diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go
index 3e3cb8abce..2708ee0421 100644
--- a/builtin/provisioners/chef/resource_provisioner.go
+++ b/builtin/provisioners/chef/resource_provisioner.go
@@ -28,6 +28,7 @@ const (
 	firstBoot      = "first-boot.json"
 	logfileDir     = "logfiles"
 	linuxConfDir   = "/etc/chef"
+	secretKey      = "encrypted_data_bag_secret"
 	validationKey  = "validation.pem"
 	windowsConfDir = "C:/chef"
 )
@@ -67,6 +68,7 @@ type Provisioner struct {
 	OSType               string      `mapstructure:"os_type"`
 	PreventSudo          bool        `mapstructure:"prevent_sudo"`
 	RunList              []string    `mapstructure:"run_list"`
+	SecretKeyPath	     string	 `mapstructure:"secret_key_path"`
 	ServerURL            string      `mapstructure:"server_url"`
 	SkipInstall          bool        `mapstructure:"skip_install"`
 	SSLVerifyMode        string      `mapstructure:"ssl_verify_mode"`
@@ -346,6 +348,21 @@ func (p *Provisioner) deployConfigFiles(
 		return fmt.Errorf("Uploading %s failed: %v", validationKey, err)
 	}
 
+	if p.SecretKeyPath != nil
+	{
+        // Open the secret key file
+        f, err := os.Open(p.SecretKeyPath)
+        if err != nil {
+                return err
+        }
+        defer f.Close()
+
+        // Copy the secret key to the new instance
+        if err := comm.Upload(path.Join(confDir, secretKey), f); err != nil {
+                return fmt.Errorf("Uploading %s failed: %v", secretKey, err)
+        }
+	}
+
 	// Make strings.Join available for use within the template
 	funcMap := template.FuncMap{
 		"join": strings.Join,
diff --git a/builtin/provisioners/chef/resource_provisioner_test.go b/builtin/provisioners/chef/resource_provisioner_test.go
index 45fc8a2119..baadc46b78 100644
--- a/builtin/provisioners/chef/resource_provisioner_test.go
+++ b/builtin/provisioners/chef/resource_provisioner_test.go
@@ -21,6 +21,7 @@ func TestResourceProvider_Validate_good(t *testing.T) {
 		"server_url":             "https://chef.local",
 		"validation_client_name": "validator",
 		"validation_key_path":    "validator.pem",
+		"secret_key_path":    	  "encrypted_data_bag_secret",
 	})
 	r := new(ResourceProvisioner)
 	warn, errs := r.Validate(c)
@@ -68,6 +69,7 @@ func TestResourceProvider_runChefClient(t *testing.T) {
 				"server_url":             "https://chef.local",
 				"validation_client_name": "validator",
 				"validation_key_path":    "test-fixtures/validator.pem",
+				"secret_key_path":    "test-fixtures/encrypted_data_bag_secret",
 			}),
 
 			ConfDir: linuxConfDir,
@@ -85,6 +87,7 @@ func TestResourceProvider_runChefClient(t *testing.T) {
 				"server_url":             "https://chef.local",
 				"validation_client_name": "validator",
 				"validation_key_path":    "test-fixtures/validator.pem",
+				"secret_key_path":    "test-fixtures/encrypted_data_bag_secret",
 			}),
 
 			ConfDir: linuxConfDir,
@@ -103,6 +106,7 @@ func TestResourceProvider_runChefClient(t *testing.T) {
 				"server_url":             "https://chef.local",
 				"validation_client_name": "validator",
 				"validation_key_path":    "test-fixtures/validator.pem",
+				"secret_key_path":    "test-fixtures/encrypted_data_bag_secret",
 			}),
 
 			ConfDir: windowsConfDir,