licenses:
 - Apache License, v2.0

data/.github/CODEOWNERS

@@ -1,2 +0,0 @@
-* @chef/chef-vault-maintainers
-

data/.gitignore

@@ -1,33 +0,0 @@
-" from https://github.com/github/gitignore/blob/master/Ruby.gitignore
-*.gem
-*.rbc
-/.config
-/coverage/
-/InstalledFiles
-/pkg/
-/spec/reports/
-/test/tmp/
-/test/version_tmp/
-/tmp/
-
-## Documentation cache and generated files:
-/.yardoc/
-/_yardoc/
-/doc/
-/rdoc/
-
-## Environment normalisation:
-/.bundle/
-/lib/bundler/man/
-/binstubs/
-
-# for a library or gem, you might want to ignore these files since the code is
-# intended to run in multiple environments; otherwise, check them in:
-Gemfile.lock
-.ruby-version
-.ruby-gemset
-
-# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
-.rvmrc
-
-.chef

data/.rspec

@@ -1,2 +0,0 @@
---color
---require spec_helper

data/.rubocop.yml

@@ -1,6 +0,0 @@
-AllCops:
-  Exclude:
-    - "spec/data/**/*"
-    - "vendor/**/*"
-    - "pkg/**/*"
-    - "tmp/**/*"

data/.simplecov

@@ -1,6 +0,0 @@
-require 'simplecov-console'
-SimpleCov.formatters = [
-  SimpleCov::Formatter::HTMLFormatter,
-  SimpleCov::Formatter::Console
-]
-SimpleCov.start

data/.travis.yml

@@ -1,19 +0,0 @@
-language: ruby
-branches:
-  only:
-  - master
-rvm:
-- 2.2.5
-- 2.3.1
-- 2.4.1
-install: bundle install --binstubs --without changelog
-before_install: gem install bundler
-env: TRAVIS_BUILD=true
-deploy:
-  provider: rubygems
-  api_key:
-    secure: NNbOEQWaX+67bsMd1A/BB5lxd2dDzx+4uYsKxSvhVvx34UixKoLRmPhGJr0WapndsXdnG+crPpx3gpseOfJ3u42uNHQI9ASsgOOgmEiJKcW/MO/IQReRI998+XH2A4QLfLQ4JIWjpl8KNZCJSCp7w1LnDV6imy7FSM0mWS+3Lzk=
-  gem: chef-vault
-  on:
-    repo: chef/chef-vault
-    branch: master

