NaCl secretbox encryption backend for the hiera-eyaml module.
censored
You need RbNaCl for the NaCl operations, which in turn depends on libsodium:
$ gem install rbnacl
Once installed you can create encrypted hiera-eyaml blocks that are encrypted using Secret Box.
$ eyaml encrypt -n secretbox -s "A secret string to encrypt"
Use eyaml --help for more details or look at the hiera-eyaml docs.
Assuming you have a working hiera and hiera-eyaml then you need to
configure a path for the :secretbox_private_key: and :secretbox_public_key:
file locations.