Chef Decryption of Data Bags and Retrieval of Key

I am using an encrypted data bag to encrypt an ssh key and decrypted it via Chef. The data bag had an id of pwind_ssh_rsa_pub_cred, but what I really want is the unencrypted data for the ssh key. I want to then take the key and append it to a file, but the code that I have currently is running into some issues. With static values, the below code works. Additionally, I am a big confused as to what the type is of "decrypted_ssh".

ruby_block "obtainCredentials" do
    block do
        hadoop_key = Chef::EncryptedDataBagItem.load_secret("/home/ec2-user/project_data_bag_key")
        decrypted_ssh = Chef::EncryptedDataBagItem.load("pwind_keys", "pwind_ssh_rsa_pub_credentials", hadoop_key)
        Chef::Resource::RubyBlock.send(:include, Chef::Mixin::ShellOut)
        command = "su - 'root' -c 'cd /home/ec2-user; cd .ssh; echo #{decrypted_ssh} >> .authorized_keys'"
        shell(command)
    end
end

What modifications should be done to get this ssh key decrypted and out of the encrypted data bag? Any suggestions would be much appreciated!

You need to select an element from the decrypted databag item.

Complete example:

Create key and databag item:

$ openssl rand -base64 512 | tr -d '\r\n' > /tmp/encrypted_data_bag_secret

$ knife data bag create mydatabag secretstuff --secret-file /tmp/encrypted_data_bag_secret -z

Content:

{
  "id": "secretstuff",
  "firstsecret": "must remain secret",
  "secondsecret": "also very secret"
}

Verify:

$ knife data bag show mydatabag secretstuff -z
WARNING: Encrypted data bag detected, but no secret provided for decoding.  Displaying encrypted data.
firstsecret:
  cipher:         aes-256-cbc
  encrypted_data: VafoT8Jc0lp7o4erCxz0WBrJYXjK6j+sJ+WGKJftX4BVF391rA1zWyHpToF0
  qvhn

  iv:             MhG09xFcwFAqX/IA3BusMg==

  version:        1
id:           secretstuff
secondsecret:
  cipher:         aes-256-cbc
  encrypted_data: Epj+2DuMOsf5MbDCOHEep7S12F6Z0kZ5yMuPv4a3Cr8dcQWCk/pd58OPGQgI
  UJ2J

  iv:             66AcYpoF4xw/rnYfPegPLw==

  version:        1

cookbooks/test/recipes/test.rb

decrypted = data_bag_item('mydatabag', 'secretstuff', IO.read('/tmp/encrypted_data_bag_secret'))
log "firstsecret: #{decrypted['firstsecret']}"
log "secondsecret: #{decrypted['secondsecret']}"

Execute recipe

# chef-client -z -o 'recipe[test::test]'
...
Recipe: test::test
  * log[firstsecret: must remain secret] action write

  * log[secondsecret: also very secret] action write