data/Changelog.md

@@ -1,141 +0,0 @@
-# Change Log
-
-## [v3.3.0](https://github.com/chef/chef-vault/tree/v3.3.0) (2017-07-28)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.2.0...v3.3.0)
-
-**Closed issues:**
-
-- With recreated nodes, existing keys are not updated [\#286](https://github.com/chef/chef-vault/issues/286)
-
-## [v3.2.0](https://github.com/chef/chef-vault/tree/v3.2.0) (2017-07-11)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.1.0...v3.2.0)
-
-**Closed issues:**
-
-- offline network installation of the chef-vault gem [\#279](https://github.com/chef/chef-vault/issues/279)
-
-## [v3.1.0](https://github.com/chef/chef-vault/tree/v3.1.0) (2017-07-04)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.9.2...v3.1.0)
-
-## [v2.9.2](https://github.com/chef/chef-vault/tree/v2.9.2) (2017-06-21)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.3...v2.9.2)
-
-**Implemented enhancements:**
-
-- Assume all nodes matching the search query are valid nodes [\#272](https://github.com/chef/chef-vault/pull/272) ([kamaradclimber](https://github.com/kamaradclimber))
-- Avoid re-encrypting key for all existing clients [\#269](https://github.com/chef/chef-vault/pull/269) ([kamaradclimber](https://github.com/kamaradclimber))
-
-**Fixed bugs:**
-
-- Fix fatal error during create [\#281](https://github.com/chef/chef-vault/pull/281) ([neclimdul](https://github.com/neclimdul))
-- Avoid sparse key read for non sparse secrets [\#280](https://github.com/chef/chef-vault/pull/280) ([kamaradclimber](https://github.com/kamaradclimber))
-- Make sure sparse mode is used on secrets where it is explicit [\#271](https://github.com/chef/chef-vault/pull/271) ([kamaradclimber](https://github.com/kamaradclimber))
-
-## [v3.0.3](https://github.com/chef/chef-vault/tree/v3.0.3) (2017-05-03)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.2...v3.0.3)
-
-**Fixed bugs:**
-
-- Reduce the search response limit from 100k to 10k [\#275](https://github.com/chef/chef-vault/pull/275) ([btm](https://github.com/btm))
-- Replace edit\_data\(\) with edit\_hash\(\) in vault\_edit.rb [\#274](https://github.com/chef/chef-vault/pull/274) ([tmaczukin](https://github.com/tmaczukin))
-
-## [v3.0.2](https://github.com/chef/chef-vault/tree/v3.0.2) (2017-04-20)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.1...v3.0.2)
-
-## [v3.0.1](https://github.com/chef/chef-vault/tree/v3.0.1) (2017-04-11)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0...v3.0.1)
-
-**Fixed bugs:**
-
-- Change the chef dependency to development only [\#266](https://github.com/chef/chef-vault/pull/266) ([thommay](https://github.com/thommay))
-
-## [v3.0.0](https://github.com/chef/chef-vault/tree/v3.0.0) (2017-04-10)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.9.1...v3.0.0)
-
-**Implemented enhancements:**
-
-- Vault creation, list, and destruction in sparse mode [\#252](https://github.com/chef/chef-vault/pull/252) ([rveznaver](https://github.com/rveznaver))
-
-## [v2.9.1](https://github.com/chef/chef-vault/tree/v2.9.1) (2017-01-19)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc2...v2.9.1)
-
-## [v3.0.0.rc2](https://github.com/chef/chef-vault/tree/v3.0.0.rc2) (2016-12-05)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc1...v3.0.0.rc2)
-
-**Implemented enhancements:**
-
-- Add feature to save each key in different data bag item [\#246](https://github.com/chef/chef-vault/pull/246) ([rveznaver](https://github.com/rveznaver))
-- Enable testing with Chef Zero [\#244](https://github.com/chef/chef-vault/pull/244) ([rveznaver](https://github.com/rveznaver))
-- Minimize the number of searches [\#243](https://github.com/chef/chef-vault/pull/243) ([thommay](https://github.com/thommay))
-- Optimise queries when finding nodes [\#240](https://github.com/chef/chef-vault/pull/240) ([thommay](https://github.com/thommay))
