diff --git a/edit-secrets b/edit-secrets
index e10ad3b..b4d816c 100755
--- a/edit-secrets
+++ b/edit-secrets
@@ -43,6 +43,35 @@ if [[ ! $1 ]]; then
     exit 1
 fi
 
+function patch_broken_eyaml {
+    #
+    # Ubuntu 22.04 (jammy) has a broken hiera-eyaml package, a bug report
+    # exists here: https://bugs.launchpad.net/ubuntu/+source/hiera-eyaml/+bug/1974059
+    #
+
+    if [ "$(lsb_release -cs)" == "jammy" ]; then
+        plugins_file="/usr/share/rubygems-integration/all/gems/hiera-eyaml-3.2.2/lib/hiera/backend/eyaml/plugins.rb"
+        if [ -f $plugins_file ]; then
+            # We only want to try patching the file if it is the known broken version
+            bad_sum="1d0f14765ebcfcdae300d8ac5d715845ef9b283345d19114a23d96161556618f"
+            sum=$(sha256sum $plugins_file | awk '{print $1}')
+            if [ "$sum" == "$bad_sum" ]; then
+                patch --fuzz=0 --directory=/ --strip=0 <<'EOF'
+--- /usr/share/rubygems-integration/all/gems/hiera-eyaml-3.2.2/lib/hiera/backend/eyaml/plugins.rb.orig	2023-01-18 08:20:22.140338419 +0000
++++ /usr/share/rubygems-integration/all/gems/hiera-eyaml-3.2.2/lib/hiera/backend/eyaml/plugins.rb	2023-01-18 08:21:05.654053501 +0000
+@@ -32,6 +32,7 @@
+             specs = Gem::VERSION >= "1.6.0" ? source.latest_specs(true) : source.latest_specs
+
+             specs.each do |spec|
++              spec = spec.to_spec if spec.respond_to?(:to_spec)
+               next if @@plugins.include? spec
+
+               dependency = spec.dependencies.find { |d| d.name == "hiera-eyaml" }
+EOF
+            fi
+        fi
+    fi
+}
 
 function edit_copy_and_commit()
 {
@@ -204,6 +233,8 @@ function edit_eyaml_file()
 	test -f "${f}" || { echo "$0: eyaml key file ${f} not found"; exit 1; }
     done
 
+    patch_broken_eyaml
+
     # save source file for comparision afterwards
     cp "${EYAMLFILE}" "${TMPFILE}"
     eyaml edit --pkcs7-private-key "${privkey}" --pkcs7-public-key "${pubkey}" "${EYAMLFILE}"