From the #chef IRC channel, many people store this kind of data in a data bag on the chef server.
For example, a data bag might be ‘aws’, with an item ‘main’, referring to the primary AWS account. Separate keys in the item would be for each particular value. E.g.:
{
"id": "main",
"aws_secret_key": "The secret access key",
"aws_access_key": "The access key"
}
You may also be interested in encrypted data bags. I wrote about them in more detail for managing postfix SASL authentication.
Update: I’ve written blog posts about Chef Vault on my blog and sysadvent.