-
-**Fixed bugs:**
-
-- Use solo\_legacy\_mode fully [\#242](https://github.com/chef/chef-vault/pull/242) ([thommay](https://github.com/thommay))
-- Use legacy solo mode [\#241](https://github.com/chef/chef-vault/pull/241) ([thommay](https://github.com/thommay))
-
-## [v3.0.0.rc1](https://github.com/chef/chef-vault/tree/v3.0.0.rc1) (2016-10-21)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.9.0...v3.0.0.rc1)
-
-**Implemented enhancements:**
-
-- Removed deprecated knife commands [\#236](https://github.com/chef/chef-vault/pull/236) ([thommay](https://github.com/thommay))
-- rename ChefKey to Actor [\#234](https://github.com/chef/chef-vault/pull/234) ([thommay](https://github.com/thommay))
-- Move to using a logger for all user output [\#232](https://github.com/chef/chef-vault/pull/232) ([thommay](https://github.com/thommay))
-- Add support for clients [\#227](https://github.com/chef/chef-vault/pull/227) ([svanharmelen](https://github.com/svanharmelen))
-
-## [v2.9.0](https://github.com/chef/chef-vault/tree/v2.9.0) (2016-04-08)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0...v2.9.0)
-
-**Implemented enhancements:**
-
-- Feature - knife vault update - update item\_keys only when no value is provided [\#202](https://github.com/chef/chef-vault/pull/202) ([xakraz](https://github.com/xakraz))
-
-**Fixed bugs:**
-
-- knife vault refresh always updates the data bag item [\#193](https://github.com/chef/chef-vault/issues/193)
-- Correct vault creation in solo mode [\#206](https://github.com/chef/chef-vault/pull/206) ([kamaradclimber](https://github.com/kamaradclimber))
-- Only save keys on refresh operation [\#194](https://github.com/chef/chef-vault/pull/194) ([kamaradclimber](https://github.com/kamaradclimber))
-
-## [v2.8.0](https://github.com/chef/chef-vault/tree/v2.8.0) (2016-02-09)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0.rc1...v2.8.0)
-
-## [v2.8.0.rc1](https://github.com/chef/chef-vault/tree/v2.8.0.rc1) (2016-01-29)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.1...v2.8.0.rc1)
-
-## [v2.7.1](https://github.com/chef/chef-vault/tree/v2.7.1) (2016-01-25)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.0...v2.7.1)
-
-## [v2.7.0](https://github.com/chef/chef-vault/tree/v2.7.0) (2016-01-25)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.1...v2.7.0)
-
-## [v2.6.1](https://github.com/chef/chef-vault/tree/v2.6.1) (2015-05-28)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.0...v2.6.1)
-
-## [v2.6.0](https://github.com/chef/chef-vault/tree/v2.6.0) (2015-05-13)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.5.0...v2.6.0)
-
-## [v2.5.0](https://github.com/chef/chef-vault/tree/v2.5.0) (2015-02-09)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.4.0...v2.5.0)
-
-## [v2.4.0](https://github.com/chef/chef-vault/tree/v2.4.0) (2014-12-03)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.3.0...v2.4.0)
-
-## [v2.3.0](https://github.com/chef/chef-vault/tree/v2.3.0) (2014-10-22)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.4...v2.3.0)
-
-## [v2.2.4](https://github.com/chef/chef-vault/tree/v2.2.4) (2014-07-17)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.3...v2.2.4)
-
-## [v2.2.3](https://github.com/chef/chef-vault/tree/v2.2.3) (2014-06-24)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.2...v2.2.3)
-
-## [v2.2.2](https://github.com/chef/chef-vault/tree/v2.2.2) (2014-06-03)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.1...v2.2.2)
-
-## [v2.2.1](https://github.com/chef/chef-vault/tree/v2.2.1) (2014-02-26)
-[Full Changelog](https://github.com/chef/chef-vault/compare/e7d75c65441989ce915a30fc28782748c8a1ed1e...v2.2.1)
-
-
-
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/DEMO.md

@@ -1,60 +0,0 @@
-# A Short Demo of the Magic of Chef-Vault
-
-##Set up the magic show from a shell on your own workstation
-
-###Put the bunny in the hat
-
-    echo "bunny" > tophat
-
-###Put the hat in the magic show
-
-    export assistant=aug24                   #Change this to your chef id
-    export role=magician                     #Change this to the role you need to pass the secret to
-
-    knife vault create magicshow hat \       #Create a hat object in a data bag called magicshow
-       --mode client                 \       #Talk to the chef server rather than local
-       --file tophat                 \       #Use the hat (file) we put the bunny in
-       --search "role:${role}"       \       #Encrypted for all *current* nodes with the magician role
-       --admins "${assistant}"               #Encrypted for the assistant
-
-###Check the magic show is on the chef server
-
-    knife data bag list
-    knife vault list
-
-###Check the hat is there (and that nobody can see what's in it)
-
-    knife data bag show magicshow hat
-
-###Check you can see what's in it
-
-    knife vault show magicshow hat file-content --mode client
-
-##'Hop' on to a node with a role of 'magician'
-
-###Install required software
-
-    sudo apt-get install ruby-dev --yes
-    sudo gem install chef-vault --no-ri --no-rdoc
-
-###Get the bunny back out of the hat!
-
-    sudo chef-shell --client <<EOF
-    require 'chef-vault'
-    puts ChefVault::Item.load('magicshow', 'hat')['file-content']
-    EOF
-
-If you are on a node which is not a magician, an exception will be thrown,
-and the node cannot see what is in the hat.
-
-#Finally, do a disappearing act.
-
-###Make the hat disappear...
-
-    knife vault delete magicshow hat --mode client
-
-###Make the entire magic show disappear...
-
-    knife data bag delete magicshow
-
-###Thank you!

data/Gemfile

@@ -1,12 +0,0 @@
-source "https://rubygems.org/"
-
-group :development do
-  gem "chefstyle", git: "https://github.com/chef/chefstyle.git"
-  gem "chef-zero"
-end
-
-group :changelog do
-  gem "github_changelog_generator", git: "https://github.com/chef/github-changelog-generator"
-end
-
-gemspec

data/KNIFE_EXAMPLES.md

@@ -1,256 +0,0 @@
-# knife examples
-
-## vault
-
-    knife vault SUBCOMMAND VAULT ITEM VALUES
-
-These are the commands that are used to take data in JSON format and encrypt that data into chef-vault style encrypted data bags in chef.
-
-* vault - This is the name of the vault in which to store the encrypted item.  This is analogous to a chef data bag name
-* item - The name of the item going in to the vault.  This is analogous to a chef data bag item id
-* values - This is the JSON clear text data to be stored in the vault encrypted.  This is analogous to a chef data bag item data
-
-## vault commands
-
-### create
-Create a vault called passwords and put an item called root in it with the given values for username and password encrypted for clients role:webserver, client1 & client2 and admins admin1 & admin2
-
-    knife vault create passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver" -C "client1,client2" -A "admin1,admin2"
-
-Create a vault called passwords and put an item called root in it with the given values for username and password encrypted for clients role:webserver and admins admin1 & admin2
-
-    knife vault create passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver" -A "admin1,admin2"
-
-Create a vault called passwords and put an item called root in it with the given values for username and password encrypted for clients role:webserver, client1 & client2
-
-    knife vault create passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver" -C "client1,client2"
-
-Create a vault called passwords and put an item called root in it with the given values for username and password encrypted for clients role:webserver
-
-    knife vault create passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver"
-
-Create a vault called passwords and put an item called root in it with the given values for username and password encrypted for clients client1 & client2
-
-    knife vault create passwords root '{"username": "root", "password": "mypassword"}' -C "client1,client2"
-
-Create a vault called passwords and put an item called root in it with the given values for username and password encrypted for admins admin1 & admin2
-
-    knife vault create passwords root '{"username": "root", "password": "mypassword"}' -A "admin1,admin2"
-
-Create a vault called passwords and put an item called root in it encrypted for admins admin1 & admin2.  *Leaving the data off the command-line will pop an editor to fill out the data*
-
-    knife vault create passwords root -A "admin1,admin2"
-
-Note: A JSON file can be used in place of specifying the values on the command line, see global options below for details
-
-### update
-
-Update the values in username and password in the vault passwords and item root.  Will overwrite existing values if values already exist!
-
-    knife vault update passwords root '{"username": "root", "password": "mypassword"}'
-
-Update the values in username and password in the vault passwords and item root and add role:webserver, client1 & client2 to the encrypted clients and admin1 & admin2 to the encrypted admins.  Will overwrite existing values if values already exist!
-
-    knife vault update passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver" -C "client1,client2" -A "admin1,admin2"
-
-Update the values in username and password in the vault passwords and item root and add role:webserver to the encrypted clients and admin1 & admin2 to the encrypted admins.  Will overwrite existing values if values already exist!
-
-    knife vault update passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver" -A "admin1,admin2"
-
-Update the values in username and password in the vault passwords and item root and add role:webserver to the encrypted clients.  Will overwrite existing values if values already exist!
-
-    knife vault update passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver"
-
-Update the values in username and password in the vault passwords and item root and add client1 & client2 to the encrypted clients.  Will overwrite existing values if values already exist!
-
-    knife vault update passwords root '{"username": "root", "password": "mypassword"}' -C "client1,client2"
-
-Update the values in username and password in the vault passwords and item root and add admin1 & admin2 to the encrypted admins.  Will overwrite existing values if values already exist!
-
-    knife vault update passwords root '{"username": "root", "password": "mypassword"}' -A "admin1,admin2"
-
-Add role:webserver to encrypted clients for the vault passwords and item root.
-
-    knife vault update passwords root -S "role:webserver"
-
-Add client1 & client2 to encrypted clients for the vault passwords and item root.
-
-    knife vault update passwords root -C "client1,client2"
-
-Add admin1 & admin2 to encrypted admins for the vault passwords and item root.
-
-    knife vault update passwords root -A "admin1,admin2"
-
-Add admin1 & admin2 to encrypted admins and role:webserver, client1 & client2 to encrypted clients for the vault passwords and item root.
-
-    knife vault update passwords root -S "role:webserver" -C "client1,client2" -A "admin1,admin2"
-
-Add admin1 & admin2 to encrypted admins and role:webserver to encrypted clients for the vault passwords and item root.
-
-    knife vault update passwords root -S "role:webserver" -A "admin1,admin2"
-
-Add admin1 & admin2 to encrypted admins and client1 & client2 to encrypted clients for the vault passwords and item root.
-
-    knife vault update passwords root -C "client1,client2" -A "admin1,admin2"
-
-Note: A JSON file can be used in place of specifying the values on the command line, see global options below for details
-
-### remove
-
-Remove the values in username and password from the vault passwords and item root.
-
-    knife vault remove passwords root '{"username": "root", "password": "mypassword"}'
-
-Remove the values in username and password from the vault passwords and item root and remove role:webserver, client1 & client2 from the encrypted clients and admin1 & admin2 from the encrypted admins.
-
-    knife vault remove passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver" -C "client1,client2" -A "admin1,admin2"
-
-Remove the values in username and password from the vault passwords and item root and remove role:webserver from the encrypted clients and admin1 & admin2 from the encrypted admins.
-
-    knife vault remove passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver" -A "admin1,admin2"
-
-Remove the values in username and password from the vault passwords and item root and remove client1 & client2 from the encrypted clients and admin1 & admin2 from the encrypted admins.
-
-    knife vault remove passwords root '{"username": "root", "password": "mypassword"}' -C "client1,client2" -A "admin1,admin2"
-
-Remove the values in username and password from the vault passwords and item root and remove role:webserver from the encrypted clients.
-
-    knife vault remove passwords root '{"username": "root", "password": "mypassword"}' -S "role:webserver"
-
-Remove the values in username and password from the vault passwords and item root and remove client1 & client2 from the encrypted clients.
-
-    knife vault remove passwords root '{"username": "root", "password": "mypassword"}' -C "client1,client2"
-
-Remove the values in username and password from the vault passwords and item root and remove admin1 & admin2 from the encrypted admins.
-
-    knife vault remove passwords root '{"username": "root", "password": "mypassword"}' -A "admin1,admin2"
-
-Remove admin1 & admin2 from encrypted admins and role:webserver, client1 & client2 from encrypted clients for the vault passwords and item root.
-
-    knife vault remove passwords root -S "role:webserver" -C "client1,client2" -A "admin1,admin2"
-
-Remove admin1 & admin2 from encrypted admins and role:webserver from encrypted clients for the vault passwords and item root.
-
-    knife vault remove passwords root -S "role:webserver" -A "admin1,admin2"
-
-Remove role:webserver from encrypted clients for the vault passwords and item root.
-
-    knife vault remove passwords root -S "role:webserver"
-
-Remove client1 & client2 from encrypted clients for the vault passwords and item root.
-
-    knife vault remove passwords root -C "client1,client2"
-
-Remove admin1 & admin2 from encrypted admins for the vault passwords and item root.
-
-    knife vault remove passwords root -A "admin1,admin2"
-
-### delete
-
-Delete the item root from the vault passwords
-
-    knife vault delete passwords root
-
-### show
-
-knife vault show VAULT [ITEM] [VALUES]
-
-These are the commands that are used to decrypt a chef-vault encrypted item and show the requested values.
-
-* vault - This is the name of the vault in which to store the encrypted item.  This is analogous to a chef data bag name
-* item - The name of the item going in to the vault.  This is analogous to a chef data bag item id
-* values - This is a comma list of values to decrypt from the vault item.  This is analogous to a list of hash keys.
-
-Show the items in a vault
-
-    knife vault show passwords
-
-Show the entire root item in the passwords vault and print in JSON format.
-
-    knife vault show passwords root -Fjson
-
-Show the entire root item in the passwords vault and print in JSON format, including the search query, clients, and admins.
-
-    knife vault show passwords root -Fjson -p all
-
-Show the username and password for the item root in the vault passwords.
-
-    knife vault show passwords root "username, password"
-
-Show the contents for the item user_pem in the vault certs.
-
-    knife vault show certs user_pem "contents"
-
-### edit
-
-knife vault edit VAULT ITEM
-
-These are the commands that are used to edit a chef-vault encrypted item.
-
-* Vault - This is the name of the vault in which to store the encrypted item.  This is analogous to a chef data bag name
-* Item - The name of the item going in to the vault.  This is analogous to a chef data bag item id
-
-Decrypt the entire root item in the passwords vault and open it in json format in your $EDITOR.  Writing and exiting out the editor will save and encrypt the vault item.
-
-    knife vault edit passwords root
-
-### download
-
-Decrypt and download an encrypted file to the specified path.
-
-    knife vault download certs user_pem ~/downloaded_user_pem
-
-### rotate keys
-
-Rotate the shared key for the vault passwords and item root. The shared key is that which is used for the chef encrypted data bag item.
-
-    knife vault rotate keys passwords root
-
-To remove clients which have been deleted from Chef but not from the vault, add the --clean-unknown-clients switch:
-
-    knife vault rotate keys passwords root --clean-unknown-clients
-
-### rotate all keys
-
-Rotate the shared key for all vaults and items. The shared key is that which is used for the chef encrypted data bag item.
-
-    knife vault rotate all keys
-
-To remove clients which have been deleted from Chef but not from the vault, add the --clean-unknown-clients switch:
-
-    knife vault rotate keys passwords root --clean-unknown-clients
-
-### refresh
-
-This command reads the search_query in the vault item, performs the search, and reapplies the results.
-
-    knife vault refresh VAULT ITEM
-
-To remove clients which have been deleted from Chef but not from the vault, add the --clean-unknown-clients switch:
-
-    knife vault refresh passwords root --clean-unknown-clients
-
-### isvault
-
-This command checks if the given item is a vault or not, and exit with a status of 0 if it is and 1 if it is not.
-
-    knife vault isvault VAULT ITEM
-
-### itemtype
-
-This command outputs the type of the data bag item: normal, encrypted or vault
-
-    knife vault itemtype VAULT ITEM
-
-### global options
-
-Short | Long | Description | Default | Valid Values | Sub-Commands
-------|------|-------------|---------|--------------|-------------
--M MODE | --mode MODE | Chef mode to run in. Can be set in knife.rb | solo | solo, client | all
--S SEARCH | --search SEARCH | Chef Server SOLR Search Of Nodes | | | create, remove , update
--A ADMINS | --admins ADMINS | Chef clients or users to be vault admins, can be comma list | | | create, remove, update
--J FILE | --json FILE | JSON file to be used for values, will be merged with VALUES if VALUES is passed | | | create, update
-| --file FILE | File that chef-vault should encrypt.  It adds "file-content" & "file-name" keys to the vault item | | | create, update
--p DATA | --print DATA | Print extra vault data | | search, clients, admins, all | show
--F FORMAT | --format FORMAT | Format for decrypted output | summary | summary, json, yaml, pp | show
-| --clean-unknown-clients | Remove unknown clients during key rotation | | | refresh, remove, rotate